Hello James -
Acct-Session-Time is an integer, so try this:
<Handler Acct-Session-Time = 0>
<AuthBy INTERNAL>
AcctResult ACCEPT
</AuthBy>
</Handler>
regards
Hugh
On Tuesday, Nov 19, 2002, at 11:03 Australia/Melbourne, James M. Luedke wrote:
Hello:
I have a small problem between Radiator - Qwest - Ic Radius and
proxy radius. It seems that qwest sends a 0 length Stop record every
time there is a Authentication failure. Since we do proxy radius
services for our clients we simply proxy these packets forward to them.
However it seems that IC Radius looks at the Stop record and reports it
as an invalid stop record. There for discarding it and never sending us
a response. This causes us to retry over and over. This creates a lot of
unwanted traffic.
What I would like to do is set up a handeler for the Stop records that
have a Acct-session-time of 00 secs.
Here is a tcpdump of a packet I receive from qwest.
--------------------------
-req 368 [id 166] Attr[
NAS_ipaddr{nas5.saint-louis1.mo.us.da.qwest.net}
NAS_port{3600}
Service_type{Framed}
Framed_proto{PPP}
Login_iphost{0.0.0.0}
Login_service{PortMaster(proprietary)}
Login_TCP_port{0}
Vendor_specific{...M..0100}
Vendor_specific{...M..V.90}
Vendor_specific{...M......}
Vendor_specific{...M......}
Vendor_specific{...M.....&}
Vendor_specific{...M......}
Vendor_specific{...M......}
Vendor_specific{...M......}
Vendor_specific{...M......}
Vendor_specific{...M......}
Called_station{5736530005}
Calling_station{5737177297}
Acct_status{Stop}
Acct_delay{00 secs}
Acct_in_octets{158}
Acct_out_octets{161}
Acct_session_id{C14E5D71:00056CBF}
Acct_authentic{(null)}
Acct_session_time{00 secs}
Acct_in_packets{6}
Acct_out_packets{6}
Acct_term_cause{NAS Error}
Acct_multi_session_id{FFFFFFFF}
Acct_link_count{1}
--------------------------
Notice the Acct_session_time{00 secs} ???
Now how can I write a handler to catch this....
I have tried this...
<Handler Acct-Session-Time = "00 secs">
<AuthBy INTERNAL>
AcctResult ACCEPT
</AuthBy>
</Handler>
But this seems to do nothing... How can I simply discard these
packets???
Thanks for your help.
-James.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
-- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence.
=== Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
