Re: Accounting log issue

[Tseveendorj]

On 11.06.28 13:44, Fajar A. Nugraha wrote:
On Tue, Jun 28, 2011 at 12:27 PM, Tseveendorj<tsev...@tunamal.mn>  wrote:
Hello,
The accounting information not logged in
/var/log/freeradius/radacct/IPADDRESS/detail-xxxxx.log and also in MySQL
table radacct. How to solve this ?
Does your NAS send accounting packets? See your NAS documentation for details.

For example, some wireless AP with 802.1x support can use radius for
authentication, but don't send any accounting packets at all.

If the NAS DO send accounting packets, and you see the packets when
running debug mode ("radiusd -X"), then make sure the appropriate
module (sql or detail) is active on accounting section
(sites-available/default).

Hello,

I have a Cisco Router 3825 that acting NAS role. I just checked 
configuration of my NAS

radius-server attribute nas-port format b
radius-server dead-criteria time 3 tries 10
radius-server host IP ADDRESS auth-port 1812 acct-port 1813
radius-server key 7 0113478550A0B0E2D012D061425474A4F
radius-server vsa send cisco-nas-port
radius-server vsa send accounting
radius-server vsa send authentication

I thought "vsa send accounting" configuration is for accounting.

configuration in sites-enabled/default

authorize {
        ....
        #  See "Authorization Queries" in sql.conf
        sql
        ......
}

accounting {
        detail
        .....
        .....
        #  See "Accounting queries" in sql.conf
        sql
        ......
}

please see the result of command "sudo freeradius -X"

rad_recv: Access-Request packet from host IP ADDRESS port 1645, id=84, 
length=129
        Cisco-AVPair = "client-mac-address=0030.4f74.dc87"
        Framed-Protocol = PPP
        User-Name = "dongfeng"
        User-Password = "345729"
        NAS-Port-Type = Virtual
        NAS-Port = 0
        NAS-Port-Id = "0/0/0/12"
        Service-Type = Framed-User
        NAS-IP-Address = IP ADDRESS
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "dongfeng", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
[sql]   expand: %{User-Name} -> dongfeng
[sql] sql_set_user escaped user --> 'dongfeng'
rlm_sql (sql): Reserving sql socket id: 3
[sql]   expand: SELECT id, username, attribute, value, op           
FROM radcheck           WHERE username = '%{SQL-User-Name}'           
ORDER BY id -> SELECT id, username, attribute, value, op           
FROM radcheck           WHERE username = 'dongfeng'           ORDER BY id
[sql] User found in radcheck table
[sql]   expand: SELECT id, username, attribute, value, op           
FROM radreply           WHERE username = '%{SQL-User-Name}'           
ORDER BY id -> SELECT id, username, attribute, value, op           
FROM radreply           WHERE username = 'dongfeng'           ORDER BY id
[sql]   expand: SELECT groupname           FROM radusergroup           
WHERE username = '%{SQL-User-Name}'           ORDER BY priority -> 
SELECT groupname           FROM radusergroup           WHERE username 
= 'dongfeng'           ORDER BY priority
[sql]   expand: SELECT id, groupname, attribute,           Value, 
op           FROM radgroupcheck           WHERE groupname = 
'%{Sql-Group}'           ORDER BY id -> SELECT id, groupname, 
attribute,           Value, op           FROM radgroupcheck           
WHERE groupname = '1Mbps'           ORDER BY id
[sql] User found in group 1Mbps
[sql]   expand: SELECT id, groupname, attribute,           value, 
op           FROM radgroupreply           WHERE groupname = 
'%{Sql-Group}'           ORDER BY id -> SELECT id, groupname, 
attribute,           value, op           FROM radgroupreply           
WHERE groupname = '1Mbps'           ORDER BY id
rlm_sql (sql): Released sql socket id: 3
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
Found Auth-Type = PAP
+- entering group PAP {...}
[pap] login attempt with password "345729"
[pap] Using clear text password "345729"
[pap] User authenticated successfully
++[pap] returns ok
+- entering group post-auth {...}
[sql]   expand: %{User-Name} -> dongfeng
[sql] sql_set_user escaped user --> 'dongfeng'
[sql]   expand: %{User-Password} -> 345729
[sql]   expand: INSERT INTO radpostauth                           
(username, pass, reply, authdate)                           VALUES 
(                           '%{User-Name}',                           
'%{%{User-Password}:-%{Chap-Password}}',                           
'%{reply:Packet-Type}', '%S') -> INSERT INTO 
radpostauth                           (username, pass, reply, 
authdate)                           VALUES (                           
'dongfeng',                           
'345729',                           'Access-Accept', '2011-06-28 
14:11:06')
rlm_sql (sql) in sql_postauth: query is INSERT INTO 
radpostauth                           (username, pass, reply, 
authdate)                           VALUES (                           
'dongfeng',                           
'345729',                           'Access-Accept', '2011-06-28 
14:11:06')
rlm_sql (sql): Reserving sql socket id: 2
rlm_sql (sql): Released sql socket id: 2
++[sql] returns ok
++[exec] returns noop
Sending Access-Accept of id 84 to IP ADDRESS port 1645
        Framed-IP-Address := 103.3.29.109
        Framed-IP-Netmask := 255.255.255.255
        Framed-MTU := 1500
        Framed-Protocol := PPP
        Service-Type := Framed-User
        Cisco-AVPair += "ip:sub-policy-In=1Mbps"
        Cisco-AVPair += "ip:sub-policy-Out=1Mbps"
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 84 with timestamp +157
Ready to process requests.

 What kind of thing I need to check now ?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html