Re: Acct session ID shows 0
On Mon, May 14, 2012 at 10:23 PM, alan buxey a.l.m.bu...@lboro.ac.uk wrote: Hi, I have one doubt in my Acct session id i had clients mac address then ssid and then session id.but in some of the Act session id it shows clients mac address then ssid and then 0.because of which i get huge Acct session time about 947412332...please see the logs below.radius new is my ssid.it would be very helpful if you solve the query. in your config, what do you have as the generator for Acct-Session-Id ? Acct-Session-Id should be whatever the NAS sends. Acct-Session-Time should also, AFAIK, be whatever the NAS sends. If the NAS sends incorrect Acct-Session-Time, then the NAS is broken. The acctstoptime field in radacct is a timestamp inserted by radius, so if this field has the wrong value, your server clock is probably not set to the correct time. Acct-Unique-Session-Id is created by acct_unique module in FR. This is probably what you mean by having a generator, but should be irrelevant to the problem. -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Acct session ID shows 0
Hi, i have a radius server configured on my Pc and a AP connected to my PC.so there is no different NAS. and if the time is set wrong then why dont i get all acct-session-time wrong??In middle of some logs i see this type of absurd timings. -- View this message in context: http://freeradius.1045715.n5.nabble.com/Acct-session-ID-shows-0-tp5709113p5709803.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Acct session ID shows 0
On Tue, May 15, 2012 at 1:29 PM, Sharad P sharadpanick...@gmail.com wrote: Hi, i have a radius server configured on my Pc and a AP connected to my PC.so there is no different NAS. your AP is the NAS and if the time is set wrong then why dont i get all acct-session-time wrong??In middle of some logs i see this type of absurd timings. Ask the NAS vendor. -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Acct session ID shows 0
hi, can you tell from which time acct start time is calculated. here is the sample of logs. Acctstarttime is calculated from current date and Acct-Session-Time but 1970-01-01 is minimal possible value. This is sample for one client MAC address.you can see the date 1970-01-01. radacctid | acctsessionid | nasipaddress | acctstarttime | acctstoptime | callingstationid ---+---+ ---+++--- 19308 | 2c:44:01:ee:80:da:poznan-internet-free:1335696598 | 10.255.223.71 | 2012-04-29 18:39:44+02 | 2012-04-29 18:46:08+02 | 2c:44:01:ee:80:da 19339 | 2c:44:01:ee:80:da:poznan-internet-free:0 | 10.255.223.70 | 1970-01-01 07:49:46+01 | 2012-04-29 18:49:05+02 | 2c:44:01:ee:80:da 19375 | 2c:44:01:ee:80:da:poznan-internet-free:1335696779 | 10.255.223.50 | 2012-04-29 18:42:45+02 | 2012-04-29 20:28:08+02 | 2c:44:01:ee:80:da -- View this message in context: http://freeradius.1045715.n5.nabble.com/Acct-session-ID-shows-0-tp5709113p5709818.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Acct session ID shows 0
On Tue, May 15, 2012 at 1:58 PM, Sharad P sharadpanick...@gmail.com wrote: hi, can you tell from which time acct start time is calculated. here is the sample of logs. If you mysql, see sql/mysql/dialup.conf. Acctstarttime is calculated from current date and Acct-Session-Time but ... which I assume you already did, since you arrived at that conclusion. 1970-01-01 is minimal possible value. This is sample for one client MAC address.you can see the date 1970-01-01. ... and the point is ? If the NAS sends incorrect Acct-Session-Time, then the calculated acctstarttime will be incorrect as well. -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Acct session ID shows 0
hi, I have one doubt in my Acct session id i had clients mac address then ssid and then session id.but in some of the Act session id it shows clients mac address then ssid and then 0.because of which i get huge Acct session time about 947412332...please see the logs below.radius new is my ssid.it would be very helpful if you solve the query. NAS-IP-Address = 192.168.200.56 NAS-Identifier = E1C76A60846 Called-Station-Id = 00:06:5a:01:1b:d9 NAS-Port = 1 NAS-Port-Type = Wireless-802.11 User-Name = Unknown Calling-Station-Id = 00:14:a4:87:04:15 Acct-Status-Type = Stop Acct-Session-Id = 00:14:a4:87:04:15:radius new:947412116 Acct-Input-Octets = 0 Acct-Output-Octets = 225 Acct-Input-Packets = 0 Acct-Output-Packets = 5 Acct-Session-Time = 15 Acct-Terminate-Cause = User-Request Client-IP-Address = 192.168.200.56 Acct-Unique-Session-Id = 61a2b61dd6a83f91 Timestamp = 1337005110 Mon May 14 19:51:50 2012 NAS-IP-Address = 192.168.200.56 NAS-Identifier = E1C76A60846 Called-Station-Id = 00:06:5a:01:1b:d9 NAS-Port = 1 NAS-Port-Type = Wireless-802.11 User-Name = Unknown Calling-Station-Id = 00:14:a4:87:04:15 Acct-Status-Type = Stop Acct-Session-Id = 00:14:a4:87:04:15:radius new:0 Acct-Input-Octets = 2833 Acct-Output-Octets = 4355 Acct-Input-Packets = 24 Acct-Output-Packets = 19 Acct-Session-Time = 947412332 Acct-Terminate-Cause = User-Request Client-IP-Address = 192.168.200.56 Acct-Unique-Session-Id = 48d0d61e828c612f Timestamp = 1337005310 -- View this message in context: http://freeradius.1045715.n5.nabble.com/Acct-session-ID-shows-0-tp5709113.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Acct session ID shows 0
Sharad P wrote: I have one doubt in my Acct session id i had clients mac address then ssid and then session id.but in some of the Act session id it shows clients mac address then ssid and then 0.because of which i get huge Acct session time about 947412332...please see the logs below.radius new is my ssid.it would be very helpful if you solve the query. Buy a NAS that works. There is *no* excuse for a vendor to create bad accounting packets. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Acct session ID shows 0
Hi, I have one doubt in my Acct session id i had clients mac address then ssid and then session id.but in some of the Act session id it shows clients mac address then ssid and then 0.because of which i get huge Acct session time about 947412332...please see the logs below.radius new is my ssid.it would be very helpful if you solve the query. in your config, what do you have as the generator for Acct-Session-Id ? alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Acct session ID shows 0
where can isee this generator? -- View this message in context: http://freeradius.1045715.n5.nabble.com/Acct-session-ID-shows-0-tp5709113p5709781.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: MLPPP Acct-Session-Id
Thank you Arran and Alan for your feedback. I received confirmation it was not yet implemented on Cisco ASR1k. -Original Message- From: freeradius-users-bounces+jkuhne=cisco@lists.freeradius.org [mailto:freeradius-users-bounces+jkuhne=cisco@lists.freeradius.org] On Behalf Of Arran Cudbard-Bell Sent: Saturday, April 02, 2011 4:58 AM To: FreeRadius users mailing list Subject: Re: MLPPP Acct-Session-Id On Apr 2, 2011, at 12:34 AM, Alan DeKok wrote: Jay Kuhne (jkuhne) wrote: Forgot to mention, also attempted with Acct-Multi-Session-Id, which was in the accounting record but same result. I would say to ask the NAS manufacturer for a list of what they need in the CoA packet, but that doesn't seem to apply here. I'm not sure why CoA is so complicated. If there's an Acct-Session-Id attribute, the NAS should use that to identify a session. Pretty much every other session identification attribute can be ignored. Some NAS manufacturers require multiple Identification attributes, you really need to ask the manufacturer what attributes and values are required to identify a session. Sometimes you also need a minimum number of policy attributes in addition to the identification attributes. CoA doesn't differentiate between the two types at a packet level its completely implementation specific. -Arran - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MLPPP Acct-Session-Id
Jay Kuhne (jkuhne) wrote: Forgot to mention, also attempted with Acct-Multi-Session-Id, which was in the accounting record but same result. I would say to ask the NAS manufacturer for a list of what they need in the CoA packet, but that doesn't seem to apply here. I'm not sure why CoA is so complicated. If there's an Acct-Session-Id attribute, the NAS should use that to identify a session. Pretty much every other session identification attribute can be ignored. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MLPPP Acct-Session-Id
On Apr 2, 2011, at 12:34 AM, Alan DeKok wrote: Jay Kuhne (jkuhne) wrote: Forgot to mention, also attempted with Acct-Multi-Session-Id, which was in the accounting record but same result. I would say to ask the NAS manufacturer for a list of what they need in the CoA packet, but that doesn't seem to apply here. I'm not sure why CoA is so complicated. If there's an Acct-Session-Id attribute, the NAS should use that to identify a session. Pretty much every other session identification attribute can be ignored. Some NAS manufacturers require multiple Identification attributes, you really need to ask the manufacturer what attributes and values are required to identify a session. Sometimes you also need a minimum number of policy attributes in addition to the identification attributes. CoA doesn't differentiate between the two types at a packet level its completely implementation specific. -Arran - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: MLPPP Acct-Session-Id
Forgot to mention, also attempted with Acct-Multi-Session-Id, which was in the accounting record but same result. -Original Message- From: freeradius-users-bounces+jkuhne=cisco@lists.freeradius.org [mailto:freeradius-users-bounces+jkuhne=cisco@lists.freeradius.org] On Behalf Of Jay Kuhne (jkuhne) Sent: Thursday, March 31, 2011 5:26 PM To: FreeRadius users mailing list Subject: RE: MLPPP Acct-Session-Id Hi Alan, Thanks again for your reply, I just wanted to follow-up with you. On the ASR1K BRAS we see the same Message-Authenticator when performing COA via PPP so that is not the issue here After enabling more debug and performing COA when the multilink bundle is established, we get Mar 28 14:32:07.078 EST: RADIUS: 4E 6F 20 76 61 6C 69 64 20 53 65 73 73 69 6F 6E [ No valid Session] Mar 28 14:32:07.078 EST: RADIUS: Dynamic-Author-Error[101] 6 Unsupported Service [405] So far the bundle appears to be reflected in cli output as having the same type of UID, AAA_id and Sesison_Id as a PPP session but obviously that does not work. So we need to work with our Cisco development to understand how to identify the bundle. The qos policies are attached to the bundles and not the underlying PPP sessions so we truly need to address the bundle with COA. Just wanted to let you know where I'm at. Thanks, Jay -Original Message- From: freeradius-users-bounces+jkuhne=cisco@lists.freeradius.org [mailto:freeradius-users-bounces+jkuhne=cisco@lists.freeradius.org] On Behalf Of Jay Kuhne (jkuhne) Sent: Tuesday, March 29, 2011 10:56 AM To: FreeRadius users mailing list Subject: RE: MLPPP Acct-Session-Id Okay thanks. I'll do some investigating and let you know. It may be a little bit but I will reply with my findings. Jay -Original Message- From: freeradius-users-bounces+jkuhne=cisco@lists.freeradius.org [mailto:freeradius-users-bounces+jkuhne=cisco@lists.freeradius.org] On Behalf Of Alan DeKok Sent: Tuesday, March 29, 2011 10:20 AM To: FreeRadius users mailing list Subject: Re: MLPPP Acct-Session-Id Jay Kuhne (jkuhne) wrote: Do you know of a syntax on Radclient for defining the Message-Authenticator attribute? It's just like any other attribute... Message-Authenticator = I'll see if I can find it in the accounting record, get it working and then follow-up as to why the it's not as per RFC. The NAS vendors don't bother following (or even reading) the RFCs. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: MLPPP Acct-Session-Id
Hi Alan, Thanks again for your reply, I just wanted to follow-up with you. On the ASR1K BRAS we see the same Message-Authenticator when performing COA via PPP so that is not the issue here After enabling more debug and performing COA when the multilink bundle is established, we get Mar 28 14:32:07.078 EST: RADIUS: 4E 6F 20 76 61 6C 69 64 20 53 65 73 73 69 6F 6E [ No valid Session] Mar 28 14:32:07.078 EST: RADIUS: Dynamic-Author-Error[101] 6 Unsupported Service [405] So far the bundle appears to be reflected in cli output as having the same type of UID, AAA_id and Sesison_Id as a PPP session but obviously that does not work. So we need to work with our Cisco development to understand how to identify the bundle. The qos policies are attached to the bundles and not the underlying PPP sessions so we truly need to address the bundle with COA. Just wanted to let you know where I'm at. Thanks, Jay -Original Message- From: freeradius-users-bounces+jkuhne=cisco@lists.freeradius.org [mailto:freeradius-users-bounces+jkuhne=cisco@lists.freeradius.org] On Behalf Of Jay Kuhne (jkuhne) Sent: Tuesday, March 29, 2011 10:56 AM To: FreeRadius users mailing list Subject: RE: MLPPP Acct-Session-Id Okay thanks. I'll do some investigating and let you know. It may be a little bit but I will reply with my findings. Jay -Original Message- From: freeradius-users-bounces+jkuhne=cisco@lists.freeradius.org [mailto:freeradius-users-bounces+jkuhne=cisco@lists.freeradius.org] On Behalf Of Alan DeKok Sent: Tuesday, March 29, 2011 10:20 AM To: FreeRadius users mailing list Subject: Re: MLPPP Acct-Session-Id Jay Kuhne (jkuhne) wrote: Do you know of a syntax on Radclient for defining the Message-Authenticator attribute? It's just like any other attribute... Message-Authenticator = I'll see if I can find it in the accounting record, get it working and then follow-up as to why the it's not as per RFC. The NAS vendors don't bother following (or even reading) the RFCs. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MLPPP Acct-Session-Id
Jay Kuhne (jkuhne) wrote: Is there another attribute syntax on radclient that could be used aside from Acct-Session-Id to perform COA to a session I'm not sure I can parse that. I *think* the correct response is to say read the NAS documentation. If the NAS accepts CoA packets, the documentation *should* say what it needs in the CoA to disconnect a session. Failing that, look at the Accounting-Request packets for the session. Take that data (other than the various counters), put it into a CoA packet, and hope for the best. RADIUS: COA received from id 48 x.x.x.99:1052, CoA Request, len 149 COA: x.x.x.20 request queued ... COA: Message Authenticator missing or failed decode That message seems clear. Add the Message-Authenticator attribute to the CoA packet. And *why* does the NAS require this? RFC5176 does *not* require a Message-Authenticator to be in a CoA packet. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: MLPPP Acct-Session-Id
Hi Alan, Thanks for your reply. I think the bottom line is I need to do some more investigation. I tried a PPP vs. MLPPP session and my COAs work as expected. I'll see if I can gather data from the Accounting-Request like you mention. I'll see if I can find the Message-Authenticator attribute I'm not sure why the NAS is making this mandatory, I'll have to investigate. This is very helpful since as I can clearly see I'm not an expert in this area. Thanks, Jay -Original Message- From: freeradius-users-bounces+jkuhne=cisco@lists.freeradius.org [mailto:freeradius-users-bounces+jkuhne=cisco@lists.freeradius.org] On Behalf Of Alan DeKok Sent: Tuesday, March 29, 2011 1:50 AM To: FreeRadius users mailing list Subject: Re: MLPPP Acct-Session-Id Jay Kuhne (jkuhne) wrote: Is there another attribute syntax on radclient that could be used aside from Acct-Session-Id to perform COA to a session I'm not sure I can parse that. I *think* the correct response is to say read the NAS documentation. If the NAS accepts CoA packets, the documentation *should* say what it needs in the CoA to disconnect a session. Failing that, look at the Accounting-Request packets for the session. Take that data (other than the various counters), put it into a CoA packet, and hope for the best. RADIUS: COA received from id 48 x.x.x.99:1052, CoA Request, len 149 COA: x.x.x.20 request queued ... COA: Message Authenticator missing or failed decode That message seems clear. Add the Message-Authenticator attribute to the CoA packet. And *why* does the NAS require this? RFC5176 does *not* require a Message-Authenticator to be in a CoA packet. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: MLPPP Acct-Session-Id
Hi Alan, Do you know of a syntax on Radclient for defining the Message-Authenticator attribute? I'll see if I can find it in the accounting record, get it working and then follow-up as to why the it's not as per RFC. Thanks, Jay -Original Message- From: Jay Kuhne (jkuhne) Sent: Tuesday, March 29, 2011 9:08 AM To: FreeRadius users mailing list Subject: RE: MLPPP Acct-Session-Id Hi Alan, Thanks for your reply. I think the bottom line is I need to do some more investigation. I tried a PPP vs. MLPPP session and my COAs work as expected. I'll see if I can gather data from the Accounting-Request like you mention. I'll see if I can find the Message-Authenticator attribute I'm not sure why the NAS is making this mandatory, I'll have to investigate. This is very helpful since as I can clearly see I'm not an expert in this area. Thanks, Jay -Original Message- From: freeradius-users-bounces+jkuhne=cisco@lists.freeradius.org [mailto:freeradius-users-bounces+jkuhne=cisco@lists.freeradius.org] On Behalf Of Alan DeKok Sent: Tuesday, March 29, 2011 1:50 AM To: FreeRadius users mailing list Subject: Re: MLPPP Acct-Session-Id Jay Kuhne (jkuhne) wrote: Is there another attribute syntax on radclient that could be used aside from Acct-Session-Id to perform COA to a session I'm not sure I can parse that. I *think* the correct response is to say read the NAS documentation. If the NAS accepts CoA packets, the documentation *should* say what it needs in the CoA to disconnect a session. Failing that, look at the Accounting-Request packets for the session. Take that data (other than the various counters), put it into a CoA packet, and hope for the best. RADIUS: COA received from id 48 x.x.x.99:1052, CoA Request, len 149 COA: x.x.x.20 request queued ... COA: Message Authenticator missing or failed decode That message seems clear. Add the Message-Authenticator attribute to the CoA packet. And *why* does the NAS require this? RFC5176 does *not* require a Message-Authenticator to be in a CoA packet. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MLPPP Acct-Session-Id
Jay Kuhne (jkuhne) wrote: Do you know of a syntax on Radclient for defining the Message-Authenticator attribute? It's just like any other attribute... Message-Authenticator = I'll see if I can find it in the accounting record, get it working and then follow-up as to why the it's not as per RFC. The NAS vendors don't bother following (or even reading) the RFCs. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: MLPPP Acct-Session-Id
Okay thanks. I'll do some investigating and let you know. It may be a little bit but I will reply with my findings. Jay -Original Message- From: freeradius-users-bounces+jkuhne=cisco@lists.freeradius.org [mailto:freeradius-users-bounces+jkuhne=cisco@lists.freeradius.org] On Behalf Of Alan DeKok Sent: Tuesday, March 29, 2011 10:20 AM To: FreeRadius users mailing list Subject: Re: MLPPP Acct-Session-Id Jay Kuhne (jkuhne) wrote: Do you know of a syntax on Radclient for defining the Message-Authenticator attribute? It's just like any other attribute... Message-Authenticator = I'll see if I can find it in the accounting record, get it working and then follow-up as to why the it's not as per RFC. The NAS vendors don't bother following (or even reading) the RFCs. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
MLPPP Acct-Session-Id
Hi, Is there another attribute syntax on radclient that could be used aside from Acct-Session-Id to perform COA to a session We are using MultilinkPPP (single session per bundle still) and it is not working as it normally would with PPP. Thanks, Jay RADIUS: COA received from id 48 x.x.x.99:1052, CoA Request, len 149 COA: x.x.x.20 request queued RADIUS: authenticator 70 8D C4 4D 97 82 50 02 - 73 6B 53 27 81 52 29 BD RADIUS: User-Name [1] 25 user1@5_6_mlp.com1 RADIUS: Acct-Session-Id [44] 10 000110A4 RADIUS: Vendor, Cisco [26] 46 RADIUS: Cisco AVpair [1] 40 ip:sub-qos-policy-in=policy_session_in_coa RADIUS: Vendor, Cisco [26] 48 RADIUS: Cisco AVpair [1] 42 ip:sub-qos-policy-out=policy_session_out_coa COA: Message Authenticator missing or failed decode ++ CoA Attribute List ++ 7FD2EA5DA700 0 0009 username(447) 23 user1@asr_5_6_mlp.com1 7FD2EA5DB090 0 0001 session-id(409) 4 69796(110A4) 7FD2EA5DB0A8 0 0009 sub-qos-policy-in(421) 17 policy_session_in_coa 7FD2EA5DB0C0 0 0009 sub-qos-policy-out(423) 18 policy_session_out_coa RADIUS/ENCODE():Orig. component type = Invalid RADIUS(): sending RADIUS(): Send CoA Nack Response to x.x.x.99:1052 id 48, len 157 RADIUS: authenticator 76 2F 9A 52 29 2C 26 57 - 27 F6 E0 CC A6 E6 F1 13 RADIUS: User-Name [1] 25 user1@5_6_mlp.com1 RADIUS: Vendor, Cisco [26] 43 RADIUS: Cisco AVpair [1] 37 sub-qos-policy-in=policy_session_in_coa RADIUS: Vendor, Cisco [26] 45 RADIUS: Cisco AVpair [1] 39 sub-qos-policy-out=policy_session_out_coa RADIUS: Reply-Message [18] 18 RADIUS: 4E 6F 20 76 61 6C 69 64 20 53 65 73 73 69 6F 6E [ No valid Session] RADIUS: Dynamic-Author-Error[101] 6 Unsupported Service [405] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: MLPPP Acct-Session-Id
Ignore the fact the user domains don't match, I was manually editing to change themand blocking out the IPs -Original Message- From: freeradius-users-bounces+jkuhne=cisco@lists.freeradius.org [mailto:freeradius-users-bounces+jkuhne=cisco@lists.freeradius.org] On Behalf Of Jay Kuhne (jkuhne) Sent: Monday, March 28, 2011 10:43 PM To: FreeRadius users mailing list Subject: MLPPP Acct-Session-Id Hi, Is there another attribute syntax on radclient that could be used aside from Acct-Session-Id to perform COA to a session We are using MultilinkPPP (single session per bundle still) and it is not working as it normally would with PPP. Thanks, Jay RADIUS: COA received from id 48 x.x.x.99:1052, CoA Request, len 149 COA: x.x.x.20 request queued RADIUS: authenticator 70 8D C4 4D 97 82 50 02 - 73 6B 53 27 81 52 29 BD RADIUS: User-Name [1] 25 user1@5_6_mlp.com1 RADIUS: Acct-Session-Id [44] 10 000110A4 RADIUS: Vendor, Cisco [26] 46 RADIUS: Cisco AVpair [1] 40 ip:sub-qos-policy-in=policy_session_in_coa RADIUS: Vendor, Cisco [26] 48 RADIUS: Cisco AVpair [1] 42 ip:sub-qos-policy-out=policy_session_out_coa COA: Message Authenticator missing or failed decode ++ CoA Attribute List ++ 7FD2EA5DA700 0 0009 username(447) 23 user1@asr_5_6_mlp.com1 7FD2EA5DB090 0 0001 session-id(409) 4 69796(110A4) 7FD2EA5DB0A8 0 0009 sub-qos-policy-in(421) 17 policy_session_in_coa 7FD2EA5DB0C0 0 0009 sub-qos-policy-out(423) 18 policy_session_out_coa RADIUS/ENCODE():Orig. component type = Invalid RADIUS(): sending RADIUS(): Send CoA Nack Response to x.x.x.99:1052 id 48, len 157 RADIUS: authenticator 76 2F 9A 52 29 2C 26 57 - 27 F6 E0 CC A6 E6 F1 13 RADIUS: User-Name [1] 25 user1@5_6_mlp.com1 RADIUS: Vendor, Cisco [26] 43 RADIUS: Cisco AVpair [1] 37 sub-qos-policy-in=policy_session_in_coa RADIUS: Vendor, Cisco [26] 45 RADIUS: Cisco AVpair [1] 39 sub-qos-policy-out=policy_session_out_coa RADIUS: Reply-Message [18] 18 RADIUS: 4E 6F 20 76 61 6C 69 64 20 53 65 73 73 69 6F 6E [ No valid Session] RADIUS: Dynamic-Author-Error[101] 6 Unsupported Service [405] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Generating Acct-Session-Id identifier
Hi all! Is possible to set the attribute Acct-Session-ID for a specific user in freeradius?, I have a problem with a Load Balancer that not set this atribute. Regards - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Generating Acct-Session-Id identifier
JOE wrote: Is possible to set the attribute Acct-Session-ID for a specific user in freeradius?, I have a problem with a Load Balancer that not set this atribute. Yes. You can set any attribute to nearly any value. See man unlang Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Acct-Session-Id
Hi, My doubt is regarding the freeradius-client-1.1.6 implementation is sending the Acct-Session-Id(rfc 2866) attribute with accounting request to radius server or not. If yes then how they are generating the session id at run time. Thanks Arjun prasad - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
acct-session-id
Hi - The acct-session-id attribute has the length defined as =3 in RFC 2059. Is anyone aware of any practical limitations on the length of this attribute? Does FreeRadius support the length of this attribute to be let say 300bytes, and are you aware of any other Radius servers that may have problem with larger lengths? Thanks, Marlon - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: acct-session-id
Marlon Duksa wrote: The acct-session-id attribute has the length defined as =3 in RFC 2059. See RFC 2865 for the most recent definition of RADIUS. Is anyone aware of any practical limitations on the length of this attribute? RFC 2865 limits the maximum length of an attribute. Does FreeRadius support the length of this attribute to be let say 300bytes, and are you aware of any other Radius servers that may have problem with larger lengths? The limit is 253 bytes. I suspect that many NASes and servers won't handle that. My guess is that 32 bytes is OK. But for anything over 64 bytes, the odds of it working go down sharply. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: acct-session-id
Thanks Alan. Why do you think that anything longer than 64bytes would be hard to implement in NASes? Marlon On Tue, Mar 30, 2010 at 3:37 PM, Alan DeKok al...@deployingradius.comwrote: Marlon Duksa wrote: The acct-session-id attribute has the length defined as =3 in RFC 2059. See RFC 2865 for the most recent definition of RADIUS. Is anyone aware of any practical limitations on the length of this attribute? RFC 2865 limits the maximum length of an attribute. Does FreeRadius support the length of this attribute to be let say 300bytes, and are you aware of any other Radius servers that may have problem with larger lengths? The limit is 253 bytes. I suspect that many NASes and servers won't handle that. My guess is that 32 bytes is OK. But for anything over 64 bytes, the odds of it working go down sharply. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: acct-session-id
Marlon Duksa wrote: Thanks Alan. Why do you think that anything longer than 64bytes would be hard to implement in NASes? That's not what I said. I said I don't expect it to work. If you want to know why, ask the NAS vendors who write horrible code. *My* code works. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Acct-Session-Id special characters changed to hex
Thanks alot. Apologies, should have read the documentation more carefully. Regards, Sajeewa Warnakulasuriya Systems Development Manager ispONE is a wholesale ISP built to help internet access resellers and independent ISPs to compete in the Australian marketplace through ONE Brand, ONE Provider, ONE Solution. Level 14 520 Collins Street Melbourne 3000 VIC Phone: 1300 663 400 Fax: 1300 665 400 E-Mail: sajee...@ispone.com.au Web:http://www.ispone.com.au/ On Wed, 27 May 2009, Alan DeKok wrote: Sajeewa Warnakulasuriya wrote: I'm having some issues with the acct-session-id, where special characters for instance [] being converted to it's hex equivalent. See the safe-characters configuration in the SQL module. For example below, the Acct-Session-Id = 301[]426932183 when inserted into the accounting table it is inserted as 301=5B=5D426932183. Hmm... not many NASes send [] in Acct-Session-Id, for precisely this reason. What NAS is it? Why is it sending those attributes? I have noticed the same happens with the sql-group. Please advise how I could insert the data as received without conversion. Read the SQL configuration. This *is* documented. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Acct-Session-Id special characters changed to hex
Sajeewa Warnakulasuriya wrote: I'm having some issues with the acct-session-id, where special characters for instance [] being converted to it's hex equivalent. See the safe-characters configuration in the SQL module. For example below, the Acct-Session-Id = 301[]426932183 when inserted into the accounting table it is inserted as 301=5B=5D426932183. Hmm... not many NASes send [] in Acct-Session-Id, for precisely this reason. What NAS is it? Why is it sending those attributes? I have noticed the same happens with the sql-group. Please advise how I could insert the data as received without conversion. Read the SQL configuration. This *is* documented. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Acct-Session-Id special characters changed to hex
Hi All,
I'm having some issues with the acct-session-id, where special characters
for instance [] being converted to it's hex equivalent.
For example below, the Acct-Session-Id = 301[]426932183 when inserted
into the accounting table it is inserted as 301=5B=5D426932183.
I have noticed the same happens with the sql-group.
Please advise how I could insert the data as received without conversion.
Thanks
Sajeewa @ ispONE
==
Wed May 27 09:19:48 2009 : Info: FreeRADIUS Version 2.0.4, for host
i486-pc-linux-gnu, built on Sep 7 2008 at 23:35:34
Wed May 27 09:19:48 2009 : Info: Copyright (C) 1999-2008 The FreeRADIUS
server project and contributors.
Wed May 27 09:19:48 2009 : Info: There is NO warranty; not even for
MERCHANTABILITY or FITNESS FOR A
Wed May 27 09:19:48 2009 : Info: PARTICULAR PURPOSE.
Wed May 27 09:19:48 2009 : Info: You may redistribute copies of FreeRADIUS
under the terms of the
Wed May 27 09:19:48 2009 : Info: GNU General Public License.
Wed May 27 09:19:48 2009 : Info: Starting - reading configuration files
...
Wed May 27 09:19:48 2009 : Debug: including configuration file
/etc/freeradius/radiusd_dial.conf
Wed May 27 09:19:48 2009 : Debug: including configuration file
/etc/freeradius/proxy_dial.conf
Wed May 27 09:19:48 2009 : Debug: including configuration file
/etc/freeradius/clients_dial.conf
Wed May 27 09:19:48 2009 : Debug: including configuration file
/etc/freeradius/sql_dial.conf
Wed May 27 09:19:48 2009 : Debug: including configuration file
/etc/freeradius/sql_prepaid_counter.conf
Wed May 27 09:19:48 2009 : Debug: including configuration file
/etc/freeradius/policy.conf
Wed May 27 09:19:48 2009 : Debug: including files in directory
/etc/freeradius/sites-enabled/
Wed May 27 09:19:48 2009 : Debug: including configuration file
/etc/freeradius/sites-enabled/default_dial
Wed May 27 09:19:48 2009 : Debug: including dictionary file
/etc/freeradius/dictionary
Wed May 27 09:19:48 2009 : Debug: main {
Wed May 27 09:19:48 2009 : Debug: prefix = /usr
Wed May 27 09:19:48 2009 : Debug: localstatedir = /var
Wed May 27 09:19:48 2009 : Debug: logdir = /var/log/freeradius
Wed May 27 09:19:48 2009 : Debug: libdir = /usr/lib/freeradius
Wed May 27 09:19:48 2009 : Debug: radacctdir =
/var/log/freeradius/radacct
Wed May 27 09:19:48 2009 : Debug: hostname_lookups = no
Wed May 27 09:19:48 2009 : Debug: max_request_time = 30
Wed May 27 09:19:48 2009 : Debug: cleanup_delay = 5
Wed May 27 09:19:48 2009 : Debug: max_requests = 1024
Wed May 27 09:19:48 2009 : Debug: allow_core_dumps = no
Wed May 27 09:19:48 2009 : Debug: pidfile =
/var/run/freeradius/freeradius_dial.pid
Wed May 27 09:19:48 2009 : Debug: user = freerad
Wed May 27 09:19:48 2009 : Debug: group = freerad
Wed May 27 09:19:48 2009 : Debug: checkrad = /usr/sbin/checkrad
Wed May 27 09:19:48 2009 : Debug: debug_level = 0
Wed May 27 09:19:48 2009 : Debug: proxy_requests = yes
Wed May 27 09:19:48 2009 : Debug: security {
Wed May 27 09:19:48 2009 : Debug: max_attributes = 200
Wed May 27 09:19:48 2009 : Debug: reject_delay = 0
Wed May 27 09:19:48 2009 : Debug: status_server = yes
Wed May 27 09:19:48 2009 : Debug: }
Wed May 27 09:19:48 2009 : Debug: }
Wed May 27 09:19:48 2009 : Debug: client 144.130.4.5 {
Wed May 27 09:19:48 2009 : Debug: ipaddr = 144.130.4.5
Wed May 27 09:19:48 2009 : Debug: require_message_authenticator = no
Wed May 27 09:19:48 2009 : Debug: secret = 11oneONEV6
Wed May 27 09:19:48 2009 : Debug: shortname = telstra-1
Wed May 27 09:19:48 2009 : Debug: nastype = other
Wed May 27 09:19:48 2009 : Debug: }
Wed May 27 09:19:48 2009 : Debug: client 144.130.7.5 {
Wed May 27 09:19:48 2009 : Debug: ipaddr = 144.130.7.5
Wed May 27 09:19:48 2009 : Debug: require_message_authenticator = no
Wed May 27 09:19:48 2009 : Debug: secret = 11oneONEV6
Wed May 27 09:19:48 2009 : Debug: shortname = telstra-2
Wed May 27 09:19:48 2009 : Debug: nastype = other
Wed May 27 09:19:48 2009 : Debug: }
Wed May 27 09:19:48 2009 : Debug: client 192.168.0.19 {
Wed May 27 09:19:48 2009 : Debug: ipaddr = 192.168.0.19
Wed May 27 09:19:48 2009 : Debug: require_message_authenticator = no
Wed May 27 09:19:48 2009 : Debug: secret = 11oneONEV6
Wed May 27 09:19:48 2009 : Debug: shortname = test-1
Wed May 27 09:19:48 2009 : Debug: nastype = other
Wed May 27 09:19:48 2009 : Debug: }
Wed May 27 09:19:48 2009 : Debug: client 192.168.0.212 {
Wed May 27 09:19:48 2009 : Debug: ipaddr = 192.168.0.212
Wed May 27 09:19:48 2009 : Debug: require_message_authenticator = no
Wed May 27 09:19:48 2009 : Debug: secret = secret
Wed May 27 09:19:48 2009 : Debug: shortname = test-2
Wed May 27 09:19:48 2009 : Debug: nastype = other
Wed May 27 09:19:48 2009 : Debug: }
Wed May
Incorrect Acct-Session-Id format in Freradius 2.0.2
Hi all. I have found that format of Acct-Session-Id has been changed from v.1.x to 2.0.2 At debug I can see Acct-Session-Id = 1234567\000 not Acct-Session-Id = 1234567 (like in v.1.x) Is there any Idea why we get this \000 Acct-Session-Id is using for radacct_acctuniqueid_key (hash) and there are can be a problem between master and slave radius in case then Start record will be in v.1.x and STOP will be in v.2.0.2 where HASH for STOP will be completely different. -- View this message in context: http://www.nabble.com/Incorrect-Acct-Session-Id-format-in-Freradius-2.0.2-tp16046767p16046767.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Incorrect Acct-Session-Id format in Freradius 2.0.2
banga wrote: Hi all. I have found that format of Acct-Session-Id has been changed from v.1.x to 2.0.2 Not really. Your NAS is broken. 1.1.x hides that fact. 2.x doesn't. At debug I can see Acct-Session-Id = 1234567\000 That's what your NAS sends. It's not supposed to send a terminal zero. Let me guess... this is very old Ascend hardware? not Acct-Session-Id = 1234567 (like in v.1.x) Is there any Idea why we get this \000 Acct-Session-Id is using for radacct_acctuniqueid_key (hash) and there are can be a problem between master and slave radius in case then Start record will be in v.1.x and STOP will be in v.2.0.2 where HASH for STOP will be completely different. You can update the code in v2.0.2 to delete the trailing zero, or to not print it. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Incorrect Acct-Session-Id format in Freradius 2.0.2
Alan DeKok-4 wrote: banga wrote: Hi all. I have found that format of Acct-Session-Id has been changed from v.1.x to 2.0.2 Not really. Your NAS is broken. 1.1.x hides that fact. 2.x doesn't. At debug I can see Acct-Session-Id = 1234567\000 That's what your NAS sends. It's not supposed to send a terminal zero. Let me guess... this is very old Ascend hardware? not Acct-Session-Id = 1234567 (like in v.1.x) Is there any Idea why we get this \000 Acct-Session-Id is using for radacct_acctuniqueid_key (hash) and there are can be a problem between master and slave radius in case then Start record will be in v.1.x and STOP will be in v.2.0.2 where HASH for STOP will be completely different. You can update the code in v2.0.2 to delete the trailing zero, or to not print it. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Sorry ,but I can not find place where i can delete the trailing zero. Could you please show me a place(way) from that I can start ? -- View this message in context: http://www.nabble.com/Incorrect-Acct-Session-Id-format-in-Freradius-2.0.2-tp16046767p16054225.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
difference between Acct-Session-Id and Acct-Unique-Session-Id
what is the difference between Acct-Session-Id and Acct-Unique-Session-Id? thanks in advance. regards, marc -- Get Firefox! http://tinyurl.com/cocg2 The browser you can trust. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Acct-Session-Id too long
On Mon, Aug 22, 2005 at 05:15:53PM +0800, Rohaizam Abu Bakar wrote: Dear all, but one case as below, i received a long Acct-Session-Id ... and cannot fit into mysql... and problem to update Stop record... should I change column size from char32 to reasonable value ? Acct-Session-Id = erx atm 2/3.10601218:60.1218:0165889995 +--+--+--+-+-+ | nasipaddress | AcctSessionId| AcctUniqueId | acctstoptime| nasporttype | +--+--+--+-+-+ | 61.6.191.247 | erx atm 2/3.10601218:60.1218:016 | ebe88dbb3457c826 | 2005-08-22 10:32:52 | xDSL| - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html The ERX I'm hooked up to recently crossed the 64-byte mark, so I suggest 128 bytes for the field length, if you don't want to go all the way to 253. -- --- Paul TBBle Hampson, MCSE 8th year CompSci/Asian Studies student, ANU The Boss, Bubblesworth Pty Ltd (ABN: 51 095 284 361) [EMAIL PROTECTED] Of course Pacman didn't influence us as kids. If it did, we'd be running around in darkened rooms, popping pills and listening to repetitive music. -- Kristian Wilson, Nintendo, Inc, 1989 License: http://creativecommons.org/licenses/by/2.1/au/ --- pgpeXRLeJPlbA.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Acct-Session-Id too long
Hi, but one case as below, i received a long Acct-Session-Id ... and cannot fit into mysql... and problem to update Stop record... should I change column size from char32 to reasonable value ? I had the same problem some time ago and solved it by extending the allowed length for that column. So, yes, go ahead. Stefan Winter -- Stefan WINTER Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche Ingénieur de recherche 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg email: [EMAIL PROTECTED] tél.: +352 424409-1 http://www.restena.lu fax: +352 422473 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Acct-Session-Id too long
Dear all, FreeRADIUS 1.0.4 I'm using mysql to store accounting...especially to check simultaneous-use.. but one case as below, i received a long Acct-Session-Id ... and cannot fit into mysql... and problem to update Stop record... should I change column size from char32 to reasonable value ? pls advise.. thanks.. Acct-Session-Id = erx atm 2/3.10601218:60.1218:0165889995 +--+--+--+-+-+ | nasipaddress | AcctSessionId| AcctUniqueId | acctstoptime| nasporttype | +--+--+--+-+-+ | 61.6.191.247 | erx atm 2/3.10601218:60.1218:016 | ebe88dbb3457c826 | 2005-08-22 10:32:52 | xDSL| - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Acct-Session-Id
Hello guys and girls, I have a small quick question. Is the attribute Acct-Session-Id (number 44) modifiable manually (can I set it to what I want)? If so where should it be modified (in witch file)? sanx a lot! -- Vicky - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Acct-Session-Id
On Tue, 17 May 2005, vicky wrote: Hello guys and girls, I have a small quick question. Is the attribute Acct-Session-Id (number 44) modifiable manually (can I set it to what I want)? If so where should it be modified (in witch file)? What do you mean by modifiable? Acct-Session-Id is sent by the NAS and should be unique. You can play with acct-unique-id which is defined in radiusd.conf. This is a hash of whatever you want to put in there that will help create uniqueness if your NAS seems to be re-using numbers. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Overloaded Acct-Session-Id
Daniel Halle [EMAIL PROTECTED] wrote: I have version 1.0.1 working on FreeBSD 5.3 and doing only accounting from CISCO voice gateways; capturing both on flat files and a remote MySQL 4.1 I had to modify the AcctSessionId field length on the radacct table since I'm getting overloaded Acct-Session-Id from the gateways. Does anyone ever see a parse solution for overloaded acct-session-id fields Use rlm_acct_unique, which is in the default configuration. man rlm_acct_unique Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Overloaded Acct-Session-Id
Alan, Thanks for your promptly response. But it seems you misinterpreted my question. As you probably already know, overloaded Acct-Session-Id fields bring valuable attributes separated with an / in it; for example: Feb 5 18:58:57.661: RADIUS: Acct-Session-Id [44] 221 399466/13:58:57.609 est Sat Feb 5 2005/Barcelona5300./D228FDE7 76DE11D9 91F0B0FA 276E5A02/answer/VoIP/13:58:57.645 est Sat Feb 5 2005/13:58:57.645 est Sat Feb 5 2005/22/62.175.181.172/D228FDE7 76DE11D9 91F0B0FA 276E5A02 Attributes in it are: SESSION-ID SETUP-TIME GATEWAY-ID CALL-ORIGIN CALL-TYPE CONNECTION-ID CONNECT-TIME DISCONNECT-TIME DISCONNECT-CAUSE REMOTE-IP-ADDRESS What I was looking for is a way to parse that info at insert time and load it into different fields in the radacct table. Thanks again, Danny -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok Sent: Saturday, February 05, 2005 11:46 AM To: freeradius-users@lists.freeradius.org Subject: Re: Overloaded Acct-Session-Id Daniel Halle [EMAIL PROTECTED] wrote: I have version 1.0.1 working on FreeBSD 5.3 and doing only accounting from CISCO voice gateways; capturing both on flat files and a remote MySQL 4.1 I had to modify the AcctSessionId field length on the radacct table since I'm getting overloaded Acct-Session-Id from the gateways. Does anyone ever see a parse solution for overloaded acct-session-id fields Use rlm_acct_unique, which is in the default configuration. man rlm_acct_unique Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Overloaded Acct-Session-Id
Daniel Halle [EMAIL PROTECTED] wrote: But it seems you misinterpreted my question. It helps to provide ALL information needed to answer your question. The term overloaded is imprecise, as you have discovered. As you probably already know, overloaded Acct-Session-Id fields bring valuable attributes separated with an / in it; for example: Feb 5 18:58:57.661: RADIUS: Acct-Session-Id [44] 221 399466/13:58:57.609 est Sat Feb 5 2005/Barcelona5300./D228FDE7 76DE11D9 91F0B0FA 276E5A02/answer/VoIP/13:58:57.645 est Sat Feb 5 2005/13:58:57.645 est Sat Feb 5 2005/22/62.175.181.172/D228FDE7 76DE11D9 91F0B0FA 276E5A02 I've never seen that before. What I was looking for is a way to parse that info at insert time and load it into different fields in the radacct table. If the NAS is sending those attributes in addition to Acct-Session-Id, then there's no problem. If not, you'll have to parse the Acct-Session-Id data, and put it into different attributes. As for how, the simplest is to use rlm_policy, from the recent CVS snapshots. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Advice needed (Acct-Session-Id vs. User-Name)
Hello, For accounting_stop packet it's better to use Acct-Session-Time because for a call that the same user do you can use this to seperate the calls. In this way you can handle a lot of calls that one user do. All this if you want to know about the calls one by one. Kyriaki Gali, IT Applications Specialist Kinetix Tele.com Support Center, Tel Fax: +30 2310 256140 GSM: +30 6947 723737 http://www.kinetix.gr e-mail: [EMAIL PROTECTED] - Original Message - From: Roman Suzi [EMAIL PROTECTED] To: Radius Free [EMAIL PROTECTED] Sent: Thursday, October 28, 2004 9:09 AM Subject: Advice needed (Acct-Session-Id vs. User-Name) Hi, I need an advice. One of my collegues suggested to drop User-Name for accounting purposes to avoid realm clashes (when CISCO drops realms in some cases). He suggests to store Acct-Session-Id at authorisation and then restore User-Name at accounting stop event to make accounting. He claims it's more accurate than to rely on User-Name. As this is completely novel idea, I'd liked to know community opinion. Thank you! Sincerely yours, Roman A.Suzi -- - Petrozavodsk - Karelia - Russia - mailto:[EMAIL PROTECTED] - - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Advice needed (Acct-Session-Id vs. User-Name)
Hi, I need an advice. One of my collegues suggested to drop User-Name for accounting purposes to avoid realm clashes (when CISCO drops realms in some cases). He suggests to store Acct-Session-Id at authorisation and then restore User-Name at accounting stop event to make accounting. He claims it's more accurate than to rely on User-Name. As this is completely novel idea, I'd liked to know community opinion. Thank you! Sincerely yours, Roman A.Suzi -- - Petrozavodsk - Karelia - Russia - mailto:[EMAIL PROTECTED] - - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Session ID vs Acct-Session-ID
In my radius server's radacct.log I have this: Acct-Session-Id = \xc3a\xf2y\x00\x01\xa5\x88 In the logs in my RAS that corresponds with: sessionID: 0001A318 I am trying to figure out how those two session ids relate, as they should be the same value. Im just not certain how to read the one recorded in the radius server's logs. Ive done a few base conversions to see if it was just something simple, but havent managed to figure out the right relation yet. Any help on this would be greatly appreciated Casey Boone Clearwave Communications - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Session ID vs Acct-Session-ID
Casey Boone [EMAIL PROTECTED] wrote: I am trying to figure out how those two session ids relate, as they should be the same value. Really? Does the documentation from your NAS vendor say that? Im just not certain how to read the one recorded in the radius server's logs. Read the documentation from your NAS vendor to see what it means. FreeRADIUS just logs whatever the NAS sends. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
