Hello James -


The first thing to understand is that there are two different things going on with the radius protocol. The first is the access request and and corresponding access accept - this is the authentication and authorisation phase. After the session has been established as a result of the NAS processing the access accept, the accounting start is generated - and of course the accounting stop is generated at the end of the session.

On the Cisco at least there is an additional aaa configuration line required that will cause the NAS to generate an interim accounting (Alive) packet containing the Framed-IP-Address.

Note however that the initial access request that is logged by the AuthLog clause will never contain the Framed-IP-
Address. I also wonder why you have the AuthLog clause pointing to the "Accounting" table - this seems odd.


If you have any other questions, I'm always happy to help.

regards

Hugh


On Friday, Aug 15, 2003, at 05:45 Australia/Melbourne, James Nelson wrote:


I'm having problems getting Radiator to log the Framed-IP-Address in the SQL logs it generates. The NAS's are 3Com & Cisco devices. The problem seems to originate from the fact that the record is created before the NAS responds with the reply that contains the Framed-IP-Address. Here is a debug & part of my radius config. I've been digging through the archives & fighting this for a couple days, so any help would be appreciated. Thanks.

*** Received from ###.###.###.### port 1812 ....
Code:       Access-Request
Identifier: 161
Authentic:  <238><182><17>;-<218><212><199><12><225>X<245><192>d<30>|
Attributes:
   NAS-IP-Address = ###.###.###.###
   NAS-Port = 24
   NAS-Port-Type = Virtual
   User-Name = "user"
   User-Password = xxxxxxxxxx
   Service-Type = Framed-User
   Framed-Protocol = PPP

Fri Aug 8 13:35:51 2003: DEBUG: Rewrote user name to user
Fri Aug 8 13:35:51 2003: DEBUG: Handling request with Handler ''
Fri Aug 8 13:35:51 2003: DEBUG: Deleting session for user, ###.###.###.###, 24
Fri Aug 8 13:35:51 2003: DEBUG: Handling with Radius::AuthSQL
Fri Aug 8 13:35:51 2003: DEBUG: Handling with Radius::AuthSQL:
Fri Aug 8 13:35:51 2003: DEBUG: Query is:
Fri Aug 8 13:35:51 2003: DEBUG: Radius::AuthSQL looks for match with user
Fri Aug 8 13:35:51 2003: DEBUG: Radius::AuthSQL ACCEPT:
Fri Aug 8 13:35:51 2003: DEBUG: Access accepted for user
Fri Aug 8 13:35:51 2003: DEBUG: do query is: 'insert into RadAcct values ('13:35:51','08/08/ 2003','Success','user','user','###.###.###.###','','')':


Fri Aug  8 13:35:51 2003: DEBUG: Packet dump:
*** Sending to ###.###.###.### port 1812 ....
Code:       Access-Accept
Identifier: 161
Authentic:  <238><182><17>;-<218><212><199><12><225>X<245><192>d<30>|
Attributes:
   Service-Type = Framed-User
   Framed-Protocol = PPP
   Framed-Routing = None
   Framed-MTU = 1500
   Framed-Compression = Van-Jacobson-TCP-IP
   Idle-Timeout = 1800
   Session-Timeout = 43200
   Port-Limit = 1

Fri Aug  8 13:35:54 2003: DEBUG: Packet dump:
*** Received from ###.###.###.### port 1813 ....
Code:       Accounting-Request
Identifier: 162
Authentic:  <233>h.<128><149><209><214><167>kN<23><215><253>^<180><22>
Attributes:
   NAS-IP-Address = ###.###.###.###
   NAS-Port = 24
   NAS-Port-Type = Virtual
   User-Name = "user"
   Acct-Status-Type = Start
   Acct-Authentic = RADIUS
   Service-Type = Framed-User
   Acct-Session-Id = "000179B4"
   Framed-Protocol = PPP
   Framed-IP-Address = ###.###.###.###
   Acct-Delay-Time = 0



<Handler>

   # Look up user details in a mySQL DB
   <AuthBy SQL>

       DBSource     xxxxxxx
       DBUsername     xxxxxxx
       DBAuth         xxxxxxx

AuthSelect select xxxxxxxxxxxxxxx

       AddToReply Service-Type = Framed-User,\
               Framed-Protocol = PPP,\
               Framed-Routing = None,\
               Framed-MTU = 1500,\
               Framed-Compression = Van-Jacobson-TCP-IP,\
           Idle-Timeout = 1800,\
           Session-Timeout = 43200,\
           Port-Limit = 1

</AuthBy>


<AuthLog SQL>


       DBSource     xxxxxxx
       DBUsername     xxxxxxx
       DBAuth         xxxxxxx
       Table        Accounting

SuccessQuery insert into Accounting values ('%H:%M:%S','%m/%d/%Y','Success','%u','%U','%c',%1,'%a')
FailureQuery insert into Accounting values ('%H:%M:%S','%m/%d/%Y','Failure(PAP-Auth)','%u','%U','%c',%1,'%a')
LogSuccess 1


</AuthLog>

</Handler>

::James Nelson

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.



NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening?

--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Reply via email to