freeradius-config 3.0.16+dfsg-1ubuntu3 / etc / freeradius / 3.0 / policy.d / accounting

This file is indexed.

/etc/freeradius/3.0/policy.d/accounting is in freeradius-config 3.0.16+dfsg-1ubuntu3.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
# We check for this prefix to determine whether the class
# value was generated by this server.  It should be changed
# so that it is globally unique.
class_value_prefix = 'ai:'

#
#	Replacement for the old rlm_acct_unique module
#
acct_unique {
	#
	#  If we have a class attribute in the format
	#  'auth_id:[0-9a-f]{32}' it'll have a local value
	#  (defined by insert_acct_class), this ensures
	#  uniqueness and suitability.
	#
	#  We could just use the Class attribute as
	#  Acct-Unique-Session-Id, but this may cause problems
	#  with NAS that carry Class values across between
	#  multiple linked sessions.  So we rehash class with
	#  Acct-Session-ID to provide a truely unique session
	#  identifier.
	#
	#  Using a Class/Session-ID combination is more robust
	#  than using elements in the Accounting-Request,
	#  which may be subject to change, such as
	#  NAS-IP-Address, Client-IP-Address and
	#  NAS-Port-ID/NAS-Port.
	#
	#  This policy should ensure that session data is not
	#  affected if NAS IP addresses change, or the client
	#  roams to a different 'port' whilst maintaining its
	#  initial authentication session (Common in a
	#  wireless environment).
	#
	update request {
	       &Tmp-String-9 := "${policy.class_value_prefix}"
	}

	if (("%{hex:&Class}" =~ /^%{hex:&Tmp-String-9}/) && \
	    ("%{string:&Class}" =~ /^${policy.class_value_prefix}([0-9a-f]{32})/i)) {
		update request {
			&Acct-Unique-Session-Id := "%{md5:%{1},%{Acct-Session-ID}}"
		}
	}

	#
	#  Not All devices respect RFC 2865 when dealing with
	#  the class attribute, so be prepared to use the
	#  older style of hashing scheme if a class attribute
	#  is not included
	#
	else {
		update request {
			&Acct-Unique-Session-Id := "%{md5:%{User-Name},%{Acct-Session-ID},%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}}"
		 }
	}
}

#
#	Insert a (hopefully unique) value into class
#
insert_acct_class {
	update reply {
		&Class = "${policy.class_value_prefix}%{md5:%t,%I,%{Packet-Src-Port},%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}},%{NAS-IP-Address},%{Calling-Station-ID},%{User-Name}}"
	}
}

#
#	Merges Acct-[Input|Output]-Octets and Acct-[Input|Output]-Gigawords into Acct-[Input|Output]-Octets64
#
#	If the &Attr-Foo doesn't exist, it's value is taken as zero.
#
acct_counters64.preacct {
	update request {
		&Acct-Input-Octets64 = "%{expr:(&Acct-Input-Gigawords << 32) | &Acct-Input-Octets}"
		&Acct-Output-Octets64 = "%{expr:(&Acct-Output-Gigawords << 32) | &Acct-Output-Octets}"
	}
}

APT Browse - Built by Thomas Orozco.