I thought that you verified it with SNMP. Hmm.. this is an ISDN
problem, and IIRC, the only way to tell a multilink from a multiple
login is to compare the IP address. This bug causes the hypothetical
"who's on" database to falsely contain a START record for which a STOP
is never received. Therefore, when the user logs out and back in,
unless they happen to get the same IP, the system would assume that
they are already logged on and refuse them access.
A "really smart" RADIUS server would presumably fail to authenticate
the second B channel in the first place because it knows what
Session-Limit=1 means. That's what I'm considering doing here just to
keep the database more in sync, though it's not critical as SNMP
prevents it from breaking anything. It's just a matter of being
smarter when parsing the logs later.
-- = Christopher Masto = chris@netmonger.net = http://www.netmonger.net/ = = NetMonger Communications = finger for PGP key = $19.95/mo unlimited access = = Director of Operations = (516) 221-6664 = mailto:info@netmonger.net ="... who'd want a lossy TIFF?" -- Kibo - To unsubscribe, email 'majordomo@livingston.com' with 'unsubscribe portmaster-users' in the body of the message.