<Alan de Kok> wrote:
> > When a NAS fails the telco will failover the the other NAS
> > when a Radius server fails the NAS will select it's twin-sister.
> >
> > The only thing this doesn't work for is Accounting.
>
> You might want to take a look at 'radrelay', from the Cistron
> distribution. It's the preferred method for replicating accounting
> data.
>
> If you can come up with a patch to add it to FreeRADIUS, that would
> help a lot.
>
> > Then an accounting loop start that adds about 220KB to the
> detail file
> > for every packet received from a NAS. Probably the loop
> ends when a packet
> > get too large. (Some Proxy-xxxx fields are added to every hop).
>
> Yes. And you can't rely on the Proxy-State attribute to discover
> loops, as some RADIUS servers destroy the Proxy-State attribute.
>
> I believe that radrelay *should* take care of a lot of these issues.
>
> > When is Client-IP-Address added to the packet? (probably too late)
>
> It's not. It's a server-side attribute that's adding to the REQUEST
> data structure, but rlm_preprocess.
Aha.
Then the patch is in radiusd.conf:
from old:
preacct {
files
preprocess
}
to new:
preacct {
preprocess
files
}
And get Client-IP-Address from the rlm_acct_unique spec.
>
> > Why can't Client-IP-Address be used as a check-item? (if it
> is in the request)
>
> It can.
If the preprocess is done before the files, otherwise the attribute just isn't
there.
>
> > I've a patched freeradius to get it to work on AIX and I not aware
> > that the patches sent to the list have been incorporated or not.
>
> They haven't been incorporated. Quite frankly, I'm reluctant to do
> so.
Well for radius the basic problem is the complaints about the missing
strings.h. (well the complaints are missing templates for routines
like bzero and strcasecmp etc..)
BTW There is a difference when trying to compile --disable-shared or not
manu modules will only compile using --enable-shared.
Therefore linking with modules preloaded seems to be best.
A test in configure the strings.h file will probably solve the most.
One problem was the order of includes (missing.h from radius.h was included
before some other ones)
The problem is I'am a VMS Programmer/systems manager/systemprogrammer and I
don't
normally use tools like autoconf etc. Had things been more my way the
radius server would have run on an available VMS-cluster using VMSRadius anyway.
(It would have been be a LOT simpler then). And the amount of time available
won't allow learning to use them with all their intricacies. Although AIX is
problably
an interesting platform to learn things on as a lot of things are done
quite differently with respect to other UNICES.
>
> If you just patched it to *add* functionality or include files
> specifically for AIX, then I would have applied the patch. However,
> the patch *removes* functionality and include files which are
> currently used on other platforms. I'm not going to break the build
> on many platforms just to make it work on another one.
Agreed, I just supplied the differences to show what was needed to get up &
running.
auto* are beyond my interests/capabilities. The basic problem is described
above.
>
> So until I get time to edit the patch to fix it, or until you can
> supply a better patch, it won't get committed.
No problem this is probably a one-off for many years to come unless a problem
should
arise from radiusd from the next few weeks. The server does what it should do
and new
functionality can be nice but is not needed as currently foreseen.
Regards,
Nico Baggus
-----------------------------------------------------------------
ATTENTION:
The information in this electronic mail message is private and
confidential, and only intended for the addressee. Should you
receive this message by mistake, you are hereby notified that
any disclosure, reproduction, distribution or use of this
message is strictly prohibited. Please inform the sender by
reply transmission and delete the message without copying or
opening it.
Messages and attachments are scanned for all viruses known.
If this message contains password-protected attachments, the
files have NOT been scanned for viruses by the ING mail domain.
Always scan attachments before opening them.
-----------------------------------------------------------------
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
