Re: (RADIATOR) forwarding Accounting & Authorization

[Hugh Irvine]

Hello Ricardo -

On Fri, 20 Oct 2000, Ricardo Sousa wrote:
> 
> Okay I put that in place, but it didn't help much. I'm attaching the Trace 4 log.
> 
> In summary, what is happening is that the Accounting-Request doesn't have the 
Class attribute, so, it isn't handled by <Handler Request-Type =
Accounting-Request, Class = remote>. > 

The trace file that you sent shows that Radiator is doing the right thing,
however as the Access-Request that was proxied to the remote radius server is
rejected, the NAS is just sending a stop record to indicate that a session
never started for that request. If you don't want your NAS to send an
accounting stop in that situation, you will have to investigate how to disable
that behaviour in the NAS.

Here is the relevant part of the trace:

Here is the Access-Reject (which has the Class attribute added):

971968121.520143: DEBUG: Received reply in AuthRADIUS for req 1 from 
195.245.135.91:2045
971968121.52404: DEBUG: Packet dump:
*** Sending to 194.38.128.40 port 1645 ....
Code:       Access-Reject
Identifier: 59
Authentic:  <234><5>3E<168><139><190><184>Q<204>*cq<7><228><200>
Attributes:
        Reply-Message = "Authentication - Maximum sessions exceeded"
        Class = "oninet"

And here is the accounting stop from the NAS:

971968121.542865: DEBUG: Packet dump:
*** Received from 194.38.128.40 port 1646 ....
Code:       Accounting-Request
Identifier: 60
Authentic:  <191><151>'cN<160>3<188>s<4><239>8<169><198><147><157>
Attributes:
        NAS-IP-Address = 194.38.128.40
        NAS-Port = 7
        NAS-Port-Type = Async
        User-Name = "528mcf"
        Called-Station-Id = "950000"
        Calling-Station-Id = "213570866"
        Acct-Status-Type = Stop
        Acct-Authentic = RADIUS
        Service-Type = Framed
        Acct-Session-Id = "0001CB77"
        Acct-Input-Packets = 0
        Acct-Output-Packets = 0
        Acct-Session-Time = 0
        Acct-Delay-Time = 0

Now, the radius protocol states that a Class attribute returned to a NAS
in an Access-Accept should appear in all subsequent accounting packets for that
request, however the RFC doesn't state what should happen in the case of a
reject.

hth

Hugh

-- 
Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.



===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.