Correlating Access-Requests and Replys

Alan DeKok aland at deployingradius.com
Thu Apr 21 21:05:35 CEST 2016


On Apr 21, 2016, at 12:14 PM, Phil Mayers <p.mayers at imperial.ac.uk> wrote:
> It's helpful, but the server could make this so, so much easier by allocating a "session" to every packet received, either a new one or the previous one (keyed by State). Even for PAP requests.

  That's useful.  And probably not hard to do.  Just define a "FreeRADIUS-Session-Id" attribute as an octet string.  If it doesn't exist, create it from 32 random bytes.

  If it does exist, ensure it's saved in the session_state list.  And probably echoed back to the NAS in the Class attribute.

  And probably add rules to create a "possibly started" accounting session, with that session ID.  If there's no accounting "start" within 10min, the "possibly started" record can be deleted.  Otherwise, you have the pre-existing FreeRADIUS-Session-Id in SQL that can be used to track all packets for a session.

  Alan DeKok.




More information about the Freeradius-Users mailing list