Bug/Enhancement request: Race condition with short-term accounting (FreeRadius 2.1.10)

Alan DeKok aland at deployingradius.com
Wed Aug 29 08:34:38 CEST 2012


Matthias Nagel wrote:
> This is correct, if one has some kind of key to identify a session that could be used as a database index. But unfortunately there are a lot of authenticators out there, that do not correctly generate radius accounting session ids. Basicly I see three different types (despite the correct one):
> 
> 1) Authenticators that do no send a session id at all (Acct-Session-Id is empty)
> 2) Those that always return the same session id (even if the user name differs)
> 3) Those that always return a new session id even if the requests (start/update/stop) belong to the same session

  Arran has a more technical response here.  Mine is this:

	You were ripped off.

  Any reputable vendor would put a minimum of effort into creating a
system that works.

> I can see your point. Do you have any other suggestions to solve the issues? (Changing the hardware is not going to happen.) 

  Change the hardware.

  NOTHING else will work.

  Deciding to not change the hardware is ridiculous.  The cost/benefit
tradeoff just isn't there.  (a) buy hardware that works for probably not
too much money.  Or (b) spend huge amounts of time and effort working
around bugs in the crappy hardware.

  FreeRADIUS already has a number of hacks to work around partially
broken systems.  They should generally work, and they may even work for you.

  But you really need to toss your hardware in the garbage.  It's crap.

  Alan DeKok.


More information about the Freeradius-Users mailing list