|
Thread Index RE: Comindico auth problem
On Sat, 19 Jan 2002, David Luyer wrote: > Saliya wrote: > > It's also useful for determining whether or not you are > > receiving multiple > > instances of a unique session (that, in combination with the > > NAS-IP-Address should be a unique key for a particular type > > of record). > > The actual unique set is (NAS-IP, Session-Id, last boot of NAS); > session ID's are typically reset at NAS reboot. Yup, too true. I don't reboot my NASen often enough for this to be an issue (I suspect most here would be the same :) but it's a valid point. > Of course, you don't know the last boot of the NAS. > > What good RADIUS software does is keeps a cache of the last > 5 minutes (note: time, not record count... you can easily > get 5,000+ RADIUS STOP records in a minute when a popular > TV show - eg, the 2000 Olympic opening ceromony - comes on, > and this is exactly when you'll get timeouts and duplicates, > so you don't want some arbitrary count of a certain number of > STOP records, you want it based on time) of NAS-IP,Session-Id > pairs, and if the NAS-IP,Session-Id pair of a particular STOP > record have already been seen within the last 5 minutes, it > ignores the new record (which will typically be the old record > with a new Acct-Delay-Time). Actually, I prefer the 'other way': having the RADIUS server record *all* records; then taking care of it in post-processing; but each to his own. > Duplicate start/stop records are a fact of life. If the RADIUS > software doesn't handle them, that's a big problem waiting to happen > (or already happening). Bingo :) Regards, Saliya
Thread Index |
|
