In the following diagram, if one NAS, for example
NAS-2, crashes and comes back, it will send system
account-on message for RADIUS server to clean up
previous sessions. But if a RADIUS proxy server is
used in the middle, how can the true RADIUS server
distingush the previous sessions on NAS-2 from
sessions on other NASes?
NAS-1 --|
|
NAS-2 --|
|-- Proxy RADIUS Server --True RADIUS Server
... | |
NAS-N --|
The Account_On and Account_Off queries should operate on the content
of NAS-IP-Address, not Client-IP-Address. Even after passing through
a RADIUS proxy the NAS-IP-Address must identify the NAS, whereas the
Client-IP-Address identifies the machine that gave the packet to the
current RADIUS server.
--
Paul "TBBle" Hampson, on a webmail client!
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
