postgresql and freeradius accounting problem
hello list, i am just new to this list. i know igor chen is on of those i have seen posting some about postgresql and freeradius. i am having problem with postgresql and freeradius on its accounting. there seems to have no entries when i i try radtest using ntradping. i am using postgresql 7.2.3 and freeradis 0.4 or the latest. my box is on freebsd 4.8. is anyone here having the same specs as mine as well as having problems? if you do please let me know how you solved the same problem as i have. if you happen to have a step by step notes on configuration of the postgresql + freeradius, i would be honored to take it. thanks, francis ted a. seguerra www.1asialink.com brbr table border=0 width=100% height=9 tr td width=100% height=9 font face=Arial color=#006600-br iBringing First World Technology Closer to You./ibr bhttp://www.1asialink.com/b/font/td /tr /table - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: postgresql and freeradius accounting problem
At 09:43 AM 9/10/2003, [EMAIL PROTECTED] wrote: hello list, i am just new to this list. i know igor chen is on of those i have seen posting some about postgresql and freeradius. i am having problem with postgresql and freeradius on its accounting. there seems to have no entries when i i try radtest using ntradping. i am using postgresql 7.2.3 and freeradis 0.4 or the latest. my box is on freebsd 4.8. Please consider upgrading, the lastest release is 0.9.1. The version 0.4 is *very* *very* old and have many known bugs and memory leaks which are fixed in the current release. -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: postgresql and freeradius accounting problem
sorry i made a mistake, i am using the latest snapshot for freeradius. but still i got errors on accounting. it doesnt insert any on the db when i try to use accounting start. At 09:43 AM 9/10/2003,[EMAIL PROTECTED]: hello list, i am just new to this list. i know igor chen is on of those i have seen posting some about postgresql and freeradius. i am having problem with postgresql and freeradius on its accounting. there seems to have no entries when i i try radtest using ntradping. i am using postgresql 7.2.3 and freeradis 0.4 or the latest. my box is on freebsd 4.8. Please consider upgrading, the lastest release is 0.9.1. The version 0.4 is *very* *very* old and have many known bugs and memory leaks which are fixed in the current release. -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless! \ Director, Engineering | @ [EMAIL PROTECTED]| \ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html brbr table border=0 width=100% height=9 tr td width=100% height=9 font face=Arial color=#006600-br iBringing First World Technology Closer to You./ibr bhttp://www.1asialink.com/b/font/td /tr /table - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: postgresql and freeradius accounting problem
At 10:38 AM 9/10/2003, [EMAIL PROTECTED] wrote: sorry i made a mistake, i am using the latest snapshot for freeradius. but still i got errors on accounting. it doesnt insert any on the db when i try to use accounting start. What does the debug output say? ( running the server 'radiusd -x -x' ) -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: postgresql and freeradius accounting problem
here are attached files. At 10:38 AM 9/10/2003,[EMAIL PROTECTED]: sorry i made a mistake, i am using the latest snapshot for freeradius. but still i got errors on accounting. it doesnt insert any on the db when i try to use accounting start. What does the debug output say? ( running the server 'radiusd -x -x' ) -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless! \ Director, Engineering |[EMAIL PROTECTED]@ | \ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html brbr table border=0 width=100% height=9 tr td width=100% height=9 font face=Arial color=#006600-br iBringing First World Technology Closer to You./ibr bhttp://www.1asialink.com/b/font/td /tr /tableStarting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /usr/local/etc/raddb/proxy.conf Config: including file: /usr/local/etc/raddb/clients.conf Config: including file: /usr/local/etc/raddb/snmp.conf Config: including file: /usr/local/etc/raddb/sql.conf main: prefix = /usr/local main: localstatedir = /usr/local/var main: logdir = /usr/local/var/log/radius main: libdir = /usr/local/lib main: radacctdir = /usr/local/var/log/radius/radacct main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = /usr/local/var/log/radius/radius.log main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = /usr/local/var/run/radiusd/radiusd.pid main: user = radius main: group = radius main: usercollide = no main: lower_user = no main: lower_pass = no main: nospace_user = no main: nospace_pass = no main: checkrad = /usr/local/sbin/checkrad main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = yes proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients Using deprecated clients file. Support for this will go away soon. read_config_files: reading realms Using deprecated realms file. Support for this will go away soon. radiusd: entering modules setup Module: Library search path is /usr/local/lib Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = crypt Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: passwd = (null) mschap: authtype = MS-CHAP Module: Instantiated mschap (mschap) Module: Loaded preprocess preprocess: huntgroups = /usr/local/etc/raddb/huntgroups preprocess: hints = /usr/local/etc/raddb/hints preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded SQL sql: driver = rlm_sql_postgresql sql: server = localhost sql: port = sql: login = radius sql: password = radius2k3 sql: radius_db = radius sql: acct_table = radacct sql: acct_table2 = radacct sql: authcheck_table = radcheck sql: authreply_table = radreply sql: groupcheck_table = radgroupcheck sql: groupreply_table = radgroupreply sql: usergroup_table = usergroup sql: nas_table = nas sql: dict_table = dictionary sql: sqltrace = yes sql: sqltracefile = /usr/local/var/log/radius/sqltrace.sql sql: deletestalesessions = yes sql: num_sql_socks = 5 sql: sql_user_name = %{User-Name} sql: default_user_profile = sql: query_on_not_found = no sql: authorize_check_query = SELECT id, UserName, Attribute, Value, Op ??FROM radcheck ??WHERE Username = '%{SQL-User-Name}' ??ORDER BY id sql: authorize_reply_query = SELECT id, UserName, Attribute, Value, Op ??FROM radreply ??WHERE Username = '%{SQL-User-Name}' ??ORDER BY id sql: authorize_group_check_query = SELECT radgroupcheck.id, radgroupcheck.GroupName, ??radgroupcheck.Attribute, radgroupcheck.Value,radgroupcheck.Op ??FROM radgroupcheck, usergroup ??WHERE usergroup.Username = '%{SQL-User-Name}' AND usergroup.GroupName = radgroupcheck.GroupName ??ORDER BY
Re: postgresql and freeradius accounting problem
At 12:12 PM 9/10/2003, [EMAIL PROTECTED] wrote: here are attached files. Did you read the debug output, your error and the reason for it are explained: rlm_sql_postgresql: query: INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('2836', '3879d6b9c94adcc6', 'boggss', '', '10.10.80.23', '', '', '2003-09-11 00:12:19', '-1', '', '', '', '0', '0', '', '', '', '', '', '', '', '0') rlm_sql_postgresql: Status: PGRES_FATAL_ERROR rlm_sql_postgresql: affected rows = rlm_sql_postgresql: Postgresql check_error: PGRES_FATAL_ERROR, returning SQL_DOWN rlm_sql (sql): failed after re-connect rlm_sql (sql): Couldn't update SQL accounting for START packet - ERROR: pg_atoi: zero-length string You are 'faking' a start record with incomplete information. Send it a real start packet, or one with more complete information. IE, you need to include more information than just: User-Name = boggss Acct-Status-Type = Start Acct-Session-Id = 2836 -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: postgresql and freeradius accounting problem
sorry but i really dont know what your trying to say...please do some suggestions to what i should do... do you have a howto for this? At 12:12 PM 9/10/2003,[EMAIL PROTECTED]: here are attached files. Did you read the debug output, your error and the reason for it are explained: rlm_sql_postgresql: query: INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('2836', '3879d6b9c94adcc6', 'boggss', '', '10.10.80.23', '', '', '2003-09-11 00:12:19', '-1', '', '', '', '0', '0', '', '', '', '', '', '', '', '0') rlm_sql_postgresql: Status: PGRES_FATAL_ERROR rlm_sql_postgresql: affected rows = rlm_sql_postgresql: Postgresql check_error: PGRES_FATAL_ERROR, returning SQL_DOWN rlm_sql (sql): failed after re-connect rlm_sql (sql): Couldn't update SQL accounting for START packet - ERROR: pg_atoi: zero-length string You are 'faking' a start record with incomplete information. Send it a real start packet, or one with more complete information. IE, you need to include more information than just: User-Name = boggss Acct-Status-Type = Start Acct-Session-Id = 2836 -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless! \ Director, Engineering | @ [EMAIL PROTECTED]| \ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html brbr table border=0 width=100% height=9 tr td width=100% height=9 font face=Arial color=#006600-br iBringing First World Technology Closer to You./ibr bhttp://www.1asialink.com/b/font/td /tr /table - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
accounting problem
my data between acct-output-octets and cisco-pre-output-octest are very diefferents? is it normal - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: accounting problem
On Tue, Jul 22, 2003 at 03:39:54PM +0200, labis siegfried wrote: my data between acct-output-octets and cisco-pre-output-octest are very diefferents? is it normal pre means before. so these are probably the octets before the session is established. acct-output-octets are the octets of the session to be accounted. just a guess Oliver. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Strange accounting Problem
Hello, I've a strange Problem with Accounting Records on a Bintec Brick. Maybe it is a Bug in Bintec Firmware, but I do not understand, what happens. When the Brick authenticates again freeradius local Database anything goes right. But when I use freeradius as a proxy against an ISA Server the Brick sends no Accounting Records. Where are the differences? When I look into the Radius packets I see only some vendor spezific Attributes more, but nothing, that IMHO should cause a Problem. The Packets go the right way (brick - freeradius - isa - freeradius - brick) and the user is authenticated right. He comes in, but no raddacct Record is send. Any suggestions?? TIA Ralf i.A Ralf Reinartz Network Administration IS-Communication MAXDATA Systeme GmbH Carlo-Schmid-Str. 12 D-52146 Würselen Telehon: +49 2405 444 4349 Telefax: +49 2405 444 4374 www.maxdata.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Accounting problem
Title: Accounting problem I received this warning message: rlm_acct_unique: WARNING: Attribute 87 was not found in request, unique ID MAY be inconsistent and radius does not update the accounting data once the user disconnected. The Acct ID doesn't match hence cannot update? Any idea how to fix it? Thanks Chhai Thach
accounting problem
Having some problems getting the acct logging to work, I had it working and then just the other day it just stoped. I even had the day off so it wasn't anyting I touched, just stoped Friday morning.. We got an outside ISP sending accounting packets and also an internal cisco vpn 3000 which was also working. Both systems are still reported to be sending accounting packets. I rebuilt another redhat 8.0 box, we using PAM through winbind and everything is working just fine except no accounting logging going on.. Is there a way to send a fake accounting packet myself? any other ideas? heres my detail debug section on a startup: Module: Loaded realm realm: format = suffix realm: delimiter = @ Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = /etc/raddb/users files: acctusersfile = /etc/raddb/acct_users files: preproxy_usersfile = /etc/raddb/preproxy_users files: compat = no Module: Instantiated files (files) Module: Loaded Acct-Unique-Session-Id acct_unique: key = User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port-Id Module: Instantiated acct_unique (acct_unique) Module: Loaded detail detail: detailfile = /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded radutmp radutmp: filename = /var/log/radius/radutmp radutmp: username = %{User-Name} radutmp: case_sensitive = yes radutmp: check_with_nas = yes radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) Listening on IP address *, ports 1645/udp and 1646/udp, with proxy on 1647/udp. Ready to process requests. thanks for any tips -steve - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: accounting problem
Having some problems getting the acct logging to work, I had it working and then just the other day it just stoped. I even had the day off so it wasn't anyting I touched, just stoped Friday morning.. (stuff deleted) heres my detail debug section on a startup snip You'll probably also want to include the relevant bits of your debug at the time that your NAS sends an accounting packet. Could be any number of things. One personal experience: My radius.log file went MIA. Turns out that some agressive house-cleaning deleted the file, and directory permissions were not set to allow FreeRADIUS to re-create the file. DP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
0.8.1 accounting problem
Hi there. I'll skip right to the subject I am using freeradius 0.8.1 as a radius server for a certain realm and as a proxy for all other requests. For the local ISP realm, all is done via sql module. Everything works as intended, except accounting of proxied requests... When a user in my realm logs on, of course i want all accounting information to be sent to the sql module, and it does. But when a user outside the realm logs on, she gets authorized and authenticated, no problem, but when the NAS starts to send accounting packets for her, they get sent to the other radius server, proxy functionality works ok, AND all accounting for this user gets in my sql database, TOO, which i don't want. The database is reserved for local users, and the presence of other users' accounting information is unacceptable in this case. So... Is there a way to get the server to only send accounting information to sql when the user is in a specific realm? I need a rather quick answer, as this is a very important issue and i need to decide whether i have to study more or find another solution... Thank you in advance. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
unixodbc accounting problem (Was: postgresql accounting (bug?) Apr.2002)
Hello, I got a similar problem as Roman last year, but this time using sql_unixodbc driver :(. Function sql_affected_rows(SQLSOCK *sqlsocket, SQL_CONFIG *config) everytime returns '0' regardless of mssql query fail or finish properly. sql_affected_rows is calling SQLRowCount function, with seems to not work properly - _it_ returns all the time 0. I'm using FreeTDS 0.60 driver, but 'unfortunately' it works ok for other projects ;( Did anyone meet this this problem before and know a solution ? Or maybe could you propose using other - better - odbc driver instead of FreeTDS ? Best regards, Bangla - Original Message - From: Roman [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, April 12, 2002 12:19 PM Subject: postgresql accounting (bug?) Hi! I use freeradius 0.5 with postgresql 7.2 on FreeBSD 4.5 When i run freeradius in dedug mode (radiusd -x), I found that: 1) freeradius query for Accounting stop packets with accounting_stop_query_alt in any way, regardless of accounting_stop_query fail or not rad_recv: Accounting-Request packet from host x.x.x.x, id=206, length=127 query: UPDATE radacct SET AcctStopTime =. rlm_postgresql Status: PGRES_COMMAND_OK sql_postgresql: affected rows = 1 query: INSERT into radacct ( AcctSessionId, rlm_postgresql Status: PGRES_FATAL_ERROR sql_postgresql: affected rows = I have not many C experience, but it seems like sql_affected_rows always 0 for update query rlm_sql.c: numaffected = (inst-module-sql_affected_rows)(sqlsocket, inst-config); if (numaffected 1) { /* * If our update above didn't match anything * we assume it's because we haven't seen a * matching Start record. So we have to * insert this stop rather than do an update */ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
accounting problem
Hello all freeradius-users, sorry again for my bad english... :) i changed radtest script to do acct, so as a result i got: Accounting: no Accounting-Status-Type record. modcall[accounting]: module unix returns noop Accounting: no Accounting-Status-Type record. modcall[accounting]: module radutmp returns noop modcall: group accounting returns ok Sending Accounting-Response of id 202 to 127.0.0.1:32800 modcall[accounting]: module detail returns ok Accounting: no Accounting-Status-Type record. modcall[accounting]: module unix returns noop Accounting: no Accounting-Status-Type record. modcall[accounting]: module radutmp returns noop modcall: group accounting returns ok Sending Accounting-Response of id 202 to 127.0.0.1:32800 what does Accounting: no Accounting-Status-Type record. mean? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: accounting problem
falcon [EMAIL PROTECTED] wrote: what does Accounting: no Accounting-Status-Type record. mean? That attribute isn't in the request. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: accounting problem
Hello falcon, Saturday, February 8, 2003, 12:09:21 AM, you wrote: f Hello all freeradius-users, f sorry again for my bad english... :) f i changed radtest script to do acct, so as a result i got: f Accounting: no Accounting-Status-Type record. f modcall[accounting]: module unix returns noop f Accounting: no Accounting-Status-Type record. f modcall[accounting]: module radutmp returns noop f modcall: group accounting returns ok f Sending Accounting-Response of id 202 to 127.0.0.1:32800 f modcall[accounting]: module detail returns ok f Accounting: no Accounting-Status-Type record. f modcall[accounting]: module unix returns noop f Accounting: no Accounting-Status-Type record. f modcall[accounting]: module radutmp returns noop f modcall: group accounting returns ok f Sending Accounting-Response of id 202 to 127.0.0.1:32800 f what does Accounting: no Accounting-Status-Type record. f mean? f - f List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html when i write in accounting sql it says: Going to the next request --- Walking the entire request list --- Cleaning up request 6 ID 252 with timestamp 3e441fab Nothing to do. Sleeping until we see a request. rad_recv: Accounting-Request packet from host 127.0.0.1:32800, id=252, length=57 User-Name = blabla User-Password = \3315aH\257l\331\327/\377k\364\242v\254[ NAS-IP-Address = 255.255.255.255 NAS-Port = 0 modcall: entering group preacct modcall[preacct]: module preprocess returns noop rlm_realm: No '@' in User-Name = blabla, looking up realm NULL rlm_realm: No such realm NULL modcall[preacct]: module suffix returns noop modcall[preacct]: module files returns noop modcall: group preacct returns noop modcall: entering group accounting rlm_acct_unique: WARNING: Attribute 87 was not found in request, unique ID MAY be inconsistent rlm_acct_unique: WARNING: Attribute 44 was not found in request, unique ID MAY be inconsistent rlm_acct_unique: Hashing ',Client-IP-Address = 127.0.0.1,NAS-IP-Address = 255.255.255.255,,User-Name = blabla' rlm_acct_unique: Acct-Unique-Session-ID = 3e3e05c4a4b2e091. modcall[accounting]: module acct_unique returns ok radius_xlat: '/var/log/radius/radacct/127.0.0.1/detail-20030208' rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radius/radacct/127.0.0.1/detail-20030208 modcall[accounting]: module detail returns ok Accounting: no Accounting-Status-Type record. modcall[accounting]: module unix returns noop Accounting: no Accounting-Status-Type record. modcall[accounting]: module radutmp returns noop radius_xlat: 'rlm_sql: packet has no account status type. [user 'blabla', nas '255.255.255.255']' rlm_sql: packet has no account status type. [user 'blabla', nas '255.255.255.255'] modcall[accounting]: module sql returns invalid modcall: group accounting returns invalid Finished request 7 Going to the next request --- Walking the entire request list --- Cleaning up request 7 ID 252 with timestamp 3e441fae Nothing to do. Sleeping until we see a request. and my radiusd.conf last lines are: authorize { preprocess chap mschap suffix sql } authenticate { authype PAP {pap} authype CHAP {chap} authype MS-CHAP {ms-chap} unix } preacct { preprocess suffix files } accounting { acct_unique detail unix radutmp sql } session {radutmp } post-auth {} Best regards, falconmailto:[EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: accounting problem
At 03:09 PM 2/7/2003, you wrote: Hello all freeradius-users, sorry again for my bad english... :) i changed radtest script to do acct, so as a result i got: Accounting: no Accounting-Status-Type record. modcall[accounting]: module unix returns noop Accounting: no Accounting-Status-Type record. modcall[accounting]: module radutmp returns noop modcall: group accounting returns ok Sending Accounting-Response of id 202 to 127.0.0.1:32800 modcall[accounting]: module detail returns ok Accounting: no Accounting-Status-Type record. modcall[accounting]: module unix returns noop Accounting: no Accounting-Status-Type record. modcall[accounting]: module radutmp returns noop modcall: group accounting returns ok Sending Accounting-Response of id 202 to 127.0.0.1:32800 what does Accounting: no Accounting-Status-Type record. mean? Start, Stop, Off, or On. Sorry if I did not list them all, but those are some examples (I think there is an 'Alive' status too). Chris - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re[2]: accounting problem
Hello Alan, Friday, February 7, 2003, 7:11:38 PM, you wrote: AD falcon [EMAIL PROTECTED] wrote: what does Accounting: no Accounting-Status-Type record. mean? AD That attribute isn't in the request. AD Alan DeKok. AD - AD List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html but it is absent in dictionaries, what where i shuold write or read about it??? May be i should write it in acct request value-pairs? PLease help Best regards, falconmailto:[EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Re[2]: accounting problem
falcon [EMAIL PROTECTED] wrote: but it is absent in dictionaries, what where i shuold write or read about it??? May be i should write it in acct request value-pairs? PLease help It's really Acct-Status-Type. Read the dictionaries. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re[2]: accounting problem
Hello Chris, Saturday, February 8, 2003, 12:22:50 AM, you wrote: CB At 03:09 PM 2/7/2003, you wrote: Hello all freeradius-users, sorry again for my bad english... :) i changed radtest script to do acct, so as a result i got: Accounting: no Accounting-Status-Type record. modcall[accounting]: module unix returns noop Accounting: no Accounting-Status-Type record. modcall[accounting]: module radutmp returns noop modcall: group accounting returns ok Sending Accounting-Response of id 202 to 127.0.0.1:32800 modcall[accounting]: module detail returns ok Accounting: no Accounting-Status-Type record. modcall[accounting]: module unix returns noop Accounting: no Accounting-Status-Type record. modcall[accounting]: module radutmp returns noop modcall: group accounting returns ok Sending Accounting-Response of id 202 to 127.0.0.1:32800 what does Accounting: no Accounting-Status-Type record. mean? CB Start, Stop, Off, or On. Sorry if I did not list them all, but those are CB some examples (I think there is an 'Alive' status too). CB Chris CB - CB List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html thanks! :) Best regards, falconmailto:[EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Radius Accounting problem with MaxTnT
Dear all, I have a problem with radius accounting. More specifically I am using freeradius v0.8 with oracle 8i backend. The problem arises with some accounting records, all from a MaxTnT NAS. As can be seen from the log entries below, the problem is that NAS does not send a username with some accounting records. As a result the SQL query fails and the record cannot be written into the database. Does anyone know how I can block such accounting requests from the MaxTnT NAS or does anybody know if this is a known MaxTnT bug ??? As a temporary solution I've modified the SQL query and used Oracle's NVL function as follows to prevent a NULL username in the SQL statement: accounting_start_query = INSERT into ${acct_table1} (RadAcctId, AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('', '%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', NVL(%{SQL-User-Name}, 'dummyraduser'), '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port-Id}', '%{NAS-Port-Type}', TO_DATE('%S','-mm-dd hh24:mi:ss'), NULL, '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '%{Acct-Delay-Time}', '0') This might do the trick but has a performance drawback. If anyone notices any other problems this may cause please let me know. RADIUS LOG -- rad_recv: Accounting-Request packet from host 217.19.74.12:7020, id=34, length=116 NAS-IP-Address = 217.19.74.12 NAS-Port = 2113 NAS-Port-Type = Async Acct-Status-Type = Start Acct-Delay-Time = 229 Acct-Session-Id = 369446656 Acct-Authentic = Local Idle-Timeout = 0 X-Ascend-Modem-PortNo = 62 X-Ascend-Modem-SlotNo = 1 X-Ascend-Modem-ShelfNo = 1 Calling-Station-Id = 2108150497 Called-Station-Id = 8962408080 modcall: entering group preacct modcall[preacct]: module preprocess returns noop rlm_realm: Proxy reply, or no user name. Ignoring. modcall[preacct]: module suffix returns noop modcall[preacct]: module files returns noop modcall: group preacct returns noop modcall: entering group accounting rlm_acct_unique: WARNING: Attribute NAS-Port-Id was not found in request, unique ID MAY be inconsistent rlm_acct_unique: WARNING: Attribute User-Name was not found in request, unique ID MAY be inconsistent rlm_acct_unique: Hashing ',Client-IP-Address = 217.19.74.12,NAS-IP-Address = 217.19.74.12,Acct-Session-Id = 369446656,' rlm_acct_unique: Acct-Unique-Session-ID = e8b5c0d1af61a38f. modcall[accounting]: module acct_unique returns ok radius_xlat: '/usr/local/var/log/radius/radacct/217.19.74.12/detail-20021212' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/217.19.74.12/detail-20021212 modcall[accounting]: module detail returns ok modcall[accounting]: module counter returns noop modcall[accounting]: module unix returns noop radius_xlat: '/usr/local/var/log/radius/radutmp' radius_xlat: '' modcall[accounting]: module radutmp returns ok radius_xlat: '' radius_xlat: 'INSERT into radacct (RadAcctId, AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('', '369446656', 'e8b5c0d1af61a38f', '', '', '217.19.74.12', '', 'Async', TO_DATE('2002-12-12 21:54:56','-mm-dd hh24:mi:ss'), NULL, '0', 'Local', '', '', '0', '0', '8962408080', '2108150497', '', '', '', '', '229', '0')' rlm_sql (sql): Reserving sql socket id: 3 rlm_sql_oracle: execute query failed in sql_query: ORA-01400: cannot insert NULL into (URNET.RADACCT.USERNAME) rlm_sql (sql): Attempting to connect rlm_sql_oracle #3 rlm_sql (sql): Connected new DB handle, #3 rlm_sql_oracle: execute query failed in sql_query: ORA-01400: cannot insert NULL into (URNET.RADACCT.USERNAME) rlm_sql (sql): failed after re-connect rlm_sql (sql): Couldn't update SQL accounting for START packet - ORA-01400: cannot insert NULL into (URNET.RADACCT.USERNAME) radius_xlat: 'UPDATE radacct SET AcctStartTime = TO_DATE('2002-12-12 21:54:56','-mm-dd hh24:mi:ss'), AcctStartDelay = '229', ConnectInfo_start = '' WHERE AcctSessionId = '369446656' AND UserName = '' AND NASIPAddress = '217.19.74.12' AND AcctStopTime = IS NULL' rlm_sql_oracle: execute query failed in sql_query: ORA-00936: missing expression rlm_sql (sql): Attempting to connect
Re: Radius Accounting problem with MaxTnT
Dimitrios E. Digas [EMAIL PROTECTED] wrote: I have a problem with radius accounting. More specifically I am using freeradius v0.8 with oracle 8i backend. The problem arises with some accounting records, all from a MaxTnT NAS. As can be seen from the log entries below, the problem is that NAS does not send a username with some accounting records. As a result the SQL query fails and the record cannot be written into the database. Read 'raddb/sql.conf', and look for sql_user_name. The configuration file tells you how to deal with this problem. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Strange Accounting Problem
Hello, I use freeradius-0.5 on a linux box. I am getting strange accounting behavior. I noticed weird client IP directories being created in my /usr/adm/radacct directory. My normal clients are 192.168.192.22 and 192.168.192.23. I have two directories, 192.168.192.22 and 192.168.192.23, in my /usr/adm/radacct directory, as it should be, and these two directories have details files, as they should. However, I also have many weird directories with names like 208.221.28.8, 40.37.27.8, 0.35.27.8, etc. Like I said, I have many of these weird directories. Each one of these directories has a detail file, but there are only 'Stop' records in these detail files. I started a tcpdump session to capture the traffic from ports 1645 and 1646 (I use the old ports for radius). In the /usr/adm/radacct/208.221.28.8/detail file I have: [WA:root@pri radacct]# cat 208.221.28.8/detail Wed Oct 30 21:03:04 2002 Acct-Status-Type = Stop NAS-IP-Address = 192.168.192.5 Acct-Delay-Time = 0 User-Name = bono NAS-Port = 3460 Acct-Session-Id = 00036E07 Service-Type = Framed-User Framed-Protocol = PPP Acct-Session-Time = 0 Acct-Input-Octets = 0 Acct-Output-Octets = 0 Acct-Input-Packets = 0 Acct-Output-Packets = 0 Client-IP-Address = 208.221.28.8 Timestamp = 1036036984 The corresponding packet in my tcpdump that relates to 208.221.28.8 is: 21:03:04.201975 pri.wildapache.net.radacct 208.221.28.8.32815: [udp sum ok] rad-account-resp 20 [id 18] (DF) (ttl 64, id 0, len 48) Freeradius is creating and sending accounting information to the detail file in 208.221.28.8 This type of activity is very random. That is, I only get this type of weirdness ever so often for different users. Most of the time there is only one entry in a given 'weird client' directory, but sometimes there are multiple entries for different users. These are always 'Stop' records. Does anyone know what is causing this? Have I forgotten/missed something in my configuration? I really need to get this cleared up since it is messing up my statistical records. Any help will be greatly appreciated. Thanks, Murrah Boswell Systems Administrator Wild Apache Internet Services [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Strange Accounting Problem
WA Support [EMAIL PROTECTED] wrote: I use freeradius-0.5 on a linux box. Huh? 0.7 was released nearly 3 months ago. I noticed weird client IP directories being created in my /usr/adm/radacct directory. My normal clients are 192.168.192.22 and 192.168.192.23. I have two directories, 192.168.192.22 and 192.168.192.23, in my /usr/adm/radacct directory, as it should be, and these two directories have details files, as they should. Yeah, it's a bug in older versions of the server. See why upgrading is a good idea? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Strange Accounting Problem
My bad, I am thoroughly scolded! Murrah Boswell Alan DeKok wrote: WA Support [EMAIL PROTECTED] wrote: I use freeradius-0.5 on a linux box. Huh? 0.7 was released nearly 3 months ago. I noticed weird client IP directories being created in my /usr/adm/radacct directory. My normal clients are 192.168.192.22 and 192.168.192.23. I have two directories, 192.168.192.22 and 192.168.192.23, in my /usr/adm/radacct directory, as it should be, and these two directories have details files, as they should. Yeah, it's a bug in older versions of the server. See why upgrading is a good idea? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
accounting problem
I'm using FR 0.7. I have proxying enabled, and the NULL realm accounting host set to LOCAL. When I send an accounting packet using radclient, an Accounting-Response packet is never sent. Everything in accounting returns ok, but no response is sent back. More info can be provided if necessary. Kevin Here is the output using debugging: rad_recv: Accounting-Request packet from host 192.168.1.10:32768, id=1, length=138 Thread 2 assigned request 1 --- Walking the entire request list --- Threads: total/active/spare threads = 5/1/4 Waking up in 5 seconds... Thread 2 handling request 1, (1 handled so far) User-Name = test NAS-IP-Address = 10.0.1.3 NAS-Port = 1 NAS-Port-Type = Async Acct-Status-Type = Start Acct-Delay-Time = 0 Acct-Session-Id = 1 Acct-Authentic = RADIUS Framed-Protocol = PPP Framed-IP-Address = xxx.xxx.xxx.xxx Service-Type = Framed-User modcall: entering group preacct modcall[preacct]: module preprocess returns noop rlm_realm: Looking up realm NULL for User-Name = test rlm_realm: Found realm NULL rlm_realm: Adding Stripped-User-Name = test rlm_realm: Proxying request from user test to realm NULL rlm_realm: Adding Realm = NULL rlm_realm: Accounting realm is LOCAL. rlm_realm: acct_port is not set. proxy cancelled modcall[preacct]: module suffix returns noop acct_users: Matched DEFAULT at 16 modcall[preacct]: module files returns ok modcall: group preacct returns ok modcall: entering group accounting radius_xlat: 'test' sql_set_user: escaped user -- 'test' radius_xlat: 'INSERT INTO radacct (RadAcctId, AcctSessionId, UserName, Realm, NASIPAddress) VALUES ('', '1', 'test', 'NULL', '10.0.1.3')' rlm_sql: Reserving sql socket id: 3 rlm_sql: Released sql socket id: 3 modcall[accounting]: module sql0 returns ok modcall: group accounting returns ok Finished request 1 Going to the next request Thread 2 waiting to be assigned a request --- Walking the entire request list --- Threads: total/active/spare threads = 5/0/5 Cleaning up request 1 ID 1 with timestamp 3d446c85 Nothing to do. Sleeping until we see a request. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Radius Accounting Problem
Just use acct_unique in radiusd.conf and ignore sessions with equal Acct-Unique-Session-ID (or use unique ID SQL column). we've noticed double/multiple accounting entries recorded in mysql in only one session with the same AcctStartTime (some differs in -- B. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FreeRADIUS accounting problem
Please help. This may have already been solved. If someone knows where I can find the answer in the mailing list, please let me know. I encounter a small problem with FreeRADIUS 0.5 release. The test environment is between a Cisco IOS 12.2 router and a RedHat 7.2 Linux FreeRADIUS server. FreeRADIUS was compiled on the RH Linux machine using the enclosed freeradius.spec by way of RPM. If I use the normal command line to start the radius server as in radiusd or radiusd -y, the accounting information will be sent from Cisco router and recorded 3 times in the /var/log/radius/radacct/{NAS IP address}. It seems that the accounting information sent by the router did not get a reply from the radius server, so the router retries again and again. However, if I run the radius server in the debug mode such as radiusd -xy or radius -xxy, the radius server indeed sends a reply to the router's accounting information. The accounting information gets to be registered only once. The above is true whether I run the radiusd in foreground or background daemon mode. I think I am missing something. Please enlighten me. Thanks, Joseph Liu JPL Pasadena, CA - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re[2]: PIX v6.1 accounting problem
Dear Pierre Strazza, It means Cisco has a Vendor-Specific packet structure different from one recommended in RFC (or sends a buggy packet). Can you sniff the packet? --Wednesday, March 20, 2002, 3:45:27 AM, you wrote to [EMAIL PROTECTED]: PS Here is the radius.log extract : PS Wed Mar 20 01:41:30 2002 : Error: WARNING: Malformed RADIUS packet from host PS x.x.x.x: Vendor specific attributes do not exactly fill Vendor-Specific PS Same error is reported while running in debug mode. PS No further accounting information is logged. PS The cisco box is a PIX firewall v6.1, authenticating users thru the PS freeradius server for VPN access. PS Pierre. PS -Message d'origine- PS De : Chris Parker [mailto:[EMAIL PROTECTED]] PS Envoyé : mardi 19 mars 2002 19:13 PS À : [EMAIL PROTECTED] PS Objet : RE: PIX v6.1 accounting problem PS At 05:19 PM 3/19/2002 +0100, Pierre Strazza wrote: The request is not loggued since an error message is reported in the radius.log file, indicating some non conform attributes - not proceeded. the dictionary.cisco seems to be already included in the dictionary file by default .. Any idea ? PS It would really really really help if you could provide the error message PS printed by the server, as well as any printed when you run it in debug PS mode. PS -Chris PS -- PS \\\|||/// \ StarNet Inc. \Chris Parker PS \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering PS | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 PS oOo---(_)---oOo--\-- PS\ Wholesale Internet Services - http://www.megapop.net PS - PS List info/subscribe/unsubscribe? See PS http://www.freeradius.org/list/users.html PS . PS . PS . PS - PS List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- ~/ZARAZA Íî Ãàððè... ÿ áåçóñëîâíî îòäàþ ïðåäïî÷òåíèå åìó, çà âûñîêóþ ïèòàòåëüíîñòü è êàêîå-òî îñîáåííî íåæíîå ìÿñî. (Òâåí) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: PIX v6.1 accounting problem
Pierre Strazza [EMAIL PROTECTED] wrote: Here is the radius.log extract : Wed Mar 20 01:41:30 2002 : Error: WARNING: Malformed RADIUS packet from = host x.x.x.x: Vendor specific attributes do not exactly fill Vendor-Specific Then it's not a valid RADIUS packet. Use 'tcpdump' to get a hex dump of the packet. And talk to Cisco. Get them to fix their broken RADIUS implementation. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Re[2]: PIX v6.1 accounting problem
a t i o n - P o r t = 8 0 -Message d'origine- De : 3APA3A [mailto:[EMAIL PROTECTED]] Envoyé : mercredi 20 mars 2002 09:44 À : Pierre Strazza Objet : Re[2]: PIX v6.1 accounting problem Dear Pierre Strazza, It means Cisco has a Vendor-Specific packet structure different from one recommended in RFC (or sends a buggy packet). Can you sniff the packet? --Wednesday, March 20, 2002, 3:45:27 AM, you wrote to [EMAIL PROTECTED]: PS Here is the radius.log extract : PS Wed Mar 20 01:41:30 2002 : Error: WARNING: Malformed RADIUS packet from host PS x.x.x.x: Vendor specific attributes do not exactly fill Vendor-Specific PS Same error is reported while running in debug mode. PS No further accounting information is logged. PS The cisco box is a PIX firewall v6.1, authenticating users thru the PS freeradius server for VPN access. PS Pierre. PS -Message d'origine- PS De : Chris Parker [mailto:[EMAIL PROTECTED]] PS Envoyé : mardi 19 mars 2002 19:13 PS À : [EMAIL PROTECTED] PS Objet : RE: PIX v6.1 accounting problem PS At 05:19 PM 3/19/2002 +0100, Pierre Strazza wrote: The request is not loggued since an error message is reported in the radius.log file, indicating some non conform attributes - not proceeded. the dictionary.cisco seems to be already included in the dictionary file by default .. Any idea ? PS It would really really really help if you could provide the error message PS printed by the server, as well as any printed when you run it in debug PS mode. PS -Chris PS -- PS \\\|||/// \ StarNet Inc. \Chris Parker PS \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering PS | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 PS oOo---(_)---oOo--\-- PS\ Wholesale Internet Services - http://www.megapop.net PS - PS List info/subscribe/unsubscribe? See PS http://www.freeradius.org/list/users.html PS . PS . PS . PS - PS List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- ~/ZARAZA Íî Ãàððè... ÿ áåçóñëîâíî îòäàþ ïðåäïî÷òåíèå åìó, çà âûñîêóþ ïèòàòåëüíîñòü è êàêîå-òî îñîáåííî íåæíîå ìÿñî. (Òâåí) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html . . . - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
PIX v6.1 accounting problem
Hi again, I need to account acesses made on a PIX firewall v6.1 on the Radius server. Debugging of the radiusd process shows that requests are correctly sent to the radius accounting port, but are not handled, because of some non conform VSA ... Any dictionary for PIX v6.1 ? :-) Regards, Pierre. . - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: PIX v6.1 accounting problem
At 02:55 PM 3/19/2002 +0100, Pierre Strazza wrote: Hi again, I need to account acesses made on a PIX firewall v6.1 on the Radius server. Debugging of the radiusd process shows that requests are correctly sent to the radius accounting port, but are not handled, because of some non conform VSA ... Won't stop it from logging the request. May stop it from logging human readable formats. Can you elaborate on 'not handled'? Any dictionary for PIX v6.1 ? :-) PIX is cisco. Are you enabling the use of 'dictionary.cisco'? -Chris -- \\\|||/// \ StarNet Inc. \Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: PIX v6.1 accounting problem
The request is not loggued since an error message is reported in the radius.log file, indicating some non conform attributes - not proceeded. the dictionary.cisco seems to be already included in the dictionary file by default .. Any idea ? Pierre. -Message d'origine- De : Chris Parker [mailto:[EMAIL PROTECTED]] Envoyé : mardi 19 mars 2002 16:09 À : [EMAIL PROTECTED] Objet : Re: PIX v6.1 accounting problem At 02:55 PM 3/19/2002 +0100, Pierre Strazza wrote: Hi again, I need to account acesses made on a PIX firewall v6.1 on the Radius server. Debugging of the radiusd process shows that requests are correctly sent to the radius accounting port, but are not handled, because of some non conform VSA ... Won't stop it from logging the request. May stop it from logging human readable formats. Can you elaborate on 'not handled'? Any dictionary for PIX v6.1 ? :-) PIX is cisco. Are you enabling the use of 'dictionary.cisco'? -Chris -- \\\|||/// \ StarNet Inc. \Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html . . . - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: PIX v6.1 accounting problem
Here is the radius.log extract : Wed Mar 20 01:41:30 2002 : Error: WARNING: Malformed RADIUS packet from host x.x.x.x: Vendor specific attributes do not exactly fill Vendor-Specific Same error is reported while running in debug mode. No further accounting information is logged. The cisco box is a PIX firewall v6.1, authenticating users thru the freeradius server for VPN access. Pierre. -Message d'origine- De : Chris Parker [mailto:[EMAIL PROTECTED]] Envoyé : mardi 19 mars 2002 19:13 À : [EMAIL PROTECTED] Objet : RE: PIX v6.1 accounting problem At 05:19 PM 3/19/2002 +0100, Pierre Strazza wrote: The request is not loggued since an error message is reported in the radius.log file, indicating some non conform attributes - not proceeded. the dictionary.cisco seems to be already included in the dictionary file by default .. Any idea ? It would really really really help if you could provide the error message printed by the server, as well as any printed when you run it in debug mode. -Chris -- \\\|||/// \ StarNet Inc. \Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html . . . - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Accounting problem with freeradius 0.4
Cyrille Lefranc [EMAIL PROTECTED] wrote: We have encountered the following issue with version 4 of the freeradius server (it works fine with version 3) : Version 0.3 was wrong. We send an Accounting-On request to the server, and expect for the pair 'Acct-Status-Type = Accounting-On' in the reply. Why? http://www.freeradius.org/rfc/rfc2866.html See section 5.13, near the bottom: No attributes should be found in Accounting-Response packets except Proxy-State and possibly Vendor-Specific. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html