Is your NAS sending accounting packets? Ivan Kalik Kalik Informatika ISP
Dana 25/4/2008, "Sergio Belkin" <[EMAIL PROTECTED]> piše: >I see any detail-%Y%m%d log files but only auth-detail-%Y%m%d files. >What am I doing wrong? > >My config files: > >radiusd.conf: > >prefix = /usr/local-2.0.2 >exec_prefix = ${prefix} >sysconfdir = ${prefix}/etc >localstatedir = ${prefix}/var >sbindir = ${exec_prefix}/sbin >logdir = ${localstatedir}/log/radius >raddbdir = ${sysconfdir}/raddb >radacctdir = ${logdir}/radacct >confdir = ${raddbdir} >run_dir = ${localstatedir}/run/radiusd >db_dir = $(raddbdir) >libdir = ${exec_prefix}/lib >pidfile = ${run_dir}/radiusd.pid >user = radiusd >group = radiusd >max_request_time = 30 >cleanup_delay = 5 >max_requests = 1024 >listen { > type = auth > ipaddr = 190.125.213.5 > port = 0 >} >listen { > ipaddr = 190.125.213.5 > port = 0 > type = acct >} >hostname_lookups = no >allow_core_dumps = no >regular_expressions = yes >extended_expressions = yes >log { > destination = files > file = ${logdir}/radius.log > syslog_facility = daemon > stripped_names = yes > auth = yes > auth_badpass = no > auth_goodpass = no >} >checkrad = ${sbindir}/checkrad >security { > max_attributes = 190 > reject_delay = 1 > status_server = yes >} >proxy_requests = no >$INCLUDE proxy.conf >$INCLUDE clients.conf >snmp = no >$INCLUDE snmp.conf >thread pool { > start_servers = 5 > max_servers = 32 > min_spare_servers = 3 > max_spare_servers = 10 > max_requests_per_server = 0 >} >modules { > pap { > auto_header = yes > } > chap { > authtype = CHAP > } > pam { > pam_auth = radiusd > } > unix { > radwtmp = ${logdir}/radwtmp > } >$INCLUDE eap.conf > mschap { > } > ldap { > server = "ldap.cadorna.biz > identity = "cn=freeradius,ou=applications,dc=cadorna,dc=biz" > port = 636 > password = jejeje0essoleplop > basedn = "ou=people,dc=cadorna,dc=biz" > filter = "(uid=%{Stripped-User-Name:-%{User-Name}})" > ldap_connections_number = 5 > timeout = 4 > timelimit = 3 > net_timeout = 1 > tls { > start_tls = no > cacertfile = /etc/raddb-2.0.2/cacert.pem > randfile = /dev/urandom > require_cert = "allow" > } > access_attr = "radiusAllowed" > dictionary_mapping = ${confdir}/ldap.attrmap > edir_account_policy_check = no > } > realm IPASS { > format = prefix > delimiter = "/" > } > realm suffix { > format = suffix > delimiter = "@" > } > realm realmpercent { > format = suffix > delimiter = "%" > } > realm ntdomain { > format = prefix > delimiter = "\\" > } > checkval { > item-name = Calling-Station-Id > check-name = Calling-Station-Id > data-type = string > } > > preprocess { > huntgroups = ${confdir}/huntgroups > hints = ${confdir}/hints > with_ascend_hack = no > ascend_channels_per_line = 23 > with_ntdomain_hack = no > with_specialix_jetstream_hack = no > with_cisco_vsa_hack = no > } > files { > usersfile = ${confdir}/users > acctusersfile = ${confdir}/acct_users > preproxy_usersfile = ${confdir}/preproxy_users > compat = no > } > detail { > detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d > detailperm = 0600 > header = "%t" > suppress { > User-Password > } > } > detail auth_log { > detailfile = > ${radacctdir}/%{Client-IP-Address}/auth-detail-%Y%m%d > suppress { > User-Password > } > } > acct_unique { > key = "User-Name, Acct-Session-Id, NAS-IP-Address, >Client-IP-Address, NAS-Port" > } > $INCLUDE sql.conf > > radutmp { > filename = ${logdir}/radutmp > username = %{User-Name} > case_sensitive = yes > check_with_nas = yes > perm = 0600 > callerid = "yes" > } > radutmp sradutmp { > filename = ${logdir}/sradutmp > perm = 0644 > callerid = "no" > } > attr_filter attr_filter.post-proxy { > attrsfile = ${confdir}/attrs > } > attr_filter attr_filter.pre-proxy { > attrsfile = ${confdir}/attrs.pre-proxy > } > attr_filter attr_filter.access_reject { > key = %{User-Name} > attrsfile = ${confdir}/attrs.access_reject > } > attr_filter attr_filter.accounting_response { > key = %{User-Name} > attrsfile = ${confdir}/attrs.accounting_response > } > counter daily { > filename = ${db_dir}/db.daily > key = User-Name > count-attribute = Acct-Session-Time > reset = daily > counter-name = Daily-Session-Time > check-name = Max-Daily-Session > reply-name = Session-Timeout > allowed-servicetype = Framed-User > cache-size = 5000 > } > $INCLUDE sql/mysql/counter.conf > always fail { > rcode = fail > } > always reject { > rcode = reject > } > always noop { > rcode = noop > } > always handled { > rcode = handled > } > always updated { > rcode = updated > } > always notfound { > rcode = notfound > } > always ok { > rcode = ok > simulcount = 0 > mpp = no > } > expr { > } > digest { > } > expiration { > reply-message = "Password Has Expired\r\n" > } > logintime { > reply-message = "You are calling outside your allowed > timespan\r\n" > minimum-timeout = 60 > } > exec { > wait = yes > input_pairs = request > shell_escape = yes > output = none > } > exec echo { > wait = yes > program = "/bin/echo %{User-Name}" > input_pairs = request > output_pairs = reply > shell_escape = yes > } > ippool main_pool { > range-start = 192.168.1.1 > range-stop = 192.168.3.254 > netmask = 255.255.255.0 > cache-size = 800 > session-db = ${db_dir}/db.ippool > ip-index = ${db_dir}/db.ipindex > override = no > maximum-timeout = 0 > } > policy { > filename = ${confdir}/policy.txt > } >} >instantiate { > exec > expr > expiration > logintime >} >$INCLUDE policy.conf >$INCLUDE sites-enabled/ > > >EOF > >acct_users: > >DEFAULT Ldap-UserDN = `uid=%{User-Name},ou=people,dc=cadorna,dc=biz` > >EOF > >sites-enabled/default: > >authorize { > preprocess > auth_log > chap > mschap > suffix > eap { > ok = return > } > unix > files > ldap > expiration > logintime > pap >} >authenticate { > Auth-Type PAP { > pap > } > Auth-Type CHAP { > chap > } > Auth-Type MS-CHAP { > mschap > } > unix > Auth-Type LDAP { > ldap > } > eap >} >preacct { > preprocess > acct_unique > suffix > files >} >accounting { > detail > unix > radutmp > attr_filter.accounting_response >} >session { > radutmp >} >post-auth { > Post-Auth-Type REJECT { > attr_filter.access_reject > } >} >pre-proxy { >} >post-proxy { > eap >} > >EOF > >thanks in advance! > > >-- >-- >Open Kairos http://www.openkairos.com >Watch More TV http://sebelk.blogspot.com >Sergio Belkin - >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html