Accoiunting proxy Issue
Richard J Palmer
richard at merula.net
Sun Nov 26 21:28:15 CET 2017
Hi there
We use firebrick Routers as LNS routers and they have worked fine in
the past.
However I have a new requirement to proxy one realm (authentication
and accounting) to a remote server for a customer. I have the auth
side working find - and the account start packet.
However the firebrick does not provide the username in interim updates
or stop messages - which means that the proxy based on realm fails
(the username / realm is not there).
Is there a way using unlang to proxy these - I was looking at the
lines in detail - we do also have the records in our SQL server and
from the AcctSessionID I can look up the username which is possible
I do have one other possibility. The Interim updates have a field:
Chargeable-User-Identity = "XXXXX"
Which I can set as part of the auth process (I already add some
fields in post_proxy). Is there a way in FreeRadius to inspect this
field in a accounting packet and if set to 'resellerx' set the packet
to be sent to their proxy / home server ?
The second I assume would be faster ....
I have also emailed the router manufacturer to see if the username can
be added easily in a software patch but that may take time ...
An example current accounting packet is:
Sun Nov 26 20:00:05 2017
Acct-Status-Type = Interim-Update
Chargeable-User-Identity = "BBEU12345675"
Event-Timestamp = "Nov 26 2017 20:00:00 GMT"
Acct-Input-Octets = 7137840
Acct-Input-Gigawords = 0
Acct-Output-Octets = 487340050
Acct-Output-Gigawords = 0
Acct-Session-Time = 576
Acct-Input-Packets = 99535
Acct-Output-Packets = 342237
Tunnel-Client-Endpoint:0 = "ADSL"
NAS-Identifier = "aglovale.merula.net"
Acct-Session-Id = "S600000269717072AECC00"
NAS-IP-Address = 1.2.3.4
NAS-Port = 697
Connect-Info = "39550000/1000000000"
Acct-Unique-Session-Id = "c89cbc69ab30d4afaff763c46057b04e"
Timestamp = 1511726405
I would be grateful for any suggestions
Richard
More information about the Freeradius-Users
mailing list