Accounting for nonexistent users / NAS ?
Phil Mayers
p.mayers at imperial.ac.uk
Tue Feb 14 12:08:57 CET 2012
On 14/02/12 10:59, justin76 at mac.com wrote:
> Thanks, i haven't used preacct before, in what module is this, can
> you send detailed solution? Sorry, i am only a beginner in writing
> customized things for freeradius.
This is a section in the standard virtual server config. If you look in
sites-enabled/default, you'll see:
authorize {
...
}
authenticate {
...
}
post-auth {
...
}
preacct {
...
}
accounting {
...
}
...and others. The sections are lists of modules, or "unlang" config
processing statements. See "man unlang".
>
> About the NAS: in our case, the client is in posession of the shared
> secret, but the NAS is set incorrectly. Also, we are using a global
> user database for hundreds of NAS clients, and we would like to avoid
> a situation when a NAS client is sending accounting information for
> an existing user as a hacker attempt, causing invalid usage data and
> causing users account to expire. In case the existing user is
> configured as a local user AND the hacker knows that a username
> exists in our radcheck table (or just use a username list for
> guessing), this can be easily done.
I'm sorry, I don't understand any of that.
If the NAS is "set incorrectly" why not fix the NAS?
More information about the Freeradius-Users
mailing list