racct and radpostauth

[Fajar A. Nugraha]

On Fri, Sep 9, 2011 at 3:51 PM, Alan DeKok <aland at deployingradius.com> wrote:
> andreapepa wrote:
>> Finally.. i also can check fro time to time the packets or byte fields to
>> see if the sessios is still alive...but this metod would not be better than
>> matching with replies in radpostauth , ...i believe.
>
>  Ask the NAS is the session is still alive.
>
>  This is RADIUS.  The RADIUS server has no idea what the user session
> is doing.

I inherited a legacy FR installation, and among other things I noticed
that it modifies simultaneous use count and acct queries to be able to
"detect" whether a user is online or not. Basically the system is
something like this:
- all NAS must support interim update, and all accounts are configured
to have the same Acct-Interim-Interval reply attribute (e.g. 15
minutes, one hour, your choice)
- when an interim-update accounting packet comes, the acct database
entry will be updated to:
--> Acctstatustype = 'Interim-Update'
--> Acctstoptime = '%S' (basically record what time the packet arrives)

Now if I want to know whether a user is online or not (which is also
used in simultaneous use count query), I simply select radacct for
entries that have:
- Acctstatustype <> 'Stop'
- Acctstoptime older than interim update interval plus some spare time
(just in case some interim-update packets arrive late, or processed
late. If Acct-Interim-Interval is 15 minutes, then looking for
Acctstoptime older than 30 minutes is usually good enough)

Not perfect, but much faster than having to ask the NAS when I just
want to know "how many users are currently online from all NASes?"

-- 
Fajar