rlm_acct_unique

Arran Cudbard-Bell a.cudbardb at freeradius.org
Sat Aug 18 15:21:04 CEST 2012


On 18 Aug 2012, at 12:03, Brian Candler <B.Candler at pobox.com> wrote:

> A couple of minor comments about raddb/modules/acct_unique (in the v2.1.x
> branch at least)
> 
> (1) "See doc/rlm_acct_unique for more information"
> 
> That file doesn't exist. But there is man/man5/rlm_acct_unique.5
> 
> (2) The default setting of
> 
> acct_unique {
>       key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
> }
> 
> could be dangerous, because if you are receiving accounting via a network of
> proxies, you'll get different session IDs depending on which proxy each
> packet came through.

True. I think that's why it changed for 3.0... We should really get rid of acct_unique for 3.0, it offers no functionality over %{md5:}.

> In my opinion, it would be better to drop
> Client-IP-Address - and that would be consistent with the example in the
> rlm_acct_unique.5 manpage.

Should be:

User-Name, Acct-Session-Id, NAS-IP-Address, NAS-Identifier, NAS-Port, NAS-Port-ID

I'll change it once I find non spaghetti powered internet.

-Arran



More information about the Freeradius-Devel mailing list