FR and accounting question
Alan DeKok
aland at deployingradius.com
Thu May 30 13:24:45 CEST 2019
On May 30, 2019, at 7:15 AM, dg <dg at poczta.tarman.pl> wrote:
> i have question about accounting in freeradius (3.0.18)
>
> i notced in sql table radacct that from time to time i have as a "username"
> host/DELL-LAPBD5 logged.
> so in file /etc/raddb/policy.d/filter i put
>
> if (User-Name =~ /^host/) {
> update request { Module-Failure-Message += 'Rejected: banned host'
> }
> reject
> }
>
> not i have "Access-Reject" and username starting with "host" are denied.
OK.
> But anyway when i check accouting host/DELL-LAPBD5 still is appears (with some
> data downloaded).
> How it this possible that username is Rejected but can download data from
> network (browsing websites etc.. ) and appears in accounting ??
Because authentication and accounting are two different things.
The NAS sends accounting data. The server just logs it.
> I thought that if someone is Rejected should not be able to download data from
> internet.
Yes.
Are you sure that they are rejected? Log all Access-Accepts going to the NAS, and see if any of them are for that host.
Alan DeKok.
More information about the Freeradius-Users
mailing list