Questions on the finer points of CUI

Thu, 28 Jun 2012 00:13:29 -0700 

All,

I was after some clarification about the implementation of CUI in freeRADIUS.  

My first point is the use of Client IP Address. I notice that client IP Address 
makes a regular appearance but I'm wondering whether it should.  Looking at the 
cui.conf the post-auth insert adds the Client IP Address.

postauth_query = "INSERT IGNORE INTO ${cui_table} \
        (clientipaddress, callingstationid, username, cui, lastaccounting) \
        VALUES \
        ('%{Client-IP-Address}', '%{Calling-Station-Id}', '%{User-Name}', 
'%{reply:Chargeable-User-Identity}', NULL) ON DUPLICATE KEY UPDATE 
lastaccounting='0000-00-00 00:00:00', cui='%{reply:Chargeable-User-Identity}'";

likewise the schema (in cui.sql) even has the Client IP Address as a primary 
key which to me seems wrong.  In the world of eduroam my RADIUS server can 
proxy off to one of 3 National Proxies each will have a different Client IP 
Address, therefore a single client could have 3 entries in the cui table 
depending upon which National proxy dealt with the request.  I don't see the 
point of the Client IP Address being in there.  If each home server is using a 
salt (together with the operator name) then even the same username and calling 
station id will return a different CUI for different home servers.  Maybe some 
could explain what I'm missing and why the Client IP Address is there?

Staying with the Client IP Address, my next point surrounds the Accounting.  
The cui.conf shows that accounting updates the table using Client IP Address in 
the search:

accounting_start_query = "UPDATE ${cui_table} \
        SET \
                lastaccounting = CURRENT_TIMESTAMP \
        WHERE clientipaddress = '%{Client-IP-Address}' \
        AND callingstationid = '%{Calling-Station-Id}' \
        AND username = '%{User-Name}' \
        AND cui = '%{Chargeable-User-Identity}'";

How would this work?  The NAS doesn't know what the Client IP Address is and 
doesn't send it in Accounting packets.  

Finally, why does the Accounting stop for cui remove the cui from the database:

accounting_stop_query = "DELETE FROM ${cui_table} WHERE \
        clientipaddress = '%{Client-IP-Address}' \
        AND callingstationid = '%{Calling-Station-Id}' \
        AND username = '%{User-Name}' \
        AND cui = '%{Chargeable-User-Identity}'";


Surely I'd want to keep this?  If 2 weeks later I get a copyright infringement 
notice for a client, I'd want the CUI when contacting the home site of the user.


Thanks


Scott Armitage

Attachment: PGP.sig
Description: This is a digitally signed message part

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to