Accounting Packets and Anonymous Identity

Pshem Kowalczyk pshem.k at gmail.com
Sun Feb 5 08:53:53 CET 2017


Hi,

If you only have one type of quota you could use MAC addresses (most likely
Calling-Station-Id, but confirm with the NAS/AP docs) to identify
subscribers. This approach has a number of issues (one user with multiple
devices will be treated as multiple users, you can't have multiple plans -
all users are treated the same way, MAC address can be spoofed) but it
might be just enough to deliver what you're after.

kind regards
Pshem


On Sun, 5 Feb 2017 at 17:18 Selahattin Cilek <selahattin_cilek at hotmail.com>
wrote:

>
>
> On 05.02.2017 01:44, Adam Bishop wrote:
> > On 4 Feb 2017, at 21:45, Selahattin Cilek <selahattin_cilek at hotmail.com>
> wrote:
> >> Yes, I know. I know I can't prevent them from configuring their own
> >> machines as they like. That is not what I am asking.
> > I'm not sure what you're asking then. The username is logged as
> "anonymous" because the user has typed in "anonymous". FreeRADIUS logs what
> the NAS and the client send.
> >
> > If you don't accounting packets to contain "anonymous" you can:
> >   * reject their authentication.
> >   * configure your NAS to send something more meaningful
> >
> > There's no secret SQL query - if the user sends "anonymous", and your
> NAS is configured to use that "anonymous" in accounting, then FreeRADIUS
> will log "anonymous", and any SQL query will return "anonymous".
> That is what I wanted to know, thank you. The NAS is a Unifi AP and does
> not let me configure EAP behaviour. It is not very successful in RADIUS
> accounting. Since I can't make the NAS behave the way I want, my only
> option is to configure RADIUS to the best of my ability.
> >
> > If explain your problem further (e.g. why is correlating the
> Calling-Station-ID in accounting logs to the one in your auth log
> insufficient) people can probably help further - but you've given precious
> little information.
> The problem is that if RADIUS does not know who is using how much, it
> wont be able to keep track of network usage and therefore enforce
> quotas. Somehow, I need to find out what the true user name is. What can
> I do with a packet labelled "anonymous"? I made a promise to the owner
> of the site, but have failed to deliver because of the NAS.
> >
> > Regards,
> >
> > Adam Bishop
> >
> >    gpg: E75B 1F92 6407 DFDF 9F1C  BF10 C993 2504 6609 D460
> >
> > jisc.ac.uk
> >
> > Jisc is a registered charity (number 1149740) and a company limited by
> guarantee which is registered in England under Company No. 5747339, VAT No.
> GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill,
> Bristol, BS2 0JA. T 0203 697 5800.
> >
> > Jisc Services Limited is a wholly owned Jisc subsidiary and a company
> limited by guarantee which is registered in England under company number
> 2881024, VAT number GB 197 0632 86. The registered office is: One Castle
> Park, Tower Hill, Bristol BS2 0JA. T 0203 697 5800.
> >
> >
> > -
> > List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
> ---
> This email has been checked for viruses by Avast antivirus software.
> https://www.avast.com/antivirus
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list