racct and radpostauth

Bjørn Mork bjorn at mork.no
Fri Sep 9 14:23:11 CEST 2011


Arran Cudbard-Bell <a.cudbardb at freeradius.org> writes:

> As Alan says your NAS won't generate Accounting-Requests if the RADIUS
> server rejects the user (unless its very broken).

Why would that be broken?  

Yes, I do see that you can trigger RADIUS accounting traffic without
authenticating, but the additional load (both for NAS and RADIUS server)
is probably negligible compared to the failed authentication anyway.

Some NASes will let you configure acct stop on reject.  See e.g.
http://www.juniper.net/techpubs/en_US/junos11.2/topics/reference/configuration-statement/accounting-stop-on-access-deny-802-1x.html



Bjørn




More information about the Freeradius-Users mailing list