FreeRadius with Eduroam - Accounting

Phil Mayers p.mayers at imperial.ac.uk
Wed Oct 5 12:50:12 CEST 2011


On 05/10/11 09:56, Arran Cudbard-Bell wrote:
>
> On 5 Oct 2011, at 10:40, Phil Mayers wrote:
>
>> On 10/05/2011 09:26 AM, Alan DeKok wrote:
>>> Phil Mayers wrote:
>>>> I guess that's ok, in that it stops an unresponsive realm
>>>> blocking other realms, but wouldn't another solution be to add
>>>> a config item to the detail reader to drop packets which are>X
>>>> seconds old?
>>>
>>> if (Acct-Delay-Time>   3600) { ok } else { ... do proxy .... }
>>
>>
>> Ah ha! Clever. I had forgotten the detail reader created/updated
>> that attribute. Yay FreeRADIUS!
>
> It's a bad way of doing it. At least with replicate every accounting
> packet has a chance... Using Acct-Delay-Time you'll end up dumping
> anywhere between 1-15 seconds accounting data for all realms if one
> realm is unreachable.

Whereas with rlm_replicate, you risk dropping arbitrary accounting 
packets because there is no retry. There is no ideal solution, because 
radius accounting was never designed for the kind of loosely-coupled 
federation that is Eduroam.

For me, since most Eduroam sites don't care about receiving federated 
accounting, my primary concern is for my server to carry on functioning, 
and that means the detail file should not grow without bound. I don't 
really care how that happens - as long as it does.




More information about the Freeradius-Users mailing list