Detecting RELATED accounting packets
Vijay S
vijay.hcr at gmail.com
Tue Nov 17 15:15:15 CET 2015
Hi Nasser
It would have been helpful if you mentioned what NAS you are using.
Regards
Vijay A.
On Tuesday, November 17, 2015, Nasser Heidari <nasser at rasana.net> wrote:
> Hi,
>
> In my current environment I'm using Radius Proxy. As a new requirement I
> want to allow all users whom rejected by Proxy to connect to Network, but
> put them in walled garden and let them to access only specified resources.
> Also when they get connected I should store their IP, Mac, NAS information
> which exist in accounting packet.
>
> I want to create virtual server on radius proxy and handle all REJECTED
> users with this. Problem is, there isn't any relation between
> authentication
> and accounting packets so I don't know which accounting packets are related
> to REJECTED users to forward them to virtual server.
>
> I have two Ideas which may help me to solve this issue:
> 1- Store POSTAUTH message in DB and then when I receive accounting packets,
> in preacct stage lookup user's info using (mac+nas+nas-port) in POSTAUTH DB
> and then decide to forward packet to PROXY or Virtual server.
> 2- When I'm sending access-accept, send another attribute to NAS (which is
> Cisco), and NAS should include this special attribute in all accounting
> packets of REJECTED users so using this I can seprate users and send
> correct
> accounting info to PROXY or virtual server. (Trying to use a kind of
> marking
> method, which I'm not sure it's possible).
>
> I would be thankful if you kindly share your Ideas about this problem and
> other possible methods to solve it.
>
> Kind Regards,
> Nasser
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list