Accounting Problem
I am using freeradius 0.7.x with 3Com Total Control 1000. No matter what I do I seem to be getting an error like Error: Accounting logout : login entry for NAS x port xx not found. As a result of this I am getting duplicate entries of the same session in my detail files. Does anyone have a clue on how to solve this probklem. Regards, Walter Perris Outgoing mail is certified Virus Free. Checked by AVG Anti-Virus (http://www.grisoft.com). Version: 7.0.167 / Virus Database: 260.0.0 - Release Date: 9/8/2003
Re: postgresql and freeradius accounting problem
sorry but i really dont know what your trying to say...please do some suggestions to what i should do... do you have a howto for this? > At 12:12 PM 9/10/2003,[EMAIL PROTECTED]: >>here are attached files. > > Did you read the debug output, your error and the reason for it are > explained: > > > rlm_sql_postgresql: query: INSERT into radacct (AcctSessionId, > AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, > AcctStartTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, > ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, > CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, > FramedIPAddress, AcctStartDelay, AcctStopDelay) values('2836', > '3879d6b9c94adcc6', 'boggss', '', '10.10.80.23', '', '', '2003-09-11 > 00:12:19', '-1', '', '', '', '0', '0', '', '', '', '', '', '', '', '0') > rlm_sql_postgresql: Status: PGRES_FATAL_ERROR > rlm_sql_postgresql: affected rows = > rlm_sql_postgresql: Postgresql check_error: PGRES_FATAL_ERROR, returning > SQL_DOWN > rlm_sql (sql): failed after re-connect > rlm_sql (sql): Couldn't update SQL accounting for START packet - > ERROR: pg_atoi: zero-length string > > > You are 'faking' a start record with incomplete information. Send it > a real start packet, or one with more complete information. IE, you > need to include more information than just: > > User-Name = "boggss" > Acct-Status-Type = Start > Acct-Session-Id = "2836" > > -Chris > -- > \\\|||/// \ StarNet Inc. \ Chris Parker > \ ~ ~ / \ WX *is* Wireless! \ Director, Engineering > | @ [EMAIL PROTECTED]| \ http://www.starnetwx.net \ (847) 963-0116 > oOo---(_)---oOo--\-- > \ Wholesale Internet Services - http://www.megapop.net > > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - Bringing First World Technology Closer to You. http://www.1asialink.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: postgresql and freeradius accounting problem
At 12:12 PM 9/10/2003, [EMAIL PROTECTED] wrote: here are attached files. Did you read the debug output, your error and the reason for it are explained: rlm_sql_postgresql: query: INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('2836', '3879d6b9c94adcc6', 'boggss', '', '10.10.80.23', '', '', '2003-09-11 00:12:19', '-1', '', '', '', '0', '0', '', '', '', '', '', '', '', '0') rlm_sql_postgresql: Status: PGRES_FATAL_ERROR rlm_sql_postgresql: affected rows = rlm_sql_postgresql: Postgresql check_error: PGRES_FATAL_ERROR, returning SQL_DOWN rlm_sql (sql): failed after re-connect rlm_sql (sql): Couldn't update SQL accounting for START packet - ERROR: pg_atoi: zero-length string You are 'faking' a start record with incomplete information. Send it a real start packet, or one with more complete information. IE, you need to include more information than just: User-Name = "boggss" Acct-Status-Type = Start Acct-Session-Id = "2836" -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: postgresql and freeradius accounting problem
here are attached files. > At 10:38 AM 9/10/2003,[EMAIL PROTECTED]: >>sorry i made a mistake, i am using the latest snapshot for freeradius. >> but >>still i got errors on accounting. it doesnt insert any on the db when i >>try to use accounting start. > > What does the debug output say? ( running the server 'radiusd -x -x' ) > > -Chris > -- > \\\|||/// \ StarNet Inc. \ Chris Parker > \ ~ ~ / \ WX *is* Wireless! \ Director, Engineering > |[EMAIL PROTECTED]@ | \ http://www.starnetwx.net \ (847) 963-0116 > oOo---(_)---oOo--\-- > \ Wholesale Internet Services - http://www.megapop.net > > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - Bringing First World Technology Closer to You. http://www.1asialink.com Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /usr/local/etc/raddb/proxy.conf Config: including file: /usr/local/etc/raddb/clients.conf Config: including file: /usr/local/etc/raddb/snmp.conf Config: including file: /usr/local/etc/raddb/sql.conf main: prefix = "/usr/local" main: localstatedir = "/usr/local/var" main: logdir = "/usr/local/var/log/radius" main: libdir = "/usr/local/lib" main: radacctdir = "/usr/local/var/log/radius/radacct" main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = "/usr/local/var/log/radius/radius.log" main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid" main: user = "radius" main: group = "radius" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/usr/local/sbin/checkrad" main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = yes proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients Using deprecated clients file. Support for this will go away soon. read_config_files: reading realms Using deprecated realms file. Support for this will go away soon. radiusd: entering modules setup Module: Library search path is /usr/local/lib Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = "crypt" Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: passwd = "(null)" mschap: authtype = "MS-CHAP" Module: Instantiated mschap (mschap) Module: Loaded preprocess preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups" preprocess: hints = "/usr/local/etc/raddb/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded SQL sql: driver = "rlm_sql_postgresql" sql: server = "localhost" sql: port = "" sql: login = "radius" sql: password = "radius2k3" sql: radius_db = "radius" sql: acct_table = "radacct" sql: acct_table2 = "radacct" sql: authcheck_table = "radcheck" sql: authreply_table = "radreply" sql: groupcheck_table = "radgroupcheck" sql: groupreply_table = "radgroupreply" sql: usergroup_table = "usergroup" sql: nas_table = "nas" sql: dict_table = "dictionary" sql: sqltrace = yes sql: sqltracefile = "/usr/local/var/log/radius/sqltrace.sql" sql: deletestalesessions = yes sql: num_sql_socks = 5 sql: sql_user_name = "%{User-Name}" sql: default_user_profile = "" sql: query_on_not_found = no sql: authorize_check_query = "SELECT id, UserName, Attribute, Value, Op ??FROM radcheck ??WHERE Username = '%{SQL-User-Name}' ??ORDER BY id" sql: authorize_reply_query = "SELECT id, UserName, Attribute, Value, Op ??FROM radreply ??WHERE Username = '%{SQL-User-Name}' ??ORDER BY id" sql: authorize_group_check_query = "SELECT radgroupcheck.id, radgroupcheck.GroupName, ??radgroupcheck.Attribute, radgroupcheck.Value,radgroupcheck.Op ??FROM radgroupcheck, usergroup ??WHERE usergroup.Username = '%{SQL-User-Name}' AND usergroup.GroupName = radgroupcheck.GroupName ??ORDER BY radgroupcheck.id" sql: a
Re: postgresql and freeradius accounting problem
At 10:38 AM 9/10/2003, [EMAIL PROTECTED] wrote: sorry i made a mistake, i am using the latest snapshot for freeradius. but still i got errors on accounting. it doesnt insert any on the db when i try to use accounting start. What does the debug output say? ( running the server 'radiusd -x -x' ) -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: postgresql and freeradius accounting problem
sorry i made a mistake, i am using the latest snapshot for freeradius. but still i got errors on accounting. it doesnt insert any on the db when i try to use accounting start. > At 09:43 AM 9/10/2003,[EMAIL PROTECTED]: >>hello list, >> >>i am just new to this list. i know igor chen is on of those i have seen >>posting some about postgresql and freeradius. >> >>i am having problem with postgresql and freeradius on its accounting. >>there seems to have no entries when i i try radtest using ntradping. >> >>i am using postgresql 7.2.3 and freeradis 0.4 or the latest. my box is on >>freebsd 4.8. > > Please consider upgrading, the lastest release is 0.9.1. The version > 0.4 is *very* *very* old and have many known bugs and memory leaks which > are fixed in the current release. > > -Chris > > -- > \\\|||/// \ StarNet Inc. \ Chris Parker > \ ~ ~ / \ WX *is* Wireless! \ Director, Engineering > | @ [EMAIL PROTECTED]| \ http://www.starnetwx.net \ (847) 963-0116 > oOo---(_)---oOo--\-- > \ Wholesale Internet Services - http://www.megapop.net > > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - Bringing First World Technology Closer to You. http://www.1asialink.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: postgresql and freeradius accounting problem
At 09:43 AM 9/10/2003, [EMAIL PROTECTED] wrote: hello list, i am just new to this list. i know igor chen is on of those i have seen posting some about postgresql and freeradius. i am having problem with postgresql and freeradius on its accounting. there seems to have no entries when i i try radtest using ntradping. i am using postgresql 7.2.3 and freeradis 0.4 or the latest. my box is on freebsd 4.8. Please consider upgrading, the lastest release is 0.9.1. The version 0.4 is *very* *very* old and have many known bugs and memory leaks which are fixed in the current release. -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
postgresql and freeradius accounting problem
hello list, i am just new to this list. i know igor chen is on of those i have seen posting some about postgresql and freeradius. i am having problem with postgresql and freeradius on its accounting. there seems to have no entries when i i try radtest using ntradping. i am using postgresql 7.2.3 and freeradis 0.4 or the latest. my box is on freebsd 4.8. is anyone here having the same specs as mine as well as having problems? if you do please let me know how you solved the same problem as i have. if you happen to have a step by step notes on configuration of the postgresql + freeradius, i would be honored to take it. thanks, francis ted a. seguerra www.1asialink.com - Bringing First World Technology Closer to You. http://www.1asialink.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: accounting problem
On Tue, Jul 22, 2003 at 03:39:54PM +0200, labis siegfried wrote: > my data between acct-output-octets and cisco-pre-output-octest are very > diefferents? is it normal pre means before. so these are probably the octets before the session is established. acct-output-octets are the octets of the session to be accounted. just a guess Oliver. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
accounting problem
my data between acct-output-octets and cisco-pre-output-octest are very diefferents? is it normal - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Strange accounting Problem
Hello, I've a strange Problem with Accounting Records on a Bintec Brick. Maybe it is a Bug in Bintec Firmware, but I do not understand, what happens. When the Brick authenticates again freeradius local Database anything goes right. But when I use freeradius as a proxy against an ISA Server the Brick sends no Accounting Records. Where are the differences? When I look into the Radius packets I see only some vendor spezific Attributes more, but nothing, that IMHO should cause a Problem. The Packets go the right way (brick -> freeradius -> isa -> freeradius -> brick) and the user is authenticated right. He comes in, but no raddacct Record is send. Any suggestions?? TIA Ralf i.A Ralf Reinartz Network Administration IS-Communication MAXDATA Systeme GmbH Carlo-Schmid-Str. 12 D-52146 Würselen Telehon: +49 2405 444 4349 Telefax: +49 2405 444 4374 www.maxdata.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: accounting problem
> Having some problems getting the acct logging to work, I had > it working > and then just the other day it just stoped. I even had the > day off so it > wasn't anyting I touched, just stoped Friday morning.. (stuff deleted) > heres my detail debug section on a startup You'll probably also want to include the relevant bits of your debug at the time that your NAS sends an accounting packet. Could be any number of things. One personal experience: My radius.log file went MIA. Turns out that some agressive house-cleaning deleted the file, and directory permissions were not set to allow FreeRADIUS to re-create the file. DP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
accounting problem
Having some problems getting the acct logging to work, I had it working and then just the other day it just stoped. I even had the day off so it wasn't anyting I touched, just stoped Friday morning.. We got an outside ISP sending accounting packets and also an internal cisco vpn 3000 which was also working. Both systems are still reported to be sending accounting packets. I rebuilt another redhat 8.0 box, we using PAM through winbind and everything is working just fine except no accounting logging going on.. Is there a way to send a fake accounting packet myself? any other ideas? heres my detail debug section on a startup: Module: Loaded realm realm: format = "suffix" realm: delimiter = "@" Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = "/etc/raddb/users" files: acctusersfile = "/etc/raddb/acct_users" files: preproxy_usersfile = "/etc/raddb/preproxy_users" files: compat = "no" Module: Instantiated files (files) Module: Loaded Acct-Unique-Session-Id acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port-Id" Module: Instantiated acct_unique (acct_unique) Module: Loaded detail detail: detailfile = "/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded radutmp radutmp: filename = "/var/log/radius/radutmp" radutmp: username = "%{User-Name}" radutmp: case_sensitive = yes radutmp: check_with_nas = yes radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) Listening on IP address *, ports 1645/udp and 1646/udp, with proxy on 1647/udp. Ready to process requests. thanks for any tips -steve - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Accounting problem
Title: Accounting problem I received this warning message: rlm_acct_unique: WARNING: Attribute 87 was not found in request, unique ID MAY be inconsistent and radius does not update the accounting data once the user disconnected. The Acct ID doesn't match hence cannot update? Any idea how to fix it? Thanks Chhai Thach
0.8.1 accounting problem
Hi there. I'll skip right to the subject I am using freeradius 0.8.1 as a radius server for a certain realm and as a proxy for all other requests. For the local ISP realm, all is done via sql module. Everything works as intended, except accounting of proxied requests... When a user in my realm logs on, of course i want all accounting information to be sent to the sql module, and it does. But when a user outside the realm logs on, she gets authorized and authenticated, no problem, but when the NAS starts to send accounting packets for her, they get sent to the other radius server, proxy functionality works ok, AND all accounting for this user gets in my sql database, TOO, which i don't want. The database is reserved for "local" users, and the presence of other users' accounting information is unacceptable in this case. So... Is there a way to get the server to only send accounting information to sql when the user is in a specific realm? I need a rather quick answer, as this is a very important issue and i need to decide whether i have to study more or find another solution... Thank you in advance. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
unixodbc accounting problem (Was: postgresql accounting (bug?) Apr.2002)
Hello, I got a similar problem as Roman last year, but this time using sql_unixodbc driver :(. Function "sql_affected_rows(SQLSOCK *sqlsocket, SQL_CONFIG *config)" everytime returns '0' regardless of mssql query fail or finish properly. sql_affected_rows is calling SQLRowCount function, with seems to not work properly - _it_ returns all the time 0. I'm using FreeTDS 0.60 driver, but 'unfortunately' it works ok for other projects ;( Did anyone meet this this problem before and know a solution ? Or maybe could you propose using other - better - odbc driver instead of FreeTDS ? Best regards, Bangla - Original Message - From: "Roman" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, April 12, 2002 12:19 PM Subject: postgresql accounting (bug?) > Hi! >I use freeradius 0.5 with postgresql 7.2 on FreeBSD 4.5 > When i run freeradius in dedug mode (radiusd -x), I found that: > 1) freeradius query for Accounting stop packets with > "accounting_stop_query_alt" in any way, regardless of accounting_stop_query > fail or not > > rad_recv: Accounting-Request packet from host x.x.x.x, id=206, length=127 > > query: UPDATE radacct SET AcctStopTime =. > rlm_postgresql Status: PGRES_COMMAND_OK > sql_postgresql: affected rows = 1 > > query: INSERT into radacct ( AcctSessionId, > rlm_postgresql Status: PGRES_FATAL_ERROR > sql_postgresql: affected rows = > > I have not many C experience, but it seems like > sql_affected_rows always 0 for update query > > > rlm_sql.c: > > numaffected = (inst->module->sql_affected_rows)(sqlsocket, inst->config); > if (numaffected < 1) { > /* > * If our update above didn't match anything > * we assume it's because we haven't seen a > * matching Start record. So we have to > * insert this stop rather than do an update > */ > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re[2]: accounting problem
Hello Chris, Saturday, February 8, 2003, 12:22:50 AM, you wrote: CB> At 03:09 PM 2/7/2003, you wrote: >>Hello all freeradius-users, >>sorry again for my bad english... :) >> >>i changed radtest script to do acct, so as a result i got: >> >>Accounting: no Accounting-Status-Type record. >> modcall[accounting]: module "unix" returns noop >>Accounting: no Accounting-Status-Type record. >> modcall[accounting]: module "radutmp" returns noop >>modcall: group accounting returns ok >>Sending Accounting-Response of id 202 to 127.0.0.1:32800 >> modcall[accounting]: module "detail" returns ok >>Accounting: no Accounting-Status-Type record. >> modcall[accounting]: module "unix" returns noop >>Accounting: no Accounting-Status-Type record. >> modcall[accounting]: module "radutmp" returns noop >>modcall: group accounting returns ok >>Sending Accounting-Response of id 202 to 127.0.0.1:32800 >> >>what does >> >Accounting: no Accounting-Status-Type record. >>mean? CB> Start, Stop, Off, or On. Sorry if I did not list them all, but those are CB> some examples (I think there is an 'Alive' status too). CB> Chris CB> - CB> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html thanks! :) Best regards, falconmailto:[EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Re[2]: accounting problem
falcon <[EMAIL PROTECTED]> wrote: > but it is absent in dictionaries, what & where i shuold write or > read about it??? May be i should write it in acct request value-pairs? > PLease help It's really Acct-Status-Type. Read the dictionaries. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re[2]: accounting problem
Hello Alan, Friday, February 7, 2003, 7:11:38 PM, you wrote: AD> falcon <[EMAIL PROTECTED]> wrote: >> what does >> >Accounting: no Accounting-Status-Type record. >> mean? AD> That attribute isn't in the request. AD> Alan DeKok. AD> - AD> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html but it is absent in dictionaries, what & where i shuold write or read about it??? May be i should write it in acct request value-pairs? PLease help Best regards, falconmailto:[EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: accounting problem
At 03:09 PM 2/7/2003, you wrote: Hello all freeradius-users, sorry again for my bad english... :) i changed radtest script to do acct, so as a result i got: Accounting: no Accounting-Status-Type record. modcall[accounting]: module "unix" returns noop Accounting: no Accounting-Status-Type record. modcall[accounting]: module "radutmp" returns noop modcall: group accounting returns ok Sending Accounting-Response of id 202 to 127.0.0.1:32800 modcall[accounting]: module "detail" returns ok Accounting: no Accounting-Status-Type record. modcall[accounting]: module "unix" returns noop Accounting: no Accounting-Status-Type record. modcall[accounting]: module "radutmp" returns noop modcall: group accounting returns ok Sending Accounting-Response of id 202 to 127.0.0.1:32800 what does >Accounting: no Accounting-Status-Type record. mean? Start, Stop, Off, or On. Sorry if I did not list them all, but those are some examples (I think there is an 'Alive' status too). Chris - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: accounting problem
Hello falcon, Saturday, February 8, 2003, 12:09:21 AM, you wrote: f> Hello all freeradius-users, f> sorry again for my bad english... :) f> i changed radtest script to do acct, so as a result i got: f> Accounting: no Accounting-Status-Type record. f> modcall[accounting]: module "unix" returns noop f> Accounting: no Accounting-Status-Type record. f> modcall[accounting]: module "radutmp" returns noop f> modcall: group accounting returns ok f> Sending Accounting-Response of id 202 to 127.0.0.1:32800 f> modcall[accounting]: module "detail" returns ok f> Accounting: no Accounting-Status-Type record. f> modcall[accounting]: module "unix" returns noop f> Accounting: no Accounting-Status-Type record. f> modcall[accounting]: module "radutmp" returns noop f> modcall: group accounting returns ok f> Sending Accounting-Response of id 202 to 127.0.0.1:32800 f> what does >>Accounting: no Accounting-Status-Type record. f> mean? f> - f> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html when i write in accounting sql it says: Going to the next request --- Walking the entire request list --- Cleaning up request 6 ID 252 with timestamp 3e441fab Nothing to do. Sleeping until we see a request. rad_recv: Accounting-Request packet from host 127.0.0.1:32800, id=252, length=57 User-Name = "blabla" User-Password = "\3315aH\257l\331\327/\377k\364\242v\254[" NAS-IP-Address = 255.255.255.255 NAS-Port = 0 modcall: entering group preacct modcall[preacct]: module "preprocess" returns noop rlm_realm: No '@' in User-Name = "blabla", looking up realm NULL rlm_realm: No such realm NULL modcall[preacct]: module "suffix" returns noop modcall[preacct]: module "files" returns noop modcall: group preacct returns noop modcall: entering group accounting rlm_acct_unique: WARNING: Attribute 87 was not found in request, unique ID MAY be inconsistent rlm_acct_unique: WARNING: Attribute 44 was not found in request, unique ID MAY be inconsistent rlm_acct_unique: Hashing ',Client-IP-Address = 127.0.0.1,NAS-IP-Address = 255.255.255.255,,User-Name = "blabla"' rlm_acct_unique: Acct-Unique-Session-ID = "3e3e05c4a4b2e091". modcall[accounting]: module "acct_unique" returns ok radius_xlat: '/var/log/radius/radacct/127.0.0.1/detail-20030208' rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radius/radacct/127.0.0.1/detail-20030208 modcall[accounting]: module "detail" returns ok Accounting: no Accounting-Status-Type record. modcall[accounting]: module "unix" returns noop Accounting: no Accounting-Status-Type record. modcall[accounting]: module "radutmp" returns noop radius_xlat: 'rlm_sql: packet has no account status type. [user 'blabla', nas '255.255.255.255']' rlm_sql: packet has no account status type. [user 'blabla', nas '255.255.255.255'] modcall[accounting]: module "sql" returns invalid modcall: group accounting returns invalid Finished request 7 Going to the next request --- Walking the entire request list --- Cleaning up request 7 ID 252 with timestamp 3e441fae Nothing to do. Sleeping until we see a request. and my radiusd.conf last lines are: authorize { preprocess chap mschap suffix sql } authenticate { authype PAP {pap} authype CHAP {chap} authype MS-CHAP {ms-chap} unix } preacct { preprocess suffix files } accounting { acct_unique detail unix radutmp sql } session {radutmp } post-auth {} Best regards, falconmailto:[EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: accounting problem
falcon <[EMAIL PROTECTED]> wrote: > what does > >Accounting: no Accounting-Status-Type record. > mean? That attribute isn't in the request. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
accounting problem
Hello all freeradius-users, sorry again for my bad english... :) i changed radtest script to do acct, so as a result i got: Accounting: no Accounting-Status-Type record. modcall[accounting]: module "unix" returns noop Accounting: no Accounting-Status-Type record. modcall[accounting]: module "radutmp" returns noop modcall: group accounting returns ok Sending Accounting-Response of id 202 to 127.0.0.1:32800 modcall[accounting]: module "detail" returns ok Accounting: no Accounting-Status-Type record. modcall[accounting]: module "unix" returns noop Accounting: no Accounting-Status-Type record. modcall[accounting]: module "radutmp" returns noop modcall: group accounting returns ok Sending Accounting-Response of id 202 to 127.0.0.1:32800 what does >Accounting: no Accounting-Status-Type record. mean? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Radius Accounting problem with MaxTnT
"Dimitrios E. Digas" <[EMAIL PROTECTED]> wrote: > I have a problem with radius accounting. More specifically I am using > freeradius v0.8 with oracle 8i backend. The problem arises with some > accounting records, all from a MaxTnT NAS. As can be seen from the log > entries below, the problem is that NAS does not send a username with some > accounting records. As a result the SQL query fails and the record > cannot be written into the database. Read 'raddb/sql.conf', and look for sql_user_name. The configuration file tells you how to deal with this problem. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Radius Accounting problem with MaxTnT
Dear all, I have a problem with radius accounting. More specifically I am using freeradius v0.8 with oracle 8i backend. The problem arises with some accounting records, all from a MaxTnT NAS. As can be seen from the log entries below, the problem is that NAS does not send a username with some accounting records. As a result the SQL query fails and the record cannot be written into the database. Does anyone know how I can block such accounting requests from the MaxTnT NAS or does anybody know if this is a known MaxTnT bug ??? As a temporary solution I've modified the SQL query and used Oracle's NVL function as follows to prevent a NULL username in the SQL statement: accounting_start_query = "INSERT into ${acct_table1} (RadAcctId, AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('', '%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', NVL(%{SQL-User-Name}, 'dummyraduser'), '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port-Id}', '%{NAS-Port-Type}', TO_DATE('%S','-mm-dd hh24:mi:ss'), NULL, '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '%{Acct-Delay-Time}', '0')" This might do the trick but has a performance drawback. If anyone notices any other problems this may cause please let me know. RADIUS LOG -- rad_recv: Accounting-Request packet from host 217.19.74.12:7020, id=34, length=116 NAS-IP-Address = 217.19.74.12 NAS-Port = 2113 NAS-Port-Type = Async Acct-Status-Type = Start Acct-Delay-Time = 229 Acct-Session-Id = "369446656" Acct-Authentic = Local Idle-Timeout = 0 X-Ascend-Modem-PortNo = 62 X-Ascend-Modem-SlotNo = 1 X-Ascend-Modem-ShelfNo = 1 Calling-Station-Id = "2108150497" Called-Station-Id = "8962408080" modcall: entering group preacct modcall[preacct]: module "preprocess" returns noop rlm_realm: Proxy reply, or no user name. Ignoring. modcall[preacct]: module "suffix" returns noop modcall[preacct]: module "files" returns noop modcall: group preacct returns noop modcall: entering group accounting rlm_acct_unique: WARNING: Attribute NAS-Port-Id was not found in request, unique ID MAY be inconsistent rlm_acct_unique: WARNING: Attribute User-Name was not found in request, unique ID MAY be inconsistent rlm_acct_unique: Hashing ',Client-IP-Address = 217.19.74.12,NAS-IP-Address = 217.19.74.12,Acct-Session-Id = "369446656",' rlm_acct_unique: Acct-Unique-Session-ID = "e8b5c0d1af61a38f". modcall[accounting]: module "acct_unique" returns ok radius_xlat: '/usr/local/var/log/radius/radacct/217.19.74.12/detail-20021212' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/217.19.74.12/detail-20021212 modcall[accounting]: module "detail" returns ok modcall[accounting]: module "counter" returns noop modcall[accounting]: module "unix" returns noop radius_xlat: '/usr/local/var/log/radius/radutmp' radius_xlat: '' modcall[accounting]: module "radutmp" returns ok radius_xlat: '' radius_xlat: 'INSERT into radacct (RadAcctId, AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('', '369446656', 'e8b5c0d1af61a38f', '', '', '217.19.74.12', '', 'Async', TO_DATE('2002-12-12 21:54:56','-mm-dd hh24:mi:ss'), NULL, '0', 'Local', '', '', '0', '0', '8962408080', '2108150497', '', '', '', '', '229', '0')' rlm_sql (sql): Reserving sql socket id: 3 rlm_sql_oracle: execute query failed in sql_query: ORA-01400: cannot insert NULL into ("URNET"."RADACCT"."USERNAME") rlm_sql (sql): Attempting to connect rlm_sql_oracle #3 rlm_sql (sql): Connected new DB handle, #3 rlm_sql_oracle: execute query failed in sql_query: ORA-01400: cannot insert NULL into ("URNET"."RADACCT"."USERNAME") rlm_sql (sql): failed after re-connect rlm_sql (sql): Couldn't update SQL accounting for START packet - ORA-01400: cannot insert NULL into ("URNET"."RADACCT"."USERNAME") radius_xlat: 'UPDATE radacct SET AcctStartTime = TO_DATE('2002-12-12 21:54:56','-mm-dd hh24:mi:ss'), AcctStartDelay = '229', ConnectInfo_start = '' WHERE AcctSessionId = '369446656' AND UserName = '' AND NASIPAddress = '217.19.74.12' AND AcctStopTime = IS NULL' rlm_sql_oracle: execute query failed in sql_query: ORA-00936: missing expressio
Re: Strange Accounting Problem
My bad, I am thoroughly scolded! Murrah Boswell Alan DeKok wrote: > > WA Support <[EMAIL PROTECTED]> wrote: > > I use freeradius-0.5 on a linux box. > > Huh? 0.7 was released nearly 3 months ago. > > > I noticed weird client IP directories being created in my > > /usr/adm/radacct directory. My normal clients are 192.168.192.22 and > > 192.168.192.23. I have two directories, 192.168.192.22 and > > 192.168.192.23, in my /usr/adm/radacct directory, as it should be, and > > these two directories have details files, as they should. > > Yeah, it's a bug in older versions of the server. See why upgrading > is a good idea? > > Alan DeKok. > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Strange Accounting Problem
WA Support <[EMAIL PROTECTED]> wrote: > I use freeradius-0.5 on a linux box. Huh? 0.7 was released nearly 3 months ago. > I noticed weird client IP directories being created in my > /usr/adm/radacct directory. My normal clients are 192.168.192.22 and > 192.168.192.23. I have two directories, 192.168.192.22 and > 192.168.192.23, in my /usr/adm/radacct directory, as it should be, and > these two directories have details files, as they should. Yeah, it's a bug in older versions of the server. See why upgrading is a good idea? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Strange Accounting Problem
Hello, I use freeradius-0.5 on a linux box. I am getting strange accounting behavior. I noticed weird client IP directories being created in my /usr/adm/radacct directory. My normal clients are 192.168.192.22 and 192.168.192.23. I have two directories, 192.168.192.22 and 192.168.192.23, in my /usr/adm/radacct directory, as it should be, and these two directories have details files, as they should. However, I also have many weird directories with names like 208.221.28.8, 40.37.27.8, 0.35.27.8, etc. Like I said, I have many of these weird directories. Each one of these directories has a detail file, but there are only 'Stop' records in these detail files. I started a tcpdump session to capture the traffic from ports 1645 and 1646 (I use the old ports for radius). In the /usr/adm/radacct/208.221.28.8/detail file I have: [WA:root@pri radacct]# cat 208.221.28.8/detail Wed Oct 30 21:03:04 2002 Acct-Status-Type = Stop NAS-IP-Address = 192.168.192.5 Acct-Delay-Time = 0 User-Name = "bono" NAS-Port = 3460 Acct-Session-Id = "00036E07" Service-Type = Framed-User Framed-Protocol = PPP Acct-Session-Time = 0 Acct-Input-Octets = 0 Acct-Output-Octets = 0 Acct-Input-Packets = 0 Acct-Output-Packets = 0 Client-IP-Address = 208.221.28.8 Timestamp = 1036036984 The corresponding packet in my tcpdump that relates to 208.221.28.8 is: 21:03:04.201975 pri.wildapache.net.radacct > 208.221.28.8.32815: [udp sum ok] rad-account-resp 20 [id 18] (DF) (ttl 64, id 0, len 48) Freeradius is creating and sending accounting information to the detail file in 208.221.28.8 This type of activity is very random. That is, I only get this type of weirdness ever so often for different users. Most of the time there is only one entry in a given 'weird client' directory, but sometimes there are multiple entries for different users. These are always 'Stop' records. Does anyone know what is causing this? Have I forgotten/missed something in my configuration? I really need to get this cleared up since it is messing up my statistical records. Any help will be greatly appreciated. Thanks, Murrah Boswell Systems Administrator Wild Apache Internet Services [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
accounting problem
I'm using FR 0.7. I have proxying enabled, and the NULL realm accounting host set to LOCAL. When I send an accounting packet using radclient, an Accounting-Response packet is never sent. Everything in accounting returns ok, but no response is sent back. More info can be provided if necessary. Kevin Here is the output using debugging: rad_recv: Accounting-Request packet from host 192.168.1.10:32768, id=1, length=138 Thread 2 assigned request 1 --- Walking the entire request list --- Threads: total/active/spare threads = 5/1/4 Waking up in 5 seconds... Thread 2 handling request 1, (1 handled so far) User-Name = "test" NAS-IP-Address = 10.0.1.3 NAS-Port = 1 NAS-Port-Type = Async Acct-Status-Type = Start Acct-Delay-Time = 0 Acct-Session-Id = "1" Acct-Authentic = RADIUS Framed-Protocol = PPP Framed-IP-Address = xxx.xxx.xxx.xxx Service-Type = Framed-User modcall: entering group preacct modcall[preacct]: module "preprocess" returns noop rlm_realm: Looking up realm NULL for User-Name = "test" rlm_realm: Found realm NULL rlm_realm: Adding Stripped-User-Name = "test" rlm_realm: Proxying request from user test to realm NULL rlm_realm: Adding Realm = "NULL" rlm_realm: Accounting realm is LOCAL. rlm_realm: acct_port is not set. proxy cancelled modcall[preacct]: module "suffix" returns noop acct_users: Matched DEFAULT at 16 modcall[preacct]: module "files" returns ok modcall: group preacct returns ok modcall: entering group accounting radius_xlat: 'test' sql_set_user: escaped user --> 'test' radius_xlat: 'INSERT INTO radacct (RadAcctId, AcctSessionId, UserName, Realm, NASIPAddress) VALUES ('', '1', 'test', 'NULL', '10.0.1.3')' rlm_sql: Reserving sql socket id: 3 rlm_sql: Released sql socket id: 3 modcall[accounting]: module "sql0" returns ok modcall: group accounting returns ok Finished request 1 Going to the next request Thread 2 waiting to be assigned a request --- Walking the entire request list --- Threads: total/active/spare threads = 5/0/5 Cleaning up request 1 ID 1 with timestamp 3d446c85 Nothing to do. Sleeping until we see a request. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Radius Accounting Problem
Just use acct_unique in radiusd.conf and ignore sessions with equal Acct-Unique-Session-ID (or use unique ID SQL column). > > we've noticed double/multiple accounting entries recorded > in mysql in only one session with the same AcctStartTime (some differs > in -- B. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS accounting problem
On Tue, 30 Apr 2002 14:14:03 -0700, Joseph Liu wrote: I had this problem with freeradius also... But with a portmaster3. I solved it using mysql accounting and changing the table so that unique_id is really unique... >Please help. This may have already been solved. If someone knows where I can >find the answer in the mailing list, please let me know. > >I encounter a small problem with FreeRADIUS 0.5 release. The test >environment is between a Cisco IOS 12.2 router and a RedHat 7.2 Linux >FreeRADIUS server. FreeRADIUS was compiled on the RH Linux machine using the >enclosed freeradius.spec by way of RPM. > >If I use the normal command line to start the radius server as in "radiusd" >or "radiusd -y", the accounting information will be sent from Cisco router >and recorded 3 times in the /var/log/radius/radacct/{NAS IP address}. It >seems that the accounting information sent by the router did not get a reply >from the radius server, so the router retries again and again. > >However, if I run the radius server in the debug mode such as "radiusd -xy" >or "radius -xxy", the radius server indeed sends a reply to the router's >accounting information. The accounting information gets to be registered >only once. > >The above is true whether I run the radiusd in foreground or background >daemon mode. > >I think I am missing something. Please enlighten me. Thanks, > >Joseph Liu >JPL >Pasadena, CA > > >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > As opiniões formuladas neste e-mail são de caráter exclusivamente pessoal. Minha opinião não necessariamente representa a opinião do meu Moto Grupo nem da empresa onde trabalho. Mene Sakkhet ur-seveh Alexandre Ganso - Diretor Steel Goose Moto Group 500 Four Vermelha [EMAIL PROTECTED] ICQ# 3778773 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FreeRADIUS accounting problem
Please help. This may have already been solved. If someone knows where I can find the answer in the mailing list, please let me know. I encounter a small problem with FreeRADIUS 0.5 release. The test environment is between a Cisco IOS 12.2 router and a RedHat 7.2 Linux FreeRADIUS server. FreeRADIUS was compiled on the RH Linux machine using the enclosed freeradius.spec by way of RPM. If I use the normal command line to start the radius server as in "radiusd" or "radiusd -y", the accounting information will be sent from Cisco router and recorded 3 times in the /var/log/radius/radacct/{NAS IP address}. It seems that the accounting information sent by the router did not get a reply from the radius server, so the router retries again and again. However, if I run the radius server in the debug mode such as "radiusd -xy" or "radius -xxy", the radius server indeed sends a reply to the router's accounting information. The accounting information gets to be registered only once. The above is true whether I run the radiusd in foreground or background daemon mode. I think I am missing something. Please enlighten me. Thanks, Joseph Liu JPL Pasadena, CA - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Re[2]: PIX v6.1 accounting problem
1 7 ^Z^U D e s t i n a t i o n - P o r t = 8 0 -Message d'origine- De : 3APA3A [mailto:[EMAIL PROTECTED]] Envoyé : mercredi 20 mars 2002 09:44 À : Pierre Strazza Objet : Re[2]: PIX v6.1 accounting problem Dear Pierre Strazza, It means Cisco has a Vendor-Specific packet structure different from one recommended in RFC (or sends a buggy packet). Can you sniff the packet? --Wednesday, March 20, 2002, 3:45:27 AM, you wrote to [EMAIL PROTECTED]: PS> Here is the radius.log extract : PS> Wed Mar 20 01:41:30 2002 : Error: WARNING: Malformed RADIUS packet from host PS> x.x.x.x: Vendor specific attributes do not exactly fill Vendor-Specific PS> Same error is reported while running in debug mode. PS> No further accounting information is logged. PS> The cisco box is a PIX firewall v6.1, authenticating users thru the PS> freeradius server for VPN access. PS> Pierre. PS> -Message d'origine- PS> De : Chris Parker [mailto:[EMAIL PROTECTED]] PS> Envoyé : mardi 19 mars 2002 19:13 PS> À : [EMAIL PROTECTED] PS> Objet : RE: PIX v6.1 accounting problem PS> At 05:19 PM 3/19/2002 +0100, Pierre Strazza wrote: >>The request is not loggued since an error message is reported in the >>radius.log file, indicating some non conform attributes - not proceeded. >> >>the dictionary.cisco seems to be already included in the dictionary file by >>default .. >> >>Any idea ? PS> It would really really really help if you could provide the error message PS> printed by the server, as well as any printed when you run it in debug PS> mode. PS> -Chris PS> -- PS> \\\|||/// \ StarNet Inc. \Chris Parker PS> \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering PS> | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 PS> oOo---(_)---oOo--\-- PS>\ Wholesale Internet Services - http://www.megapop.net PS> - PS> List info/subscribe/unsubscribe? See PS> http://www.freeradius.org/list/users.html PS> . PS> . PS> . PS> - PS> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- ~/ZARAZA Íî Ãàððè... ÿ áåçóñëîâíî îòäàþ ïðåäïî÷òåíèå åìó, çà âûñîêóþ ïèòàòåëüíîñòü è êàêîå-òî îñîáåííî íåæíîå ìÿñî. (Òâåí) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html . . . - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: PIX v6.1 accounting problem
Pierre Strazza <[EMAIL PROTECTED]> wrote: > Here is the radius.log extract : > Wed Mar 20 01:41:30 2002 : Error: WARNING: Malformed RADIUS packet from = > host > x.x.x.x: Vendor specific attributes do not exactly fill Vendor-Specific Then it's not a valid RADIUS packet. Use 'tcpdump' to get a hex dump of the packet. And talk to Cisco. Get them to fix their broken RADIUS implementation. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re[2]: PIX v6.1 accounting problem
Dear Pierre Strazza, It means Cisco has a Vendor-Specific packet structure different from one recommended in RFC (or sends a buggy packet). Can you sniff the packet? --Wednesday, March 20, 2002, 3:45:27 AM, you wrote to [EMAIL PROTECTED]: PS> Here is the radius.log extract : PS> Wed Mar 20 01:41:30 2002 : Error: WARNING: Malformed RADIUS packet from host PS> x.x.x.x: Vendor specific attributes do not exactly fill Vendor-Specific PS> Same error is reported while running in debug mode. PS> No further accounting information is logged. PS> The cisco box is a PIX firewall v6.1, authenticating users thru the PS> freeradius server for VPN access. PS> Pierre. PS> -Message d'origine- PS> De : Chris Parker [mailto:[EMAIL PROTECTED]] PS> Envoyé : mardi 19 mars 2002 19:13 PS> À : [EMAIL PROTECTED] PS> Objet : RE: PIX v6.1 accounting problem PS> At 05:19 PM 3/19/2002 +0100, Pierre Strazza wrote: >>The request is not loggued since an error message is reported in the >>radius.log file, indicating some non conform attributes - not proceeded. >> >>the dictionary.cisco seems to be already included in the dictionary file by >>default .. >> >>Any idea ? PS> It would really really really help if you could provide the error message PS> printed by the server, as well as any printed when you run it in debug PS> mode. PS> -Chris PS> -- PS> \\\|||/// \ StarNet Inc. \Chris Parker PS> \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering PS> | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 PS> oOo---(_)---oOo--\-- PS>\ Wholesale Internet Services - http://www.megapop.net PS> - PS> List info/subscribe/unsubscribe? See PS> http://www.freeradius.org/list/users.html PS> . PS> . PS> . PS> - PS> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- ~/ZARAZA Íî Ãàððè... ÿ áåçóñëîâíî îòäàþ ïðåäïî÷òåíèå åìó, çà âûñîêóþ ïèòàòåëüíîñòü è êàêîå-òî îñîáåííî íåæíîå ìÿñî. (Òâåí) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: PIX v6.1 accounting problem
Here is the radius.log extract : Wed Mar 20 01:41:30 2002 : Error: WARNING: Malformed RADIUS packet from host x.x.x.x: Vendor specific attributes do not exactly fill Vendor-Specific Same error is reported while running in debug mode. No further accounting information is logged. The cisco box is a PIX firewall v6.1, authenticating users thru the freeradius server for VPN access. Pierre. -Message d'origine- De : Chris Parker [mailto:[EMAIL PROTECTED]] Envoyé : mardi 19 mars 2002 19:13 À : [EMAIL PROTECTED] Objet : RE: PIX v6.1 accounting problem At 05:19 PM 3/19/2002 +0100, Pierre Strazza wrote: >The request is not loggued since an error message is reported in the >radius.log file, indicating some non conform attributes - not proceeded. > >the dictionary.cisco seems to be already included in the dictionary file by >default .. > >Any idea ? It would really really really help if you could provide the error message printed by the server, as well as any printed when you run it in debug mode. -Chris -- \\\|||/// \ StarNet Inc. \Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html . . . - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: PIX v6.1 accounting problem
The request is not loggued since an error message is reported in the radius.log file, indicating some non conform attributes - not proceeded. the dictionary.cisco seems to be already included in the dictionary file by default .. Any idea ? Pierre. -Message d'origine- De : Chris Parker [mailto:[EMAIL PROTECTED]] Envoyé : mardi 19 mars 2002 16:09 À : [EMAIL PROTECTED] Objet : Re: PIX v6.1 accounting problem At 02:55 PM 3/19/2002 +0100, Pierre Strazza wrote: >Hi again, > >I need to account acesses made on a PIX firewall v6.1 on the Radius server. >Debugging of the radiusd process shows that requests are correctly sent to >the radius accounting port, but are not handled, because of some non conform >VSA ... Won't stop it from logging the request. May stop it from logging human readable formats. Can you elaborate on 'not handled'? >Any dictionary for PIX v6.1 ? :-) PIX is cisco. Are you enabling the use of 'dictionary.cisco'? -Chris -- \\\|||/// \ StarNet Inc. \Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html . . . - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: PIX v6.1 accounting problem
At 02:55 PM 3/19/2002 +0100, Pierre Strazza wrote: >Hi again, > >I need to account acesses made on a PIX firewall v6.1 on the Radius server. >Debugging of the radiusd process shows that requests are correctly sent to >the radius accounting port, but are not handled, because of some non conform >VSA ... Won't stop it from logging the request. May stop it from logging human readable formats. Can you elaborate on 'not handled'? >Any dictionary for PIX v6.1 ? :-) PIX is cisco. Are you enabling the use of 'dictionary.cisco'? -Chris -- \\\|||/// \ StarNet Inc. \Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
PIX v6.1 accounting problem
Hi again, I need to account acesses made on a PIX firewall v6.1 on the Radius server. Debugging of the radiusd process shows that requests are correctly sent to the radius accounting port, but are not handled, because of some non conform VSA ... Any dictionary for PIX v6.1 ? :-) Regards, Pierre. . - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Accounting problem with freeradius 0.4
Cyrille Lefranc <[EMAIL PROTECTED]> wrote: > We have encountered the following issue with version 4 of the > freeradius server (it works fine with version 3) : Version 0.3 was wrong. > We send an Accounting-On request to the server, and expect for the > pair 'Acct-Status-Type = Accounting-On' in the reply. Why? http://www.freeradius.org/rfc/rfc2866.html See section 5.13, near the bottom: No attributes should be found in Accounting-Response packets except Proxy-State and possibly Vendor-Specific. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Accounting problem with freeradius 0.4
Hi, We have encountered the following issue with version 4 of the freeradius server (it works fine with version 3) : We send an Accounting-On request to the server, and expect for the pair 'Acct-Status-Type = Accounting-On' in the reply. So, our acct_users file just contains the following lines : DEFAULT Acct-Status-Type == Accounting-On Acct-Status-Type = Accounting-On The server is replying to our request, but never join the value/pair attribute that we expect in its reply. And yet, the rule in acct_users was matched, as we can see in the server output attached. Freeradius 0.4 was compiled with the following options given to the configure script: ./configure --enable-developer --prefix=/home/clefranc/RADIUS/local_freeradius-server_installation --enable-strict-dependencies --without- rlm_krb5 --without-rlm_ldap --without-rlm_sql_postgresql --without-rlm_x99_token Redhat linux 6.2 gcc 2.95.3 ld 2.9.5 glibc 2.1.3 Thanks for any advices. -- Cyrille radiusd.output Description: Binary data
[Question] radclient & accounting problem
Hello all, I have tried to use Freeradius0.2 in Solaris 2.7 machine. Now I have two questions. 1. I installed it according to a document in the package. : (/doc/README) Then I added users, and I performed simple test using "radtest" program. It worked well.. But it worked wrong, when I performed test using "radclient" program. I did as "/doc/performance-testing" said, but the result is like this. +-+ RESULT +---+ jjam@ccm99a> radclient -f radius.test ccm99b auth testing1234 Received response ID 122, code 2, length = 23 Class = 0x00 Received response ID 123, code 3, length = 20 Received response ID 124, code 3, length = 20 Received response ID 125, code 3, length = 20 Received response ID 126, code 3, length = 20 Thu Sep 13 10:59:30 2001 : Auth: Login OK: [ferp/axuc] (from nas ccm99a port 0) Thu Sep 13 10:59:30 2001 : Auth: Login incorrect: [ocgkn/0\022D\301EZ] (from nas ccm99a port 0) Thu Sep 13 10:59:30 2001 : Auth: Login incorrect: [dtwhu/\256\363\0179\332\323] (from nas ccm99a port 0) Thu Sep 13 10:59:30 2001 : Auth: Login incorrect: [kxkmh/\353\353r\366]d] (from nas ccm99a port 0) Thu Sep 13 10:59:30 2001 : Auth: Login incorrect: [ccijgvlm/\266\354\245f] (from nas ccm99a port 0) jjam@ccm99a> cat radius.test ~/freeradius-0.2/scripts User-Name=ferp, Password=axuc,NAS-IP-Address=127.0.0.1,NAS-Port-Id=0 User-Name=ocgkn, Password=gsjdtv,NAS-IP-Address=127.0.0.1,NAS-Port-Id=0 User-Name=dtwhu, Password=eyxddq,NAS-IP-Address=127.0.0.1,NAS-Port-Id=0 User-Name=kxkmh, Password=cosnxd,NAS-IP-Address=127.0.0.1,NAS-Port-Id=0 User-Name=ccijgvlm, Password=hyoj,NAS-IP-Address=127.0.0.1,NAS-Port-Id=0 jjam@ccm99a> cat radius.users ~/freeradius-0.2/scripts ferp Auth-Type:=Local, Password=="axuc" Class="0x0" ocgkn Auth-Type:=Local, Password=="gsjdtv" Class="0x1" dtwhu Auth-Type:=Local, Password=="eyxddq" Class="0x2" kxkmh Auth-Type:=Local, Password=="cosnxd" Class="0x3" ccijgvlm Auth-Type:=Local, Password=="hyoj" Class="0x4" +--+ I tried many times, but the result was same. Only the first user request is OK, and the remains are NOT OK. Until now, I couldn't find out what's wrong.. Cound anyone help me?? 2. I want to perform an accounting test. How can I archive this goal?? Thank you in advance.. +--+ Jae-Min Ahn Senior Engineer Contela, Inc. 9-1 Sunae-dong, Pundang-gu, Sungnam City, Kyunggi-do 463-784, Korea Mobile: +82-11-9076-6104 Tel: +82-342-601-5830~3 (ext:109) Fax: +82-342-602-5830 Email: [EMAIL PROTECTED]+--+