[snip]
Thanks a bundle for that, I was about to whack my head against the screen
here and type "man unlang". ;)
If you're still getting duplicates, check that the NAS is actually
sending the value of the Class attribute. Vendors are notoriously bad
for ignoring the RFC in this area.
Yeah, never mind that we are talking to proxy servers upstream which in
turn may talk to other proxy servers (nobody knows) which ultimately talk
to the NAS (BRAS) in question.
You might have more luck concatenating the random string with the User-Name
and sending that in the Access-Accept. Then stripping it out again when you
receive accounting requests.
post-auth {
update reply {
User-Name := "%{User-Name}:%{Acct-Unique-ID}"
}
...
}
--
preacct {
...
if(User-Name =~ /([^:]+)(:([[:alnum:]]*))?/){
update request {
Acct-Session-ID := "%{Acct-Session-ID}%{3}"
User-Name := "%{1}"
}
}
}
It's a more commonly used feature so is more likely to work :)
I have seen those quickly recycled Acct-Session-Id's only with one
location it seems, other people with twice the connects never had their
IDs re-used in the same sample period. So my bet is that this particular
NAS will also happily ignore the Class attribute. ^o^
Yey for standards *sigh*.
But nevertheless, a very useful configuration snippet that would do well
in a future sample configuration.
Thanks, i'll poke Alan and see if he wants to include it. It'd be nice to have
a generic
hashing module for string expansions and not have to do some much unlang
hackyness,
useful for CUI too.
Thanks again for the quick and comprehensive response
No problem. Best of luck !
Arran
--
Arran Cudbard-Bell (a.cudbard-b...@sussex.ac.uk),
Authentication, Authorisation and Accounting Officer,
Infrastructure Services (IT Services),
E1-1-08, Engineering 1, University Of Sussex, Brighton, BN1 9QT
DDI+FAX: +44 1273 873900 | INT: 3900
GPG: 86FF A285 1AA1 EE40 D228 7C2E 71A9 25BB 1E68 54A2
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
