On 18 Aug 2012, at 12:03, Brian Candler <B.Candler@pobox.com> wrote:
A couple of minor comments about raddb/modules/acct_unique (in the v2.1.x branch at least)
(1) "See doc/rlm_acct_unique for more information"
That file doesn't exist. But there is man/man5/rlm_acct_unique.5
(2) The default setting of
acct_unique { key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" }
could be dangerous, because if you are receiving accounting via a network of proxies, you'll get different session IDs depending on which proxy each packet came through.
True. I think that's why it changed for 3.0... We should really get rid of acct_unique for 3.0, it offers no functionality over %{md5:}.
In my opinion, it would be better to drop Client-IP-Address - and that would be consistent with the example in the rlm_acct_unique.5 manpage.
Should be: User-Name, Acct-Session-Id, NAS-IP-Address, NAS-Identifier, NAS-Port, NAS-Port-ID I'll change it once I find non spaghetti powered internet. -Arran