Previous Section  < Day Day Up >  Next Section

User Accounting

The RFC 2139 specification lists the key features of the RADIUS Accounting service as follows:

  • Client/server model. An NAS operates as a client of the RADIUS accounting server. The client is responsible for passing user accounting information to a designated RADIUS accounting server. The RADIUS accounting server is responsible for receiving the accounting request and returning a response to the client indicating that it has successfully received the request. The RADIUS accounting server can act as a proxy client to other kinds of accounting servers.

  • Network security. Transactions between the client and the RADIUS accounting server are authenticated through the use of a shared secret, which is never sent over the network.

  • Extensible protocol. All transactions comprise variable-length Attribute–Length–Value 3-tuples. New attribute values can be added without disturbing existing implementations of the protocol.

Each piece of NAS equipment should support RADIUS accounting features and should be configured to use it to record information on users' network usage patterns. An example of an accounting session from the Orinoco AP 2000 access point is given below, but obviously it will depend on the type of NAS equipment used and administrator-specific accounting requirements:

Tue May 27 23:50:14 2003

            User-Name = "EAPuser"

            Acct-Session-Id = "00-90-4b-00-f5-4f"

            NAS-Identifier = "ORiNOCO AP-2000"

            NAS-IP-Address =

            NAS-Port = 2

            NAS-Port-Type = Wireless-802.11

            Acct-Authentic = RADIUS

            Acct-Status-Type = Start

            Client-IP-Address =

            Acct-Unique-Session-Id = "ae8d572028def9c3"

            Timestamp = 1054075814

You can refer to the "RADIUS-Related Tools" section to find out about the utilities that analyze and report the accounting data.

    Previous Section  < Day Day Up >  Next Section