劉君羿 wrote: > I want to allow simultaneous use of accounts. > However, *RFC 2866 *says that the* Acct-Session-Time* > > can only be present in Accounting-Request records where the > Acct-Status-Type is set to Stop [Page 17] > > > Does this mean that RADIUS protocol can not manage simultaneous use of > an account?
It means that RADIUS does accounting for each session individually. > For example, an account with *Session-Timeout *2 hours is shared by two > users. > User1 login first and use the account for 1 hour, > user2 then login (user1 still accessing the account), > then user2 turns out two have *2 hours*, which is wrong and is because > that user1 not yet send Acct-Session-Time to the server. This is really a problem for the NAS. If the NAS doesn't send interim updates, then you can't do what you want. > If RADIUS is not suit for the scenario above, should I try other > protocols such as DIAMETER and TACACS+? The other protocols will be just like RADIUS. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
