Hello Martin -
Instead of IgnoreAccounting, you should use NoForwardAccounting, otherwise the
original request will not be acknowledged.
See the following section in the Radiator 4.16 reference manual (“doc/ref.pdf”).
• 5.31.17 NoForwardAccounting
Stops AuthBy RADIUS forwarding Accounting-Requests. They are ACCEPTED, but no
further action is taken with them. This is different in meaning to
IgnoreAccounting, which IGNOREs them.
# Just ACCEPT Accounting-Requests, don’t forward them
NoForwardAccounting
regards
Hugh
> On 16 May 2016, at 20:19, Martin Burton <m...@sanger.ac.uk> wrote:
>
> Hi Folks,
>
> The Eduroam Fedaration are on the verge of implementing a
> "no-accounting" border between Organisational and National Proxies and
> participants are being asked to stop sending accounting packets upstream.
>
> Currently, I have the following config that forwards to the NRPS:
>
>
> <AuthBy RADIUS>
> Identifier NRPS
> FailureBackoffTime 10
> RetryTimeout 5
> Retries 1
> UseExtendedIds
> AllowInRequest User-Name, Reply-Message, State, Class, \
> Message-Authenticator, Proxy-State, \
> EAP-Message, MS-MPPE-Send-Key, MS-MPPE-Recv-Key, \
> Calling-Station-Id, Acct-Status-Type,
> Acct-Session-ID
>
> AllowInReply User-Name, Reply-Message, State, Class, \
> Message-Authenticator, Proxy-State, \
> EAP-Message, MS-MPPE-Send-Key, MS-MPPE-Recv-Key, \
> Calling-Station-Id, Acct-Status-Type,
> Acct-Session-ID, Operator-Name
>
>
>
> AddToRequest Operator-Name="1sanger.ac.uk"
> #
> # Include the radius server specific NRPS host configuration
> #
> include %D/%h.nrps
>
> AutoMPPEKeys
> </AuthBy>
>
> <Handler User-Name = /^([^@]*)@([^@]+)$/i>
> Identifier OUT-NRPS
> AcctLogFileName %L/default.acct.log
> AuthByPolicy ContinueWhileIgnore
> AuthLog EduroamLog
> AuthBy AuthLOG
> AuthBy NRPS
> </Handler>
>
>
> where %D/%h.nrps simply contains the <Host> declarations for the upstreams.
>
>
> If I want to ensure that no accounting packets are sent upstream is it
> as simple as adding "IgnoreAccounting" the AuthBy:
>
> <AuthBy RADIUS>
> Identifier NRPS
>
> IgnoreAccounting
>
> FailureBackoffTime 10
> RetryTimeout 5
> Retries 1
>
> .
> .
> .
> </AuthBy>
>
> Just seems too simple!
>
>
> Thanks,
>
> Martin.
>
> --
> Martin Burton
> Principal Systems Administrator \\\|||///
> Infrastructure Team \\ ^ ^ //
> Wellcome Trust Sanger Institute ( 6 6 )
> -----------------------------------------oOOo-(_)-oOOo---
> t: +44 (0)1223 496945 http://www.sanger.ac.uk
> Extreme Networks Specialist: a1780000003uG1BAAU
>
> _______________________________________________
> radiator mailing list
> radiator@open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
--
Hugh Irvine
h...@open.com.au
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER, SIM, etc.
Full source on Unix, Linux, Windows, MacOSX, Solaris, VMS, NetWare etc.
_______________________________________________
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
