Create new accounting attributes

classic Classic list List threaded Threaded
4 messages Options
| Threaded
Open this post in threaded view
|

Create new accounting attributes

Juan Diego
Hello everyone,

I am new to working with FreeRADIUS and would appreciate your help.
I would need to design new accounting attributes in a local environment,
using either radclient or radeapclient as the client.

As I have seen in the official documentation at
https://networkradius.com/doc/current/concepts/dictionary/purpose.html,
it is indicated that it is not necessary to modify the source code to
add new attributes. I am confused with this, how would the client/NAS
add the new accounting attributes to the radius package? Then, I
understand that it is necessary to have a dictionary where the new
accounting attributes appear so that the server can decode them.


Please, if you know of any guide to implement new accounting attributes
or what files need to be modified, I would greatly appreciate it.

Thanks in advance and regards,

John

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Create new accounting attributes

Alan DeKok-2
On Nov 14, 2020, at 12:33 PM, Juan Diego <[hidden email]> wrote:
> I am new to working with FreeRADIUS and would appreciate your help.
> I would need to design new accounting attributes in a local environment, using either radclient or radeapclient as the client.

  Just use radclient for accounting.

> As I have seen in the official documentation at https://networkradius.com/doc/current/concepts/dictionary/purpose.html, it is indicated that it is not necessary to modify the source code to add new attributes. I am confused with this, how would the client/NAS add the new accounting attributes to the radius package?

  If it's a real NAS, then yes, it *does* require source code changes.  Because the NAS doesn't user dictionaries.  A NAS understands only a very limited set of attributes, and ignores everything it doesn't understand.

  On the other hand, radclient is part of FreeRADIUS.  It can read the various dictionaries, but it doesn't do anything else that a NAS does.

> Then, I understand that it is necessary to have a dictionary where the new accounting attributes appear so that the server can decode them.

  Yes.

> Please, if you know of any guide to implement new accounting attributes or what files need to be modified, I would greatly appreciate it.

  Edit raddb/dictionary.  Read it, and add attributes there.  My suggestion is to create vendor-specific attributes.  See dictionary.cisco for some examples.

  Then, have radclient read the same dictionaries.  And radclient will print out any attributes sent by the server.

  But all of this is largely focussed on a particular solution.  The better question is *why* do you need new accounting attributes?  What will be using them on the client side?

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

RE: Create new accounting attributes

Juan Diego
Hello Alan,

In first, this project is for academic purposes for my Master Thesis project. However, in my company they are interested in reviewing the possibility of adding new accounting attributes in a real and production environment.

For now, I would be able to create new simple attributes (two or three) that are added by the NAS and sent to the server to be registered. For example, HTTP / S, FTP or SSH traffic carried by the user during the session.

Thanks and regards,
Juan


________________________________
De: Freeradius-Users <freeradius-users-bounces+juandi_092=[hidden email]> en nombre de Alan DeKok <[hidden email]>
Enviado: sábado, 14 de noviembre de 2020 18:52
Para: FreeRadius users mailing list <[hidden email]>
Asunto: Re: Create new accounting attributes

On Nov 14, 2020, at 12:33 PM, Juan Diego <[hidden email]> wrote:
> I am new to working with FreeRADIUS and would appreciate your help.
> I would need to design new accounting attributes in a local environment, using either radclient or radeapclient as the client.

  Just use radclient for accounting.

> As I have seen in the official documentation at https://networkradius.com/doc/current/concepts/dictionary/purpose.html, it is indicated that it is not necessary to modify the source code to add new attributes. I am confused with this, how would the client/NAS add the new accounting attributes to the radius package?

  If it's a real NAS, then yes, it *does* require source code changes.  Because the NAS doesn't user dictionaries.  A NAS understands only a very limited set of attributes, and ignores everything it doesn't understand.

  On the other hand, radclient is part of FreeRADIUS.  It can read the various dictionaries, but it doesn't do anything else that a NAS does.

> Then, I understand that it is necessary to have a dictionary where the new accounting attributes appear so that the server can decode them.

  Yes.

> Please, if you know of any guide to implement new accounting attributes or what files need to be modified, I would greatly appreciate it.

  Edit raddb/dictionary.  Read it, and add attributes there.  My suggestion is to create vendor-specific attributes.  See dictionary.cisco for some examples.

  Then, have radclient read the same dictionaries.  And radclient will print out any attributes sent by the server.

  But all of this is largely focussed on a particular solution.  The better question is *why* do you need new accounting attributes?  What will be using them on the client side?

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Create new accounting attributes

Alan DeKok-2
On Nov 16, 2020, at 12:44 PM, juan diego <[hidden email]> wrote:
> In first, this project is for academic purposes for my Master Thesis project. However, in my company they are interested in reviewing the possibility of adding new accounting attributes in a real and production environment.

  Then you need to get a Private Enterprise Number from IANA:

https://pen.iana.org/pen/PenApplication.page

  And then create a dictionary for your company.  At that point, the attributes are known to you, and can be hard-coded into the NAS.  And, you can send the dictionary to us, so we can include it in FreeRADIUS.

> For now, I would be able to create new simple attributes (two or three) that are added by the NAS and sent to the server to be registered. For example, HTTP / S, FTP or SSH traffic carried by the user during the session.

  You can just pick an unused Private Enterprise Number for local testing.  But don't expect to use it in production.  And you'll still need to create a vendor dictionary.

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html