Radacct Reused ?

Oscar oscar at jofre.com
Sat Apr 20 00:40:58 CEST 2019 

Hi,

I've serch and found the pice of code that I think creates the unique id

     update request {
               &Tmp-String-9 := "${policy.class_value_prefix}"
        }

        if (("%{hex:&Class}" =~ /^%{hex:&Tmp-String-9}/) && \
            ("%{string:&Class}" =~ /^${policy.class_value_prefix}([0-9a-f]{32})/i)) {
                update request {
                        &Acct-Unique-Session-Id := "%{md5:%{1},%{Acct-Session-ID}}"
                }
        }

        #
        #  Not All devices respect RFC 2865 when dealing with
        #  the class attribute, so be prepared to use the
        #  older style of hashing scheme if a class attribute
        #  is not included
        #
        else {
                update request {
                        &Acct-Unique-Session-Id := "%{md5:%{User-Name},%{Acct-Session-ID},%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}}"
                 }
        }
}

I'm trying to understand why acctuniqueid=6cf28675aa2c38a046d7f46f65e36e72 has been created again
and can't follow this code.

Where and what is the class I gess {%1} ? hex:&Class ? string:&Class ?

I think if in my case we go throw:
                        &Acct-Unique-Session-Id := "%{md5:%{User-Name},%{Acct-Session-ID},%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}}"

Then unique id can be reused because user-name and rest of values can be the same. 

Where comes the Acct-Session-ID ?


Sorry for too many questons ... but try to figure out how it works.


Thanks,




Thanks,


-----Mensaje original-----
De: Freeradius-Users <freeradius-users-bounces+oscar=jofre.com at lists.freeradius.org> En nombre de Alan DeKok
Enviado el: viernes, 19 de abril de 2019 23:50
Para: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Asunto: Re: Radacct Reused ?

On Apr 19, 2019, at 5:39 PM, Oscar <oscar at jofre.com> wrote:
>>> The debug output shows you when / where it's calculated.
> 
> I'm running on a production environment can't run radiusd -X.

  You can always run it on a different port.  See the documentation.

> Can you help me on where it is calculated ?

  You *can* search the configuration files.  Look for "acctuniqueid" or "Acct-Unique-Session-Id"

  Searching configuration files for text is a basic sysadmin skill.

>>> Why not upgrade to 3.0.19?
> 
> When I migrate to AWS I jump from centos 7 to Amazon Linux
> 	VERSION="2"
> 	ID="amzn"
> 	ID_LIKE="centos rhel fedora"
> 	VERSION_ID="2"
> 	PRETTY_NAME="Amazon Linux 2"
> 
> I did try to compile and install I think it was 3.0.17 by the time I 
> did the migration but could not fix compile errors and I did install the repo version 3.0.13 I think still the same version on the repo.

  There are pre-built packages on my companies web site:  https://networkradius.com/freeradius-packages/

> I did check logs changes from 3.0.13 to 3.0.19 and couldn't see anything from any fix about 'acctuniqueid'. 
> 
> Do you think the version 3.0.13 could be the problem on the reuse of 'acctuniqueid' ?

  I have no idea.

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list