Accounting response with attributes
chandan.kumar at noviflow.com
Wed Jan 14 21:49:54 CET 2015
On 01/14/2015 03:31 PM, Alan DeKok wrote:
> On Jan 14, 2015, at 2:47 PM, Chandan Kumar <chandan.kumar at noviflow.com> wrote:
>> Thanks, I will browse through the examples and see if I could get it work. Moreover, I was looking through old archive emails related to "accounting response" and I found repetitively you mentioned that sending attribute values in accounting response is not a good idea [for compatibility purpose] even though RFC does not specificity bars it.
> RFC 2866 says:
> 5.13. Table of Attributes
> The following table provides a guide to which attributes may be found
> in Accounting-Request packets. No attributes should be found in
> Accounting-Response packets except Proxy-State and possibly Vendor-
> So that’s pretty clear.
>> Being a novice in RADIUS I am not aware of other ways to pull these information [such as Acct-Terminate-Cause (with reason code),Acct-Session-Time and other attribute values ] from the FreeRADIUS server,
> I have no idea what that means.
> You don’t “pull” any attributes from the server. The NAS sends attributes to the server, and the server processes them. Most attributes such as Acct-Session-Time belong in the Accounting-Request packet. There is NO REASON for them to exist in an Accounting-Response packet. They will have NO MEANING in that packet.
> I have to ask.. why do you need these attributes in the Accounting-Response? What will the NAS do with them?
I am looking for a way to have the Accounting/Billing information [such
as session time, reason for disconnection, packet transferred etc ]
available at the NAS (Linux Client).
>> if I want to make my Linux client(NAS) to be compatible across different RADIUS servers [FreeRADIUS and other RADIUS servers]
> PLEASE don’t write your own RADIUS client. It’s a terrible idea. Use freeradius-client:
Thanks. I am using pam_radius_auth.so module. I will also explore
> I also have no idea what you mean by “compatible across different RADIUS servers”. RADIUS servers don’t send attributes in Accounting-Response packets. If your NAS requires that, your NAS is wrong, and it WILL NOT be compatible with any RADIUS server.
> I really can’t make this any clearer. Putting attributes into Accounting-Response packets is *completely wrong*. There is no reason *ever* do it.
> Please explain WHY you’re doing this. And what the NAS is doing with those attributes. Odds are that your assumptions about RADIUS are wrong. And as a result, your implementation is wrong, too.
Basically all accounting information is available on the RADIUS server,
I am looking for a way if I could make those accounting information
[session time, reason for disconnection, packet transferred etc]
available at the NAS (Linux client). Including vendor specific
attributes if available.
> Alan DeKok.
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users