On 14/02/12 10:59, justin76@mac.com wrote:
Thanks, i haven't used preacct before, in what module is this, can you send detailed solution? Sorry, i am only a beginner in writing customized things for freeradius.
This is a section in the standard virtual server config. If you look in sites-enabled/default, you'll see: authorize { ... } authenticate { ... } post-auth { ... } preacct { ... } accounting { ... } ...and others. The sections are lists of modules, or "unlang" config processing statements. See "man unlang".
About the NAS: in our case, the client is in posession of the shared secret, but the NAS is set incorrectly. Also, we are using a global user database for hundreds of NAS clients, and we would like to avoid a situation when a NAS client is sending accounting information for an existing user as a hacker attempt, causing invalid usage data and causing users account to expire. In case the existing user is configured as a local user AND the hacker knows that a username exists in our radcheck table (or just use a username list for guessing), this can be easily done.
I'm sorry, I don't understand any of that. If the NAS is "set incorrectly" why not fix the NAS?