Can Radius pass client ip details to Windows AD during ntlm authentication ?.

A.L.M.Buxey at lboro.ac.uk A.L.M.Buxey at lboro.ac.uk
Mon Mar 14 10:56:48 CET 2016


Hi,

> Interesting, RADIUS server is doing the accounting. WLC have the option to set accounting packets to another server. To which Server the WLC should send Accounting packets to ?.

the server that you have configured for accounting, want to store info on, or have other purposes/requirements
(eg sending to eg Palo Alto firewall for granting access/holes).   FreeRADIUS has a 'accounting copy' virtual server
which will forward accounting to another system - so you can store stuff on RADIUS server *and* send it elsewhere
if you want - meaning your WLC dont have to be reconfigured and other services dont need to be reconfigured to have the 
WLC as clients

> Here is RADIUS accounting log. 

why? we've all seen these nasty things before ;-)

note, it has a client IP address in - because NAS tend to send interim-update accounting packets
once the DHCP has occured or, if static IP, once the first packets are sent.  RADIUS accounting
has end client IP address details.  auth packets dont  (as the client doesnt have an IP *until* its
well past the auth stage).

alan


More information about the Freeradius-Users mailing list