Freeradius-Users Digest, Vol 36, Issue 130

Jack Murgia jackmurgia at hubbadubba.com
Mon Apr 21 19:01:03 CEST 2008


Phil,

on 4/21/08 3:00 AM, freeradius-users-request at lists.freeradius.org at
freeradius-users-request at lists.freeradius.org wrote:

> Date: Mon, 21 Apr 2008 10:38:24 +0100
> From: Phil Mayers <p.mayers at imperial.ac.uk>
> Subject: Re: NAS with dynamic IP
> To: FreeRadius users mailing list
> <freeradius-users at lists.freeradius.org>
> Message-ID: <480C6090.2070005 at imperial.ac.uk>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
> 
> Jack Murgia wrote:
>> Alex,
>> 
>> Is there a command I can run periodically that would flush the dns cache?
> 
> pkill radiusd; /usr/sbin/radiusd
> 
> i.e. restart the server. Otherwise, no.
> 
>> 
>> I use the NAS table in MySQL rather than clients.conf to register my NAS
>> devices. The only problem with NAS devices on PPOE ADSL links is that a
>> restart of Freeradius server is required in order to pick up the new IP
>> address from DYNDNS.org.
>> 
>> Would this problem be solved by a rlm_nsupdate module (scheduled for future
>> release)? I would be willing to donate to the creation of this module.
> 
> How does that help?

Not sure what the intention of that module is, but in the roadmap it says "
New module: rlm_nsupdate (dyndns). Because dynamic addresses are cruel."
Which made me think it might relate to this issue.
> 
> The problem is that the server might have outstanding requests for a
> given client record when it's removed. It's a hard problem.
> 
Right- chillispot is web-based- so user's browser will hang for as long as
the TCP timeout takes, I think- will have to test.
 
> Does re-starting the server *really* take so long it's a problem for you?

Oh it's very fast at restarting. But I'd have to decide how much "downtime"
for the authorization process due to NAS ip changes I am willing to tolerate
(10 minutes? 5 minutes?) and set my restart intervals accordingly, which
seems a bit messy. Especially if someone is trying to login, as noted above.

And does it affect open sessions on other NASs (force them to login again,
creating simultaneous use issues with orphaned accounting records in MySQL)?
Will have to test that as well.

I suppose restarting freeradius would be an acceptable workaround for the
time being if those two issues above aren't barriers.

Jack Murgia





More information about the Freeradius-Users mailing list