The danger is if there is any problem in the reporting of accounting packets to the radius server, or if the radius server is offline for a few minutes, the logoffs may be missed. In that case the radius would deny access even though the client had dropped offline. The later versions of the software we use had several features to combat this. First, if another user logged in using the same port as on open session the system closed it because it obviously was disconnected. Second, we lengthened out the retry interval on accounting packets as well as the number of retries. Theoretically our radius could be down for 20+ minutes and still receive the accounting packets and resynchronize when it started back up. Of course if your radius is down for 20+ minutes... Mark Thornton San Marcos Internet, Inc. 512-393-5300 -----Original Message----- From: Mark E. Levy <mark@fsi.net> To: usr-tc@lists.xmission.com <usr-tc@lists.xmission.com> Date: Wednesday, December 22, 1999 9:27 AM Subject: Re: (usr-tc)Disconnect User Problem
Im what way? Our radius server does this very nicely. It simply keeps a running list of all logged-in users. When a login is attempted, it checks the list to see if there is already an entry for that username. If there is, and that user is not permitted multiple logins, an access-reject is returned to the ARC. Works great and has never made a mistake.
Jeff Mcadams wrote:
But then I think about the RADIUS server trying to keep track of the state on all the Arc's think of that as being very error prone. :)
-- --------------------------------------------------------------------- Mark E. Levy, President FSINet, Inc. 800-827-6085 x202 847-753-6832 fax www.fsi.net mark@fsi.net ---------------------------------------------------------------------
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.
- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.