Accounting response with attributes

Chandan Kumar chandan.kumar at noviflow.com
Wed Jan 14 21:49:54 CET 2015 

On 01/14/2015 03:31 PM, Alan DeKok wrote:
> On Jan 14, 2015, at 2:47 PM, Chandan Kumar <chandan.kumar at noviflow.com> wrote:
>> Thanks, I will browse through the examples and see if I could get it work. Moreover, I was looking through old archive emails related to "accounting response" and I found repetitively you mentioned that sending attribute values in accounting response is not a good idea [for compatibility purpose] even though RFC does not specificity bars it.
>    RFC 2866 says:
>
> 5.13.  Table of Attributes
>
>     The following table provides a guide to which attributes may be found
>     in Accounting-Request packets.  No attributes should be found in
>     Accounting-Response packets except Proxy-State and possibly Vendor-
>     Specific.
>
>    So that’s pretty clear.
>
>> Being a novice in RADIUS I am not aware of other ways to pull these information [such as Acct-Terminate-Cause (with reason code),Acct-Session-Time and other attribute values ] from the FreeRADIUS server,
>    I have no idea what that means.
>
>    You don’t “pull” any attributes from the server.  The NAS sends attributes to the server, and the server processes them.  Most attributes such as Acct-Session-Time belong in the Accounting-Request packet.  There is NO REASON for them to exist in an Accounting-Response packet.  They will have NO MEANING in that packet.
>
>    I have to ask.. why do you need these attributes in the Accounting-Response?  What will the NAS do with them?
I am looking for a way to have the Accounting/Billing information [such 
as session time, reason for disconnection, packet transferred etc ] 
available at the NAS (Linux Client).
>
>> if I want to make my Linux client(NAS) to be compatible across different RADIUS servers [FreeRADIUS and other RADIUS servers]
>    PLEASE don’t write your own RADIUS client.  It’s a terrible idea.  Use freeradius-client:
>
> https://github.com/FreeRADIUS/freeradius-client/
Thanks. I am using pam_radius_auth.so module. I will also explore 
"freeradius-client".
>
>    I also have no idea what you mean by “compatible across different RADIUS servers”.  RADIUS servers don’t send attributes in Accounting-Response packets.  If your NAS requires that, your NAS is wrong, and it WILL NOT be compatible with any RADIUS server.
>
>    I really can’t make this any clearer.  Putting attributes into Accounting-Response packets is *completely wrong*.  There is no reason *ever* do it.
>
>    Please explain WHY you’re doing this.  And what the NAS is doing with those attributes.  Odds are that your assumptions about RADIUS are wrong.  And as a result, your implementation is wrong, too.
Basically all accounting information is available on the RADIUS server, 
I am looking for a way if I could make those accounting information 
[session time, reason for disconnection, packet transferred etc] 
available at the NAS (Linux client). Including vendor specific 
attributes if available.
>
>    Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list