Accoiunting proxy Issue

Mon Nov 27 14:38:50 CET 2017

On Nov 26, 2017, at 3:28 PM, Richard J Palmer <richard at merula.net> wrote:
> However the firebrick does not provide the username in interim updates or stop messages - which means that the proxy based on realm fails (the username / realm is not there).

  That's just stupid.  I mean, how hard is to to follow a spec which was written 20 years ago?

> Is there a way using unlang to proxy these - I was looking at the lines in detail - we do also have the records in our SQL server and from the AcctSessionID I can look up the username which is possible
> 
> I do have one other possibility. The Interim updates have a field:
> Chargeable-User-Identity = "XXXXX"
> Which  I can set as part of the auth process (I already add some fields in post_proxy). Is there a way in FreeRadius to inspect this field in a accounting packet and if set to 'resellerx' set the packet to be sent to their proxy / home server ?

  You can do anything in "unlang".

- in "post-auth", create a Chargeable-User-Identity
- store the Chargeable-User-Identity and User-Name into the radacct table via an SQL statement

- in "preacct", look up Chargeable-User-Identity in SQL, and get the User-Name

  The simple way is to just mangle the incoming packet (no one cares about this by the time post-auth is called):

post-auth {
	...
	... create Chargeable-User-Identity in the reply ...
	...

	update request {
		Acct-Status-Type = Start			# pretend we're starting a session
		Chargeable-User-Identity := &reply:Chargeable-User-Identity 
		... anything else you need...
	}
	sql.accounting			# store the packet into radacct
	...
}

  and then in preacct:

preacct {
	...

	if (!User-Name && Chargeable-User-Identity) {
    		update request {
			User-Name := "%{sql:SELECT username from radacct where cui = %{Chargeable-User-Identity}
		}

	}

	... and proxying, suffix, etc.

}

  You'll need to add a ''cui' column to the radacct table.  And, update the accounting 'start' query to store Chargeable-User-Identity in the 'cui' column.

  But that's about it.  The details matter, but it's not *too* complex.

  Alan DeKok.