draft-ietf-radius-accounting-v2-04.txt   rfc2866.txt 
RADIUS Working Group C Rigney Network Working Group C. Rigney
INTERNET-DRAFT Livingston Request for Comments: 2866 Livingston
expires August 2000 February 2000 Category: Informational June 2000
Obsoletes: 2139
RADIUS Accounting RADIUS Accounting
draft-ietf-radius-accounting-v2-04.txt
Status of this Memo Status of this Memo
This document is an Internet-Draft and is in full conformance with This memo provides information for the Internet community. It does
all provisions of Section 10 of RFC 2026. not specify an Internet standard of any kind. Distribution of this
memo is unlimited.
This document obsoletes RFC 2139 [1]. A summary of the changes
between this document and RFC 2139 is available in the "Change Log"
appendix.
This document is a submission to the RADIUS Working Group of the
Internet Engineering Task Force (IETF). Comments should be submitted
to the ietf-radius@livingston.com mailing list.
Distribution of this memo is unlimited.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet- Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
Copyright Notice Copyright Notice
Copyright (C) The Internet Society (2000). All Rights Reserved. Copyright (C) The Internet Society (2000). All Rights Reserved.
Abstract Abstract
This document describes a protocol for carrying accounting This document describes a protocol for carrying accounting
information between a Network Access Server and a shared Accounting information between a Network Access Server and a shared Accounting
Server. Server.
Implementation Note Implementation Note
This memo documents the RADIUS Accounting protocol. The early This memo documents the RADIUS Accounting protocol. The early
deployment of RADIUS Accounting was done using UDP port number 1646, deployment of RADIUS Accounting was done using UDP port number 1646,
which conflicts with the "sa-msg-port" service. The officially which conflicts with the "sa-msg-port" service. The officially
assigned port number for RADIUS Accounting is 1813. assigned port number for RADIUS Accounting is 1813.
Table of Contents Table of Contents
1. Introduction .......................................... 4 1. Introduction .................................... 2
1.1 Specification of Requirements ................... 5 1.1 Specification of Requirements ................. 3
1.2 Terminology ..................................... 5 1.2 Terminology ................................... 3
2. Operation ....................................... 4
2. Operation ............................................. 5 2.1 Proxy ......................................... 4
2.1 Proxy ........................................... 6 3. Packet Format ................................... 5
4. Packet Types ................................... 7
3. Packet Format ......................................... 7 4.1 Accounting-Request ............................ 8
4.2 Accounting-Response ........................... 9
4. Packet Types .......................................... 9 5. Attributes ...................................... 10
4.1 Accounting-Request .............................. 9 5.1 Acct-Status-Type .............................. 12
4.2 Accounting-Response ............................. 11 5.2 Acct-Delay-Time ............................... 13
5.3 Acct-Input-Octets ............................. 14
5. Attributes ............................................ 12 5.4 Acct-Output-Octets ............................ 15
5.1 Acct-Status-Type ................................ 13 5.5 Acct-Session-Id ............................... 15
5.2 Acct-Delay-Time ................................. 14 5.6 Acct-Authentic ................................ 16
5.3 Acct-Input-Octets ............................... 15 5.7 Acct-Session-Time ............................. 17
5.4 Acct-Output-Octets .............................. 16 5.8 Acct-Input-Packets ............................ 18
5.5 Acct-Session-Id ................................. 17 5.9 Acct-Output-Packets ........................... 18
5.6 Acct-Authentic .................................. 18 5.10 Acct-Terminate-Cause .......................... 19
5.7 Acct-Session-Time ............................... 19 5.11 Acct-Multi-Session-Id ......................... 21
5.8 Acct-Input-Packets .............................. 19 5.12 Acct-Link-Count ............................... 22
5.9 Acct-Output-Packets ............................. 20 5.13 Table of Attributes ........................... 23
5.10 Acct-Terminate-Cause ............................ 21 6. IANA Considerations ............................. 25
5.11 Acct-Multi-Session-Id ........................... 23 7. Security Considerations ......................... 25
5.12 Acct-Link-Count ................................. 24 8. Change Log ...................................... 25
5.13 Table of Attributes ............................. 25 9. References ...................................... 26
10. Acknowledgements ................................ 26
6. IANA Considerations ................................... 27 11. Chair's Address ................................. 26
12. Author's Address ................................ 27
7. Security Considerations ............................... 27 13. Full Copyright Statement ........................ 28
8. Change Log ............................................ 27
9. References ............................................ 27
10. Acknowledgements ...................................... 28
11. Chair's Address ....................................... 28
12. Author's Address ...................................... 28
13. Full Copyright Statement .............................. 29
1. Introduction 1. Introduction
Managing dispersed serial line and modem pools for large numbers of Managing dispersed serial line and modem pools for large numbers of
users can create the need for significant administrative support. users can create the need for significant administrative support.
Since modem pools are by definition a link to the outside world, they Since modem pools are by definition a link to the outside world, they
require careful attention to security, authorization and accounting. require careful attention to security, authorization and accounting.
This can be best achieved by managing a single "database" of users, This can be best achieved by managing a single "database" of users,
which allows for authentication (verifying user name and password) as which allows for authentication (verifying user name and password) as
well as configuration information detailing the type of service to well as configuration information detailing the type of service to
skipping to change at page 4, line 30 skipping to change at page 2, line 46
Server (NAS) to a RADIUS accounting server. Server (NAS) to a RADIUS accounting server.
This document obsoletes RFC 2139 [1]. A summary of the changes This document obsoletes RFC 2139 [1]. A summary of the changes
between this document and RFC 2139 is available in the "Change Log" between this document and RFC 2139 is available in the "Change Log"
appendix. appendix.
Key features of RADIUS Accounting are: Key features of RADIUS Accounting are:
Client/Server Model Client/Server Model
A Network Access Server (NAS) operates as a client of the A Network Access Server (NAS) operates as a client of the
RADIUS accounting server. The client is responsible for RADIUS accounting server. The client is responsible for
passing user accounting information to a designated RADIUS passing user accounting information to a designated RADIUS
accounting server. accounting server.
The RADIUS accounting server is responsible for receiving the The RADIUS accounting server is responsible for receiving the
accounting request and returning a response to the client accounting request and returning a response to the client
indicating that it has successfully received the request. indicating that it has successfully received the request.
The RADIUS accounting server can act as a proxy client to other The RADIUS accounting server can act as a proxy client to
kinds of accounting servers. other kinds of accounting servers.
Network Security Network Security
Transactions between the client and RADIUS accounting server Transactions between the client and RADIUS accounting server
are authenticated through the use of a shared secret, which is are authenticated through the use of a shared secret, which is
never sent over the network. never sent over the network.
Extensible Protocol Extensible Protocol
All transactions are comprised of variable length Attribute- All transactions are comprised of variable length Attribute-
Length-Value 3-tuples. New attribute values can be added Length-Value 3-tuples. New attribute values can be added
without disturbing existing implementations of the protocol. without disturbing existing implementations of the protocol.
1.1. Specification of Requirements 1.1. Specification of Requirements
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [3]. These document are to be interpreted as described in RFC 2119 [3]. These
key words mean the same thing whether capitalized or not. key words mean the same thing whether capitalized or not.
1.2. Terminology 1.2. Terminology
skipping to change at page 6, line 38 skipping to change at page 5, line 10
2. The forwarding server logs the accounting-request (if desired), 2. The forwarding server logs the accounting-request (if desired),
adds its Proxy-State (if desired) after any other Proxy-State adds its Proxy-State (if desired) after any other Proxy-State
attributes, updates the Request Authenticator, and forwards the attributes, updates the Request Authenticator, and forwards the
request to the remote server. request to the remote server.
3. The remote server logs the accounting-request (if desired), 3. The remote server logs the accounting-request (if desired),
copies all Proxy-State attributes in order and unmodified from copies all Proxy-State attributes in order and unmodified from
the request to the response packet, and sends the accounting- the request to the response packet, and sends the accounting-
response to the forwarding server. response to the forwarding server.
4 The forwarding server strips the last Proxy-State (if it added 4. The forwarding server strips the last Proxy-State (if it added
one in step 2), updates the Response Authenticator and sends one in step 2), updates the Response Authenticator and sends
the accounting-response to the NAS. the accounting-response to the NAS.
A forwarding server MUST not modify existing Proxy-State or Class A forwarding server MUST not modify existing Proxy-State or Class
attributes present in the packet. attributes present in the packet.
A forwarding server may either perform its forwarding function in a A forwarding server may either perform its forwarding function in a
pass through manner, where it sends retransmissions on as soon as it pass through manner, where it sends retransmissions on as soon as it
gets them, or it may take responsibility for retransmissions, for gets them, or it may take responsibility for retransmissions, for
example in cases where the network link between forwarding and remote example in cases where the network link between forwarding and remote
skipping to change at page 7, line 23 skipping to change at page 5, line 42
(decimal). (decimal).
When a reply is generated, the source and destination ports are When a reply is generated, the source and destination ports are
reversed. reversed.
This memo documents the RADIUS Accounting protocol. The early This memo documents the RADIUS Accounting protocol. The early
deployment of RADIUS Accounting was done using UDP port number 1646, deployment of RADIUS Accounting was done using UDP port number 1646,
which conflicts with the "sa-msg-port" service. The officially which conflicts with the "sa-msg-port" service. The officially
assigned port number for RADIUS Accounting is 1813. assigned port number for RADIUS Accounting is 1813.
A summary of the RADIUS data format is shown below. The fields are A summary of the RADIUS data format is shown below. The fields are
transmitted from left to right. transmitted from left to right.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Code | Identifier | Length | | Code | Identifier | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | |
| Authenticator | | Authenticator |
| | | |
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Attributes ... | Attributes ...
+-+-+-+-+-+-+-+-+-+-+-+-+- +-+-+-+-+-+-+-+-+-+-+-+-+-
Code Code
The Code field is one octet, and identifies the type of RADIUS The Code field is one octet, and identifies the type of RADIUS
packet. When a packet is received with an invalid Code field, it is packet. When a packet is received with an invalid Code field, it
silently discarded. is silently discarded.
RADIUS Accounting Codes (decimal) are assigned as follows: RADIUS Accounting Codes (decimal) are assigned as follows:
4 Accounting-Request 4 Accounting-Request
5 Accounting-Response 5 Accounting-Response
Identifier Identifier
The Identifier field is one octet, and aids in matching requests and The Identifier field is one octet, and aids in matching requests
replies. The RADIUS server can detect a duplicate request if it has and replies. The RADIUS server can detect a duplicate request if
the same client source IP address and source UDP port and Identifier it has the same client source IP address and source UDP port and
within a short span of time. Identifier within a short span of time.
Length Length
The Length field is two octets. It indicates the length of the The Length field is two octets. It indicates the length of the
packet including the Code, Identifier, Length, Authenticator and packet including the Code, Identifier, Length, Authenticator and
Attribute fields. Octets outside the range of the Length field MUST Attribute fields. Octets outside the range of the Length field
be treated as padding and ignored on reception. If the packet is MUST be treated as padding and ignored on reception. If the
shorter than the Length field indicates, it MUST be silently packet is shorter than the Length field indicates, it MUST be
discarded. The minimum length is 20 and maximum length is 4095. silently discarded. The minimum length is 20 and maximum length
is 4095.
Authenticator Authenticator
The Authenticator field is sixteen (16) octets. The most significant The Authenticator field is sixteen (16) octets. The most
octet is transmitted first. This value is used to authenticate the significant octet is transmitted first. This value is used to
messages between the client and RADIUS accounting server. authenticate the messages between the client and RADIUS accounting
server.
Request Authenticator Request Authenticator
In Accounting-Request Packets, the Authenticator value is a 16 In Accounting-Request Packets, the Authenticator value is a 16
octet MD5 [5] checksum, called the Request Authenticator. octet MD5 [5] checksum, called the Request Authenticator.
The NAS and RADIUS accounting server share a secret. The Request The NAS and RADIUS accounting server share a secret. The Request
Authenticator field in Accounting-Request packets contains a one- Authenticator field in Accounting-Request packets contains a one-
way MD5 hash calculated over a stream of octets consisting of the way MD5 hash calculated over a stream of octets consisting of the
Code + Identifier + Length + 16 zero octets + request attributes + Code + Identifier + Length + 16 zero octets + request attributes +
skipping to change at page 9, line 7 skipping to change at page 7, line 34
The Authenticator field in an Accounting-Response packet is called The Authenticator field in an Accounting-Response packet is called
the Response Authenticator, and contains a one-way MD5 hash the Response Authenticator, and contains a one-way MD5 hash
calculated over a stream of octets consisting of the Accounting- calculated over a stream of octets consisting of the Accounting-
Response Code, Identifier, Length, the Request Authenticator field Response Code, Identifier, Length, the Request Authenticator field
from the Accounting-Request packet being replied to, and the from the Accounting-Request packet being replied to, and the
response attributes if any, followed by the shared secret. The response attributes if any, followed by the shared secret. The
resulting 16 octet MD5 hash value is stored in the Authenticator resulting 16 octet MD5 hash value is stored in the Authenticator
field of the Accounting-Response packet. field of the Accounting-Response packet.
Attributes Attributes
Attributes may have multiple instances, in such a case the order of Attributes may have multiple instances, in such a case the order
attributes of the same type SHOULD be preserved. The order of of attributes of the same type SHOULD be preserved. The order of
attributes of different types is not required to be preserved. attributes of different types is not required to be preserved.
4. Packet Types 4. Packet Types
The RADIUS packet type is determined by the Code field in the first The RADIUS packet type is determined by the Code field in the first
octet of the packet. octet of the packet.
4.1. Accounting-Request 4.1. Accounting-Request
Description Description
skipping to change at page 9, line 36 skipping to change at page 8, line 23
Code field set to 4 (Accounting-Request). Code field set to 4 (Accounting-Request).
Upon receipt of an Accounting-Request, the server MUST transmit an Upon receipt of an Accounting-Request, the server MUST transmit an
Accounting-Response reply if it successfully records the Accounting-Response reply if it successfully records the
accounting packet, and MUST NOT transmit any reply if it fails to accounting packet, and MUST NOT transmit any reply if it fails to
record the accounting packet. record the accounting packet.
Any attribute valid in a RADIUS Access-Request or Access-Accept Any attribute valid in a RADIUS Access-Request or Access-Accept
packet is valid in a RADIUS Accounting-Request packet, except that packet is valid in a RADIUS Accounting-Request packet, except that
the following attributes MUST NOT be present in an Accounting- the following attributes MUST NOT be present in an Accounting-
Request: User-Password, CHAP-Password, Reply-Message, State. Request: User-Password, CHAP-Password, Reply-Message, State.
Either NAS-IP-Address or NAS-Identifier MUST be present in a Either NAS-IP-Address or NAS-Identifier MUST be present in a
RADIUS Accounting-Request. It SHOULD contain a NAS-Port or NAS- RADIUS Accounting-Request. It SHOULD contain a NAS-Port or NAS-
Port-Type attribute or both unless the service does not involve a Port-Type attribute or both unless the service does not involve a
port or the NAS does not distinguish among its ports. port or the NAS does not distinguish among its ports.
If the Accounting-Request packet includes a Framed-IP-Address, If the Accounting-Request packet includes a Framed-IP-Address,
that attribute MUST contain the IP address of the user. If the that attribute MUST contain the IP address of the user. If the
Access-Accept used the special values for Framed-IP-Address Access-Accept used the special values for Framed-IP-Address
telling the NAS to assign or negotiate an IP address for the user, telling the NAS to assign or negotiate an IP address for the user,
the Framed-IP-Address (if any) in the Accounting-Request MUST the Framed-IP-Address (if any) in the Accounting-Request MUST
skipping to change at page 10, line 39 skipping to change at page 9, line 23
contents are identical, the Identifier MUST remain unchanged. contents are identical, the Identifier MUST remain unchanged.
Note that if Acct-Delay-Time is included in the attributes of an Note that if Acct-Delay-Time is included in the attributes of an
Accounting-Request then the Acct-Delay-Time value will be updated Accounting-Request then the Acct-Delay-Time value will be updated
when the packet is retransmitted, changing the content of the when the packet is retransmitted, changing the content of the
Attributes field and requiring a new Identifier and Request Attributes field and requiring a new Identifier and Request
Authenticator. Authenticator.
Request Authenticator Request Authenticator
The Request Authenticator of an Accounting-Request contains a 16- The Request Authenticator of an Accounting-Request contains a 16-octet
octet MD5 hash value calculated according to the method described MD5 hash value calculated according to the method described in
in "Request Authenticator" above. "Request Authenticator" above.
Attributes Attributes
The Attributes field is variable in length, and contains a list of The Attributes field is variable in length, and contains a list of
Attributes. Attributes.
4.2. Accounting-Response 4.2. Accounting-Response
Description Description
skipping to change at page 13, line 22 skipping to change at page 11, line 48
attribute including the Type, Length and Value fields. If an attribute including the Type, Length and Value fields. If an
attribute is received in an Accounting-Request with an invalid attribute is received in an Accounting-Request with an invalid
Length, the entire request MUST be silently discarded. Length, the entire request MUST be silently discarded.
Value Value
The Value field is zero or more octets and contains information The Value field is zero or more octets and contains information
specific to the attribute. The format and length of the Value specific to the attribute. The format and length of the Value
field is determined by the Type and Length fields. field is determined by the Type and Length fields.
Note that a "string" in RADIUS does not terminate with a NUL (hex Note that none of the types in RADIUS terminate with a NUL (hex
00). The Attribute has a length field and does not use a 00). In particular, types "text" and "string" in RADIUS do not
terminator. Strings may contain UTF-8 [7] characters or 8-bit terminate with a NUL (hex 00). The Attribute has a length field
binary data and servers and servers and clients MUST be able to and does not use a terminator. Text contains UTF-8 encoded 10646
deal with embedded nulls. RADIUS implementers using C are
cautioned not to use strcpy() when handling strings.
The format of the value field is one of four data types. [7] characters and String contains 8-bit binary data. Servers and
servers and clients MUST be able to deal with embedded nulls.
RADIUS implementers using C are cautioned not to use strcpy() when
handling strings.
string 1-253 octets. Strings of length zero (0) MUST NOT be The format of the value field is one of five data types. Note
sent; omit the entire attribute instead. that type "text" is a subset of type "string."
address 32 bit value, most significant octet first. text 1-253 octets containing UTF-8 encoded 10646 [7]
characters. Text of length zero (0) MUST NOT be sent;
omit the entire attribute instead.
integer 32 bit unsigned value, most significant octet first. string 1-253 octets containing binary data (values 0 through 255
decimal, inclusive). Strings of length zero (0) MUST NOT
be sent; omit the entire attribute instead.
time 32 bit unsigned value, most significant octet first -- address 32 bit value, most significant octet first.
seconds since 00:00:00 UTC, January 1, 1970. The
standard Attributes do not use this data type but it is integer 32 bit unsigned value, most significant octet first.
presented here for possible use within future
attributes. time 32 bit unsigned value, most significant octet first --
seconds since 00:00:00 UTC, January 1, 1970. The
standard Attributes do not use this data type but it is
presented here for possible use in future attributes.
5.1. Acct-Status-Type 5.1. Acct-Status-Type
Description Description
This attribute indicates whether this Accounting-Request marks the This attribute indicates whether this Accounting-Request marks the
beginning of the user service (Start) or the end (Stop). beginning of the user service (Start) or the end (Stop).
It MAY be used by the client to mark the start of accounting (for It MAY be used by the client to mark the start of accounting (for
example, upon booting) by specifying Accounting-On and to mark the example, upon booting) by specifying Accounting-On and to mark the
skipping to change at page 17, line 25 skipping to change at page 15, line 49
Description Description
This attribute is a unique Accounting ID to make it easy to match This attribute is a unique Accounting ID to make it easy to match
start and stop records in a log file. The start and stop records start and stop records in a log file. The start and stop records
for a given session MUST have the same Acct-Session-Id. An for a given session MUST have the same Acct-Session-Id. An
Accounting-Request packet MUST have an Acct-Session-Id. An Accounting-Request packet MUST have an Acct-Session-Id. An
Access-Request packet MAY have an Acct-Session-Id; if it does, Access-Request packet MAY have an Acct-Session-Id; if it does,
then the NAS MUST use the same Acct-Session-Id in the Accounting- then the NAS MUST use the same Acct-Session-Id in the Accounting-
Request packets for that session. Request packets for that session.
It is strongly recommended that the Acct-Session-Id be a printable The Acct-Session-Id SHOULD contain UTF-8 encoded 10646 [7]
UTF-8 string. For example, one implementation uses a string with characters.
an 8-digit upper case hexadecimal number, the first two digits
increment on each reboot (wrapping every 256 reboots) and the next For example, one implementation uses a string with an 8-digit
6 digits counting from 0 for the first person logging in after a upper case hexadecimal number, the first two digits increment on
reboot up to 2^24-1, about 16 million. Other encodings are each reboot (wrapping every 256 reboots) and the next 6 digits
possible. counting from 0 for the first person logging in after a reboot up
to 2^24-1, about 16 million. Other encodings are possible.
A summary of the Acct-Session-Id attribute format is shown below. A summary of the Acct-Session-Id attribute format is shown below.
The fields are transmitted from left to right. The fields are transmitted from left to right.
0 1 2 0 1 2
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | String ... | Type | Length | Text ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type Type
44 for Acct-Session-Id. 44 for Acct-Session-Id.
Length Length
>= 3 >= 3
String String
The String field SHOULD be a string of printable UTF-8 characters. The String field SHOULD be a string of UTF-8 encoded 10646 [7]
characters.
5.6. Acct-Authentic 5.6. Acct-Authentic
Description Description
This attribute MAY be included in an Accounting-Request to This attribute MAY be included in an Accounting-Request to
indicate how the user was authenticated, whether by RADIUS, the indicate how the user was authenticated, whether by RADIUS, the
NAS itself, or another remote authentication protocol. Users who NAS itself, or another remote authentication protocol. Users who
are delivered service without being authenticated SHOULD NOT are delivered service without being authenticated SHOULD NOT
generate Accounting records. generate Accounting records.
skipping to change at page 18, line 42 skipping to change at page 17, line 16
45 for Acct-Authentic. 45 for Acct-Authentic.
Length Length
6 6
Value Value
The Value field is four octets. The Value field is four octets.
1 RADIUS 1 RADIUS
2 Local 2 Local
3 Remote 3 Remote
5.7. Acct-Session-Time 5.7. Acct-Session-Time
Description Description
This attribute indicates how many seconds the user has received This attribute indicates how many seconds the user has received
service for, and can only be present in Accounting-Request records service for, and can only be present in Accounting-Request records
where the Acct-Status-Type is set to Stop. where the Acct-Status-Type is set to Stop.
A summary of the Acct-Session-Time attribute format is shown below. A summary of the Acct-Session-Time attribute format is shown below.
skipping to change at page 23, line 38 skipping to change at page 21, line 49
Host Request Login Host terminated session normally. Host Request Login Host terminated session normally.
5.11. Acct-Multi-Session-Id 5.11. Acct-Multi-Session-Id
Description Description
This attribute is a unique Accounting ID to make it easy to link This attribute is a unique Accounting ID to make it easy to link
together multiple related sessions in a log file. Each session together multiple related sessions in a log file. Each session
linked together would have a unique Acct-Session-Id but the same linked together would have a unique Acct-Session-Id but the same
Acct-Multi-Session-Id. It is strongly recommended that the Acct- Acct-Multi-Session-Id. It is strongly recommended that the Acct-
Multi-Session-Id be a printable UTF-8 string. Multi-Session-Id contain UTF-8 encoded 10646 [7] characters.
A summary of the Acct-Session-Id attribute format is shown below. A summary of the Acct-Session-Id attribute format is shown below.
The fields are transmitted from left to right. The fields are transmitted from left to right.
0 1 2 0 1 2
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | String ... | Type | Length | String ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type Type
50 for Acct-Multi-Session-Id. 50 for Acct-Multi-Session-Id.
Length Length
>= 3 >= 3
String String
The String field SHOULD be a string of printable UTF-8 characters. The String field SHOULD contain UTF-8 encoded 10646 [7] characters.
5.12. Acct-Link-Count 5.12. Acct-Link-Count
Description Description
This attribute gives the count of links which are known to have This attribute gives the count of links which are known to have been
been in a given multilink session at the time the accounting in a given multilink session at the time the accounting record is
record is generated. The NAS MAY include the Acct-Link-Count generated. The NAS MAY include the Acct-Link-Count attribute in any
attribute in any Accounting-Request which might have multiple Accounting-Request which might have multiple links.
links.
A summary of the Acct-Link-Count attribute format is show below. The A summary of the Acct-Link-Count attribute format is show below. The
fields are transmitted from left to right. fields are transmitted from left to right.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Value | Type | Length | Value
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Value (cont) | Value (cont) |
skipping to change at page 27, line 13 skipping to change at page 25, line 23
0 This attribute MUST NOT be present 0 This attribute MUST NOT be present
0+ Zero or more instances of this attribute MAY be present. 0+ Zero or more instances of this attribute MAY be present.
0-1 Zero or one instance of this attribute MAY be present. 0-1 Zero or one instance of this attribute MAY be present.
1 Exactly one instance of this attribute MUST be present. 1 Exactly one instance of this attribute MUST be present.
6. IANA Considerations 6. IANA Considerations
The Packet Type Codes, Attribute Types, and Attribute Values defined The Packet Type Codes, Attribute Types, and Attribute Values defined
in this document are registered by the Internet Assigned Numbers in this document are registered by the Internet Assigned Numbers
Authority (IANA) from the RADIUS name spaces as described in the Authority (IANA) from the RADIUS name spaces as described in the
"IANA Considerations" section of RFC xxxx [2], in accordance with BCP "IANA Considerations" section of RFC 2865 [2], in accordance with BCP
26 [8]. 26 [8].
7. Security Considerations 7. Security Considerations
Security issues are discussed in sections concerning the Security issues are discussed in sections concerning the
authenticator included in accounting requests and responses, using a authenticator included in accounting requests and responses, using a
shared secret which is never sent over the network. shared secret which is never sent over the network.
8. Change Log 8. Change Log
skipping to change at page 27, line 39 skipping to change at page 25, line 49
If Acct-Session-ID was sent in an access-request, it must be used in If Acct-Session-ID was sent in an access-request, it must be used in
the accounting-request for that session. the accounting-request for that session.
New values added to Acct-Status-Type. New values added to Acct-Status-Type.
Added an IANA Considerations section. Added an IANA Considerations section.
Updated references. Updated references.
Text strings identified as a subset of string, to clarify use of
UTF-8.
9. References 9. References
[1] Rigney, C., "RADIUS Accounting", RFC 2139, April 1997. [1] Rigney, C., "RADIUS Accounting", RFC 2139, April 1997.
[2] Rigney, C., Rubens, A., Simpson, W., and Willens, S., "Remote [2] Rigney, C., Willens, S., Rubens, A. and W. Simpson, "Remote
Authentication Dial In User Service (RADIUS)", RFC xxxx, Authentication Dial In User Service (RADIUS)", RFC 2865, June
February 2000. 2000.
[3] Bradner, S., "Key words for use in RFCs to Indicate Requirement [3] Bradner, S., "Key words for use in RFCs to Indicate Requirement
Levels." BCP14, RFC 2119, March, 1997. Levels", BCP 14, RFC 2119, March, 1997.
[4] Postel, J., "User Datagram Protocol", STD 6, RFC 768, August [4] Postel, J., "User Datagram Protocol", STD 6, RFC 768, August
1980. 1980.
[5] Rivest, R., and Dusse, S., "The MD5 Message-Digest Algorithm", [5] Rivest, R. and S. Dusse, "The MD5 Message-Digest Algorithm", RFC
RFC 1321, April 1992. 1321, April 1992.
[6] Reynolds, J., and Postel, J., "Assigned Numbers", STD 2, RFC [6] Reynolds, J. and J. Postel, "Assigned Numbers", STD 2, RFC 1700,
1700, October 1994. October 1994.
[7] Yergeau, F., "UTF-8, a transformation format of ISO 10646", RFC [7] Yergeau, F., "UTF-8, a transformation format of ISO 10646", RFC
2279, January 1998. 2279, January 1998.
[8] Alvestrand, H. and T. Narten, "Guidelines for Writing an IANA [8] Alvestrand, H. and T. Narten, "Guidelines for Writing an IANA
Considerations Section in RFCs", BCP 26, RFC 2434, October Considerations Section in RFCs", BCP 26, RFC 2434, October 1998.
1998.
10. Acknowledgements 10. Acknowledgements
RADIUS and RADIUS Accounting were originally developed by Steve RADIUS and RADIUS Accounting were originally developed by Steve
Willens of Livingston Enterprises for their PortMaster series of Willens of Livingston Enterprises for their PortMaster series of
Network Access Servers. Network Access Servers.
11. Chair's Address 11. Chair's Address
The RADIUS working group can be contacted via the current chair: The RADIUS working group can be contacted via the current chair:
Carl Rigney Carl Rigney
Livingston Enterprises Livingston Enterprises
4464 Willow Road 4464 Willow Road
Pleasanton, California 94588 Pleasanton, California 94588
Phone: +1 925 737 2100 Phone: +1 925 737 2100
EMail: cdr@livingston.com EMail: cdr@telemancy.com
12. Author's Address 12. Author's Address
Questions about this memo can also be directed to: Questions about this memo can also be directed to:
Carl Rigney Carl Rigney
Livingston Enterprises Livingston Enterprises
4464 Willow Road 4464 Willow Road
Pleasanton, California 94588 Pleasanton, California 94588
EMail: cdr@livingston.com EMail: cdr@telemancy.com
13. Full Copyright Statement 13. Full Copyright Statement
Copyright (C) The Internet Society (2000). All Rights Reserved. Copyright (C) The Internet Society (2000). All Rights Reserved.
This document and translations of it may be copied and furnished to This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it others, and derivative works that comment on or otherwise explain it
or assist in its implmentation may be prepared, copied, published and or assist in its implementation may be prepared, copied, published
distributed, in whole or in part, without restriction of any kind, and distributed, in whole or in part, without restriction of any
provided that the above copyright notice and this paragraph are kind, provided that the above copyright notice and this paragraph are
included on all such copies and derivative works. However, this included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing document itself may not be modified in any way, such as by removing
the copyright notice or references to the Internet Society or other the copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of Internet organizations, except as needed for the purpose of
developing Internet standards in which case the procedures for developing Internet standards in which case the procedures for
copyrights defined in the Internet Standards process must be copyrights defined in the Internet Standards process must be
followed, or as required to translate it into languages other than followed, or as required to translate it into languages other than
English. English.
The limited permissions granted above are perpetual and will not be The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns. revoked by the Internet Society or its successors or assigns.
This document and the information contained herein is provided on an This document and the information contained herein is provided on an
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE." MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Acknowledgement
Funding for the RFC Editor function is currently provided by the
Internet Society.
 End of changes. 58 change blocks. 
204 lines changed or deleted 182 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/