(RADIATOR) Ignoring accounting replies

Hugh Irvine hugh at open.com.au
Fri Oct 20 06:29:50 CDT 2006 

Hello Elias -

I'm not quite sure I understand your requirements.

Why do you have an AuthBy INTERNAL and AccountingHandled?

What exactly are you wanting to do?

I would have thought something like this would be better:


   ### proxy only stop accounting to 1st host, replies are needed and  
timeouts need to be logged for checking ###
   <AuthBy RADIUS>
     Identifier ForwardAccountingStopsOnlyToHost1
     StripFromRequest Class
     AccountingStopsOnly
     Host          x.x.x.x
     Secret       mysecret
     Retries       3
     RetryTimeout 5
     IgnoreAccountingResponse
   </AuthBy>

   ### proxy all accounting to 2nd host, replies can be ignored and  
timeouts do not need to be logged ###
   <AuthBy RADIUS>
     Identifier ForwardAllAccountingToHost2
     IgnoreReplySignature
     Host         y.y.y.y
     Secret       mysecret
     Retries      0
     RetryTimeout 1
     IgnoreAccountingResponse
   </AuthBy>

  <AuthBy INTERNAL>
    Identifier RejectAuthentication
    AuthResult	REJECT
  </AuthBy>

# Handle accounting stops
<Handler Acct-Status-Type = Stop, Realm = /abc/i>
    AccountingHandled
    AcctLogFileName /export/home/radacct/%c/detail_%v-%d-%Y
    AuthByPolicy ContinueAlways
    AuthBy ForwardAccountingStopsOnlyToHost1
    AuthBy ForwardAllAccountingToHost2
</Handler>

# Handle all other accounting
<Handler Request-Type = Accounting-Request, Realm = /abc/i>
    AccountingHandled
    AcctLogFileName /export/home/radacct/%c/detail_%v-%d-%Y
    AuthBy ForwardAllAccountingToHost2
</Handler>

# Handle authentication
<Handler Realm = /abc/i>
    AuthBy RejectAuthentication
</Handler>


hope that helps

regards

Hugh



On 20 Oct 2006, at 19:44, Elias wrote:

> Hello all,
>
> Is there a way to completely ignore all accounting replies from a  
> particular proxied host? This is how I've got my handler set up but  
> its still not behaving the way I'm looking for.
>
> <Handler Realm = /abc/i>
>    AuthByPolicy DoEverything
>
>   ### default behaviour, accept all accounting locally ###
>   AccountingHandled
>   AcctLogFileName /export/home/radacct/%c/detail_%v-%d-%Y
>
>   <AuthBy INTERNAL>
>     AuthResult            REJECT
>     AcctStartResult     ACCEPT
>     AcctStopResult     ACCEPT
>     DefaultResult         REJECT
>   </AuthBy>
>
>   ### proxy only stop accounting to 1st host, replies are needed  
> and timeouts need to be logged for checking ###
>   <AuthBy RADIUS>
>     StripFromRequest Class
>     AccountingStopsOnly
>     Host          x.x.x.x
>     Secret       mysecret
>     Retries       3
>     RetryTimeout 5
>   </AuthBy>
>
>   ### proxy all accounting to 2nd host, replies can be ignored and  
> timeouts do not need to be logged ###
>   <AuthBy RADIUS>
>     IgnoreAccountingResponse
>     IgnoreReplySignature
>     Host         y.y.y.y
>     Secret       mysecret
>     Retries      1
>     RetryTimeout 1
>   </AuthBy>
>
>
> </Handler>
>
>
>
> Fri Oct 20 17:37:36 2006: INFO: AuthRADIUS: No reply after 1  
> retransmissions to y.y.y.y:1646 for xxx at abc  (222)
> Fri Oct 20 17:37:36 2006: INFO: AuthRADIUS could not find a working  
> host to forward to. Ignoring
> Fri Oct 20 17:37:36 2006: INFO: AuthRADIUS: No reply after 1  
> retransmissions to y.y.y.y:1646 for yyy at abc  (169)
> Fri Oct 20 17:37:36 2006: INFO: AuthRADIUS could not find a working  
> host to forward to. Ignoring
>
>
> Regards,
>
> Elias Ahmed Kamal
> System & Network Management
> ISP Technical Operations, TM Net Sdn Bhd
> 5th Floor, Telekom Brickfields, Jln Tun Sambathan
> 50470 Kuala Lumpur
> Fax     : +603 2272 5291
> Email  : elias at tmnet.com.my
>
>
>
> ********************************************************************** 
> ********************************************************************** 
> ******************************************************* This  
> message represents the personal views and opinion of the individual  
> sender and under no circumstances represents those of TM Net Sdn.  
> Bhd. The shareholders, directors and management of TM Net Sdn. Bhd.  
> accept no responsibility and accordingly shall have no liability to  
> any party whatsoever with respect to the contents of this message
> ********************************************************************** 
> ********************************************************************** 
> *******************************************************
>
>
>
>
> *****The message represents the personal views and opinion of the  
> individual sender and under no circumstances represents those of TM  
> Net Sdn. Bhd. The shareholders, directors and management of TM Net  
> Sdn. Bhd. accept no responsibility and accordingly shall have no  
> liability to any party whatsoever with respect to the contents of  
> this message*****
>
>
>
>
> x



NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list