Hi Folks, The Eduroam Fedaration are on the verge of implementing a "no-accounting" border between Organisational and National Proxies and participants are being asked to stop sending accounting packets upstream.
Currently, I have the following config that forwards to the NRPS:
<AuthBy RADIUS>
Identifier NRPS
FailureBackoffTime 10
RetryTimeout 5
Retries 1
UseExtendedIds
AllowInRequest User-Name, Reply-Message, State, Class, \
Message-Authenticator, Proxy-State, \
EAP-Message, MS-MPPE-Send-Key, MS-MPPE-Recv-Key, \
Calling-Station-Id, Acct-Status-Type,
Acct-Session-ID
AllowInReply User-Name, Reply-Message, State, Class, \
Message-Authenticator, Proxy-State, \
EAP-Message, MS-MPPE-Send-Key, MS-MPPE-Recv-Key, \
Calling-Station-Id, Acct-Status-Type,
Acct-Session-ID, Operator-Name
AddToRequest Operator-Name="1sanger.ac.uk"
#
# Include the radius server specific NRPS host configuration
#
include %D/%h.nrps
AutoMPPEKeys
</AuthBy>
<Handler User-Name = /^([^@]*)@([^@]+)$/i>
Identifier OUT-NRPS
AcctLogFileName %L/default.acct.log
AuthByPolicy ContinueWhileIgnore
AuthLog EduroamLog
AuthBy AuthLOG
AuthBy NRPS
</Handler>
where %D/%h.nrps simply contains the <Host> declarations for the upstreams.
If I want to ensure that no accounting packets are sent upstream is it
as simple as adding "IgnoreAccounting" the AuthBy:
<AuthBy RADIUS>
Identifier NRPS
IgnoreAccounting
FailureBackoffTime 10
RetryTimeout 5
Retries 1
.
.
.
</AuthBy>
Just seems too simple!
Thanks,
Martin.
--
Martin Burton
Principal Systems Administrator \\\|||///
Infrastructure Team \\ ^ ^ //
Wellcome Trust Sanger Institute ( 6 6 )
-----------------------------------------oOOo-(_)-oOOo---
t: +44 (0)1223 496945 http://www.sanger.ac.uk
Extreme Networks Specialist: a1780000003uG1BAAU
signature.asc
Description: OpenPGP digital signature
_______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
