> It appears to me that RFC 2865 requires the class attribute, if
> used, to be the same in the Access Accept and the Accounting
> Request. I agree with you that if the Accounting Request goes to
> a different server from the one that sent the Access Accept
> message, this matching does not make sense. The use of this
> attribute also may not make sense.
The Class attribute is designed to allow the RADIUS authentication server
to provide information to be placed within accounting records. This is
typically most useful in situations where the accounting server may not
have access to all the information which the authentication server has
access to -- because if it did, why would the Class attribute be needed
at all?
Accounting records need not even be handled by the same administrative
domain
(let alone the same RADIUS authentication server). So the Class
attribute does not
assume that the RADIUS authentication server and accounting server are the
same entity.