Matthias Nagel wrote: > This is correct, if one has some kind of key to identify a session that could > be used as a database index. But unfortunately there are a lot of > authenticators out there, that do not correctly generate radius accounting > session ids. Basicly I see three different types (despite the correct one): > > 1) Authenticators that do no send a session id at all (Acct-Session-Id is > empty) > 2) Those that always return the same session id (even if the user name > differs) > 3) Those that always return a new session id even if the requests > (start/update/stop) belong to the same session
Arran has a more technical response here. Mine is this: You were ripped off. Any reputable vendor would put a minimum of effort into creating a system that works. > I can see your point. Do you have any other suggestions to solve the issues? > (Changing the hardware is not going to happen.) Change the hardware. NOTHING else will work. Deciding to not change the hardware is ridiculous. The cost/benefit tradeoff just isn't there. (a) buy hardware that works for probably not too much money. Or (b) spend huge amounts of time and effort working around bugs in the crappy hardware. FreeRADIUS already has a number of hacks to work around partially broken systems. They should generally work, and they may even work for you. But you really need to toss your hardware in the garbage. It's crap. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html