Questions on the finer points of CUI

Scott Armitage S.P.Armitage at lboro.ac.uk
Thu Jun 28 09:07:17 CEST 2012 

All,

I was after some clarification about the implementation of CUI in freeRADIUS.  

My first point is the use of Client IP Address. I notice that client IP Address makes a regular appearance but I'm wondering whether it should.  Looking at the cui.conf the post-auth insert adds the Client IP Address.

postauth_query = "INSERT IGNORE INTO ${cui_table} \
	(clientipaddress, callingstationid, username, cui, lastaccounting) \
        VALUES \
	('%{Client-IP-Address}', '%{Calling-Station-Id}', '%{User-Name}', '%{reply:Chargeable-User-Identity}', NULL) ON DUPLICATE KEY UPDATE lastaccounting='0000-00-00 00:00:00', cui='%{reply:Chargeable-User-Identity}'";

likewise the schema (in cui.sql) even has the Client IP Address as a primary key which to me seems wrong.  In the world of eduroam my RADIUS server can proxy off to one of 3 National Proxies each will have a different Client IP Address, therefore a single client could have 3 entries in the cui table depending upon which National proxy dealt with the request.  I don't see the point of the Client IP Address being in there.  If each home server is using a salt (together with the operator name) then even the same username and calling station id will return a different CUI for different home servers.  Maybe some could explain what I'm missing and why the Client IP Address is there?

Staying with the Client IP Address, my next point surrounds the Accounting.  The cui.conf shows that accounting updates the table using Client IP Address in the search:

accounting_start_query = "UPDATE ${cui_table} \
	SET \
                lastaccounting = CURRENT_TIMESTAMP \
	WHERE clientipaddress = '%{Client-IP-Address}' \
        AND callingstationid = '%{Calling-Station-Id}' \
        AND username = '%{User-Name}' \
	AND cui = '%{Chargeable-User-Identity}'";

How would this work?  The NAS doesn't know what the Client IP Address is and doesn't send it in Accounting packets.  

Finally, why does the Accounting stop for cui remove the cui from the database:

accounting_stop_query = "DELETE FROM ${cui_table} WHERE \
	clientipaddress = '%{Client-IP-Address}' \
	AND callingstationid = '%{Calling-Station-Id}' \
	AND username = '%{User-Name}' \
	AND cui = '%{Chargeable-User-Identity}'";


Surely I'd want to keep this?  If 2 weeks later I get a copyright infringement notice for a client, I'd want the CUI when contacting the home site of the user.


Thanks


Scott Armitage


-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 203 bytes
Desc: This is a digitally signed message part
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20120628/604a0b2e/attachment.pgp>

More information about the Freeradius-Users mailing list