[RADIATOR] AddToReply adds to accounting response?

Hugh Irvine hugh at open.com.au
Sat Feb 14 01:11:50 CST 2009 

Hello Frank, Hello Alexander -

I tend to agree with Frank, however I generally use the following as  
there are typically at least 2 accounting requests for every access  
request.

.....

<Handler Client-Identifier=switches, Request-Type=Accounting-Request>
    # accept all accounting
    <AuthBy INTERNAL>
        NoEAP
        AcctResult ACCEPT
    </AuthBy>
</Handler>

<Handler Client-Identifier=switches>
    # accept all unauthorized users but assign them the visitor vlan
    <AuthBy INTERNAL>
        NoEAP
        AuthResult ACCEPT
        AddToReply Tunnel-Type=VLAN,\
            Tunnel-Medium-Type=802,\
            Tunnel-Private-Group-ID=VLANID
    </AuthBy>
</Handler>


regards

Hugh


On 14 Feb 2009, at 05:10, Frank Danielson wrote:

> Hi Alexander-
>
> The AuthBy INTERNAL clause you have will handle and reply to all  
> requests so
> the AddToReply directive will be applied to both access and accounting
> requests. If you want to handle access and accounting requests  
> differently
> you need two Handlers, one for access and one for accounting.  
> Something like
> this-
>
> <Handler Client-Identifier=switches, Request-Type=Access-Request>
>    # accept all unauthorized users but assign them the visitor vlan
>    <AuthBy INTERNAL>
>        NoEAP
>        DefaultResult ACCEPT
>
>        AddToReply Tunnel-Type=VLAN,\
>            Tunnel-Medium-Type=802,\
>            Tunnel-Private-Group-ID=VLANID
>    </AuthBy>
> </Handler>
>
> <Handler Client-Identifier=switches>
>    # accept all unauthorized users but assign them the visitor vlan
>    <AuthBy INTERNAL>
>        NoEAP
>        DefaultResult ACCEPT
>    </AuthBy>
> </Handler>
>
>
> Frank Danielson
> Chief Technology Officer
>
> ClearSky Mobile Media
> 390 N. Orange Ave.
> Suite 1295
> Orlando, FL 32801
> USA
>
> fdanielson at csky.com
>
> -----Original Message-----
> From: radiator-bounces at open.com.au [mailto:radiator-bounces at open.com.au 
> ] On
> Behalf Of Alexander Hartmaier
> Sent: Friday, February 13, 2009 11:22 AM
> To: radiator at open.com.au
> Subject: [RADIATOR] AddToReply adds to accounting response?
>
> Hi!
>
> I've just seen in a level 4 trace that some attributes from an
> AddToReply were added to an accounting-response packet.
>
> Thats the handler config:
>
> # dot1x disabled on the client
> <Handler Client-Identifier=switches>
>    # accept all unauthorized users but assign them the visitor vlan
>    <AuthBy INTERNAL>
>        NoEAP
>        DefaultResult ACCEPT
>
>        AddToReply Tunnel-Type=VLAN,\
>            Tunnel-Medium-Type=802,\
>            Tunnel-Private-Group-ID=VLANID
>    </AuthBy>
> </Handler>
>
> Is this a bug of AuthBy INTERNAL?
>
> --
> Alexander Hartmaier <alexander.hartmaier at t-systems.at>
> T-Systems Austria GesmbH
>
>
>
> *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"
> *
> T-Systems Austria GesmbH   Rennweg 97-99, 1030 Wien
> Handelsgericht Wien, FN 79340b
> *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"
> *
> Notice: This e-mail contains information that is confidential and  
> may be
> privileged.
> If you are not the intended recipient, please notify the sender and  
> then
> delete this e-mail immediately.
> *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"
> *
>
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
>
>
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator



NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

More information about the radiator mailing list