[RADIATOR] Hopefully a simple question regarding accounting

Hugh Irvine hugh at open.com.au
Mon May 16 18:39:19 CDT 2016 

Hello Martin -

Instead of IgnoreAccounting, you should use NoForwardAccounting, otherwise the original request will not be acknowledged.

See the following section in the Radiator 4.16 reference manual (“doc/ref.pdf”).


	• 5.31.17  NoForwardAccounting

Stops AuthBy RADIUS forwarding Accounting-Requests. They are ACCEPTED, but no further action is taken with them. This is different in meaning to IgnoreAccounting, which IGNOREs them.

	# Just ACCEPT Accounting-Requests, don’t forward them 

	NoForwardAccounting


regards

Hugh


> On 16 May 2016, at 20:19, Martin Burton <mvb at sanger.ac.uk> wrote:
> 
> Hi Folks,
> 
> The Eduroam Fedaration are on the verge of implementing a
> "no-accounting" border between Organisational and National Proxies and
> participants are being asked to stop sending accounting packets upstream.
> 
> Currently, I have the following config that forwards to the NRPS:
> 
> 
> <AuthBy RADIUS>
>        Identifier NRPS
>        FailureBackoffTime 10
>        RetryTimeout 5
>        Retries 1
>        UseExtendedIds
>        AllowInRequest  User-Name, Reply-Message, State, Class, \
>                        Message-Authenticator, Proxy-State,     \
>                        EAP-Message, MS-MPPE-Send-Key, MS-MPPE-Recv-Key, \
>                        Calling-Station-Id, Acct-Status-Type,
> Acct-Session-ID
> 
>        AllowInReply    User-Name, Reply-Message, State, Class, \
>                        Message-Authenticator, Proxy-State,     \
>                        EAP-Message, MS-MPPE-Send-Key, MS-MPPE-Recv-Key, \
>                        Calling-Station-Id, Acct-Status-Type,
> Acct-Session-ID, Operator-Name
> 
> 
> 
>        AddToRequest Operator-Name="1sanger.ac.uk"
> #
> # Include the radius server specific NRPS host configuration
> #
>        include %D/%h.nrps
> 
>        AutoMPPEKeys
> </AuthBy>
> 
> <Handler User-Name = /^([^@]*)@([^@]+)$/i>
>        Identifier OUT-NRPS
>        AcctLogFileName %L/default.acct.log
>        AuthByPolicy ContinueWhileIgnore
>        AuthLog EduroamLog
>        AuthBy AuthLOG
>        AuthBy NRPS
> </Handler>
> 
> 
> where %D/%h.nrps  simply contains the <Host> declarations for the upstreams.
> 
> 
> If I want to ensure that no accounting packets are sent upstream is it
> as simple as adding "IgnoreAccounting" the AuthBy:
> 
> <AuthBy RADIUS>
> 	Identifier NRPS
> 
> 	IgnoreAccounting
> 	
> 	FailureBackoffTime 10
> 	RetryTimeout 5
> 	Retries 1
> 
> .
> .
> .
> </AuthBy>
> 
> Just seems too simple!
> 
> 
> Thanks,
> 
> Martin.
> 
> -- 
> Martin Burton
> Principal Systems Administrator            \\\|||///
> Infrastructure Team                       \\  ^ ^  //
> Wellcome Trust Sanger Institute            (  6 6  )
> -----------------------------------------oOOo-(_)-oOOo---
> t: +44 (0)1223 496945             http://www.sanger.ac.uk
> Extreme Networks Specialist:      a1780000003uG1BAAU
> 
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator


--

Hugh Irvine
hugh at open.com.au

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER, SIM, etc. 
Full source on Unix, Linux, Windows, MacOSX, Solaris, VMS, NetWare etc.

More information about the radiator mailing list