Accoiunting proxy Issue

Richard J Palmer richard at merula.net
Mon Nov 27 15:08:45 CET 2017 

Thanks Alan

That sounds sensible - I'll have a look at this - it looks very 
sensible.

It all seems to make sense but if I have any questions I'll ask but 
that looks to be enough to me

Thanks again for your help

Richard


On Monday 27/11/2017 at 1:40 pm, Alan DeKok  wrote:
> On Nov 26, 2017, at 3:28 PM, Richard J Palmer <richard at merula.net> 
> wrote:
>>
>> However the firebrick does not provide the username in interim updates 
>> or stop messages - which means that the proxy based on realm fails 
>> (the username / realm is not there).
>
>    That's just stupid.  I mean, how hard is to to follow a spec which 
> was written 20 years ago?
>
>>
>> Is there a way using unlang to proxy these - I was looking at the 
>> lines in detail - we do also have the records in our SQL server and 
>> from the AcctSessionID I can look up the username which is possible
>>
>> I do have one other possibility. The Interim updates have a field:
>> Chargeable-User-Identity = "XXXXX"
>> Which  I can set as part of the auth process (I already add some 
>> fields in post_proxy). Is there a way in FreeRadius to inspect this 
>> field in a accounting packet and if set to 'resellerx' set the packet 
>> to be sent to their proxy / home server ?
>
>    You can do anything in "unlang".
>
> - in "post-auth", create a Chargeable-User-Identity
> - store the Chargeable-User-Identity and User-Name into the radacct 
> table via an SQL statement
>
> - in "preacct", look up Chargeable-User-Identity in SQL, and get the 
> User-Name
>
>
>    The simple way is to just mangle the incoming packet (no one cares 
> about this by the time post-auth is called):
>
> post-auth {
> ...
> ... create Chargeable-User-Identity in the reply ...
> ...
>
> update request {
> Acct-Status-Type = Start			# pretend we're starting a session
> Chargeable-User-Identity := &reply:Chargeable-User-Identity
> ... anything else you need...
> }
> sql.accounting			# store the packet into radacct
> ...
> }
>
>    and then in preacct:
>
> preacct {
> ...
>
> if (!User-Name && Chargeable-User-Identity) {
>        		update request {
> User-Name := "%{sql:SELECT username from radacct where cui = 
> %{Chargeable-User-Identity}
> }
>
> }
>
> ... and proxying, suffix, etc.
>
> }
>
>    You'll need to add a ''cui' column to the radacct table.  And, 
> update the accounting 'start' query to store Chargeable-User-Identity 
> in the 'cui' column.
>
>    But that's about it.  The details matter, but it's not *too* 
> complex.
>
>    Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list