Re: [RadiusNT] Suggestion for Concurrent Login

Denny Figuerres ( dennyf@inreach.com )
Fri, 18 Dec 1998 22:32:47 -0800 (PST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Previous message: DAN W TANG: "[RadiusNT] Suggestion for Concurrent Login"
Next message: Terry Bomersbach: "[RadiusNT] SQL DELETE STATEMENT"

Just a few ideas about this:

the radius protocoll describes how to authenticate a user and how to log a
session.

the "Nas" or terminal server does not talk to the radius server after the
session has started untill the session ends.

there are only a few times when you should have a bad CallsOnline status.
if you have an equipment failure or you are doing maintainence.
you could make it part of your procedure when talking a box off line that
you clear it's server ports table records. I suppose the hardware failure
could be handled with snmp ? have a network monitoring program that
checks for your box not responding to an snmp check. if it is down that
could trigger an SQL procedure to clear that box, flagg it in the database
and alert your staff to the problem with a page.

I think something like this is the way to handle the "stuck users" for
most occasions. you could also have an SQL procedure that runs as a server
task every N minutes or hours doing a "garbage run" the problem with this
is that you may have a user who figures out a way to abuse this and then
where are we?

after all what is the difference between a user who stays online and a
stuck user in your database? what are the criteria that will work?
remember that radius can not see wether the user is online after the start
record. only the nas can tell that.

if you start writing a program to talk to your nas you have problems with
having to modify the program to work with each change to each firmware in
each brand and model of nas.

-----------------------
Denny Figuerres
InReach Internet
MIS Manager

On Sat, 19 Dec 1998, DAN W TANG wrote:

> Dale,
>
> Currently on RADIUSNT 2.5, if it detect concurrent
> login over the login limits, it will reject the
> one which attempting to login. Could it be possible
> to just reject the previous login which has stay
> the longest and accept the one which is attempting
> to login. This way if a user show up on Emerald as
> connected but accurally did not, would be able to
> connect and we do not need to manully to check the
> Online TAB in Emerald (hopefully).
>
> regards,
>
> ------------------------------------------
> DAN W TANG
> Domain Internet Access
> -------------------------------------------
>
>

For more information about this list, including removal, please
see this URL: http://www.iea-software.com/maillist.html

Previous message: DAN W TANG: "[RadiusNT] Suggestion for Concurrent Login"
Next message: Terry Bomersbach: "[RadiusNT] SQL DELETE STATEMENT"