Stefan Winter wrote:
is that implemented in FR, be it 1.1 or 2.0? According to http://wiki.freeradius.org/RFC it shouldn't be.
It's in the dictionaries...
From my reading of the RFC, defining it "by hand" in radreply is not considered good enough, because it has a specific logic behind it:
(2.1)
If a home RADIUS server that supports the CUI attribute receives an Access-Request packet containing a CUI (set to nul or otherwise), it MUST include the CUI attribute in the Access-Accept packet.
That can be done via policy logic in "unlang". if ("%{Chargeable-User-Identifier}") { update reply { Chargeable-User-Identifier = .... } }
So, always sending it via radreply would ignore the SHOULD NOT. Not defining it at all though makes it difficult for the server to maintain a persistent yet anonymous handle. So something like defining it by hand but only including it if it was asked for would be needed. Is that logic present in FR?
Nope. It's 4 lines of text, as above. The only complexity is *creating* it, and mapping it to a known user. This can be done via additional logic, and stored in SQL, for example. Alan DeKok.