Hello Kevin -
On Wed, 10 Nov 1999, Kevin wrote:
> Hi,
>
> I've got an accounting question. Currently, we have multiple ISP's all
> authenticating from separate authentication systems. We would like to
> begin collecting all accounting information from these NAS's on one server
> for all ISP's. That's the easy part.
>
> We want all users regardless of ISP to be able to authenticate off of any
> site (roaming accounts). For this, we are using the Synchronous <AuthBy
> Radius>, in order for users to fall through the Authentication
> systems. That part also works fine.
>
> The problem I'm having is knowing which authentication system the user went
> through...
>
> Scenario:
>
> userA from ISP1 dials IPS2's NAS
> ISP2 does a fall-through until userA is authenticated on ISP1's radius
> ISP2's box sends accounting to GlobalAccounting server
> sysadmin needs to know that userA was a ISP1 user even though dialed into
> ISP2.
>
> Now to make it harder... Without a realm given in the userid.
>
> Is there any kind of reply attribute we could send back to the NAS that the
> next call to the accounting server could receive to specify which server or
> method authenticated it? Some kind of reply attribute?
Yes - the attribute you want is the Class attribute. It is a reply item in an
Access-Accept and it will appear in subsequent Accounting-Request's. The Class
attribute is just a string, so you can put whatever you need in it.
hth
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
NT, Rhapsody
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
