rlm_acct_unique
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Sat Aug 18 15:21:04 CEST 2012
On 18 Aug 2012, at 12:03, Brian Candler <B.Candler at pobox.com> wrote:
> A couple of minor comments about raddb/modules/acct_unique (in the v2.1.x
> branch at least)
>
> (1) "See doc/rlm_acct_unique for more information"
>
> That file doesn't exist. But there is man/man5/rlm_acct_unique.5
>
> (2) The default setting of
>
> acct_unique {
> key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
> }
>
> could be dangerous, because if you are receiving accounting via a network of
> proxies, you'll get different session IDs depending on which proxy each
> packet came through.
True. I think that's why it changed for 3.0... We should really get rid of acct_unique for 3.0, it offers no functionality over %{md5:}.
> In my opinion, it would be better to drop
> Client-IP-Address - and that would be consistent with the example in the
> rlm_acct_unique.5 manpage.
Should be:
User-Name, Acct-Session-Id, NAS-IP-Address, NAS-Identifier, NAS-Port, NAS-Port-ID
I'll change it once I find non spaghetti powered internet.
-Arran
More information about the Freeradius-Devel
mailing list