No accounting Freeradius + EAP/PEAP/TLS

A.L.M.Buxey at lboro.ac.uk A.L.M.Buxey at lboro.ac.uk
Thu Mar 12 13:17:56 CET 2009


Hi,

> The Zinwell manual didn't say anything about enabling account. My Freeradius is configured with default values, only things I changed was to use EAP/PEAP and freeradius, at radius database I configured tables NAS, Usergroup, radcheck ang groupreply(Auth-Type:=EAP).

if it doesnt mention it, how do you know it can do it?

you're only real choice is to sniff ALL the traffic on the wire
from the zinwell and see what the heck its sending. if it doesnt
send any accounting then theres nothing magical that FreeRADIUS
(or any other RADIUS server) can do - as the RADIUS server
doesnt tell the NAS to 'oi, send me stuff!' - the NAS is configured
to do accounting and then where to send it.  if its good, the NAS
sends accounting packets as per the RFCs.....but from personal
experience 90% of devices out there break accounting in wierd
and wonderful ways..be it cisco, hp, 3com, zyxel, hauwei etc.

once you DO get accounting packets to the RADIUS server, then thats
when the real fun begins!  ("oh, but i wanted unique per client
sessions that could be matched to the real user!"  argggh! ;-) )

alan



More information about the Freeradius-Users mailing list