Здравствуйте, Fajar. Вы писали 20 декабря 2011 г., 9:37:41:
FAN> 2011/12/20 Коньков Евгений <kes-...@yandex.ru>: >> I see that expire_time keep updated while radiusd will receive >> interim-update packets. BUT radius listen on UPD port and this >> mean that: no garantee that server will receive interim-update packet. So >> there >> is a chance to lose two interim packets for current user. FAN> Correct. >> Therefore IP leased for current user will be countered as expired and may be >> leased for other user causing IP conflict error. FAN> That's why I suggested two times Acct-Interim-Interval would be a good FAN> choice. If one packet goes missing hopefully we'll be able to get the FAN> next one. If you're feeling paranoid you could use a big timeout value FAN> (e.g. 10x Acct-Interim-Interval), with the consequence that it will FAN> take longer before IP addresses used by stale sessions can be reused. I have Acct-Interim-Interval = 300 And I have script that ckeck zombie sessions once per 15min Date: Sun, 18 Dec 2011 21:15:01 +0000 (UTC) $VAR1 = [ { 'NASPORT' => 193, 'ID' => 1221104, 'USERNAME' => '10228', 'TERMINATECAUSE' => 'OnLine', 'FRAMEDIPADDRESS' => '192.168.16.195', 'SESSIONID' => 'dfe6caf212e8f842', 'BILL' => undef, 'BYTESOUT' => '53208742', 'STARTTIME' => '2011-12-18 19:02:49', 'CALLTO' => '10.5.0.17', 'STOPTIME' => '2011-12-18 20:49:03', 'BYTESIN' => '9158505', 'CALLFROM' => '10.7.30.58 / 00:24:54:5d:1a:b5 / vlan76', 'ONLINETIME' => 6375 } ]; It check 'OnLine' and STOPTIME more that 15min (3times AcctInterimInterval) As you see 20:49:03 was last acct-interim-interval was received script was runned at 21:15:01 so 25min are passed from last AcctInterimInterval it is 5times. Per day I get about from 5 to 10 such sessions. It is noising ( NAS server and freeradius both are on localhost and there is about 50%Idle on CPU there are about 200-300users online with 5min acctInterimInterval. Is it possible to force FreeRadius to listen on TCP port? >> >> I think there must be a mechanism to force check that IP is *really* >> unused before freeing or 're lease' it. FAN> It's a tradeoff, really. In theory, you COULD write your own module FAN> that verifies whether a user is online. Kinda like what simultaneous FAN> use using radutmp & checkrad does, which performs checking using FAN> snmp/telnet/ssh to the NAS. However that would inflict heavy FAN> performance penalty. It might be acceptable if you only handle (for FAN> example) 10 AAA/minute, but it won't be feasible if you need to handle FAN> 10 AAA/second. FAN> For most practical purposes, the current sqlippool is good enough. Not FAN> perfect, but good enough. -- С уважением, Коньков mailto:kes-...@yandex.ru - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html