Freeradius+MySql+Cisco (Accounting)
Hi, I am using freeradius-0.9.1, MySql 4.0 and using TCL 2.0 in Cisco AS5400. How can I have more than one SQL statements to be executed in sql.conf whenever there is an accounting request. Basically, I want to insert into one table and update the second table once the call is finished. How can this be achieved ? Kiran. Want to chat instantly with your online friends? Get the FREE Yahoo! Messenger http://mail.messenger.yahoo.co.uk - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius+MySql+Cisco (Accounting)
I didn't test it but did you try to add a semicolon and the next statement? I don't know if the accounting part is coded in another way than the authorization part, but in authorization it works... Am Mon, 2003-09-15 um 16.00 schrieb Kiran: Hi, I am using freeradius-0.9.1, MySql 4.0 and using TCL 2.0 in Cisco AS5400. How can I have more than one SQL statements to be executed in sql.conf whenever there is an accounting request. Basically, I want to insert into one table and update the second table once the call is finished. How can this be achieved ? Kiran. Want to chat instantly with your online friends? Get the FREE Yahoo! Messenger http://mail.messenger.yahoo.co.uk - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius+MySql+Cisco (Accounting)
I tried in the following ways 1. accounting_stop_query = insert into ;insert into... it has thrown the error saying the sql statement was incorrect :( 2. accounting_stop_query = insert into ;insert into... it has just taken the first query and not the second one. --- Ulrich Walcher [EMAIL PROTECTED] wrote: I didn't test it but did you try to add a semicolon and the next statement? I don't know if the accounting part is coded in another way than the authorization part, but in authorization it works... Am Mon, 2003-09-15 um 16.00 schrieb Kiran: Hi, I am using freeradius-0.9.1, MySql 4.0 and using TCL 2.0 in Cisco AS5400. How can I have more than one SQL statements to be executed in sql.conf whenever there is an accounting request. Basically, I want to insert into one table and update the second table once the call is finished. How can this be achieved ? Kiran. Want to chat instantly with your online friends? Get the FREE Yahoo! Messenger http://mail.messenger.yahoo.co.uk - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Want to chat instantly with your online friends? Get the FREE Yahoo! Messenger http://mail.messenger.yahoo.co.uk - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: cisco accounting attribute
John A. Hengstler [EMAIL PROTECTED] wrote: Does anybody know why this accounting attribute would be listed this way coming from a cisco. Connect-Info = \320\272\254J721670\000\000\000\000\000\000\000\000\000\000\000 Because that's what the Cisco NAS sends to the RADIUS server? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
cisco accounting attribute
Greetings, Does anybody know why this accounting attribute would be listed this way coming from a cisco. Connect-Info = \320\272\254J721670\000\000\000\000\000\000\000\000\000\000\000 Regards, John Hengstler
Re: Cisco accounting
i have 2 cisco ( 3620 and AS5300) with freeradius 0.5 and accounting work fine. the config of cisco are. aaa accounting send stop-record authentication failure aaa accounting delay-start aaa accounting update periodic 1 aaa accounting network default start-stop group radius radius-server host 192.168.0.4 auth-port 1645 acct-port 1646 key 7 X radius-server retransmit 3 and work fine. whis that this help you. - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, September 18, 2002 5:05 AM Subject: Cisco accounting I recently installed freeradius 0.7.1 on freebsd4.6 and authentication is working just fine. But accounting only works on Foundry and not Cisco. I'm not sure if anyone has experienced this in the pass. Any help is appreciated. Regards Mathias, DISCLAIMER This e-mail is intended only for the use of the addressees named above and may be confidential. If you are not an addressee you must not read it and must not use any information contained in nor copy it nor inform any person other than TeleCity Limited or the addressees of its existence or contents. If you have received this email and are not a named addressee, please delete it and notify the TeleCity IT department on 0161 226 7643 or by email at [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco accounting
[EMAIL PROTECTED] wrote: Foundry has the same config and is working as it should. Below is a snapshot of the file freeradius has generated for a Foundry. No, this attitude is *totally* incorrect. Thinking this way makes it more difficult to understand what's really going on. FreeRADIUS generates *no* accounting information. It only logs the information sent to it by the NAS. So the Foundry NAS generates the accounting packet, and sends it to the server. If the information you want isn't in the 'detail' file, don't blame the server, blame the NAS. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Cisco accounting
I recently installed freeradius 0.7.1 on freebsd4.6 and authentication is working just fine. But accounting only works on Foundry and not Cisco. I'm not sure if anyone has experienced this in the pass. Any help is appreciated. Regards Mathias, DISCLAIMER This e-mail is intended only for the use of the addressees named above and may be confidential. If you are not an addressee you must not read it and must not use any information contained in nor copy it nor inform any person other than TeleCity Limited or the addressees of its existence or contents. If you have received this email and are not a named addressee, please delete it and notify the TeleCity IT department on 0161 226 7643 or by email at [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco accounting
On Wed, Sep 18, 2002 at 04:05:58AM +0100, [EMAIL PROTECTED] wrote: I recently installed freeradius 0.7.1 on freebsd4.6 and authentication is working just fine. But accounting only works on Foundry and not Cisco. I'm not sure if anyone has experienced this in the pass. Any help is appreciated. Exactly what kind of accounting are you talking about here? Cisco IOS (up to 12.1 at least) does not support command accounting via RADIUS. Other accounting should be supported but I have no further info on it. /fc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Cisco accounting
If someone logs in to a router and issue a command, this is recorded in a file. I currently use IOS 12.2 The following commands are configured on the Cisco router. aaa accounting commands 15 acc1 start-stop radius radius-server host x.x.x.x auth-port 1812 acct-port 1813 this radius-server key x Foundry has the same config and is working as it should. Below is a snapshot of the file freeradius has generated for a Foundry. Mon Sep 16 22:07:56 2002 User-Name = mathias NAS-IP-Address = x.x.x.x NAS-Port = 1 NAS-Port-Type = Virtual Calling-Station-Id = x.x.x.x Acct-Status-Type = Alive Acct-Authentic = RADIUS Service-Type = NAS-Prompt-User Acct-Session-Id = 0 Attr-130482178 = copy running-config tftp x.x.x.x lon50big.conf Acct-Delay-Time = 0 Client-IP-Address = x.x.x.x Timestamp = 1032210476 Mon Sep 16 22:08:38 2002 User-Name = mathias NAS-IP-Address = x.x.x.x.x NAS-Port = 1 NAS-Port-Type = Virtual Calling-Station-Id = x.x.x.x Acct-Status-Type = Alive Acct-Authentic = RADIUS Service-Type = NAS-Prompt-User Acct-Session-Id = 0 Attr-130482178 = exit Acct-Delay-Time = 0 Client-IP-Address = x.x.x.x Timestamp = 1032210518 Mathias, -Original Message- From: Frank Cusack [mailto:[EMAIL PROTECTED]] Sent: 18 September 2002 05:09 To: [EMAIL PROTECTED] Subject: Re: Cisco accounting On Wed, Sep 18, 2002 at 04:05:58AM +0100, [EMAIL PROTECTED] wrote: I recently installed freeradius 0.7.1 on freebsd4.6 and authentication is working just fine. But accounting only works on Foundry and not Cisco. I'm not sure if anyone has experienced this in the pass. Any help is appreciated. Exactly what kind of accounting are you talking about here? Cisco IOS (up to 12.1 at least) does not support command accounting via RADIUS. Other accounting should be supported but I have no further info on it. /fc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html DISCLAIMER This e-mail is intended only for the use of the addressees named above and may be confidential. If you are not an addressee you must not read it and must not use any information contained in nor copy it nor inform any person other than TeleCity Limited or the addressees of its existence or contents. If you have received this email and are not a named addressee, please delete it and notify the TeleCity IT department on 0161 226 7643 or by email at [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco accounting
On Wed, Sep 18, 2002 at 05:35:52AM +0100, [EMAIL PROTECTED] wrote: If someone logs in to a router and issue a command, this is recorded in a file. I currently use IOS 12.2 The following commands are configured on the Cisco router. So, as I said, this is not supported on Cisco w/ RADIUS. Look at the Cisco docs, it says this explicitly. ( cco-ios-12.2-security-aaa-accounting-command accounting ... I think) Foundry has the same config and is working as it should. Below is a snapshot of the file freeradius has generated for a Foundry. So Foundry got it right. There's no REASON it's not easily supportable; Cisco just chose not to implement it I guess. You should open a bug. /fc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco accounting
On Tue, Sep 17, 2002 at 10:03:42PM -0700, Frank Cusack wrote: So, as I said, this is not supported on Cisco w/ RADIUS. Look at the Cisco docs, it says this explicitly. ( cco-ios-12.2-security-aaa-accounting-command accounting ... I think) http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsecur_c/fsaaa/scfacct.htm#xtocid10 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_sql cisco accounting hack...
Hello- We are using freeradius-0.4, and noticed a couple log entries for 'zero session length'. I tracked it down to the block (below) in rlm_sql.c. Now, we only got a couple log entries, but in both cases we had open sessions in the database that were not closed due to a 0-length session time (so we are treating them as valid.) My question is basically: The comment here notes that you only want to return RLM_MODULE_FAIL if the session length is 0 AND no previous session was found. Does this actually check for previous sessions? A cursory glance did not reveal where it was checking this. -Kevin #ifdef CISCO_ACCOUNTING_HACK /* * If stop but zero session length AND no previous * session found, drop it as in invalid packet * This is to fix CISCO's aaa from filling our * table with bogus crap */ if ((pair = pairfind(request-packet-vps, PW_ACCT_SESSION_TIME)) != NULL) acctsessiontime = pair-lvalue; if ((acctsessiontime = 0) (acctstatustype == PW_STATUS_STOP)) { radius_xlat(logstr, MAX_QUERY_LEN, rlm_sql: Stop packet with zero session length. (user ' %{User-Name}', nas '%{NAS-IP-Address}'), request, NULL); radlog(L_ERR, logstr); sql_release_socket(inst, sqlsocket); return RLM_MODULE_FAIL; } #endif --- Kevin C. Miller [EMAIL PROTECTED] Network Group Carnegie Mellon University - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html