as I had no answers on this thread, I'm just updating it: with an arbitrary NAS-port attribute entry in hints, radutmp is ok, radwho is working and Simultaneous-Use attribute has an effect; however the setup should be refined by implying checkrad, which does not work for NAS type 'other'; ri
-----Original Message----- Sent: 15 noiembrie 2006 16:15 To: 'freeradius-users@lists.freeradius.org' Subject: how to force NAS-port info in accounting-start, for radutmp to work ok I have installed freeradius-1.0.5-1.2 on FC-5, and I intend to use Freeradius with only one NAS - ZyXEL VSG-1200 - a subscriber gateway for wire/wireless campus access zone. The NAS is defined in clients.conf file as "nastype = other". The VSAs are working ok. It seems that the NAS, doesn't include the NAS-Port attribute (Integer) in the accounting packets, so RADIUS accounting process doesn't write into radwtm/radutmp files (radwho outputs no data), and Simultaneous-Use check is not effective: rlm_radutmp: No NAS-Port seen. Cannot do anything. rlm_radumtp: WARNING: checkrad will probably not work! Is there a workaround for this, I mean on the RADIUS host? Thank you for any help! ri Following is a radiusd -X output for a current accounting request: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ rad_recv: Accounting-Request packet from host 192.168.19.226:10661, id=7, length=136 User-Name = "pcrist" Acct-Status-Type = Alive Acct-Delay-Time = 0 Acct-Session-Id = "0050fce8552031000000" NAS-IP-Address = 192.168.19.226 NAS-Identifier = "vsg" Framed-IP-Address = 10.59.1.2 Calling-Station-Id = "00-50-FC-E8-55-20" Called-Station-Id = "00-13-49-6F-EE-C4" Processing the preacct section of radiusd.conf modcall: entering group preacct for request 21 modcall[preacct]: module "preprocess" returns noop for request 21 rlm_acct_unique: Hashing 'Client-IP-Address = 192.168.19.226,NAS-IP-Address = 192.168.19.226,Acct-Session-Id = "0050fce8552031000000",User-Name = "pcrist"' rlm_acct_unique: Acct-Unique-Session-ID = "c425325ee3d8e6fc". modcall[preacct]: module "acct_unique" returns ok for request 21 modcall[preacct]: module "files" returns noop for request 21 modcall: group preacct returns ok for request 21 Processing the accounting section of radiusd.conf modcall: entering group accounting for request 21 radius_xlat: '/var/log/radius/radacct/192.168.19.226/detail-20061115' rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radius/radacct/192.168.19.226/detail-20061115 modcall[accounting]: module "detail" returns ok for request 21 modcall[accounting]: module "unix" returns noop for request 21 radius_xlat: '/var/log/radius/radutmp' radius_xlat: 'pcrist' rlm_radutmp: No NAS-Port seen. Cannot do anything. rlm_radumtp: WARNING: checkrad will probably not work! modcall[accounting]: module "radutmp" returns noop for request 21 modcall: group accounting returns ok for request 21 Sending Accounting-Response of id 7 to 192.168.19.226:10661 Finished request 21 Going to the next request ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ and this is a radiusd -X output when I simulate an accounting packet with NTRadPing, forcing an attribute of NAS-port=1: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ rad_recv: Accounting-Request packet from host 192.168.19.11:3828, id=4, length=43 User-Name = "dani" Acct-Status-Type = Start Acct-Session-Id = "460" NAS-Port = 1 Processing the preacct section of radiusd.conf modcall: entering group preacct for request 22 modcall[preacct]: module "preprocess" returns noop for request 22 rlm_acct_unique: Hashing 'Client-IP-Address = 192.168.19.11,NAS-IP-Address = 192.168.19.11,Acct-Session-Id = "460",User-Name = "dani"' rlm_acct_unique: Acct-Unique-Session-ID = "45e816fe4586d71f". modcall[preacct]: module "acct_unique" returns ok for request 22 modcall[preacct]: module "files" returns noop for request 22 modcall: group preacct returns ok for request 22 Processing the accounting section of radiusd.conf modcall: entering group accounting for request 22 radius_xlat: '/var/log/radius/radacct/192.168.19.11/detail-20061115' rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radius/radacct/192.168.19.11/detail-20061115 modcall[accounting]: module "detail" returns ok for request 22 modcall[accounting]: module "unix" returns ok for request 22 radius_xlat: '/var/log/radius/radutmp' radius_xlat: 'dani' modcall[accounting]: module "radutmp" returns ok for request 22 modcall: group accounting returns ok for request 22 Sending Accounting-Response of id 4 to 192.168.19.11:3828 Finished request 22 Going to the next request --- Walking the entire request list --- Cleaning up request 22 ID 4 with timestamp 455b108c Nothing to do. Sleeping until we see a request. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ the above seems ok, as I have now an entry in radutmp: # radwho Login Name What TTY When From Location dani dani shell S1 Wed 15:05 193.254.2 and an authentication packet sent with NTRadPing with the same user-name 'dani' gets an 'Access-Reject' response: 'You are already logged in - access denied' So, Simultaneous-Use works ok for me if NAS includes NAS-port attribute in accounting start packet. I wrote to ZyXEL with no much hope for an answer, so I am looking for a FreeRADIUS workaround on the host installation. --- / Universitatea TRANSILVANIA Brasov / -- virus checked - cciu unitbv - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html