Hello Martin -
Instead of IgnoreAccounting, you should use NoForwardAccounting, otherwise the
original request will not be acknowledged.
See the following section in the Radiator 4.16 reference manual (“doc/ref.pdf”).
• 5.31.17 NoForwardAccounting
Stops AuthBy RADIUS forwarding Accounting-Requests. They are ACCEPTED, but no
further action is taken with them. This is different in meaning to
IgnoreAccounting, which IGNOREs them.
# Just ACCEPT Accounting-Requests, don’t forward them
NoForwardAccounting
regards
Hugh
> On 16 May 2016, at 20:19, Martin Burton wrote:
>
> Hi Folks,
>
> The Eduroam Fedaration are on the verge of implementing a
> "no-accounting" border between Organisational and National Proxies and
> participants are being asked to stop sending accounting packets upstream.
>
> Currently, I have the following config that forwards to the NRPS:
>
>
>
>Identifier NRPS
>FailureBackoffTime 10
>RetryTimeout 5
>Retries 1
>UseExtendedIds
>AllowInRequest User-Name, Reply-Message, State, Class, \
>Message-Authenticator, Proxy-State, \
>EAP-Message, MS-MPPE-Send-Key, MS-MPPE-Recv-Key, \
>Calling-Station-Id, Acct-Status-Type,
> Acct-Session-ID
>
>AllowInReplyUser-Name, Reply-Message, State, Class, \
>Message-Authenticator, Proxy-State, \
>EAP-Message, MS-MPPE-Send-Key, MS-MPPE-Recv-Key, \
>Calling-Station-Id, Acct-Status-Type,
> Acct-Session-ID, Operator-Name
>
>
>
>AddToRequest Operator-Name="1sanger.ac.uk"
> #
> # Include the radius server specific NRPS host configuration
> #
>include %D/%h.nrps
>
>AutoMPPEKeys
>
>
>
>Identifier OUT-NRPS
>AcctLogFileName %L/default.acct.log
>AuthByPolicy ContinueWhileIgnore
>AuthLog EduroamLog
>AuthBy AuthLOG
>AuthBy NRPS
>
>
>
> where %D/%h.nrps simply contains the declarations for the upstreams.
>
>
> If I want to ensure that no accounting packets are sent upstream is it
> as simple as adding "IgnoreAccounting" the AuthBy:
>
>
> Identifier NRPS
>
> IgnoreAccounting
>
> FailureBackoffTime 10
> RetryTimeout 5
> Retries 1
>
> .
> .
> .
>
>
> Just seems too simple!
>
>
> Thanks,
>
> Martin.
>
> --
> Martin Burton
> Principal Systems Administrator\\\|||///
> Infrastructure Team \\ ^ ^ //
> Wellcome Trust Sanger Institute( 6 6 )
> -oOOo-(_)-oOOo---
> t: +44 (0)1223 496945 http://www.sanger.ac.uk
> Extreme Networks Specialist: a178003uG1BAAU
>
> ___
> radiator mailing list
> radiator@open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
--
Hugh Irvine
h...@open.com.au
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER, SIM, etc.
Full source on Unix, Linux, Windows, MacOSX, Solaris, VMS, NetWare etc.
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator