[tac_plus] session.session_id values coming different for each accounting record?

Sachin.6.Gupta SG00123446 at TechMahindra.com
Thu Sep 19 14:03:40 UTC 2013 

Oh :(. Thanks Alan for clarifying it. I completely misunderstood it.

Is there any way/key value to identify accounting packets for a single session?
I mean is there a value which remains constant throughout till the user logs out?

Regards

-----Original Message-----
From: tac_plus-bounces at shrubbery.net [mailto:tac_plus-bounces at shrubbery.net] On Behalf Of Alan McKinnon
Sent: Thursday, September 19, 2013 7:25 PM
To: tac_plus at shrubbery.net
Subject: Re: [tac_plus] session.session_id values coming different for each accounting record?

On 19/09/2013 15:42, Sachin.6.Gupta wrote:
> Hi,
> 
> Facing a strange problem when fetching the session id.
> I am storing the session id in the accounting logs also. My understanding is that when tacacs+ client sends accounting packet to TACACS+ server, session_id should remain same for the host till logout happens.
> However session_id is getting populated differently for each accounting packet.
> 
> Is this the expected behavour? Or something is wrong here?
> 
> PS: I am testing in lab and only nas is connected with one user only.
> 
> Please guide.

I guess you have wrongly assumed what session means here, it is not a login session from login to logout. From the Tacacs draft RFC in section "Technical Definitions"

Session
    The concept of a session is used throughout this document. A TACACS+ session is a single authentication sequence, a single authorization exchange, or a single accounting exchange.
    The session concept is important because a session identifier is used as a part of the encryption, and it is used by both ends to distinguish between packets belonging to multiple sessions.
    Multiple sessions may be supported simultaneously and/or consecutively on a single TCP connection if both the daemon and client support this. If multiple sessions are not being multiplexed over a single tcp connection, a new connection should be opened for each
TACACS+ session and closed at the end of that session. For accounting
and authorization, this implies just a single pair of packets exchanged over the connection (the request and its reply). For authentication, a single session may involve an arbitrary number of packets being exchanged.
    The session is an operational concept that is maintained between the
TACACS+ client and daemon. It does not necessarily correspond to a given
user or user action.





--
Alan McKinnon
alan.mckinnon at gmail.com

_______________________________________________
tac_plus mailing list
tac_plus at shrubbery.net
http://www.shrubbery.net/mailman/listinfo/tac_plus

============================================================================================================================Disclaimer:  This message and the information contained herein is proprietary and confidential and subject to the Tech Mahindra policy statement, you may review the policy at <a href="http://www.techmahindra.com/Disclaimer.html">http://www.techmahindra.com/Disclaimer.html</a> externally and <a href="http://tim.techmahindra.com/tim/disclaimer.html">http://tim.techmahindra.com/tim/disclaimer.html</a> internally within Tech Mahindra.============================================================================================================================

More information about the tac_plus mailing list