> It appears to me that RFC 2865 requires the class attribute, if > used, to be the same in the Access Accept and the Accounting > Request. I agree with you that if the Accounting Request goes to > a different server from the one that sent the Access Accept > message, this matching does not make sense. The use of this > attribute also may not make sense. The Class attribute is designed to allow the RADIUS authentication server to provide information to be placed within accounting records. This is typically most useful in situations where the accounting server may not have access to all the information which the authentication server has access to -- because if it did, why would the Class attribute be needed at all? Accounting records need not even be handled by the same administrative domain (let alone the same RADIUS authentication server). So the Class attribute does not assume that the RADIUS authentication server and accounting server are the same entity. |