FR Developer for hire: Adding Accounting support to the rlm_ldap module?

Brian Candler B.Candler at pobox.com
Fri May 4 10:09:30 CEST 2012


On Fri, May 04, 2012 at 04:49:59PM +1200, Peter Lambrechtsen wrote:
>    Whilst I agree with you in principal I'll give everyone some background
>    as to what I am doing.
>    This is for DSL customer subscriber authentication which we only get
>    when a subscriber comes up which is normally a long running session of
>    many weeks if not months so it's not going to be a huge number of
>    writes (or reads for that matter) unless there is a significant outage
>    and everyone needs to re-auth.

Given that RADIUS accounting is over UDP and not guaranteed (e.g. NASes
usually give up retransmits after a few attempts), it's usually wise to have
periodic interim accounting enabled on your NAS. In this case each session
will send an update at whatever interval you configure (typically 1-2
hours).

This deals with missing Start records. To deal with missing Stop records,
you have to look at the timestamp of when you last saw an update. If it's
more than, say, 3 times the update interval, then you can assume the user is
no longer online.

Unfortunately, this will generate significant update traffic :-(

However I see where you're coming from with your tried-and-trusted LDAP
server.


More information about the Freeradius-Devel mailing list