rlm_sql: Password in Accounting Packet

Thibault Le Meur Thibault.LeMeur at supelec.fr
Fri Dec 15 14:37:56 CET 2006


 

-----Message d'origine-----
De :
freeradius-users-bounces+thibault.lemeur=supelec.fr at lists.freeradius.org
[mailto:freeradius-users-bounces+thibault.lemeur=supelec.fr at lists.freeradius
.org] De la part de Marco Stuhl
Envoyé : vendredi 15 décembre 2006 13:47
À : FreeRadius users mailing list
Objet : Re: RE : RE : rlm_sql: Password in Accounting Packet


Here's the scenario.

I'd like to make one username for all users having/sharing same service
(e.g. users w/ service A all have username 'foo' with unique password for
every user). Now, the problem arises with accounting, or, to be more
precise, session reports that will be available for them to see and check
their past sessions.  
 
So the password can only be retreived for the Access-Request packet: use the
postauth query to record it, then use radacct to record accoutning
informations.


Since accounting (SQL schema) is based on unique username, I cannot make the
distinction between users. Also, I've noted (in past FR versions, though)
that it was possible for log files, since FR logged passwords there?  
 
Accounting is based on AcctSessionId (or AcctUniqueId, which can be computed
by a FR module). AFAIK, there is no assumption about the 'unique username'
thing: it is your session analyzer that makes such assumption.
 
If you want to differentiate users, you'll have to find rules that help map
attributes recorded in the radacct table with attributes recorded in the
postauth table: then a simple Join can help recover the true username. 
 
HTH,
Thibault

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20061215/963663fe/attachment.html>


More information about the Freeradius-Users mailing list