RADIUS Accounting
A NAS can send accounting information on remote user connections to the RADIUS server. This information is logged separately for each NAS in a log file called detail in a log directory called /var/opt/SUNWconn/ldap/radacct/nasname, where nasname is the value of the common name (cn) attribute in the directory entry for the NAS.
If the RADIUS server is unable to authenticate the NAS, accounting information is nonetheless logged, although it is marked as unverified in the nasname/detail file.
All the accounting information provided by the NAS is logged.
Accounting information can also be logged dynamically in the remote user's directory entry: it is added when the user connects, and deleted when the user disconnects.
To configure the RADIUS server to log dynamic accounting information, refer to "Configuring the RADIUS Server".
With dynamic accounting enabled, the following attributes are automatically added to a remote user's entry when the user connects, and removed when the user disconnects:
-
Dynamic IP address -- the IP address assigned to the remote user connection
-
Dynamic session ID --the accounting session ID assigned to a remote user for a given session
-
Dynamic session counter --the number of concurrent open sessions
-
Dynamic IP address binding -- the association between the IP address and the accounting session ID for a given session
You can specify other attributes to be added dynamically to remote users' entries by listing them in the acctattr file. Refer to "Configuring Dynamic Accounting" for details of how to modify this file.
- © 2010, Oracle Corporation and/or its affiliates