rlm_acct_unique (5) - Linux Manuals

rlm_acct_unique: FreeRADIUS Module

NAME

rlm_acct_unique - FreeRADIUS Module

DESCRIPTION

The rlm_acct_unique module creates a unique accounting session Id.

Many NAS vendors have their equipment supply an Acct-Session-Id attribute which is not unique over reboots. This makes accounting difficult, as there will be many independent sessions with the same Acct-Session-Id attribute. This module uses the Acct-Session-Id attribute, along with other attributes in the request, to create a more unique session ID, called Acct-Unique-Session-Id.

The main configuration items to be aware of are:

key
A list of the attributes used in calculating an MD5 hash which is used as the value for the unique session id.

CONFIGURATION

modules {
  ...

acct_unique {
key = "User-Name, Acct-Session-Id, NAS-IP-Address, NAS-Port"
}
...
}
...
preacct { ...
acct_unique ...
}

After generating the MD5 hash, the module adds it to the accounting request packet received from the client. It will look something like this in your detail file:

        Acct-Unique-Session-Id = "c66ef57e480b9d26"

NOTE: Any attribute you specify that is not found in the 'dictionary' file will cause the server to fail and exit with an error.

NOTE: If you want the Acct-Unique-Session-Id of the Start and the Stop packet of a particular session to match, you must use values for the key that will stay the same for the Start and Stop. The above example is a good start. Adding 'Acct-Session-Time', for example, would cause a mismatch because that value is not the same on the Start and Stop accounting packets.

SECTIONS

authorization, pre-accounting, accounting

FILES

/etc/raddb/radiusd.conf

AUTHORS

Chris Parker, cparker [at] segv.org

SEE ALSO

radiusd(8), radiusd.conf(5)