(RADIATOR) Missing Start Record - IP allocation woes
hugh at open.com.au
Wed Sep 6 03:29:40 CDT 2006
Hello Joe -
I think what you describe below sounds reasonable, although you could
probably make it easier to manage by having two additional fields in
the IP address table and using the first one to indicate that the
address has been "allocated", and the second to "confirm" that the
address is actually in use. You could use timestamps for each one and
set the first one when you process the authentication and the second
one when you see the corresponding accounting start (or accounting
alive). Then your procedure can easily check the status of each IP
address and free up any that have been "allocated" but not "confimed".
hope that helps
On 6 Sep 2006, at 17:43, Joe Hughes wrote:
> Hi All
> I have a problem which I think is caused by a missing start records
> from our NAS. I handle address allocation myself in Radiator in the
> AuthBy. When someone authenticates successfully I carry on to the next
> AuthBy which then appends the framed-ip-address to the reply. They
> user then logs on, the NAS sends a Start record and I create a
> session. For each subsequent interim accounting message (Alive) I can
> update the stats for that session. When I receive a Stop, I free up
> the IP and delete the active session. This all works fine.
> I occasionally get a strange issue where I receive an access-accept,
> it authenticates ok, I then allocate them an IP address and send it
> back in the reply. The NAS doesn't receive/accept the access-accept
> and immediately sends another access-request. Obviously in my system I
> assume the user logged on because the auth check worked ok. Is there
> anyway of handling this scenario?
> I may implement a procedure that checks that each active IP/Session
> received a start message (They should be sent immediately from our
> NAS), if after 5 minutes of not receiving a start message, delete the
> session and flush the IP back.
> How do others handle this scenario?
> Incidently, I have a procedure that checks the number of active
> sessions against the number of IP addresses in use, if this is
> different then I will be notified. It's a very rare occurrence and
> normally happens when a user is constantly
> start/stop/start/stop/start/stop sessions (ADSL line drops for
> instance), its like the NAS gets its knickers in a twist.
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
CATool: Private Certificate Authority for Unix and Unix-like systems.
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator