[RADIATOR] Hopefully a simple question regarding accounting

Martin Burton mvb at sanger.ac.uk
Wed May 18 07:20:54 CDT 2016


Thank you for the pointer Hugh, much appreciated.



> On May 17, 2016, at 12:39 AM, Hugh Irvine <hugh at open.com.au> wrote:
> 
> 
> Hello Martin -
> 
> Instead of IgnoreAccounting, you should use NoForwardAccounting, otherwise the original request will not be acknowledged.
> 
> See the following section in the Radiator 4.16 reference manual (“doc/ref.pdf”).
> 
> 
> 	• 5.31.17  NoForwardAccounting
> 
> Stops AuthBy RADIUS forwarding Accounting-Requests. They are ACCEPTED, but no further action is taken with them. This is different in meaning to IgnoreAccounting, which IGNOREs them.
> 
> 	# Just ACCEPT Accounting-Requests, don’t forward them 
> 
> 	NoForwardAccounting
> 
> 
> regards
> 
> Hugh
> 
> 
>> On 16 May 2016, at 20:19, Martin Burton <mvb at sanger.ac.uk> wrote:
>> 
>> Hi Folks,
>> 
>> The Eduroam Fedaration are on the verge of implementing a
>> "no-accounting" border between Organisational and National Proxies and
>> participants are being asked to stop sending accounting packets upstream.
>> 
>> Currently, I have the following config that forwards to the NRPS:
>> 
>> 
>> <AuthBy RADIUS>
>>       Identifier NRPS
>>       FailureBackoffTime 10
>>       RetryTimeout 5
>>       Retries 1
>>       UseExtendedIds
>>       AllowInRequest  User-Name, Reply-Message, State, Class, \
>>                       Message-Authenticator, Proxy-State,     \
>>                       EAP-Message, MS-MPPE-Send-Key, MS-MPPE-Recv-Key, \
>>                       Calling-Station-Id, Acct-Status-Type,
>> Acct-Session-ID
>> 
>>       AllowInReply    User-Name, Reply-Message, State, Class, \
>>                       Message-Authenticator, Proxy-State,     \
>>                       EAP-Message, MS-MPPE-Send-Key, MS-MPPE-Recv-Key, \
>>                       Calling-Station-Id, Acct-Status-Type,
>> Acct-Session-ID, Operator-Name
>> 
>> 
>> 
>>       AddToRequest Operator-Name="1sanger.ac.uk"
>> #
>> # Include the radius server specific NRPS host configuration
>> #
>>       include %D/%h.nrps
>> 
>>       AutoMPPEKeys
>> </AuthBy>
>> 
>> <Handler User-Name = /^([^@]*)@([^@]+)$/i>
>>       Identifier OUT-NRPS
>>       AcctLogFileName %L/default.acct.log
>>       AuthByPolicy ContinueWhileIgnore
>>       AuthLog EduroamLog
>>       AuthBy AuthLOG
>>       AuthBy NRPS
>> </Handler>
>> 
>> 
>> where %D/%h.nrps  simply contains the <Host> declarations for the upstreams.
>> 
>> 
>> If I want to ensure that no accounting packets are sent upstream is it
>> as simple as adding "IgnoreAccounting" the AuthBy:
>> 
>> <AuthBy RADIUS>
>> 	Identifier NRPS
>> 
>> 	IgnoreAccounting
>> 	
>> 	FailureBackoffTime 10
>> 	RetryTimeout 5
>> 	Retries 1
>> 
>> .
>> .
>> .
>> </AuthBy>
>> 
>> Just seems too simple!
>> 
>> 
>> Thanks,
>> 
>> Martin.
>> 
>> -- 
>> Martin Burton
>> Principal Systems Administrator            \\\|||///
>> Infrastructure Team                       \\  ^ ^  //
>> Wellcome Trust Sanger Institute            (  6 6  )
>> -----------------------------------------oOOo-(_)-oOOo---
>> t: +44 (0)1223 496945             http://www.sanger.ac.uk
>> Extreme Networks Specialist:      a1780000003uG1BAAU
>> 
>> _______________________________________________
>> radiator mailing list
>> radiator at open.com.au
>> http://www.open.com.au/mailman/listinfo/radiator
> 
> 
> --
> 
> Hugh Irvine
> hugh at open.com.au
> 
> Radiator: the most portable, flexible and configurable RADIUS server 
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
> DIAMETER, SIM, etc. 
> Full source on Unix, Linux, Windows, MacOSX, Solaris, VMS, NetWare etc.
> 



-- 
 The Wellcome Trust Sanger Institute is operated by Genome Research 
 Limited, a charity registered in England with number 1021457 and a 
 company registered in England with number 2742969, whose registered 
 office is 215 Euston Road, London, NW1 2BE. 


More information about the radiator mailing list