2011/12/20 Коньков Евгений <kes-...@yandex.ru>: > I see that expire_time keep updated while radiusd will receive > interim-update packets. BUT radius listen on UPD port and this > mean that: no garantee that server will receive interim-update packet. So > there > is a chance to lose two interim packets for current user.
Correct. > Therefore IP leased for current user will be countered as expired and may be > leased for other user causing IP conflict error. That's why I suggested two times Acct-Interim-Interval would be a good choice. If one packet goes missing hopefully we'll be able to get the next one. If you're feeling paranoid you could use a big timeout value (e.g. 10x Acct-Interim-Interval), with the consequence that it will take longer before IP addresses used by stale sessions can be reused. > > I think there must be a mechanism to force check that IP is *really* > unused before freeing or 're lease' it. It's a tradeoff, really. In theory, you COULD write your own module that verifies whether a user is online. Kinda like what simultaneous use using radutmp & checkrad does, which performs checking using snmp/telnet/ssh to the NAS. However that would inflict heavy performance penalty. It might be acceptable if you only handle (for example) 10 AAA/minute, but it won't be feasible if you need to handle 10 AAA/second. For most practical purposes, the current sqlippool is good enough. Not perfect, but good enough. -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html