Hi Folks, The Eduroam Fedaration are on the verge of implementing a "no-accounting" border between Organisational and National Proxies and participants are being asked to stop sending accounting packets upstream.
Currently, I have the following config that forwards to the NRPS: <AuthBy RADIUS> Identifier NRPS FailureBackoffTime 10 RetryTimeout 5 Retries 1 UseExtendedIds AllowInRequest User-Name, Reply-Message, State, Class, \ Message-Authenticator, Proxy-State, \ EAP-Message, MS-MPPE-Send-Key, MS-MPPE-Recv-Key, \ Calling-Station-Id, Acct-Status-Type, Acct-Session-ID AllowInReply User-Name, Reply-Message, State, Class, \ Message-Authenticator, Proxy-State, \ EAP-Message, MS-MPPE-Send-Key, MS-MPPE-Recv-Key, \ Calling-Station-Id, Acct-Status-Type, Acct-Session-ID, Operator-Name AddToRequest Operator-Name="1sanger.ac.uk" # # Include the radius server specific NRPS host configuration # include %D/%h.nrps AutoMPPEKeys </AuthBy> <Handler User-Name = /^([^@]*)@([^@]+)$/i> Identifier OUT-NRPS AcctLogFileName %L/default.acct.log AuthByPolicy ContinueWhileIgnore AuthLog EduroamLog AuthBy AuthLOG AuthBy NRPS </Handler> where %D/%h.nrps simply contains the <Host> declarations for the upstreams. If I want to ensure that no accounting packets are sent upstream is it as simple as adding "IgnoreAccounting" the AuthBy: <AuthBy RADIUS> Identifier NRPS IgnoreAccounting FailureBackoffTime 10 RetryTimeout 5 Retries 1 . . . </AuthBy> Just seems too simple! Thanks, Martin. -- Martin Burton Principal Systems Administrator \\\|||/// Infrastructure Team \\ ^ ^ // Wellcome Trust Sanger Institute ( 6 6 ) -----------------------------------------oOOo-(_)-oOOo--- t: +44 (0)1223 496945 http://www.sanger.ac.uk Extreme Networks Specialist: a1780000003uG1BAAU
signature.asc
Description: OpenPGP digital signature
_______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator