Hello Martin - Instead of IgnoreAccounting, you should use NoForwardAccounting, otherwise the original request will not be acknowledged.
See the following section in the Radiator 4.16 reference manual (“doc/ref.pdf”). • 5.31.17 NoForwardAccounting Stops AuthBy RADIUS forwarding Accounting-Requests. They are ACCEPTED, but no further action is taken with them. This is different in meaning to IgnoreAccounting, which IGNOREs them. # Just ACCEPT Accounting-Requests, don’t forward them NoForwardAccounting regards Hugh > On 16 May 2016, at 20:19, Martin Burton <m...@sanger.ac.uk> wrote: > > Hi Folks, > > The Eduroam Fedaration are on the verge of implementing a > "no-accounting" border between Organisational and National Proxies and > participants are being asked to stop sending accounting packets upstream. > > Currently, I have the following config that forwards to the NRPS: > > > <AuthBy RADIUS> > Identifier NRPS > FailureBackoffTime 10 > RetryTimeout 5 > Retries 1 > UseExtendedIds > AllowInRequest User-Name, Reply-Message, State, Class, \ > Message-Authenticator, Proxy-State, \ > EAP-Message, MS-MPPE-Send-Key, MS-MPPE-Recv-Key, \ > Calling-Station-Id, Acct-Status-Type, > Acct-Session-ID > > AllowInReply User-Name, Reply-Message, State, Class, \ > Message-Authenticator, Proxy-State, \ > EAP-Message, MS-MPPE-Send-Key, MS-MPPE-Recv-Key, \ > Calling-Station-Id, Acct-Status-Type, > Acct-Session-ID, Operator-Name > > > > AddToRequest Operator-Name="1sanger.ac.uk" > # > # Include the radius server specific NRPS host configuration > # > include %D/%h.nrps > > AutoMPPEKeys > </AuthBy> > > <Handler User-Name = /^([^@]*)@([^@]+)$/i> > Identifier OUT-NRPS > AcctLogFileName %L/default.acct.log > AuthByPolicy ContinueWhileIgnore > AuthLog EduroamLog > AuthBy AuthLOG > AuthBy NRPS > </Handler> > > > where %D/%h.nrps simply contains the <Host> declarations for the upstreams. > > > If I want to ensure that no accounting packets are sent upstream is it > as simple as adding "IgnoreAccounting" the AuthBy: > > <AuthBy RADIUS> > Identifier NRPS > > IgnoreAccounting > > FailureBackoffTime 10 > RetryTimeout 5 > Retries 1 > > . > . > . > </AuthBy> > > Just seems too simple! > > > Thanks, > > Martin. > > -- > Martin Burton > Principal Systems Administrator \\\|||/// > Infrastructure Team \\ ^ ^ // > Wellcome Trust Sanger Institute ( 6 6 ) > -----------------------------------------oOOo-(_)-oOOo--- > t: +44 (0)1223 496945 http://www.sanger.ac.uk > Extreme Networks Specialist: a1780000003uG1BAAU > > _______________________________________________ > radiator mailing list > radiator@open.com.au > http://www.open.com.au/mailman/listinfo/radiator -- Hugh Irvine h...@open.com.au Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER, SIM, etc. Full source on Unix, Linux, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator