Arran Cudbard-Bell a.cudba...@freeradius.org writes:
Ok I revise my statement - Almost no vendors send Acct-Session-ID in
the Access-Request :).
But really its very very rare for vendors to do this. I've never
personally seen a product in the wild that does, and i've worked with
a fair few.
the packets or byte fields to
see if the sessios is still alive...but this metod would not be better than
matching with replies in radpostauth , ...i believe.
--
View this message in context:
http://freeradius.1045715.n5.nabble.com/racct-and-radpostauth-tp4782906p4785334.html
Sent from
Acct-Session-ID isn't inserted into the postauth table, because it's generally
not available in the Access-Request.
It is theoretically possible to pre-assign an Acct-Session-ID, and its
supported by the standards, but no NAS vendors do it because it requires
additional effort and adds
andreapepa wrote:
Ok, but that field is not present in radpostauth too...and i mean
...correlate between tables
As Arran said, you can't. This is RADIUS. It's not perfect.
How do you know?
doing the tests with jradius i've noticed that if you send an auth + start
request without a
On 9 Sep 2011, at 10:51, Alan DeKok wrote:
andreapepa wrote:
Ok, but that field is not present in radpostauth too...and i mean
...correlate between tables
As Arran said, you can't. This is RADIUS. It's not perfect.
You know being ignored is like my third favourite pass time, right
On Fri, Sep 9, 2011 at 3:51 PM, Alan DeKok al...@deployingradius.com wrote:
andreapepa wrote:
Finally.. i also can check fro time to time the packets or byte fields to
see if the sessios is still alive...but this metod would not be better than
matching with replies in radpostauth , ...i
Arran Cudbard-Bell wrote:
On 9 Sep 2011, at 10:51, Alan DeKok wrote:
As Arran said, you can't. This is RADIUS. It's not perfect.
You know being ignored is like my third favourite pass time, right behind
spanking cats, and plotting world domination...
It's possible... sometimes. In
/racct-and-radpostauth-tp4782906p4785708.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Arran Cudbard-Bell a.cudba...@freeradius.org writes:
Acct-Session-ID isn't inserted into the postauth table, because it's
generally not available in the Access-Request.
It is theoretically possible to pre-assign an Acct-Session-ID, and its
supported by the standards, but no NAS vendors do it
andreapepa wrote:
I said that because in my tests an access-rejected request is still
recorded in radacct table with a start time and a NULL stoptime,
That's unnecessary, and a bad idea.
but nothing
can link this record to the record in radpostauth,
You've modified the default behavior
On 9 Sep 2011, at 12:18, Bjørn Mork wrote:
Arran Cudbard-Bell a.cudba...@freeradius.org writes:
Acct-Session-ID isn't inserted into the postauth table, because it's
generally not available in the Access-Request.
It is theoretically possible to pre-assign an Acct-Session-ID, and its
Arran Cudbard-Bell a.cudba...@freeradius.org writes:
As Alan says your NAS won't generate Accounting-Requests if the RADIUS
server rejects the user (unless its very broken).
Why would that be broken?
Yes, I do see that you can trigger RADIUS accounting traffic without
authenticating, but
andreapepa wrote:
I said that because in my tests an access-rejected request is still
recorded in radacct table with a start time and a NULL stoptime,
That is odd. What does the debug log says?
I'm specifically interested in whether the record in radacct was resulted by
(1) NAS sending
://freeradius.1045715.n5.nabble.com/racct-and-radpostauth-tp4782906p4786209.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Arran, i'm sorry if you felt alone sometimes ;-)
I'm not the one missing out on radstars :p
but as i said to Fajar
i've no control over the NAS devices so i prefer do all the possibleon
the FR server.
Yes... and you can. The contents of the Class attribute is set in the
Bjørn Mork wrote:
Arran Cudbard-Bell a.cudba...@freeradius.org writes:
As Alan says your NAS won't generate Accounting-Requests if the RADIUS
server rejects the user (unless its very broken).
Why would that be broken?
A session that doesn't start requires no accounting.
When
On 9 Sep 2011, at 14:23, Bjørn Mork wrote:
Arran Cudbard-Bell a.cudba...@freeradius.org writes:
As Alan says your NAS won't generate Accounting-Requests if the RADIUS
server rejects the user (unless its very broken).
Why would that be broken?
Yes, I do see that you can trigger
http://freeradius.1045715.n5.nabble.com/file/n4786389/jradiusreq2_config.png
--
View this message in context:
http://freeradius.1045715.n5.nabble.com/racct-and-radpostauth-tp4782906p4786389.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe
andreapepa wrote:
a nas send an auth req
user accepted and logged
user log off but stop packet doesnt arrive to the server, for a lot of
reasons.
user retry to log in ...maybe from another nas, we also have nas that doesnt
communicate the power on/off state
user is rejected due to check
ok , thanks
--
View this message in context:
http://freeradius.1045715.n5.nabble.com/racct-and-radpostauth-tp4782906p4786505.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Arran Cudbard-Bell a.cudba...@freeradius.org writes:
RFC 2866:
When a client is configured to use RADIUS Accounting, at the start of
service delivery it will generate an Accounting Start packet
describing the type of service being delivered and the user it is
being delivered to,
Bjørn Mork wrote:
No, of course not. But it may be useful in some settings.
That's why FR is configurable. People do all kinds of crazy things
with it. But those things don't make it into the default config.
And I really cannot see anything in the above RFC quote which forbids
sending
On 9 Sep 2011, at 16:27, Bjørn Mork wrote:
Arran Cudbard-Bell a.cudba...@freeradius.org writes:
RFC 2866:
When a client is configured to use RADIUS Accounting, at the start of
service delivery it will generate an Accounting Start packet
describing the type of service being
On Fri, Sep 9, 2011 at 8:32 PM, andreapepa
andrea.p...@trentinonetwork.it wrote:
http://freeradius.1045715.n5.nabble.com/file/n4786389/freeradlogdebug
freeradlogdebug
that is the log.
Then your NAS (in this case, the simulator) is clearly broken (or
perhaps just misconfigured).
It says
) if records belong to a
rejected request in radpostauth.
I'm testing the server not in the real but with the jradius simulator, with
Generate Unique Acct-Session-id option on
--
View this message in context:
http://freeradius.1045715.n5.nabble.com/racct-and-radpostauth-tp4782906p4782906.html
andreapepa wrote:
My question is about the correlation beetwen the tables in subject, how can
i correlate records without using timestamp but maybe a unique session id?
Use the unique session ID.
I think this would be helpful when listing online users, for example when
there is no
On 8 Sep 2011, at 17:48, Alan DeKok wrote:
andreapepa wrote:
My question is about the correlation beetwen the tables in subject, how can
i correlate records without using timestamp but maybe a unique session id?
Use the unique session ID.
I think this would be helpful when listing
27 matches
Mail list logo