On Tue, Feb 14, 2012 at 6:31 PM, Phil Mayers <p.mayers@imperial.ac.uk> wrote:
On 14/02/12 11:18, justin76@mac.com wrote:
NAS are set up by partner companies all around the world. We can tell them to fix the NAS but maybe it can take weeks and we don't want to allow misconfigured NAS in the accounting at all.
Freeradius can perform arbitrary processing, to ignore or accept packets. You need to:
1. Write down a policy showing which requests you want to permit, based on which attributes
... and that is often the hardest part. Really. IMHO it's easier to just do something like this: - give out unique shared secret for each NAS - log NAS IP address (e.g. Packet-Src-IP-Address) on radacct (either by overwriting an existing column, or add a new one) - handle user complains if and when they come. If a user complains that their quota is used incorrectly, and you can trace that the NAS is misbehaving (or hacked, although unlikely) by looking at records on radacct, then simply ban the NAS. It's the least-effort method to get what you want. -- Fajar