FR and accounting question

Alan DeKok aland at
Thu May 30 13:24:45 CEST 2019

On May 30, 2019, at 7:15 AM, dg <dg at> wrote:
> i have question about accounting in freeradius (3.0.18)
> i notced in sql table radacct that from time to time i have as a "username"
> host/DELL-LAPBD5 logged.
> so in file /etc/raddb/policy.d/filter i put 
> if (User-Name =~ /^host/) {
>   update request { Module-Failure-Message += 'Rejected: banned host'
>    }
>        reject
> }
> not i have "Access-Reject" and username starting with "host" are denied.


> But anyway when i check accouting host/DELL-LAPBD5 still is appears (with some
> data downloaded).
> How it this possible that username is Rejected but can download data from
> network (browsing websites etc.. ) and appears in accounting ??

  Because authentication and accounting are two different things.

  The NAS sends accounting data.  The server just logs it.

> I thought that if someone is Rejected should not be able to download data from
> internet.


  Are you sure that they are rejected?  Log all Access-Accepts going to the NAS, and see if any of them are for that host.

  Alan DeKok.

More information about the Freeradius-Users mailing list