lifetime of dynamic clients

Wed Oct 2 23:20:15 CEST 2013

steve at comitcon.be wrote:
> It is fairly clear that the experts claim they have the knowledge , but
> are guarding it.

  Ah, yes.  That's why I've wrote tons of documentation for the server,
and have answered questions daily for 15 years.  I'm trying to hide
RADIUS knowledge.

> I am secondly not lecturing you on how to use Radius,

  Nonsense.  You lectured me on the use-case for rlm_raw.

> but you are "expert"
> are neither teaching me, by referring me to files I have read multiple
> times.

  Well, you didn't say that.  If you don't say what you're doing, it's a
form of lying.

> For the record
> The IP address of a client is added using dynamic. I have set the lifetime
> to 60 (and the file states seconds), but it is not removed after 1 minute
> or even more. show client list in radmin also keeps showing it.

  Well, it works for me.  Did you try sending another packet after 60
seconds?  What happened?

> So you admit you are frustrated? With all best respect, I love people
> being helpfull, willing to test and try out. But if the immediate respons
> is "not recommended", well don't bother responding because people might
> have proper reasons for using it this way.

  I see.  You're not a RADIUS expert, so you ask a question.  When a
RADIUS expert answers you, you disagree, and think they're wrong.

  And you say *I* am unhelpful?

> Learn to adjust to the needs of the real world. This is not a student pet
> thing here. I am merely walking the boundaries of what the system is
> doing. You know, I could make the system check in using perl/php and
> update the IP address as I am using SQL as a backend. Same deal. But no, I
> don't see a purpose on a security level on doing it with rlm_raw / dynamic
> clients etc...

  That's why you're not a RADIUS expert, and I am.

> You know, I just needed to find out if the lifetime 60 will work because I
> don't see it. The changelog of FR actually state at a certain revision it
> was defaulted to 1 hour in case of lacking. Maybe there is a minimum?

  I just checked.  There isn't.

> an expert who refuses to set up a system 

  Where the HELL did you get that idea from?

  And what kind of entitlement do you have?  I'm supposed to do things
for free to check that you've likely misconfigured things?  Are you
paying me?  Do you even know how open source works?

> (might not even be in real life,
> but a matter as experimenting?) Sorry from an expert I expect atleast the
> full reasons (or links) to the security issues which are claimed. Secondly
> an expert would give me the response to the simple question.

  I expect that I can have technical discussions without people getting
upset when I tell then they're wrong.

  That's what makes me an expert, and makes you banned from the list.
I'm willing to learn from others.  You're not.

> Now this you can call rude. I was being polite in the previous mails.

  Refusing to follow instructions is rude.  Complaining when I tell you
you're wrong is rude.  Refusing to learn is rude.

  Goodbye.

  Alan DeKok.