[RADIATOR] Hopefully a simple question regarding accounting
Martin Burton
mvb at sanger.ac.uk
Wed May 18 07:20:54 CDT 2016
Thank you for the pointer Hugh, much appreciated.
> On May 17, 2016, at 12:39 AM, Hugh Irvine <hugh at open.com.au> wrote:
>
>
> Hello Martin -
>
> Instead of IgnoreAccounting, you should use NoForwardAccounting, otherwise the original request will not be acknowledged.
>
> See the following section in the Radiator 4.16 reference manual (“doc/ref.pdf”).
>
>
> • 5.31.17 NoForwardAccounting
>
> Stops AuthBy RADIUS forwarding Accounting-Requests. They are ACCEPTED, but no further action is taken with them. This is different in meaning to IgnoreAccounting, which IGNOREs them.
>
> # Just ACCEPT Accounting-Requests, don’t forward them
>
> NoForwardAccounting
>
>
> regards
>
> Hugh
>
>
>> On 16 May 2016, at 20:19, Martin Burton <mvb at sanger.ac.uk> wrote:
>>
>> Hi Folks,
>>
>> The Eduroam Fedaration are on the verge of implementing a
>> "no-accounting" border between Organisational and National Proxies and
>> participants are being asked to stop sending accounting packets upstream.
>>
>> Currently, I have the following config that forwards to the NRPS:
>>
>>
>> <AuthBy RADIUS>
>> Identifier NRPS
>> FailureBackoffTime 10
>> RetryTimeout 5
>> Retries 1
>> UseExtendedIds
>> AllowInRequest User-Name, Reply-Message, State, Class, \
>> Message-Authenticator, Proxy-State, \
>> EAP-Message, MS-MPPE-Send-Key, MS-MPPE-Recv-Key, \
>> Calling-Station-Id, Acct-Status-Type,
>> Acct-Session-ID
>>
>> AllowInReply User-Name, Reply-Message, State, Class, \
>> Message-Authenticator, Proxy-State, \
>> EAP-Message, MS-MPPE-Send-Key, MS-MPPE-Recv-Key, \
>> Calling-Station-Id, Acct-Status-Type,
>> Acct-Session-ID, Operator-Name
>>
>>
>>
>> AddToRequest Operator-Name="1sanger.ac.uk"
>> #
>> # Include the radius server specific NRPS host configuration
>> #
>> include %D/%h.nrps
>>
>> AutoMPPEKeys
>> </AuthBy>
>>
>> <Handler User-Name = /^([^@]*)@([^@]+)$/i>
>> Identifier OUT-NRPS
>> AcctLogFileName %L/default.acct.log
>> AuthByPolicy ContinueWhileIgnore
>> AuthLog EduroamLog
>> AuthBy AuthLOG
>> AuthBy NRPS
>> </Handler>
>>
>>
>> where %D/%h.nrps simply contains the <Host> declarations for the upstreams.
>>
>>
>> If I want to ensure that no accounting packets are sent upstream is it
>> as simple as adding "IgnoreAccounting" the AuthBy:
>>
>> <AuthBy RADIUS>
>> Identifier NRPS
>>
>> IgnoreAccounting
>>
>> FailureBackoffTime 10
>> RetryTimeout 5
>> Retries 1
>>
>> .
>> .
>> .
>> </AuthBy>
>>
>> Just seems too simple!
>>
>>
>> Thanks,
>>
>> Martin.
>>
>> --
>> Martin Burton
>> Principal Systems Administrator \\\|||///
>> Infrastructure Team \\ ^ ^ //
>> Wellcome Trust Sanger Institute ( 6 6 )
>> -----------------------------------------oOOo-(_)-oOOo---
>> t: +44 (0)1223 496945 http://www.sanger.ac.uk
>> Extreme Networks Specialist: a1780000003uG1BAAU
>>
>> _______________________________________________
>> radiator mailing list
>> radiator at open.com.au
>> http://www.open.com.au/mailman/listinfo/radiator
>
>
> --
>
> Hugh Irvine
> hugh at open.com.au
>
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
> DIAMETER, SIM, etc.
> Full source on Unix, Linux, Windows, MacOSX, Solaris, VMS, NetWare etc.
>
--
The Wellcome Trust Sanger Institute is operated by Genome Research
Limited, a charity registered in England with number 1021457 and a
company registered in England with number 2742969, whose registered
office is 215 Euston Road, London, NW1 2BE.
More information about the radiator
mailing list