David Peterson wrote:
Forgive my newbieness but where would I put that code? I tried adding it to
the sites-available/default file under accounting but I am guessing that's not
right.
That'll stop any potential problems arising from the malformed Acct-Session-ID
yes.
Regarding the username, try putting the following in postauth.
update reply {
User-Name := 'testtest'
Class := 'testtest'
}
See if either of those values are included in accounting sessions. If they are
then there are ways to work around the User-Name in accounting packets.
-Arran
David
-----Original Message-----
From: Arran Cudbard-Bell [mailto:a.cudbard-b...@sussex.ac.uk]
Sent: Tuesday, December 15, 2009 10:56 AM
To: David Peterson-WirelessConnections; FreeRadius users mailing list
Subject: Re: Accounting question
David Peterson wrote:
Here is the accounting packet information I am getting:
rad_recv: Accounting-Request packet from host 172.16.4.2 port 1813, id=5,
length=239
Acct-Status-Type = Start
WiMAX-Beginning-Of-Session = 1
WiMAX-IP-Technology = Reserved-0
Acct-Session-Id =
"00-12-cf-c3-fb-8c3\000\000\000\000\000\000\000\000\000\000\000\000\000\000\
000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000"
Framed-IP-Address = 64.186.195.5
User-Name = "{am=1}33ac5579ce57217426e7434fa60e4...@test.com"
Calling-Station-Id = "00-12-cf-c3-fb-8c"
NAS-Identifier = "WC_LAB"
NAS-IP-Address = 172.16.4.2
WiMAX-BS-Id = 0x000002030209
Framed-Pool = "alias"
Event-Timestamp = "Dec 15 2009 09:04:15 CST"
WiMAX-GMT-Timezone-offset = 21600
Acct-Authentic = RADIUS
What I don't get is why the authentication works with clear text and the
accounting has the "hex stuff". Is this pretty much controlled by the NAS?
The "hex stuff" is the NAS appending 31 null chars to the session id.
FreeRADIUS is converting the unprintable characters into escape codes so that
they're visible.
The RFC recommendation is that:
"The Acct-Session-Id SHOULD contain UTF-8 encoded 10646 [7] characters."
Which SHOULD limit it to printable chars.
Really this is something your NAS vendor should fix, as it's a bug in their
code.
...Though if you really want you can trim off the superfluous nulls with:
if(Acct-Session-ID =~ /(.*)/){
update request {
Acct-Session-ID := "%{1}"
}
}
-Arran
David
-----Original Message-----
From: Alan DeKok [mailto:al...@deployingradius.com]
Sent: Tuesday, December 15, 2009 9:44 AM
To: David Peterson-WirelessConnections; FreeRadius users mailing list
Subject: Re: Accounting question
David Peterson wrote:
From what I can determine, the username is encrypted even though the
authentication is done in clear text during the EAP authentication.
It's not "encrypted". My guess is that you are using WiMAX.
As always, run the server in debugging mode to see what's going on.
But if the NAS refuses to send a usable User-Name in an accounting
packet, your only solution is to somehow write the *real* User-Name &&
the hex stuff into an SQL table. Then, correlated them later when you
receive the accounting packet.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
