Thank you for the pointer Hugh, much appreciated.
> On May 17, 2016, at 12:39 AM, Hugh Irvine <h...@open.com.au> wrote: > > > Hello Martin - > > Instead of IgnoreAccounting, you should use NoForwardAccounting, otherwise > the original request will not be acknowledged. > > See the following section in the Radiator 4.16 reference manual > (“doc/ref.pdf”). > > > • 5.31.17 NoForwardAccounting > > Stops AuthBy RADIUS forwarding Accounting-Requests. They are ACCEPTED, but no > further action is taken with them. This is different in meaning to > IgnoreAccounting, which IGNOREs them. > > # Just ACCEPT Accounting-Requests, don’t forward them > > NoForwardAccounting > > > regards > > Hugh > > >> On 16 May 2016, at 20:19, Martin Burton <m...@sanger.ac.uk> wrote: >> >> Hi Folks, >> >> The Eduroam Fedaration are on the verge of implementing a >> "no-accounting" border between Organisational and National Proxies and >> participants are being asked to stop sending accounting packets upstream. >> >> Currently, I have the following config that forwards to the NRPS: >> >> >> <AuthBy RADIUS> >> Identifier NRPS >> FailureBackoffTime 10 >> RetryTimeout 5 >> Retries 1 >> UseExtendedIds >> AllowInRequest User-Name, Reply-Message, State, Class, \ >> Message-Authenticator, Proxy-State, \ >> EAP-Message, MS-MPPE-Send-Key, MS-MPPE-Recv-Key, \ >> Calling-Station-Id, Acct-Status-Type, >> Acct-Session-ID >> >> AllowInReply User-Name, Reply-Message, State, Class, \ >> Message-Authenticator, Proxy-State, \ >> EAP-Message, MS-MPPE-Send-Key, MS-MPPE-Recv-Key, \ >> Calling-Station-Id, Acct-Status-Type, >> Acct-Session-ID, Operator-Name >> >> >> >> AddToRequest Operator-Name="1sanger.ac.uk" >> # >> # Include the radius server specific NRPS host configuration >> # >> include %D/%h.nrps >> >> AutoMPPEKeys >> </AuthBy> >> >> <Handler User-Name = /^([^@]*)@([^@]+)$/i> >> Identifier OUT-NRPS >> AcctLogFileName %L/default.acct.log >> AuthByPolicy ContinueWhileIgnore >> AuthLog EduroamLog >> AuthBy AuthLOG >> AuthBy NRPS >> </Handler> >> >> >> where %D/%h.nrps simply contains the <Host> declarations for the upstreams. >> >> >> If I want to ensure that no accounting packets are sent upstream is it >> as simple as adding "IgnoreAccounting" the AuthBy: >> >> <AuthBy RADIUS> >> Identifier NRPS >> >> IgnoreAccounting >> >> FailureBackoffTime 10 >> RetryTimeout 5 >> Retries 1 >> >> . >> . >> . >> </AuthBy> >> >> Just seems too simple! >> >> >> Thanks, >> >> Martin. >> >> -- >> Martin Burton >> Principal Systems Administrator \\\|||/// >> Infrastructure Team \\ ^ ^ // >> Wellcome Trust Sanger Institute ( 6 6 ) >> -----------------------------------------oOOo-(_)-oOOo--- >> t: +44 (0)1223 496945 http://www.sanger.ac.uk >> Extreme Networks Specialist: a1780000003uG1BAAU >> >> _______________________________________________ >> radiator mailing list >> radiator@open.com.au >> http://www.open.com.au/mailman/listinfo/radiator > > > -- > > Hugh Irvine > h...@open.com.au > > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, > Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, > TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, > DIAMETER, SIM, etc. > Full source on Unix, Linux, Windows, MacOSX, Solaris, VMS, NetWare etc. > -- The Wellcome Trust Sanger Institute is operated by Genome Research Limited, a charity registered in England with number 1021457 and a company registered in England with number 2742969, whose registered office is 215 Euston Road, London, NW1 2BE. _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator