Accounting Packets and Anonymous Identity

Selahattin Cilek selahattin_cilek at hotmail.com
Sun Feb 5 14:13:29 CET 2017



On 05.02.2017 16:10, Phil Mayers wrote:
> As a couple of people have noted, if the NAS supports it you can (in 
> order of preference):
>
> 1. Return User-Name in Access-Accept which a compliant NAS will then 
> copy to Accounting-Requests
>
> 2. Abuse Class in Access-Accept e.g. set it to "user=<name>" then 
> extract that in preacct{} and rewrite the received username in the 
> accounting packets
>
> 3. If the NAS sends Acct-Session-Id in Access-Requests, cache or store 
> these in a DB, then do a cache/SQL lookup in preacct{} to find the 
> username from authentication, and rewrite the accounting. You could 
> hack this with NAS-IP-Address & Calling-Station-Id if you're really 
> desperate and the Acct-Session-Id isn't present in Access-Request.
>
Done it in post-auth. Thank you.
> If none of these options are available, then you will need to perform 
> offline or near-realtime analysis of your accounting to match auth to 
> acct sessions and discover the real username.
> -
> List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html


---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus




More information about the Freeradius-Users mailing list