Hello Thibault, Thanks for the in-depth explanation. Here are some of my impressions regarding this solution.
Only attribute I can rely on is Acct-Session-Id (present in Authorization and Accounting requests) - drawback is in the RAS, which resets the counter after every reboot, so this string is not unique (a must for SQL joins). Maybe there's some other attribute to look for? Cheers, Marco On 12/15/06, Thibault Le Meur <[EMAIL PROTECTED]> wrote:
-----Message d'origine----- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de Marco Stuhl Envoyé : vendredi 15 décembre 2006 13:47 À : FreeRadius users mailing list Objet : Re: RE : RE : rlm_sql: Password in Accounting Packet Here's the scenario. I'd like to make one username for all users having/sharing same service (e.g. users w/ service A all have username 'foo' with unique password for every user). Now, the problem arises with accounting, or, to be more precise, session reports that will be available for them to see and check their past sessions. So the password can only be retreived for the Access-Request packet: use the postauth query to record it, then use radacct to record accoutning informations. Since accounting (SQL schema) is based on unique username, I cannot make the distinction between users. Also, I've noted (in past FR versions, though) that it was possible for log files, since FR logged passwords there? Accounting is based on AcctSessionId (or AcctUniqueId, which can be computed by a FR module). AFAIK, there is no assumption about the 'unique username' thing: it is your session analyzer that makes such assumption. If you want to differentiate users, you'll have to find rules that help map attributes recorded in the radacct table with attributes recorded in the postauth table: then a simple Join can help recover the true username. HTH, Thibault - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
