Does Pam_Radius support Acct-Interim-Interval?
Mark Antony
mark.antony.4 at protonmail.com
Tue Sep 1 10:27:34 CEST 2020
Hi Alan,
Now I understand the limitations. I noticed that whenever I make a new connection, rather than inserting a new row in Radacct it is updating the existing entry. This makes the accounting useless. Unless I have somewhere a configuration mistake on my part, which I should investigate.
I also noticed the servicetype shows as Authenticate-Only instead of Framed-User.
But as you say I may need to look for something else to get full-featured accounting on the users activity.
Thanks,
Mark
On Aug 4, 2020, at 6:30 AM, Mark Antony via Freeradius-Users <
[freeradius-users at lists.freeradius.org](http://lists.freeradius.org/mailman/listinfo/freeradius-users)
> wrote:
>
I have a question about Pam_Radius plugin and Freeradius. Does it only support authentication?
It supports accounting, but it's not well documented or tested.
>
I'm asking because while authentication seem to work, Acct-Interim-Interval seem to be completely ignored.
Yes. The module sends RADIUS packets when the PAM framework calls it. The module does NOT start up any new process or thread to periodically send packets.
The PAM framework can call the module on open session, and close session. That's it. There is no "session still open" capability in PAM.
If you want full-featured accounting on the users activity, interim updates, etc., then you will have to use something else. Both PAM and the standard Unix APIs don't support that.
>
post-auth {
>
update reply {
>
Acct-Interim-Interval = 10
>
}
>
}
>
>
For testing purposes I have set it to 10 seconds and I was expecting it to fire update-requests every 10 seconds, but this isn't happening.
No RADIUS NAS on the planet will send accounting packets every 10 seconds. RFC 2866 suggests a 5 minute minimum on Acct-Interim-Interval. Most NASes enforce that.
Alan DeKok.
More information about the Freeradius-Users
mailing list