Working with data used at authentication time during accounting

Marki jm+freeradiususer at roth.lu
Mon Mar 15 21:16:03 CET 2021


Hello,

During authentication/authorization Radius queries our backend for 
validity of the user (exec modules), which return several response 
attributes to Radius and in consequence to the NAS.

Now, if possible, I would like to re-use some of that information at 
accounting stage. The thing is that I'm proxying the NAS' accounting 
packets to another firewall for SSO access, which also requires that 
information. The NAS doesn't remember the custom attributes from 
authentication response and doesn't include them in the accounting 
request. Probably, it doesn't have or need to. Still, I have to add them 
back in somehow .

Of course I could just ask the backend again, to obtain the same 
information, but maybe it's possible without that. Less scripts, you know.

Maybe there's no magic here which I'll gladly accept. :) I thought that 
since the server seems to know during challenge-response at 
authentication time which session is which, there may be a way here too. 
Don't hang me if that's not the case and these things are unrelated.

I see that the NAS transmits an audit-session-id which is identical in 
both the authentication and accounting packets. Maybe I could leverage 
that. But still both worlds (authentication/accounting) would somehow 
need to share some data.

Thanks,
Marki



More information about the Freeradius-Users mailing list