[RADIATOR] Ignore Accounting packets from certain hosts
Heikki Vatiainen
hvn at open.com.au
Fri Dec 10 07:35:02 CST 2010
On 12/10/2010 08:37 AM, Michael wrote:
> Yes, but i wouldn't recommend it. If your NAS is ignored, it may mark
> your radius server as RADIUS_DEAD, if cisco. Depends on your NAS i guess.
>
> If you just don't want to do anything with the accounting, it's probably
> better to just ACCEPT and do nothing with it, but if you truley want to
> ignore, you can. If ignored, your NAS would probably move to the next
> radius server in its config and try the accounting on that radius server.
> again, depends on NAS config.
Good points.
I'll just add one more thing: the handler must be before any other
handlers that might match the request. The order of handlers matters
when matching incoming requests.
> ...for Accounting only:
> <Handler \
> Request-Type = Accounting-Request, \
> User-Name = /@xyz.com$/, \
> NAS-IP-Address = 1.1.1.1|1.1.1.2|1.1.1.3>
>
> <AuthBy INTERNAL>
> DefaultResult IGNORE <- use this to ignore
> DefaultResult ACCEPT <- use this to accpet
> </AuthBy>
>
> </Handler>
>
>
> But, if you want to use the realm option, and have authentication to:
> <Realm xyz.com>
>
> ...
>
> <AuthBy SOMETING>
> ...
> </AuthBy>
>
> # this will reply ACCEPT to the NAS,
> # but do nothing with it.
> AccountingHandled
>
> </Realm>
>
>
> Michael
>
>
>
>
> On Fri, 10 Dec 2010, Zaeem Arshad wrote:
>
>> Hi List,
>>
>> We are testing a scenario where we require our radiator radius server
>> to ignore accounting packets from certain NAS hosts if the user
>> belongs to realm xyz.com. Is that possible?
>>
>>
>> Regards
>>
>> Zaeem
>> _______________________________________________
>> radiator mailing list
>> radiator at open.com.au
>> http://www.open.com.au/mailman/listinfo/radiator
>>
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
--
Heikki Vatiainen <hvn at open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
More information about the radiator
mailing list