Centralized accounting and coa/disconnect

BuzzSaw Code buzzsaw.code at gmail.com
Wed Dec 28 03:24:26 UTC 2022 

This is almost working great, I did hit two snags:

1)  There is no COA-Packet-DST-IPv6-Address attribute defined in the
default dictionary - since there is a COA-Packet-DST-IP-Address
should there not also be a COA-Packet-DST-IPv6-Address defined like so
?

ATTRIBUTE       COA-Packet-DST-IPv6-Address             1117    ipv6addr

2) I added a custom attribute used to pass the actual COA target
address over to the distributed radius server, but I found it wasn't
being sent over.  Using (or misusing) a vendor defined attribute
worked, then I recall reading somewhere there are rules about what
attributes are passed/proxied and that certain numerical rangers are
filtered ?  Is that right ?  Where are those rules documented ?  Is it
in the dictionary files somewhere ?




On Fri, Dec 16, 2022 at 6:29 AM Terry Burton <terry.burton at gmail.com> wrote:
>
> On Fri, 16 Dec 2022 at 09:57, Matthew Newton via Freeradius-Users
> <freeradius-users at lists.freeradius.org> wrote:
> > On 16/12/2022 01:31, BuzzSaw Code wrote:
> > > Is there a way to have the centralized accounting server receive the
> > > disconnect packet, lookup the info in that mysql instance, then proxy
> > > that to the right source RADIUS server, so that server can send the
> > > coa (or disconnect) to the NAS ?
> >
> > See the coa-relay virtual server. That looks up the session details in
> > the database and sends the CoA to the correct destination.
> >
> > You may need to modify it to also look up the relevant RADIUS server.
> > Proxy it to the RADIUS server, which can then forward it on to the
> > correct NAS.
>
> And be aware when performing the final leg of proxying to the NAS,
> that some devices do not accept a Proxy-State attribute in a
> CoA/Disconnect packet, so you must strip it:
>
>         pre-proxy {
>                 update proxy-request {
>                         # Some NASs don't like proxied CoA/PoD packets
>                         &Proxy-State !* ANY
>                 }
>         }
>
> (FreeRADIUS does not need this to correlate the reply.)
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list