> L.C. (Laurentiu C. Badea) > Sent: Wednesday, December 15, 2004 7:27 PM > > I feel uncomfortable with something happening with logging occured. First of all, I wanted to write "with NO logging occured" ;)
> > When talking about auth this might be ok, for acct it is > definitely not. > > My opinion is: waht couldn't get logged shouldn't happen and when > > replying before *trying* to log this cannot be garuateed. > performance > > shouldn't affect interity.. just my two cents ;) > > Yes and no. I wasn't actually thinking about the accounting > part, the initial > discussion buried somewhere in the earlier messages was about > authentication, > where this works. Sure, initally it was about accounting but while talking about doing things without logging I tend to see accurate accts also swim away :) > But since you brought this up, I would argue that this is not > so cut and dried > as you put it. There are situations where performance takes > precedence over > accounting. Nope, sorry but Radius or AAA in general for me always means that all three A's are 100% carried out. Or nothing. Logging is an integral part of this. That's not the opinion of everybody but it's one of the main things helping me choosing to favor freeradius. (i.e. in ACS, logging can completely die without "disturbing" the authentication - I always hated this behavior) > If you do need to make a choice though, would your priority > be to maintain > 100% reliability to the customers, or to make sure no minute > goes unbilled ? My choice is clear, I want to bill every minute. Now, there are indeed still some minutes getting not billed for one or another reason, mainly due to the loosely UDP acct itself. Bu let's take things further: Do you want to Access-Accept any user (or intruder) in case something goes wrong in auth or authz on a loaded server and let him in anyway ? I'm quite sure nobody wants this.. > Note that we aren't talking about all or nothing here, but > where you would you > rather take a small loss ? I'd accept the loss definitely rather in availability. When something goes wrong it should get noticed by users or monitoring and fixed. Anything else should part of failover. Testing auth against all realms with Nagios regular, getting notified and will have a chance to fix it. This is mainly based on my own (probably paraniod) security thoughts.. and basic for "security certifications" and such stuff, when the log is full, the process should stop. When the auth cannot be logged - stop. Finally, this surely depends on what your're doing with freeradius; authenticating 5 wlan-users in a small office, doing billing on cost centers inside a company - or authentication of users accessing dozens VPN's, firewalls and some mio dialup-minutes. when loosing 10% of either auth-log or acct here I'd have a problem with that - more than with performance. I at least like as it currently is, when there's a non-default option for this in future I also won't care. Maybe I've seen too many of other "sunshine" programs giving priority to "comfort" rather than accuracy, that I thought I had to take a word for freeradius here. Michael - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
