[snip]
Thanks a bundle for that, I was about to whack my head against the screen here and type "man unlang". ;)
If you're still getting duplicates, check that the NAS is actually sending the value of the Class attribute. Vendors are notoriously bad for ignoring the RFC in this area.
Yeah, never mind that we are talking to proxy servers upstream which in turn may talk to other proxy servers (nobody knows) which ultimately talk to the NAS (BRAS) in question.
You might have more luck concatenating the random string with the User-Name and sending that in the Access-Accept. Then stripping it out again when you receive accounting requests. post-auth { update reply { User-Name := "%{User-Name}:%{Acct-Unique-ID}" } ... } -- preacct { ... if(User-Name =~ /([^:]+)(:([[:alnum:]]*))?/){ update request { Acct-Session-ID := "%{Acct-Session-ID}%{3}" User-Name := "%{1}" } } } It's a more commonly used feature so is more likely to work :)
I have seen those quickly recycled Acct-Session-Id's only with one location it seems, other people with twice the connects never had their IDs re-used in the same sample period. So my bet is that this particular NAS will also happily ignore the Class attribute. ^o^
Yey for standards *sigh*.
But nevertheless, a very useful configuration snippet that would do well in a future sample configuration.
Thanks, i'll poke Alan and see if he wants to include it. It'd be nice to have a generic hashing module for string expansions and not have to do some much unlang hackyness, useful for CUI too.
Thanks again for the quick and comprehensive response
No problem. Best of luck ! Arran -- Arran Cudbard-Bell (A.Cudbard-Bell@sussex.ac.uk), Authentication, Authorisation and Accounting Officer, Infrastructure Services (IT Services), E1-1-08, Engineering 1, University Of Sussex, Brighton, BN1 9QT DDI+FAX: +44 1273 873900 | INT: 3900 GPG: 86FF A285 1AA1 EE40 D228 7C2E 71A9 25BB 1E68 54A2