checkrad and db based simultaneous use checks
Alan DeKok
aland at deployingradius.com
Mon Jan 26 23:26:44 CET 2015
On Jan 26, 2015, at 5:23 PM, Bill Schoolfield <bill at billmax.com> wrote:
> Hmm... so the simultaneous check will fail in cases where there's nothing in radacct for the user but there is indeed an active session on the NAS? Admittedly this should be rare compared to the case where bogus info is in redact.
In that case, the user will be let onto the network. The presumption is that the accounting table has accounting information in it. If there’s no accounting data, well… there isn’t much that can be done.
Some NAS… somewhere… will have the user logged in. But that NAS isn’t sending accounting data to the RADIUS server.
The correct fix here is to make sure the NAS sends accounting data. We can’t query ALL of the NASes to see if (maybe) a particular user is logged in. That approach is a disaster.
Alan DeKok.
More information about the Freeradius-Users
mailing list