Re: Accounting and Realms (Solved)
Great, that works.
But I changed your example to:
DEFAULT Realm == "domain.com.br", Proxy-To-Realm := "domain.com.br"
and the unique adding to radiusd.conf is:
files {
acctusersfile = ${confdir}/acct_users
compat = no
}
I can't beleave that. It sending acct packets to other server. But yet a
minor problem that these packets are logged localy too.
Dave Hickey em 31-10-2003 15:23 disse:
I have the same problem. But I did not understand what you mean with
"...miss the acct_users file".
What is the acct_users file
The acct_users file allows you to specify what to do with a specific users
accounting packets. In my case I'm doing wildcard proxying, so I have
DEFAULT User-Name =~ "@*.olie1", Proxy-To-Realm := "bt-radius"
in my users file. However the accounting records for these users get written
locally instead of to the accounting servers for the realm. In order for the
accounting packets to go to the servers for that realm I have to add
DEFAULT User-Name =~ "@*.olie1", Proxy-To-Realm := "bt-radius"
to the acct_users file in the raddb directory.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Accounting and Realms
=?ISO-8859-1?Q?Jefferson_D=FCmes?= <[EMAIL PROTECTED]> wrote:
> But I think I need to refer this file (acct_user) on radiusd.conf or other.
>
> I don't need to have in radiusd.conf a "files {}" section refering to
> this file ??? Or something else ???
Yes.
$ grep acct_users freeradius-0.9.2/raddb/radiusd.conf.in
or:
$ grep acct_users /usr/local/etc/raddb/radiusd.conf
Isn't it easier to do that, than to ask a question on the list?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Accounting and Realms
Ok
But I think I need to refer this file (acct_user) on radiusd.conf or other.
I don't need to have in radiusd.conf a "files {}" section refering to
this file ??? Or something else ???
Dave Hickey em 31-10-2003 15:23 disse:
I have the same problem. But I did not understand what you mean with
"...miss the acct_users file".
What is the acct_users file
The acct_users file allows you to specify what to do with a specific users
accounting packets. In my case I'm doing wildcard proxying, so I have
DEFAULT User-Name =~ "@*.olie1", Proxy-To-Realm := "bt-radius"
in my users file. However the accounting records for these users get written
locally instead of to the accounting servers for the realm. In order for the
accounting packets to go to the servers for that realm I have to add
DEFAULT User-Name =~ "@*.olie1", Proxy-To-Realm := "bt-radius"
to the acct_users file in the raddb directory.
Hope that helps,
Dave.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Accounting and Realms
> I have the same problem. But I did not understand what you mean with > "...miss the acct_users file". > > What is the acct_users file The acct_users file allows you to specify what to do with a specific users accounting packets. In my case I'm doing wildcard proxying, so I have DEFAULT User-Name =~ "@*.olie1", Proxy-To-Realm := "bt-radius" in my users file. However the accounting records for these users get written locally instead of to the accounting servers for the realm. In order for the accounting packets to go to the servers for that realm I have to add DEFAULT User-Name =~ "@*.olie1", Proxy-To-Realm := "bt-radius" to the acct_users file in the raddb directory. Hope that helps, Dave. -- Dave Hickey [EMAIL PROTECTED] Esat BT IP NOCwww.esatbt.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Accounting and Realms
Dave I have the same problem. But I did not understand what you mean with "...miss the acct_users file". What is the acct_users file Dave Hickey em 31-10-2003 10:04 disse: Hello All, I'm having a little trouble with FreeRadius 0.9.2 and realms and I'm looking for a little help from the list. I have since got the accounting proxying working, I had managed to miss the acct_users file... Doh! Cheers, Dave. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Accounting and Realms
Hello All, > I'm having a little trouble with FreeRadius 0.9.2 and realms and I'm looking > for a little help from the list. I have since got the accounting proxying working, I had managed to miss the acct_users file... Doh! Cheers, Dave. -- Dave Hickey [EMAIL PROTECTED] Esat BT IP NOCwww.esatbt.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Accounting and Realms
Hello all,
Apologies for the length of this mail, but I think I have all the relevant
information here.
I'm having a little trouble with FreeRadius 0.9.2 and realms and I'm looking
for a little help from the list.
I'm testing a new service that we have to provide, which involves proxying all
requests for a wildcard suffix to another service provider. To achieve this I
have the following users file: these are lines 90 - 96. The rest of the file
is comments.
<<
testAuth-Type := Local, User-Password == "testac"
Service-Type = Framed-User,
Framed-Protocol = "PPP"
DEFAULT User-Name =~ "@*.olie1", Proxy-To-Realm := "bt-radius"
DEFAULT User-Name =~ "@*.olie2", Proxy-To-Realm := "bt-radius"
>>
My proxy.conf looks like:
<<
proxy server {
synchronous = no
retry_delay = 1
retry_count = 1
dead_time = 360
default_fallback = yes
post_proxy_authorize = no
}
realm bt-radius {
type= radius
authhost= 208.159.238.241:1645
accthost= 208.159.238.243:1646
secret = **
nostrip
}
realm bt-radius {
type= radius
authhost= 208.159.238.242:1645
accthost= 208.159.238.243:1646
secret = **
nostrip
}
>>
The problem is that the user is authenticated correctly but the accounting
information is not forwarded onto the accthost for that realm, by which I mean
I cannot see any traffic to the accthost at all with ethereal. I have incuded
the radiusd.conf and the output from radiusd -X at the end of this mail.
When I dial up I get the following:
<<
rad_recv: Access-Request packet from host 193.95.136.204:1645, id=115,
length=110
NAS-IP-Address = 193.95.136.204
NAS-Port = 139
NAS-Port-Type = Async
User-Name = "[EMAIL PROTECTED]"
Called-Station-Id = "015009992"
Calling-Station-Id = "014326957"
User-Password = "**"
Service-Type = Framed-User
Framed-Protocol = PPP
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
rlm_realm: Looking up realm "ireland.olie1" for User-Name =
"[EMAIL PROTECTED]"
rlm_realm: No such realm "ireland.olie1"
modcall[authorize]: module "suffix" returns noop for request 0
users: Matched DEFAULT at 94
modcall[authorize]: module "files" returns ok for request 0
modcall[authorize]: module "mschap" returns noop for request 0
modcall: group authorize returns ok for request 0
Sending Access-Request of id 1 to 208.159.238.241:1645
NAS-IP-Address = 193.95.136.204
NAS-Port = 139
NAS-Port-Type = Async
User-Name = "[EMAIL PROTECTED]"
Called-Station-Id = "015009992"
Calling-Station-Id = "014326957"
User-Password = "*"
Service-Type = Framed-User
Framed-Protocol = PPP
Proxy-State = 0x313135
--- Walking the entire request list ---
Waking up in 2 seconds...
rad_recv: Access-Accept packet from host 208.159.238.241:1645, id=1, length=135
NAS-IP-Address = 193.95.136.204
NAS-Port = 139
NAS-Port-Type = Async
User-Name = "[EMAIL PROTECTED]"
Called-Station-Id = "015009992"
Calling-Station-Id = "014326957"
User-Password = "**"
Proxy-State = 0x313135
Class = 0x060a4d313132303735310903d90a082e2e2e2e55530c0302
Service-Type = Framed-User
Framed-Protocol = PPP
authorize: Skipping authorize in post-proxy stage
rad_check_password: Found Auth-Type
rad_check_password: Auth-Type = Accept, accepting the user
Login OK: [EMAIL PROTECTED] (from client ts-test.cwt port 139 cli 014326957)
>>
So access accept is returned to the NAS and the user is connected.
Next the accounting Start record is received from the NAS.
rad_recv: Accounting-Request packet from host 193.95.136.204:1646, id=116,
length=152
NAS-IP-Address = 193.95.136.204
NAS-Port = 139
NAS-Port-Type = Async
User-Name = "[EMAIL PROTECTED]"
Called-Station-Id = "015009992"
Calling-Station-Id = "014326957"
Acct-Status-Type = Start
Class = 0x060a4d313132303735310903d90a082e2e2e2e55530c0302
Acct-Authentic = RADIUS
Service-Type = Framed-User
Acct-Session-Id = "0020"
Framed-Protocol = PPP
Framed-IP-Address = 193.120.53.65
Acct-Delay-Time = 0
On processing the accounting packet the realm is not matched in the proxy.conf
so freeradius never sends the accounting packet to the correct server for the
realm, as matched in the users file for authentication.
modcall: entering group preacct for request 2
modcall[preacct]: module "preprocess" returns noop for request 2
rlm_realm: Looking up realm "ireland.olie1" for User-Name =
"[
