Accounting response with attributes

Alan DeKok aland at deployingradius.com
Wed Jan 14 21:31:30 CET 2015 

On Jan 14, 2015, at 2:47 PM, Chandan Kumar <chandan.kumar at noviflow.com> wrote:
> Thanks, I will browse through the examples and see if I could get it work. Moreover, I was looking through old archive emails related to "accounting response" and I found repetitively you mentioned that sending attribute values in accounting response is not a good idea [for compatibility purpose] even though RFC does not specificity bars it.

  RFC 2866 says:

5.13.  Table of Attributes

   The following table provides a guide to which attributes may be found
   in Accounting-Request packets.  No attributes should be found in
   Accounting-Response packets except Proxy-State and possibly Vendor-
   Specific.

  So that’s pretty clear.

> Being a novice in RADIUS I am not aware of other ways to pull these information [such as Acct-Terminate-Cause (with reason code),Acct-Session-Time and other attribute values ] from the FreeRADIUS server,

  I have no idea what that means.

  You don’t “pull” any attributes from the server.  The NAS sends attributes to the server, and the server processes them.  Most attributes such as Acct-Session-Time belong in the Accounting-Request packet.  There is NO REASON for them to exist in an Accounting-Response packet.  They will have NO MEANING in that packet.

  I have to ask.. why do you need these attributes in the Accounting-Response?  What will the NAS do with them?

> if I want to make my Linux client(NAS) to be compatible across different RADIUS servers [FreeRADIUS and other RADIUS servers]

  PLEASE don’t write your own RADIUS client.  It’s a terrible idea.  Use freeradius-client:

https://github.com/FreeRADIUS/freeradius-client/

  I also have no idea what you mean by “compatible across different RADIUS servers”.  RADIUS servers don’t send attributes in Accounting-Response packets.  If your NAS requires that, your NAS is wrong, and it WILL NOT be compatible with any RADIUS server.

  I really can’t make this any clearer.  Putting attributes into Accounting-Response packets is *completely wrong*.  There is no reason *ever* do it.

  Please explain WHY you’re doing this.  And what the NAS is doing with those attributes.  Odds are that your assumptions about RADIUS are wrong.  And as a result, your implementation is wrong, too.

  Alan DeKok.

More information about the Freeradius-Users mailing list