Anders Holm wrote: > Heh. I sure did. Though, I'm thinking slightly differently I suppose.. > "How can something be accepted which has not been requested?".
That is the definition of how Status-Server works. This definition goes back to 1996 in a number of RADIUS servers. It is now being standardized: http://tools.ietf.org/html/draft-ietf-radext-status-server-03 Which was written by... me. > And I > understand why the Accepts increment. I just don't understand why the > Requests aren't, as that how I'd look at a query to get the Status, a > Request which specifically is an Access-Request to get Status-Server > data returned. At least, that is my view. Are you being deliberately obtuse? Or just deliberately difficult? a) There is a counter for Access-Requests b) There is a counter for Access-Accepts c) The response to Status-Server is Access-Accept That's how it works. 3 simple rules that anyone should be able to understand. There is no counter for Status-Server, and the "Access-Request" counter is not incremented when a "Status-Server" packet is received. Why? Because Status-Server packets aren't Access-Request packets! They're spelled differently! And *pronounced* differently! > Considering I'm using exactly what the example from the Wiki tells me, > there is an Authentication, so logically, I'm asking for Access. > > "# echo "Message-Authenticator = 0x00, FreeRADIUS-Statistics-Type = 1" | \" Now you are being *deliberately* misleading. The next line that you *conveniently* didn't quote is: radclient localhost:18120 status adminsecret See the "status" word? The "radclient" documentation says that this means "send Status-Server". And nothing is being authenticated. No user, no machine, nothing. Nothing is asking for access. > So, Access-Accepts I got no problem with. That stacks up. Requests and > Rejects is what I'm curious about. If my shared secret is wrong for > example, doesn't that get counted as an Access-Reject, or doesn't it get > counted at all? This is a fascinating discusion in how a simple example can be twisted into something unrecognizable. The RADIUS *packet* is being signed. No RADIUS *users* are being authenticated. And the response to a Status-Server is *never* Access-Reject. Go read my draft. If you don't understand it, read it again. If you still don't understand it, ask someone *else* about it. >> There is only one Status-Server packet. I don't know what you mean by >> "Status-*" > > If one separates the Requests versus Accepts and Rejects, I'd see 3 .. > If one follows the set examples for other counters anyway. Nonsense. This confusion happens only because you fail to comprehend the 3 simple rules I posted above. Instead, you are working valiently to come up with a tortured explanation based on a near-total misunderstanding. > Sure. In your own scenario you're considering several clients. On disk > isn't good enough either. Losing a disk also means losing data. You only have one disk? You must be terribly poor. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html