Duplicate SQL records versus unique constraints
Arran Cudbard-Bell
A.Cudbard-Bell at sussex.ac.uk
Wed Jun 3 08:53:51 CEST 2009
> If we add a CONSTRAINT to enforce uniqueness for acctuniqueid in the DB,
> will the failure to insert an accounting record confuse the freerad sql
> module and will those failures percolate up towards the radius protocol
> level and thus result in the NAS keep on sending that accounting packet?
Yes. The SQL module will return fail on any errors. This will override the priority of most other modules, and cause the accounting stanza to return fail. The RADIUS server will then ignore the
Accounting request, and the NAS will think the RADIUS server is dead.
You should be able to add additional 'uniqueness' with the 'Class' attribute. RFC behavior is identical to User-Name. You set it in the Access-Accept packet, then the NAS includes its value in all
future Accounting-Requests.
You can use another instance of the hashing module to generate the initial class value. Include something like system time in the list of attributes to make sure it never repeats.
Then just add 'Class' into the list of attributes used to generate acctuniqueid.
Arran
--
Arran Cudbard-Bell (A.Cudbard-Bell at sussex.ac.uk),
Authentication, Authorisation and Accounting Officer,
Infrastructure Services (IT Services),
E1-1-08, Engineering 1, University Of Sussex, Brighton, BN1 9QT
DDI+FAX: +44 1273 873900 | INT: 3900
GPG: 86FF A285 1AA1 EE40 D228 7C2E 71A9 25BB 1E68 54A2
More information about the Freeradius-Users
mailing list