Re: Accounting and Realms (Solved)
Great, that works. But I changed your example to: DEFAULT Realm == "domain.com.br", Proxy-To-Realm := "domain.com.br" and the unique adding to radiusd.conf is: files { acctusersfile = ${confdir}/acct_users compat = no } I can't beleave that. It sending acct packets to other server. But yet a minor problem that these packets are logged localy too. Dave Hickey em 31-10-2003 15:23 disse: I have the same problem. But I did not understand what you mean with "...miss the acct_users file". What is the acct_users file The acct_users file allows you to specify what to do with a specific users accounting packets. In my case I'm doing wildcard proxying, so I have DEFAULT User-Name =~ "@*.olie1", Proxy-To-Realm := "bt-radius" in my users file. However the accounting records for these users get written locally instead of to the accounting servers for the realm. In order for the accounting packets to go to the servers for that realm I have to add DEFAULT User-Name =~ "@*.olie1", Proxy-To-Realm := "bt-radius" to the acct_users file in the raddb directory. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Accounting and Realms
=?ISO-8859-1?Q?Jefferson_D=FCmes?= <[EMAIL PROTECTED]> wrote: > But I think I need to refer this file (acct_user) on radiusd.conf or other. > > I don't need to have in radiusd.conf a "files {}" section refering to > this file ??? Or something else ??? Yes. $ grep acct_users freeradius-0.9.2/raddb/radiusd.conf.in or: $ grep acct_users /usr/local/etc/raddb/radiusd.conf Isn't it easier to do that, than to ask a question on the list? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Accounting and Realms
Ok But I think I need to refer this file (acct_user) on radiusd.conf or other. I don't need to have in radiusd.conf a "files {}" section refering to this file ??? Or something else ??? Dave Hickey em 31-10-2003 15:23 disse: I have the same problem. But I did not understand what you mean with "...miss the acct_users file". What is the acct_users file The acct_users file allows you to specify what to do with a specific users accounting packets. In my case I'm doing wildcard proxying, so I have DEFAULT User-Name =~ "@*.olie1", Proxy-To-Realm := "bt-radius" in my users file. However the accounting records for these users get written locally instead of to the accounting servers for the realm. In order for the accounting packets to go to the servers for that realm I have to add DEFAULT User-Name =~ "@*.olie1", Proxy-To-Realm := "bt-radius" to the acct_users file in the raddb directory. Hope that helps, Dave. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Accounting and Realms
> I have the same problem. But I did not understand what you mean with > "...miss the acct_users file". > > What is the acct_users file The acct_users file allows you to specify what to do with a specific users accounting packets. In my case I'm doing wildcard proxying, so I have DEFAULT User-Name =~ "@*.olie1", Proxy-To-Realm := "bt-radius" in my users file. However the accounting records for these users get written locally instead of to the accounting servers for the realm. In order for the accounting packets to go to the servers for that realm I have to add DEFAULT User-Name =~ "@*.olie1", Proxy-To-Realm := "bt-radius" to the acct_users file in the raddb directory. Hope that helps, Dave. -- Dave Hickey [EMAIL PROTECTED] Esat BT IP NOCwww.esatbt.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Accounting and Realms
Dave I have the same problem. But I did not understand what you mean with "...miss the acct_users file". What is the acct_users file Dave Hickey em 31-10-2003 10:04 disse: Hello All, I'm having a little trouble with FreeRadius 0.9.2 and realms and I'm looking for a little help from the list. I have since got the accounting proxying working, I had managed to miss the acct_users file... Doh! Cheers, Dave. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Accounting and Realms
Hello All, > I'm having a little trouble with FreeRadius 0.9.2 and realms and I'm looking > for a little help from the list. I have since got the accounting proxying working, I had managed to miss the acct_users file... Doh! Cheers, Dave. -- Dave Hickey [EMAIL PROTECTED] Esat BT IP NOCwww.esatbt.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Accounting and Realms
Hello all, Apologies for the length of this mail, but I think I have all the relevant information here. I'm having a little trouble with FreeRadius 0.9.2 and realms and I'm looking for a little help from the list. I'm testing a new service that we have to provide, which involves proxying all requests for a wildcard suffix to another service provider. To achieve this I have the following users file: these are lines 90 - 96. The rest of the file is comments. << testAuth-Type := Local, User-Password == "testac" Service-Type = Framed-User, Framed-Protocol = "PPP" DEFAULT User-Name =~ "@*.olie1", Proxy-To-Realm := "bt-radius" DEFAULT User-Name =~ "@*.olie2", Proxy-To-Realm := "bt-radius" >> My proxy.conf looks like: << proxy server { synchronous = no retry_delay = 1 retry_count = 1 dead_time = 360 default_fallback = yes post_proxy_authorize = no } realm bt-radius { type= radius authhost= 208.159.238.241:1645 accthost= 208.159.238.243:1646 secret = ** nostrip } realm bt-radius { type= radius authhost= 208.159.238.242:1645 accthost= 208.159.238.243:1646 secret = ** nostrip } >> The problem is that the user is authenticated correctly but the accounting information is not forwarded onto the accthost for that realm, by which I mean I cannot see any traffic to the accthost at all with ethereal. I have incuded the radiusd.conf and the output from radiusd -X at the end of this mail. When I dial up I get the following: << rad_recv: Access-Request packet from host 193.95.136.204:1645, id=115, length=110 NAS-IP-Address = 193.95.136.204 NAS-Port = 139 NAS-Port-Type = Async User-Name = "[EMAIL PROTECTED]" Called-Station-Id = "015009992" Calling-Station-Id = "014326957" User-Password = "**" Service-Type = Framed-User Framed-Protocol = PPP modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 rlm_realm: Looking up realm "ireland.olie1" for User-Name = "[EMAIL PROTECTED]" rlm_realm: No such realm "ireland.olie1" modcall[authorize]: module "suffix" returns noop for request 0 users: Matched DEFAULT at 94 modcall[authorize]: module "files" returns ok for request 0 modcall[authorize]: module "mschap" returns noop for request 0 modcall: group authorize returns ok for request 0 Sending Access-Request of id 1 to 208.159.238.241:1645 NAS-IP-Address = 193.95.136.204 NAS-Port = 139 NAS-Port-Type = Async User-Name = "[EMAIL PROTECTED]" Called-Station-Id = "015009992" Calling-Station-Id = "014326957" User-Password = "*" Service-Type = Framed-User Framed-Protocol = PPP Proxy-State = 0x313135 --- Walking the entire request list --- Waking up in 2 seconds... rad_recv: Access-Accept packet from host 208.159.238.241:1645, id=1, length=135 NAS-IP-Address = 193.95.136.204 NAS-Port = 139 NAS-Port-Type = Async User-Name = "[EMAIL PROTECTED]" Called-Station-Id = "015009992" Calling-Station-Id = "014326957" User-Password = "**" Proxy-State = 0x313135 Class = 0x060a4d313132303735310903d90a082e2e2e2e55530c0302 Service-Type = Framed-User Framed-Protocol = PPP authorize: Skipping authorize in post-proxy stage rad_check_password: Found Auth-Type rad_check_password: Auth-Type = Accept, accepting the user Login OK: [EMAIL PROTECTED] (from client ts-test.cwt port 139 cli 014326957) >> So access accept is returned to the NAS and the user is connected. Next the accounting Start record is received from the NAS. rad_recv: Accounting-Request packet from host 193.95.136.204:1646, id=116, length=152 NAS-IP-Address = 193.95.136.204 NAS-Port = 139 NAS-Port-Type = Async User-Name = "[EMAIL PROTECTED]" Called-Station-Id = "015009992" Calling-Station-Id = "014326957" Acct-Status-Type = Start Class = 0x060a4d313132303735310903d90a082e2e2e2e55530c0302 Acct-Authentic = RADIUS Service-Type = Framed-User Acct-Session-Id = "0020" Framed-Protocol = PPP Framed-IP-Address = 193.120.53.65 Acct-Delay-Time = 0 On processing the accounting packet the realm is not matched in the proxy.conf so freeradius never sends the accounting packet to the correct server for the realm, as matched in the users file for authentication. modcall: entering group preacct for request 2 modcall[preacct]: module "preprocess" returns noop for request 2 rlm_realm: Looking up realm "ireland.olie1" for User-Name = "[