Working with data used at authentication time during accounting
Marki
jm+freeradiususer at roth.lu
Mon Mar 15 21:16:03 CET 2021
Hello,
During authentication/authorization Radius queries our backend for
validity of the user (exec modules), which return several response
attributes to Radius and in consequence to the NAS.
Now, if possible, I would like to re-use some of that information at
accounting stage. The thing is that I'm proxying the NAS' accounting
packets to another firewall for SSO access, which also requires that
information. The NAS doesn't remember the custom attributes from
authentication response and doesn't include them in the accounting
request. Probably, it doesn't have or need to. Still, I have to add them
back in somehow .
Of course I could just ask the backend again, to obtain the same
information, but maybe it's possible without that. Less scripts, you know.
Maybe there's no magic here which I'll gladly accept. :) I thought that
since the server seems to know during challenge-response at
authentication time which session is which, there may be a way here too.
Don't hang me if that's not the case and these things are unrelated.
I see that the NAS transmits an audit-session-id which is identical in
both the authentication and accounting packets. Maybe I could leverage
that. But still both worlds (authentication/accounting) would somehow
need to share some data.
Thanks,
Marki
More information about the Freeradius-Users
mailing list