Hi, whenever a user successfully logs in, I want to send a custom accounting packet with derived information to a server. Is there a way to do that from the config directly? I have searched for some time now but couldn't find anything like that... Right now I'm using a script that uses the "Authen::Radius" Perl module, but I want to get rid of this solution. If there's no built-in mechanism, my plan would be to write a module that uses libfreeradius.so's library functions (and already initialized dictionaries etc.) to create a queue, send a packet etc. -- are there any problems with this approach? Functions like fr_packet_list_create(), rad_send(), fr_packet_list_recv() etc. are all reentrant, aren't they? Any hints are appreciated. Thanks! Julius
Julius Plenz wrote:
whenever a user successfully logs in, I want to send a custom accounting packet with derived information to a server. Is there a way to do that from the config directly?
No.
I have searched for some time now but couldn't find anything like that... Right now I'm using a script that uses the "Authen::Radius" Perl module, but I want to get rid of this solution.
That works. I'd keep it for now.
If there's no built-in mechanism, my plan would be to write a module that uses libfreeradius.so's library functions (and already initialized dictionaries etc.) to create a queue, send a packet etc. -- are there any problems with this approach?
Threading. Event handling, timers, etc.
Functions like fr_packet_list_create(), rad_send(), fr_packet_list_recv() etc. are all reentrant, aren't they?
No. The fr_packet_list* functions aren't thread-safe. One of the things we're looking at is making the core a little more generic. Right now, the server can receive an Access-Request, and originate a CoA packet. It can't originate an Accounting-Request packet. Fixing that requires a series of careful changes. But it's a fair amount of work, and likely won't be in 3.0.x. For now, I'd suggest keeping the Perl solution. It's fine until you get 10K+ packets/s. Alan DeKok.
Hi,
I have searched for some time now but couldn't find anything like that... Right now I'm using a script that uses the "Authen::Radius" Perl module, but I want to get rid of this solution.
you could do something more dirty.....like configure one of the remote accounting modules (that reads the detail file) so that it can throw accounting packets to the server you want - and then just squirt stuff into the detail file. alan
participants (3)
-
A.L.M.Buxey@lboro.ac.uk -
Alan DeKok -
Julius Plenz