> >so imagine user X logs into a NAS and his start record goes to
> >radiusd1. He then logs out, and for some reason, his stop record goes to
> >radiusd2.
> Why use multiple radius servers ? for performance ?
Yes. Such as distributing load of radius servers across your
dial-up network which also saves bandwidth having to check your main
server every time someone logs in at a remote POP.
> When we detect a multiple login (by means of allreadu logged on the
> radutmp file) we double check with SNMP to double check if it's really
> so. Since the user is allready logged out on that portmaster he gets
> access again.
Sounds good to me - the snmp check isn't even needed if you don't see the
user isn't in the utmp database for Radius.. Then again what if they got
in and it didn't keep track of them right (dunno why hmm.. missing start
records? hope not).
> >I wouldn't trust this sort of thing unless radiusd1 and radiusd2 could
> >somehow communicate every few minutes or less to keep the state info in
> >sync.
>
> IMHO that's not necessary
Why not? If you have dual radius servers for a city lets say and half of
the PM's go to one and the other half go to the other then you need to
keep them in sync. to know who is logged in and who isn't to prevent
multi-logins.
- Steve
- Systems Manager
- Community Internet Access, Inc.
- Gallup and Grants, New Mexico
-
To unsubscribe, email 'majordomo@livingston.com' with
'unsubscribe portmaster-users' in the body of the message.