Accounting Packets and Anonymous Identity
Selahattin Cilek
selahattin_cilek at hotmail.com
Sun Feb 5 14:13:29 CET 2017
On 05.02.2017 16:10, Phil Mayers wrote:
> As a couple of people have noted, if the NAS supports it you can (in
> order of preference):
>
> 1. Return User-Name in Access-Accept which a compliant NAS will then
> copy to Accounting-Requests
>
> 2. Abuse Class in Access-Accept e.g. set it to "user=<name>" then
> extract that in preacct{} and rewrite the received username in the
> accounting packets
>
> 3. If the NAS sends Acct-Session-Id in Access-Requests, cache or store
> these in a DB, then do a cache/SQL lookup in preacct{} to find the
> username from authentication, and rewrite the accounting. You could
> hack this with NAS-IP-Address & Calling-Station-Id if you're really
> desperate and the Acct-Session-Id isn't present in Access-Request.
>
Done it in post-auth. Thank you.
> If none of these options are available, then you will need to perform
> offline or near-realtime analysis of your accounting to match auth to
> acct sessions and discover the real username.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus
More information about the Freeradius-Users
mailing list