Configuring Dynamic Accounting

You can use the RADIUS server to record connection parameters dynamically in the directory entry of a remote user. To enable dynamic accounting, in the RADIUS section of the Admin Console, set the Dynamic Data option to On.

The parameters recorded are dynamicIPaddress, dynamicSessionId, dynamicSessionCounter, dynamicIPaddressBinding, and all RADIUS attributes listed in the acctattr file. You must make sure that the NAS can provide the accounting parameters listed in the acctattr file. This file is located with other configuration files in /etc/opt/SUNWconn/ldap/current.

The dynamic accounting parameters listed in the acctattr file are RADIUS attributes that could be part of RADIUS accounting packets. The corresponding LDAP attributes are shown in Table 7-2. The default acctattr file contains examples of suitable RADIUS attributes commented out, except for User-Name. These are:

• Framed-IP-Address

• User-Name

• Acct-Session-Id

• NAS-Port

• NAS-Port-Type

• NAS-IP-Address

If you want to add accounting items to the list, check the following:

• At least one NAS can provide these items in an accounting packet

• There is an LDAP attribute for each RADIUS parameter that you want to record. If there is not, you must create the corresponding LDAP attribute. You must also create an entry in the mapping file to define the mapping between the RADIUS attribute and the LDAP attribute.

To Create a Dynamic Accounting Attribute

1. Create an LDAP attribute for the connection parameter that you want to record.

   This modifies the schema. See "To Create a New Attribute".

2. Add the attribute to the list in the radius.mapping file using a text editor.

   Make sure you add it in both the Import section and the Export section of the file. You need to be logged in as root to perform this operation.

3. Add the attribute to the list in the acctattr file using a text editor.

   You need to be logged in as root.

4. Restart the dsservd daemon so that the new accounting attribute is logged in the log file and recorded dynamically in remote user entries.

5. Restart the dsradiusd daemon so that the new mapping file is taken into account.

To Specify an acctattr File for a NAS

Use the Deja tool to add the acctattrFile attribute to the directory entry for the NAS.

The value you assign to this attribute must be the filename of the dynamic accounting attribute file that the RADIUS server must use to interpret the dynamic accounting information received from the NAS described by the entry.

If the acctattrFile attribute is not specified, the default acctattr file is used. This file is located with all other configuration files under /etc/opt/SUNWconn/ldap/current.