Correlating Access-Requests and Replys
Alan DeKok
aland at deployingradius.com
Thu Apr 21 21:05:35 CEST 2016
On Apr 21, 2016, at 12:14 PM, Phil Mayers <p.mayers at imperial.ac.uk> wrote:
> It's helpful, but the server could make this so, so much easier by allocating a "session" to every packet received, either a new one or the previous one (keyed by State). Even for PAP requests.
That's useful. And probably not hard to do. Just define a "FreeRADIUS-Session-Id" attribute as an octet string. If it doesn't exist, create it from 32 random bytes.
If it does exist, ensure it's saved in the session_state list. And probably echoed back to the NAS in the Class attribute.
And probably add rules to create a "possibly started" accounting session, with that session ID. If there's no accounting "start" within 10min, the "possibly started" record can be deleted. Otherwise, you have the pre-existing FreeRADIUS-Session-Id in SQL that can be used to track all packets for a session.
Alan DeKok.
More information about the Freeradius-Users
mailing list