Hello Mark -
As per my previous mail, I don't think what you are proposing is really what
you want to do.
Again - the only problem you have at the moment is a missing Stop record.
Setting the DefaultLeasePeriod and the LeaseReclaimInterval to reasonable
values for your installation is the preferred method of reclaiming stale
addresses.
Second - you can trap NAS-Error and similar problem packets in a special
Handler. This is the preferred approach for dealing with these sorts of
problems.
Third - introducing an intermediate state of 1 causes a race condition which
will undoubtedly create duplicate addresses, as there is a timing window
between the Access-Accept and the Accounting-Start in which an IP address that
has been allocated but not yet confirmed can be re-allocated. It seems to me
more prudent to err on the side of sensible routing and let the
LeaseReclaimInterval deal with addresses that are really stale.
hth
Hugh
On Thu, 20 Jul 2000, Orcon Network Coordinator, Mark Mackay wrote:
> Thanks for the reply Hugh. I'll describe a bit more what I envisage (and see
> if that is where the Radiator code is heading - or if I can nudge it in that
> direction):
>
>
> For the AddressAllocator code:
>
> 1) Access-Request comes in
> - standard auth/etc methods
>
> - AddressAllocator code called:
> - sets STATE=1 (allocated) for the relevant RADPOOL YIADDR entry
>
> - Access-Accept returned (with IP-YIADDR added to the reply)
>
>
> 2) Accounting-START-Request comes in
> - standard accounting code called
>
> - AddressAllocator code called
> - sets STATE=2 (confirmed) for the relevant RADPOOL YIADDR entry
>
> - Accounting-Accepted returned
>
> 3) Accounting-STOP-Request comes in
> - standard accoutning code called
>
> - AddressAllocator code called
>
> - if Terminate-Cause = NAS-Error (or similar hint for double-
> assigned connection), code is Ignored (and IP left to expire)
> - else, set STATE=0 (free) for the relevant YIADDR
>
> -------------------------
>
> Global notes about the AddressAllocator code:
>
> - first: YIADDR is chosen from STATE=0 in oldest-date order
> - second: (if no STATE=0), oldest-date STATE=1 is used (ie. address
> allocated, but Start packet not received)
> - third: no addresses (STATE=0 or 1) -- thus return error. As a side note,
> would be good to have a Hook available here to mail the administrator, set
> an SNMP error or something.
>
> - other parameters (such as Lease/Expire after 24 hours/etc to still apply)
> - also, might be good to catch a 'Framed-IP-Address-xx.xx.xx.xx' in a reply
> packet and to set the YIADDR=1/2 for that ip. (so that a static IP
> assignment leases a 'RADPOOL' address if it doubles up. [not necessary with
> structured ip address pools, but a good addition perhaps].
>
>
> Hope this explains it a bit more, and I don't see the code to be too hard to
> implement. I'd be happy to take a bash at it if there's not any changes
> planned to the code in the near future from your end -- but I'll confess I'm
> not that up to the play on object-perl programming]
>
> Appreciate your feedback either way (ie. not likely or is likely to be
> implemented), as I'll probably need to put some of this functionality into
> my config soon - and may need to right to the RADPOOL database through
> existing hooks.
>
> .........................................................................
>
> Mark Mackay,
> Network Coordinator,
> Orcon Internet.
>
>
> ===
> Archive at http://www.starport.net/~radiator/
> Announcements on [EMAIL PROTECTED]
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
