Good Point :D Port 1813 is filtered, thanks Ivan I'll see if modifying that it works.
2008/4/25, Ivan Kalik <[EMAIL PROTECTED]>: > Is your NAS sending accounting packets? > > Ivan Kalik > Kalik Informatika ISP > > > Dana 25/4/2008, "Sergio Belkin" <[EMAIL PROTECTED]> piše: > > > >I see any detail-%Y%m%d log files but only auth-detail-%Y%m%d files. > >What am I doing wrong? > > > >My config files: > > > >radiusd.conf: > > > >prefix = /usr/local-2.0.2 > >exec_prefix = ${prefix} > >sysconfdir = ${prefix}/etc > >localstatedir = ${prefix}/var > >sbindir = ${exec_prefix}/sbin > >logdir = ${localstatedir}/log/radius > >raddbdir = ${sysconfdir}/raddb > >radacctdir = ${logdir}/radacct > >confdir = ${raddbdir} > >run_dir = ${localstatedir}/run/radiusd > >db_dir = $(raddbdir) > >libdir = ${exec_prefix}/lib > >pidfile = ${run_dir}/radiusd.pid > >user = radiusd > >group = radiusd > >max_request_time = 30 > >cleanup_delay = 5 > >max_requests = 1024 > >listen { > > type = auth > > ipaddr = 190.125.213.5 > > port = 0 > >} > >listen { > > ipaddr = 190.125.213.5 > > port = 0 > > type = acct > >} > >hostname_lookups = no > >allow_core_dumps = no > >regular_expressions = yes > >extended_expressions = yes > >log { > > destination = files > > file = ${logdir}/radius.log > > syslog_facility = daemon > > stripped_names = yes > > auth = yes > > auth_badpass = no > > auth_goodpass = no > >} > >checkrad = ${sbindir}/checkrad > >security { > > max_attributes = 190 > > reject_delay = 1 > > status_server = yes > >} > >proxy_requests = no > >$INCLUDE proxy.conf > >$INCLUDE clients.conf > >snmp = no > >$INCLUDE snmp.conf > >thread pool { > > start_servers = 5 > > max_servers = 32 > > min_spare_servers = 3 > > max_spare_servers = 10 > > max_requests_per_server = 0 > >} > >modules { > > pap { > > auto_header = yes > > } > > chap { > > authtype = CHAP > > } > > pam { > > pam_auth = radiusd > > } > > unix { > > radwtmp = ${logdir}/radwtmp > > } > >$INCLUDE eap.conf > > mschap { > > } > > ldap { > > server = "ldap.cadorna.biz > > identity = "cn=freeradius,ou=applications,dc=cadorna,dc=biz" > > port = 636 > > password = jejeje0essoleplop > > basedn = "ou=people,dc=cadorna,dc=biz" > > filter = "(uid=%{Stripped-User-Name:-%{User-Name}})" > > ldap_connections_number = 5 > > timeout = 4 > > timelimit = 3 > > net_timeout = 1 > > tls { > > start_tls = no > > cacertfile = /etc/raddb-2.0.2/cacert.pem > > randfile = /dev/urandom > > require_cert = "allow" > > } > > access_attr = "radiusAllowed" > > dictionary_mapping = ${confdir}/ldap.attrmap > > edir_account_policy_check = no > > } > > realm IPASS { > > format = prefix > > delimiter = "/" > > } > > realm suffix { > > format = suffix > > delimiter = "@" > > } > > realm realmpercent { > > format = suffix > > delimiter = "%" > > } > > realm ntdomain { > > format = prefix > > delimiter = "\\" > > } > > checkval { > > item-name = Calling-Station-Id > > check-name = Calling-Station-Id > > data-type = string > > } > > > > preprocess { > > huntgroups = ${confdir}/huntgroups > > hints = ${confdir}/hints > > with_ascend_hack = no > > ascend_channels_per_line = 23 > > with_ntdomain_hack = no > > with_specialix_jetstream_hack = no > > with_cisco_vsa_hack = no > > } > > files { > > usersfile = ${confdir}/users > > acctusersfile = ${confdir}/acct_users > > preproxy_usersfile = ${confdir}/preproxy_users > > compat = no > > } > > detail { > > detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d > > detailperm = 0600 > > header = "%t" > > suppress { > > User-Password > > } > > } > > detail auth_log { > > detailfile = > ${radacctdir}/%{Client-IP-Address}/auth-detail-%Y%m%d > > suppress { > > User-Password > > } > > } > > acct_unique { > > key = "User-Name, Acct-Session-Id, NAS-IP-Address, > >Client-IP-Address, NAS-Port" > > } > > $INCLUDE sql.conf > > > > radutmp { > > filename = ${logdir}/radutmp > > username = %{User-Name} > > case_sensitive = yes > > check_with_nas = yes > > perm = 0600 > > callerid = "yes" > > } > > radutmp sradutmp { > > filename = ${logdir}/sradutmp > > perm = 0644 > > callerid = "no" > > } > > attr_filter attr_filter.post-proxy { > > attrsfile = ${confdir}/attrs > > } > > attr_filter attr_filter.pre-proxy { > > attrsfile = ${confdir}/attrs.pre-proxy > > } > > attr_filter attr_filter.access_reject { > > key = %{User-Name} > > attrsfile = ${confdir}/attrs.access_reject > > } > > attr_filter attr_filter.accounting_response { > > key = %{User-Name} > > attrsfile = ${confdir}/attrs.accounting_response > > } > > counter daily { > > filename = ${db_dir}/db.daily > > key = User-Name > > count-attribute = Acct-Session-Time > > reset = daily > > counter-name = Daily-Session-Time > > check-name = Max-Daily-Session > > reply-name = Session-Timeout > > allowed-servicetype = Framed-User > > cache-size = 5000 > > } > > $INCLUDE sql/mysql/counter.conf > > always fail { > > rcode = fail > > } > > always reject { > > rcode = reject > > } > > always noop { > > rcode = noop > > } > > always handled { > > rcode = handled > > } > > always updated { > > rcode = updated > > } > > always notfound { > > rcode = notfound > > } > > always ok { > > rcode = ok > > simulcount = 0 > > mpp = no > > } > > expr { > > } > > digest { > > } > > expiration { > > reply-message = "Password Has Expired\r\n" > > } > > logintime { > > reply-message = "You are calling outside your allowed > timespan\r\n" > > minimum-timeout = 60 > > } > > exec { > > wait = yes > > input_pairs = request > > shell_escape = yes > > output = none > > } > > exec echo { > > wait = yes > > program = "/bin/echo %{User-Name}" > > input_pairs = request > > output_pairs = reply > > shell_escape = yes > > } > > ippool main_pool { > > range-start = 192.168.1.1 > > range-stop = 192.168.3.254 > > netmask = 255.255.255.0 > > cache-size = 800 > > session-db = ${db_dir}/db.ippool > > ip-index = ${db_dir}/db.ipindex > > override = no > > maximum-timeout = 0 > > } > > policy { > > filename = ${confdir}/policy.txt > > } > >} > >instantiate { > > exec > > expr > > expiration > > logintime > >} > >$INCLUDE policy.conf > >$INCLUDE sites-enabled/ > > > > > >EOF > > > >acct_users: > > > >DEFAULT Ldap-UserDN = `uid=%{User-Name},ou=people,dc=cadorna,dc=biz` > > > >EOF > > > >sites-enabled/default: > > > >authorize { > > preprocess > > auth_log > > chap > > mschap > > suffix > > eap { > > ok = return > > } > > unix > > files > > ldap > > expiration > > logintime > > pap > >} > >authenticate { > > Auth-Type PAP { > > pap > > } > > Auth-Type CHAP { > > chap > > } > > Auth-Type MS-CHAP { > > mschap > > } > > unix > > Auth-Type LDAP { > > ldap > > } > > eap > >} > >preacct { > > preprocess > > acct_unique > > suffix > > files > >} > >accounting { > > detail > > unix > > radutmp > > attr_filter.accounting_response > >} > >session { > > radutmp > >} > >post-auth { > > Post-Auth-Type REJECT { > > attr_filter.access_reject > > } > >} > >pre-proxy { > >} > >post-proxy { > > eap > >} > > > >EOF > > > >thanks in advance! > > > > > >-- > >-- > >Open Kairos http://www.openkairos.com > >Watch More TV http://sebelk.blogspot.com > >Sergio Belkin - > > >- > >List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > -- -- Open Kairos http://www.openkairos.com Watch More TV http://sebelk.blogspot.com Sergio Belkin - - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html