FreeRadius Accounting.

> On Apr 7, 2021, at 12:06 PM, Pizu <[hidden email]> wrote:
> > From the proxy.conf is it possible to forward the accounting packets
> > towards multiple firewalls?
>
>   See mods-available/replicate
>
> > Currently am managing to send only towards only
> > 1 firewall and the LDAP group is not being forward.
>
>   LDAP-Group *cannot* go into a RADIUS packet.  That's just not how RADIUS
> works.
>
>   Even if it could go into a RADIUS packet, the firewall wouldn't know
> what to do with it.
>
>   You should instead explain what you're trying to do.  Maybe there's
> another way to do it.  Why does the firewall need LDAP-Group?  What will it
> do with it?  What part of the firewall documentation suggested that it
> would understand LDAP-Group?
>
>   Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html

> On Apr 7, 2021, at 1:15 PM, Pizu <[hidden email]> wrote:
> > What I mean with LDAP-Group is I need to forward the group name that is
> > assigned to the user towards the firewall (accounting) in order for the
> > firewall to open the access that is assigned. RSSO
>
>   So read the firewall documentation to see which attribute it needs.
>
>   I can guarantee you that it's not LDAP-Group.
>
>   Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html

> Hi,
>
> I need to forward the class which will reflect to a group not the actual
> LDAP-Group.
>
> The firewall is expecting the Radius Accounting-Start attribute.
>
> Example:
> Acct-Status-Type=Start,Framed-Ip-Address=10.0.0.1,User-Name=user.name
> ,Acct-Session-Id=0211a4ef,Class=usergroup1,Calling-Station-Id=00-0c-29-44-BE-B8
>
> I hope I explained better now.
>
> Regards,
>
> Pizu
>
>
> On Wed, 7 Apr 2021 at 19:20, Alan DeKok <[hidden email]> wrote:
>
>> On Apr 7, 2021, at 1:15 PM, Pizu <[hidden email]> wrote:
>> > What I mean with LDAP-Group is I need to forward the group name that is
>> > assigned to the user towards the firewall (accounting) in order for the
>> > firewall to open the access that is assigned. RSSO
>>
>>   So read the firewall documentation to see which attribute it needs.
>>
>>   I can guarantee you that it's not LDAP-Group.
>>
>>   Alan DeKok.
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>
>

> hmm.. something like: Class := "%{Group}" - correct?
>
> Regards,
>
> Pizu
>
>
> On Wed, 7 Apr 2021 at 19:44, Pizu <[hidden email]> wrote:
>
>> Hi,
>>
>> I need to forward the class which will reflect to a group not the actual
>> LDAP-Group.
>>
>> The firewall is expecting the Radius Accounting-Start attribute.
>>
>> Example:
>> Acct-Status-Type=Start,Framed-Ip-Address=10.0.0.1,User-Name=user.name
>> ,Acct-Session-Id=0211a4ef,Class=usergroup1,Calling-Station-Id=00-0c-29-44-BE-B8
>>
>> I hope I explained better now.
>>
>> Regards,
>>
>> Pizu
>>
>>
>> On Wed, 7 Apr 2021 at 19:20, Alan DeKok <[hidden email]>
>> wrote:
>>
>>> On Apr 7, 2021, at 1:15 PM, Pizu <[hidden email]> wrote:
>>> > What I mean with LDAP-Group is I need to forward the group name that is
>>> > assigned to the user towards the firewall (accounting) in order for the
>>> > firewall to open the access that is assigned. RSSO
>>>
>>>   So read the firewall documentation to see which attribute it needs.
>>>
>>>   I can guarantee you that it's not LDAP-Group.
>>>
>>>   Alan DeKok.
>>>
>>> -
>>> List info/subscribe/unsubscribe? See
>>> http://www.freeradius.org/list/users.html
>>
>>

> hmm.. something like: Class := "%{Group}" - correct?
>
> Regards,
>
> Pizu
>
>
> On Wed, 7 Apr 2021 at 19:44, Pizu <pizpower at gmail.com> wrote:
>
>> Hi,
>>
>> I need to forward the class which will reflect to a group not the

>>>
>>>   I can guarantee you that it's not LDAP-Group.
>>>
>>>   Alan DeKok.
>>>
>>> -
>>> List info/subscribe/unsubscribe? See
>>> http://www.freeradius.org/list/users.html
>>
>>

> HI Pizu,
>
> you mind sharing what you did to get this sorted?
>
> Regards
>
> > Sorted :)
> >
> > Regards,
> >
> > Pizu
>
>
> On Wed, 7 Apr 2021 at 19:58, Pizu <pizpower at gmail.com> wrote:
>
> > hmm.. something like: Class := "%{Group}" - correct?
> >
> > Regards,
> >
> > Pizu
> >
> >
> > On Wed, 7 Apr 2021 at 19:44, Pizu <pizpower at gmail.com> wrote:
> >
> >> Hi,
> >>
> >> I need to forward the class which will reflect to a group not the
> actual
> >> LDAP-Group.
> >>
> >> The firewall is expecting the Radius Accounting-Start attribute.
> >>
> >> Example:
> >> Acct-Status-Type=Start,Framed-Ip-Address=10.0.0.1,User-
> Name=user.name
> >> ,Acct-Session-Id=0211a4ef,Class=usergroup1,Calling-Station-Id=00-0c-
> 29-44-BE-B8
> >>
> >> I hope I explained better now.
> >>
> >> Regards,
> >>
> >> Pizu
> >>
> >>
> >> On Wed, 7 Apr 2021 at 19:20, Alan DeKok <aland at
> deployingradius.com>
> >> wrote:
> >>
> >>> On Apr 7, 2021, at 1:15 PM, Pizu <pizpower at gmail.com> wrote:
> >>> > What I mean with LDAP-Group is I need to forward the group name
> that is
> >>> > assigned to the user towards the firewall (accounting) in order
> for the
> >>> > firewall to open the access that is assigned. RSSO
> >>>
> >>>   So read the firewall documentation to see which attribute it
> needs.
> >>>
> >>>   I can guarantee you that it's not LDAP-Group.
> >>>
> >>>   Alan DeKok.
> >>>
> >>> -
> >>> List info/subscribe/unsubscribe? See
> >>> http://www.freeradius.org/list/users.html
> >>
> >>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html