[RADIATOR] proxying POD reply packets
Heikki Vatiainen
hvn at open.com.au
Tue Jul 16 15:24:25 CDT 2013
On 07/13/2013 08:20 PM, Michael wrote:
> So, my complicated config determines what device the request needs to
> go to and sends, and then it converts the POD and COA packets to
> accounting packets using scripting, then sends to my accounting
> handler and that POD/COA request is logged.
Ok, so that's where the 'Accounting rejected' log entry in your first
message came from.
The default processing in Radiator will proxy back both ACKed and NAKed
messages. The latter will be logged as a failed message with
'Change-Filter-Request rejected: thereason', but it will be proxied back
just like an ACKed reply.
However, rejected accounting messages are dropped. The RADIUS spec does
not specify how to reject accounting messages, so there's no
Accounting-Rejected message type to send back. You get drops instead.
Thanks,
Heikki
--
Heikki Vatiainen <hvn at open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
More information about the radiator
mailing list