Duplicate SQL records versus unique constraints
Arran Cudbard-Bell
A.Cudbard-Bell at sussex.ac.uk
Wed Jun 3 17:47:06 CEST 2009
[snip]
>
> Thanks a bundle for that, I was about to whack my head against the screen
> here and type "man unlang". ;)
>
>> If you're still getting duplicates, check that the NAS is actually
>> sending the value of the Class attribute. Vendors are notoriously bad
>> for ignoring the RFC in this area.
>>
> Yeah, never mind that we are talking to proxy servers upstream which in
> turn may talk to other proxy servers (nobody knows) which ultimately talk
> to the NAS (BRAS) in question.
You might have more luck concatenating the random string with the User-Name
and sending that in the Access-Accept. Then stripping it out again when you
receive accounting requests.
post-auth {
update reply {
User-Name := "%{User-Name}:%{Acct-Unique-ID}"
}
...
}
--
preacct {
...
if(User-Name =~ /([^:]+)(:([[:alnum:]]*))?/){
update request {
Acct-Session-ID := "%{Acct-Session-ID}%{3}"
User-Name := "%{1}"
}
}
}
It's a more commonly used feature so is more likely to work :)
> I have seen those quickly recycled Acct-Session-Id's only with one
> location it seems, other people with twice the connects never had their
> IDs re-used in the same sample period. So my bet is that this particular
> NAS will also happily ignore the Class attribute. ^o^
Yey for standards *sigh*.
>
> But nevertheless, a very useful configuration snippet that would do well
> in a future sample configuration.
>
Thanks, i'll poke Alan and see if he wants to include it. It'd be nice to have a generic
hashing module for string expansions and not have to do some much unlang hackyness,
useful for CUI too.
> Thanks again for the quick and comprehensive response
No problem. Best of luck !
Arran
--
Arran Cudbard-Bell (A.Cudbard-Bell at sussex.ac.uk),
Authentication, Authorisation and Accounting Officer,
Infrastructure Services (IT Services),
E1-1-08, Engineering 1, University Of Sussex, Brighton, BN1 9QT
DDI+FAX: +44 1273 873900 | INT: 3900
GPG: 86FF A285 1AA1 EE40 D228 7C2E 71A9 25BB 1E68 54A2
More information about the Freeradius-Users
mailing list