FreeRadius with Eduroam - Accounting

Arran Cudbard-Bell a.cudbardb at freeradius.org
Wed Oct 5 16:13:54 CEST 2011


On 5 Oct 2011, at 12:50, Phil Mayers wrote:

> On 05/10/11 09:56, Arran Cudbard-Bell wrote:
>> 
>> On 5 Oct 2011, at 10:40, Phil Mayers wrote:
>> 
>>> On 10/05/2011 09:26 AM, Alan DeKok wrote:
>>>> Phil Mayers wrote:
>>>>> I guess that's ok, in that it stops an unresponsive realm
>>>>> blocking other realms, but wouldn't another solution be to add
>>>>> a config item to the detail reader to drop packets which are>X
>>>>> seconds old?
>>>> 
>>>> if (Acct-Delay-Time>   3600) { ok } else { ... do proxy .... }
>>> 
>>> 
>>> Ah ha! Clever. I had forgotten the detail reader created/updated
>>> that attribute. Yay FreeRADIUS!
>> 
>> It's a bad way of doing it. At least with replicate every accounting
>> packet has a chance... Using Acct-Delay-Time you'll end up dumping
>> anywhere between 1-15 seconds accounting data for all realms if one
>> realm is unreachable.
> 
> Whereas with rlm_replicate, you risk dropping arbitrary accounting packets because there is no retry.
> There is no ideal solution, because radius accounting was never designed for the kind of loosely-coupled federation that is Eduroam.
> For me, since most Eduroam sites don't care about receiving federated accounting, my primary concern is for my server to carry on functioning, and that means the detail file should not grow without bound. I don't really care how that happens - as long as it does.


True. Both solutions suck in their own unique ways.

Roll on RADSEC.

-Arran

Arran Cudbard-Bell
a.cudbardb at freeradius.org

Betelwiki, Betelwiki, Betelwiki.... http://wiki.freeradius.org/ !





More information about the Freeradius-Users mailing list