It's ok! Thanks for your
kindly help.
Chairath
Hugh Irvine wrote:
Hello Chairarth - Here is the hook: # -*- mode: Perl -*-# addNASPort## PreClientHook to add NAS-Port attribute#
# Author: Hugh Irvine ([EMAIL PROTECTED])# Copyright (C) 2001 Open System Consultants#sub
{
my $p = ${$_[0]}; my $nasport = $p->get_attr('NAS-Port'); my $class = $p->get_attr('Class'); if (defined $class && !defined $nasport) {&main::log($main::LOG_DEBUG, "Class = $class"); $p->add_attr('NAS-Port', $class); }
return;
}
You should put the above in a file called "addNASPort" in the directory you have defined with DbDir, and add the following line to your configuration file. # Add the PreClientHook statement to the configuration file PreClientHook file:"%D/addNASPort" ...... Note that I have not tested this code (I'm travelling). Please let me know how this works for you. regards Hugh At 17:19 +0700 01/7/3, chairarth wrote:Hi Hugh,Thanks for your response . And here is log file.Tue Jul 3 17:14:34 2001: DEBUG: Packet dump:
*** Received from 10.2.0.1 port 49152 ....
Code: Access-Request
Identifier: 59
Authentic: <0><0>I<187><0><0>xK<0><0>i<148><0><0>H<137>
Attributes:
User-Name = "alan"
User-Password = "4<215><246><202>{<244>i<255><205>r<216><4><141><240>/<191>"
Acct-Session-Id = "5600d4f2"
NAS-IP-Address = 10.10.0.2
Shasta-SGROUP = "Shasta 5000: iSOS (tm), 2.1(17)"
Service-Type = Framed-User
Framed-Protocol = PPP
Calling-Station-Id = "ldc_12200000069"
NAS-Port = 1644167237Tue Jul 3 17:14:34 2001: DEBUG: Check if Handler Request-Type=Accounting-Request should be used to handle this request
Tue Jul 3 17:14:34 2001: DEBUG: Check if Handler Realm=radius should be used to handle this request
Tue Jul 3 17:14:34 2001: DEBUG: Check if Handler should be used to handle this request
Tue Jul 3 17:14:34 2001: DEBUG: Handling request with Handler ''
Tue Jul 3 17:14:34 2001: DEBUG: Deleting session for alan, 10.10.0.2, 1644167237
Tue Jul 3 17:14:34 2001: DEBUG: do query is: delete from RADONLINE where NASIDENTIFIER='10.10.0.2' and NASPORT=01644167237Tue Jul 3 17:14:34 2001: DEBUG: do query is: insert into RADMESSAGES (TIME_STAMP, TYPE, MESSAGE) values (994155274, 4, 'Handling with Radius::AuthRADMIN')Tue Jul 3 17:14:34 2001: DEBUG: do query is: insert into RADMESSAGES (TIME_STAMP, TYPE, MESSAGE) values (994155274, 4, 'Handling with Radius::AuthRADMIN')Tue Jul 3 17:14:34 2001: DEBUG: Query is: select PASS_WORD, STATICADDRESS, TIMELEFT, MAXLOGINS from RADUSERS where USERNAME='alan' and BADLOGINS < 5 and VALIDFROM < 994155274 and VALIDTO > 994155274Tue Jul 3 17:14:34 2001: DEBUG: do query is: insert into RADMESSAGES (TIME_STAMP, TYPE, MESSAGE) values (994155274, 4, 'Radius::AuthRADMIN looks for match with alan')Tue Jul 3 17:14:34 2001: DEBUG: Query is: select NASIDENTIFIER, NASPORT, ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where USERNAME='alan'Tue Jul 3 17:14:34 2001: DEBUG: do query is: insert into RADMESSAGES (TIME_STAMP, TYPE, MESSAGE) values (994155274, 4, 'Radius::AuthRADMIN ACCEPT: ')Tue Jul 3 17:14:34 2001: DEBUG: do query is: update RADUSERS set BADLOGINS=0 where USERNAME='alan'Tue Jul 3 17:14:34 2001: DEBUG: Access accepted for alan
Tue Jul 3 17:14:34 2001: DEBUG: Packet dump:
*** Sending to 10.2.0.1 port 49152 ....
Code: Access-Accept
Identifier: 59
Authentic: <0><0>I<187><0><0>xK<0><0>i<148><0><0>H<137>
Attributes:
Session-Timeout = 300
Framed-Protocol = PPP
Service-Type = Framed-User
Framed-IP-Netmask = 255.255.255.255
Framed-Routing = None
Framed-MTU = 1500
Framed-Compression = Van-Jacobson-TCP-IP
Idle-Timeout = 600
Class = "1644167237"Tue Jul 3 17:14:37 2001: DEBUG: Packet dump:
*** Received from 10.2.0.1 port 49153 ....
Code: Accounting-Request
Identifier: 42
Authentic: <234>r<192><1><176>~uJ<185><159>%J<245><182><10><236>
Attributes:
Acct-Status-Type = Start
User-Name = "alan"
Shasta-SGROUP = "Shasta 5000: iSOS (tm), 2.1(17)"Event-Timestamp = 994180286
Service-Type = Framed-User
NAS-IP-Address = 10.10.0.2
NAS-Port = 1644167237
Class = "1644167237"
Acct-Session-Id = "5600d4f2"
Acct-Authentic = RADIUS
Framed-IP-Address = 10.10.64.33
Framed-IP-Netmask = 255.255.255.255
Calling-Station-Id = "ldc_12200000069"Tue Jul 3 17:14:37 2001: DEBUG: Check if Handler Request-Type=Accounting-Request should be used to handle this request
Tue Jul 3 17:14:37 2001: DEBUG: Handling request with Handler 'Request-Type=Accounting-Request'
Tue Jul 3 17:14:37 2001: DEBUG: Adding session for alan, 10.10.0.2, 1644167237
Tue Jul 3 17:14:37 2001: DEBUG: do query is: delete from RADONLINE where NASIDENTIFIER='10.10.0.2' and NASPORT=01644167237Tue Jul 3 17:14:37 2001: DEBUG: do query is: insert into RADONLINE (USERNAME, NASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP, FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE) values ('alan', '10.10.0.2', 01644167237, '5600d4f2', 994155277, '10.10.64.33', '', 'Framed-User')Tue Jul 3 17:14:37 2001: DEBUG: do query is: insert into RADMESSAGES (TIME_STAMP, TYPE, MESSAGE) values (994155277, 4, 'Handling with Radius::AuthRADMIN')Tue Jul 3 17:14:37 2001: DEBUG: do query is: insert into RADMESSAGES (TIME_STAMP, TYPE, MESSAGE) values (994155277, 4, 'Handling accounting with Radius::AuthRADMIN')Tue Jul 3 17:14:37 2001: DEBUG: do query is: update RADUSERS set TIMELEFT=TIMELEFT-0, OCTETSINLEFT=OCTETSINLEFT-0, OCTETSOUTLEFT=OCTETSOUTLEFT-0 where USERNAME='alan'Tue Jul 3 17:14:37 2001: DEBUG: do query is: insert into RADUSAGE
(USERNAME, TIME_STAMP, ACCTSTATUSTYPE, ACCTSESSIONID, FRAMEDIPADDRESS, NASIDENTIFIER, NASPORT, DATE)
values
('alan', 994155277, 1, '5600d4f2', '10.10.64.33', '10.10.0.2', 1644167237, ' 3 07 2001 17:14:37')Tue Jul 3 17:14:37 2001: DEBUG: Accounting accepted
Tue Jul 3 17:14:37 2001: DEBUG: Packet dump:
*** Sending to 10.2.0.1 port 49153 ....
Code: Accounting-Response
Identifier: 42
Authentic: <234>r<192><1><176>~uJ<185><159>%J<245><182><10><236>
Attributes:Tue Jul 3 17:14:49 2001: DEBUG: Packet dump:
*** Received from 10.2.0.1 port 49153 ....
Code: Accounting-Request
Identifier: 43
Authentic: /7Y3@N<201><7><176><30>" <208>?:<240>
Attributes:
Acct-Status-Type = Stop
User-Name = "alan"
Shasta-SGROUP = "Shasta 5000: iSOS (tm), 2.1(17)"
Event-Timestamp = 994180298
Service-Type = Framed-User
NAS-IP-Address = 10.10.0.2
Class = "1644167237"
Acct-Session-Id = "5600d4f2"
Acct-Authentic = RADIUS
Framed-IP-Address = 10.10.64.33
Framed-IP-Netmask = 255.255.255.255
Calling-Station-Id = "ldc_12200000069"
Acct-Input-Octets = 1960
Acct-Output-Octets = 784
Acct-Input-Packets = 20
Acct-Output-Packets = 14
Acct-Terminate-Cause = User-Request
Acct-Session-Time = 12Tue Jul 3 17:14:49 2001: DEBUG: Check if Handler Request-Type=Accounting-Request should be used to handle this request
Tue Jul 3 17:14:49 2001: DEBUG: Handling request with Handler 'Request-Type=Accounting-Request'
Tue Jul 3 17:14:49 2001: DEBUG: Deleting session for alan, 10.10.0.2,
Tue Jul 3 17:14:49 2001: DEBUG: do query is: delete from RADONLINE where NASIDENTIFIER='10.10.0.2' and NASPORT=0Tue Jul 3 17:14:49 2001: DEBUG: do query is: insert into RADMESSAGES (TIME_STAMP, TYPE, MESSAGE) values (994155289, 4, 'Handling with Radius::AuthRADMIN')Tue Jul 3 17:14:49 2001: DEBUG: do query is: insert into RADMESSAGES (TIME_STAMP, TYPE, MESSAGE) values (994155289, 4, 'Handling accounting with Radius::AuthRADMIN')Tue Jul 3 17:14:49 2001: DEBUG: do query is: update RADUSERS set TIMELEFT=TIMELEFT-012, OCTETSINLEFT=OCTETSINLEFT-01960, OCTETSOUTLEFT=OCTETSOUTLEFT-0784 where USERNAME='alan'Tue Jul 3 17:14:49 2001: DEBUG: do query is: insert into RADUSAGE
(USERNAME, TIME_STAMP, ACCTSTATUSTYPE, ACCTINPUTOCTETS, ACCTOUTPUTOCTETS, ACCTSESSIONID, ACCTSESSIONTIME, ACCTTERMINATECAUSE, FRAMEDIPADDRESS, NASIDENTIFIER, DATE)
values
('alan', 994155289, 2, 1960, 784, '5600d4f2', 12, 1, '10.10.64.33', '10.10.0.2', ' 3 07 2001 17:14:49')Tue Jul 3 17:14:49 2001: DEBUG: Accounting accepted
Tue Jul 3 17:14:49 2001: DEBUG: Packet dump:*** Sending to 10.2.0.1 port 49153 ....
Code: Accounting-Response
Identifier: 43
Authentic: /7Y3@N<201><7><176><30>" <208>?:<240>
Attributes:Regards
ChairathHugh Irvine wrote:Hello Chairarth - The problem you describe below is due to the NAS not sending the NAS-Port attribute in the accounting stop record. There are two things you can do. First, you should lodge a bug report with your NAS vendor and get the problem fixed properly. Second, you can try adding a Class attribute in the access accept and verify the resulting trace 4 to make sure that the Class attribute is properly contained in both the accounting start and the accounting stop. If it is present, you can write a PreClientHook to copy the Class attribute into the NAS-Port attribute and fix the problem that way. Here is how to add the Class attribute:<AuthBy RADMIN> ...... AddToReply Class = %{NAS-Port} </AuthBy> Please send me the resulting trace 4 and if the Class attribute is in both the accounting start and the accounting stop I will send you a PreClientHook to do the job (I have done this for another client already). regards Hugh --NB: I am travelling this week, so there may be delays in our correspondence.Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.