On Thu, Jan 22, 2015 at 1:02 PM, Niels Peen <niels at peen.ch> wrote: >> - Added native support for radius. That adds the new auth configuration >> option "radius", which has as parameters the freeradius-client >> configuration file and optionally the groupconfig option which >> instructs to read configuration from radius; the stats-report-time >> option enables interim-updates. That adds the dependency to >> freeradius-client (see doc/README.radius). > Working very well so far! Thank you for testing. > Is there any way to do radius accounting for those who authenticate > using certificates? I imagine accounting packets could be sent using > the username derived from the 'cert-user-oid' setting. As it is now unfortunately no. The only way is to add radius authentication in addition to certificate authentication, and have these users enter a password as well (even if it is empty). For that to be possible authentication and accounting will have to be split in ocserv. That looks like a nice improvement, but I don't know how easy implementation could be. regards, Nikos
