Accounting for nonexistent users / NAS ?
Phil Mayers
p.mayers at imperial.ac.uk
Tue Feb 14 11:49:04 CET 2012
On 14/02/12 10:27, justin76 at mac.com wrote:
> Hi all,
>
> we are using freeradius with mysql.
>
> Accounting works fine, but we discovered that the server is doing
> accounting for users which don't exist at all in our system. They are
> probably local users but accounting information is sent to our
> servers.
>
> How do we allow accounting for only our users? The server should
> check whether the user is in the radcheck table as we only keep users
> that which have a valid account.
>
> How can this be achieved?
Well, possibly something like:
preacct {
update control {
Tmp-Integer-0 := %{sql:select 1 from radcheck where
username='%{User-Name}'}
}
}
accounting {
if (control:Tmp-Integer-0 == 1) {
detail
sql
# whatever
}
}
>
> Furthermore, it would be good if we could verify the NAS value so the
> server should only do accounting when the NAS is allowed.
I don't know what this means. If the NAS is "not allowed" then surely
it's not a valid client, so it doesn't have a shared secret?
More information about the Freeradius-Users
mailing list