postgresql and freeradius accounting problem
hello list, i am just new to this list. i know igor chen is on of those i have seen posting some about postgresql and freeradius. i am having problem with postgresql and freeradius on its accounting. there seems to have no entries when i i try radtest using ntradping. i am using postgresql 7.2.3 and freeradis 0.4 or the latest. my box is on freebsd 4.8. is anyone here having the same specs as mine as well as having problems? if you do please let me know how you solved the same problem as i have. if you happen to have a step by step notes on configuration of the postgresql + freeradius, i would be honored to take it. thanks, francis ted a. seguerra www.1asialink.com brbr table border=0 width=100% height=9 tr td width=100% height=9 font face=Arial color=#006600-br iBringing First World Technology Closer to You./ibr bhttp://www.1asialink.com/b/font/td /tr /table - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: postgresql and freeradius accounting problem
At 09:43 AM 9/10/2003, [EMAIL PROTECTED] wrote: hello list, i am just new to this list. i know igor chen is on of those i have seen posting some about postgresql and freeradius. i am having problem with postgresql and freeradius on its accounting. there seems to have no entries when i i try radtest using ntradping. i am using postgresql 7.2.3 and freeradis 0.4 or the latest. my box is on freebsd 4.8. Please consider upgrading, the lastest release is 0.9.1. The version 0.4 is *very* *very* old and have many known bugs and memory leaks which are fixed in the current release. -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: postgresql and freeradius accounting problem
sorry i made a mistake, i am using the latest snapshot for freeradius. but still i got errors on accounting. it doesnt insert any on the db when i try to use accounting start. At 09:43 AM 9/10/2003,[EMAIL PROTECTED]: hello list, i am just new to this list. i know igor chen is on of those i have seen posting some about postgresql and freeradius. i am having problem with postgresql and freeradius on its accounting. there seems to have no entries when i i try radtest using ntradping. i am using postgresql 7.2.3 and freeradis 0.4 or the latest. my box is on freebsd 4.8. Please consider upgrading, the lastest release is 0.9.1. The version 0.4 is *very* *very* old and have many known bugs and memory leaks which are fixed in the current release. -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless! \ Director, Engineering | @ [EMAIL PROTECTED]| \ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html brbr table border=0 width=100% height=9 tr td width=100% height=9 font face=Arial color=#006600-br iBringing First World Technology Closer to You./ibr bhttp://www.1asialink.com/b/font/td /tr /table - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: postgresql and freeradius accounting problem
At 10:38 AM 9/10/2003, [EMAIL PROTECTED] wrote: sorry i made a mistake, i am using the latest snapshot for freeradius. but still i got errors on accounting. it doesnt insert any on the db when i try to use accounting start. What does the debug output say? ( running the server 'radiusd -x -x' ) -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: postgresql and freeradius accounting problem
here are attached files.
At 10:38 AM 9/10/2003,[EMAIL PROTECTED]:
sorry i made a mistake, i am using the latest snapshot for freeradius.
but
still i got errors on accounting. it doesnt insert any on the db when i
try to use accounting start.
What does the debug output say? ( running the server 'radiusd -x -x' )
-Chris
--
\\\|||/// \ StarNet Inc. \ Chris Parker
\ ~ ~ / \ WX *is* Wireless! \ Director, Engineering
|[EMAIL PROTECTED]@ | \ http://www.starnetwx.net \ (847) 963-0116
oOo---(_)---oOo--\--
\ Wholesale Internet Services - http://www.megapop.net
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
brbr
table border=0 width=100% height=9
tr
td width=100% height=9
font face=Arial
color=#006600-br
iBringing First World Technology Closer to You./ibr
bhttp://www.1asialink.com/b/font/td
/tr
/tableStarting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /usr/local/etc/raddb/proxy.conf
Config: including file: /usr/local/etc/raddb/clients.conf
Config: including file: /usr/local/etc/raddb/snmp.conf
Config: including file: /usr/local/etc/raddb/sql.conf
main: prefix = /usr/local
main: localstatedir = /usr/local/var
main: logdir = /usr/local/var/log/radius
main: libdir = /usr/local/lib
main: radacctdir = /usr/local/var/log/radius/radacct
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = /usr/local/var/log/radius/radius.log
main: log_auth = no
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = /usr/local/var/run/radiusd/radiusd.pid
main: user = radius
main: group = radius
main: usercollide = no
main: lower_user = no
main: lower_pass = no
main: nospace_user = no
main: nospace_pass = no
main: checkrad = /usr/local/sbin/checkrad
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = yes
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
Using deprecated clients file. Support for this will go away soon.
read_config_files: reading realms
Using deprecated realms file. Support for this will go away soon.
radiusd: entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
pap: encryption_scheme = crypt
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = no
mschap: require_strong = no
mschap: passwd = (null)
mschap: authtype = MS-CHAP
Module: Instantiated mschap (mschap)
Module: Loaded preprocess
preprocess: huntgroups = /usr/local/etc/raddb/huntgroups
preprocess: hints = /usr/local/etc/raddb/hints
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded SQL
sql: driver = rlm_sql_postgresql
sql: server = localhost
sql: port =
sql: login = radius
sql: password = radius2k3
sql: radius_db = radius
sql: acct_table = radacct
sql: acct_table2 = radacct
sql: authcheck_table = radcheck
sql: authreply_table = radreply
sql: groupcheck_table = radgroupcheck
sql: groupreply_table = radgroupreply
sql: usergroup_table = usergroup
sql: nas_table = nas
sql: dict_table = dictionary
sql: sqltrace = yes
sql: sqltracefile = /usr/local/var/log/radius/sqltrace.sql
sql: deletestalesessions = yes
sql: num_sql_socks = 5
sql: sql_user_name = %{User-Name}
sql: default_user_profile =
sql: query_on_not_found = no
sql: authorize_check_query = SELECT id, UserName, Attribute, Value, Op ??FROM
radcheck ??WHERE Username = '%{SQL-User-Name}' ??ORDER BY id
sql: authorize_reply_query = SELECT id, UserName, Attribute, Value, Op ??FROM
radreply ??WHERE Username = '%{SQL-User-Name}' ??ORDER BY id
sql: authorize_group_check_query = SELECT radgroupcheck.id, radgroupcheck.GroupName,
??radgroupcheck.Attribute, radgroupcheck.Value,radgroupcheck.Op ??FROM radgroupcheck,
usergroup ??WHERE usergroup.Username = '%{SQL-User-Name}' AND usergroup.GroupName =
radgroupcheck.GroupName ??ORDER BY
Re: postgresql and freeradius accounting problem
At 12:12 PM 9/10/2003, [EMAIL PROTECTED] wrote:
here are attached files.
Did you read the debug output, your error and the reason for it are
explained:
rlm_sql_postgresql: query: INSERT into radacct (AcctSessionId,
AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType,
AcctStartTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start,
ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId,
CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol,
FramedIPAddress, AcctStartDelay, AcctStopDelay) values('2836',
'3879d6b9c94adcc6', 'boggss', '', '10.10.80.23', '', '', '2003-09-11
00:12:19', '-1', '', '', '', '0', '0', '', '', '', '', '', '', '', '0')
rlm_sql_postgresql: Status: PGRES_FATAL_ERROR
rlm_sql_postgresql: affected rows =
rlm_sql_postgresql: Postgresql check_error: PGRES_FATAL_ERROR, returning
SQL_DOWN
rlm_sql (sql): failed after re-connect
rlm_sql (sql): Couldn't update SQL accounting for START packet -
ERROR: pg_atoi: zero-length string
You are 'faking' a start record with incomplete information. Send it
a real start packet, or one with more complete information. IE, you
need to include more information than just:
User-Name = boggss
Acct-Status-Type = Start
Acct-Session-Id = 2836
-Chris
--
\\\|||/// \ StarNet Inc. \ Chris Parker
\ ~ ~ / \ WX *is* Wireless!\ Director, Engineering
| @ @ |\ http://www.starnetwx.net \ (847) 963-0116
oOo---(_)---oOo--\--
\ Wholesale Internet Services - http://www.megapop.net
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: postgresql and freeradius accounting problem
sorry but i really dont know what your trying to say...please do some
suggestions to what i should do...
do you have a howto for this?
At 12:12 PM 9/10/2003,[EMAIL PROTECTED]:
here are attached files.
Did you read the debug output, your error and the reason for it are
explained:
rlm_sql_postgresql: query: INSERT into radacct (AcctSessionId,
AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType,
AcctStartTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start,
ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId,
CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol,
FramedIPAddress, AcctStartDelay, AcctStopDelay) values('2836',
'3879d6b9c94adcc6', 'boggss', '', '10.10.80.23', '', '', '2003-09-11
00:12:19', '-1', '', '', '', '0', '0', '', '', '', '', '', '', '', '0')
rlm_sql_postgresql: Status: PGRES_FATAL_ERROR
rlm_sql_postgresql: affected rows =
rlm_sql_postgresql: Postgresql check_error: PGRES_FATAL_ERROR, returning
SQL_DOWN
rlm_sql (sql): failed after re-connect
rlm_sql (sql): Couldn't update SQL accounting for START packet -
ERROR: pg_atoi: zero-length string
You are 'faking' a start record with incomplete information. Send it
a real start packet, or one with more complete information. IE, you
need to include more information than just:
User-Name = boggss
Acct-Status-Type = Start
Acct-Session-Id = 2836
-Chris
--
\\\|||/// \ StarNet Inc. \ Chris Parker
\ ~ ~ / \ WX *is* Wireless! \ Director, Engineering
| @ [EMAIL PROTECTED]| \ http://www.starnetwx.net \ (847) 963-0116
oOo---(_)---oOo--\--
\ Wholesale Internet Services - http://www.megapop.net
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
brbr
table border=0 width=100% height=9
tr
td width=100% height=9
font face=Arial
color=#006600-br
iBringing First World Technology Closer to You./ibr
bhttp://www.1asialink.com/b/font/td
/tr
/table
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
accounting problem
my data between acct-output-octets and cisco-pre-output-octest are very diefferents? is it normal - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: accounting problem
On Tue, Jul 22, 2003 at 03:39:54PM +0200, labis siegfried wrote: my data between acct-output-octets and cisco-pre-output-octest are very diefferents? is it normal pre means before. so these are probably the octets before the session is established. acct-output-octets are the octets of the session to be accounted. just a guess Oliver. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Strange accounting Problem
Hello, I've a strange Problem with Accounting Records on a Bintec Brick. Maybe it is a Bug in Bintec Firmware, but I do not understand, what happens. When the Brick authenticates again freeradius local Database anything goes right. But when I use freeradius as a proxy against an ISA Server the Brick sends no Accounting Records. Where are the differences? When I look into the Radius packets I see only some vendor spezific Attributes more, but nothing, that IMHO should cause a Problem. The Packets go the right way (brick - freeradius - isa - freeradius - brick) and the user is authenticated right. He comes in, but no raddacct Record is send. Any suggestions?? TIA Ralf i.A Ralf Reinartz Network Administration IS-Communication MAXDATA Systeme GmbH Carlo-Schmid-Str. 12 D-52146 Würselen Telehon: +49 2405 444 4349 Telefax: +49 2405 444 4374 www.maxdata.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Accounting problem
Title: Accounting problem I received this warning message: rlm_acct_unique: WARNING: Attribute 87 was not found in request, unique ID MAY be inconsistent and radius does not update the accounting data once the user disconnected. The Acct ID doesn't match hence cannot update? Any idea how to fix it? Thanks Chhai Thach
accounting problem
Having some problems getting the acct logging to work, I had it working
and then just the other day it just stoped. I even had the day off so it
wasn't anyting I touched, just stoped Friday morning..
We got an outside ISP sending accounting packets and also an internal
cisco vpn 3000 which was also working. Both systems are still reported
to be sending accounting packets.
I rebuilt another redhat 8.0 box, we using PAM through winbind and
everything is working just fine except no accounting logging going on..
Is there a way to send a fake accounting packet myself? any other ideas?
heres my detail debug section on a startup:
Module: Loaded realm
realm: format = suffix
realm: delimiter = @
Module: Instantiated realm (suffix)
Module: Loaded files
files: usersfile = /etc/raddb/users
files: acctusersfile = /etc/raddb/acct_users
files: preproxy_usersfile = /etc/raddb/preproxy_users
files: compat = no
Module: Instantiated files (files)
Module: Loaded Acct-Unique-Session-Id
acct_unique: key = User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port-Id
Module: Instantiated acct_unique (acct_unique)
Module: Loaded detail
detail: detailfile =
/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
radutmp: filename = /var/log/radius/radutmp
radutmp: username = %{User-Name}
radutmp: case_sensitive = yes
radutmp: check_with_nas = yes
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on IP address *, ports 1645/udp and 1646/udp, with proxy on
1647/udp.
Ready to process requests.
thanks for any tips
-steve
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: accounting problem
Having some problems getting the acct logging to work, I had it working and then just the other day it just stoped. I even had the day off so it wasn't anyting I touched, just stoped Friday morning.. (stuff deleted) heres my detail debug section on a startup snip You'll probably also want to include the relevant bits of your debug at the time that your NAS sends an accounting packet. Could be any number of things. One personal experience: My radius.log file went MIA. Turns out that some agressive house-cleaning deleted the file, and directory permissions were not set to allow FreeRADIUS to re-create the file. DP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
0.8.1 accounting problem
Hi there. I'll skip right to the subject I am using freeradius 0.8.1 as a radius server for a certain realm and as a proxy for all other requests. For the local ISP realm, all is done via sql module. Everything works as intended, except accounting of proxied requests... When a user in my realm logs on, of course i want all accounting information to be sent to the sql module, and it does. But when a user outside the realm logs on, she gets authorized and authenticated, no problem, but when the NAS starts to send accounting packets for her, they get sent to the other radius server, proxy functionality works ok, AND all accounting for this user gets in my sql database, TOO, which i don't want. The database is reserved for local users, and the presence of other users' accounting information is unacceptable in this case. So... Is there a way to get the server to only send accounting information to sql when the user is in a specific realm? I need a rather quick answer, as this is a very important issue and i need to decide whether i have to study more or find another solution... Thank you in advance. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
unixodbc accounting problem (Was: postgresql accounting (bug?) Apr.2002)
Hello,
I got a similar problem as Roman last year, but this time using sql_unixodbc
driver :(.
Function sql_affected_rows(SQLSOCK *sqlsocket, SQL_CONFIG *config)
everytime returns '0' regardless of mssql query fail or finish properly.
sql_affected_rows is calling SQLRowCount function, with seems to not work
properly - _it_ returns all the time 0.
I'm using FreeTDS 0.60 driver, but 'unfortunately' it works ok for other
projects ;(
Did anyone meet this this problem before and know a solution ?
Or maybe could you propose using other - better - odbc driver instead of
FreeTDS ?
Best regards,
Bangla
- Original Message -
From: Roman [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, April 12, 2002 12:19 PM
Subject: postgresql accounting (bug?)
Hi!
I use freeradius 0.5 with postgresql 7.2 on FreeBSD 4.5
When i run freeradius in dedug mode (radiusd -x), I found that:
1) freeradius query for Accounting stop packets with
accounting_stop_query_alt in any way, regardless of
accounting_stop_query
fail or not
rad_recv: Accounting-Request packet from host x.x.x.x, id=206, length=127
query: UPDATE radacct SET AcctStopTime =.
rlm_postgresql Status: PGRES_COMMAND_OK
sql_postgresql: affected rows = 1
query: INSERT into radacct ( AcctSessionId,
rlm_postgresql Status: PGRES_FATAL_ERROR
sql_postgresql: affected rows =
I have not many C experience, but it seems like
sql_affected_rows always 0 for update query
rlm_sql.c:
numaffected = (inst-module-sql_affected_rows)(sqlsocket, inst-config);
if (numaffected 1) {
/*
* If our update above didn't match anything
* we assume it's because we haven't seen a
* matching Start record. So we have to
* insert this stop rather than do an update
*/
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
accounting problem
Hello all freeradius-users, sorry again for my bad english... :) i changed radtest script to do acct, so as a result i got: Accounting: no Accounting-Status-Type record. modcall[accounting]: module unix returns noop Accounting: no Accounting-Status-Type record. modcall[accounting]: module radutmp returns noop modcall: group accounting returns ok Sending Accounting-Response of id 202 to 127.0.0.1:32800 modcall[accounting]: module detail returns ok Accounting: no Accounting-Status-Type record. modcall[accounting]: module unix returns noop Accounting: no Accounting-Status-Type record. modcall[accounting]: module radutmp returns noop modcall: group accounting returns ok Sending Accounting-Response of id 202 to 127.0.0.1:32800 what does Accounting: no Accounting-Status-Type record. mean? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: accounting problem
falcon [EMAIL PROTECTED] wrote: what does Accounting: no Accounting-Status-Type record. mean? That attribute isn't in the request. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: accounting problem
Hello falcon,
Saturday, February 8, 2003, 12:09:21 AM, you wrote:
f Hello all freeradius-users,
f sorry again for my bad english... :)
f i changed radtest script to do acct, so as a result i got:
f Accounting: no Accounting-Status-Type record.
f modcall[accounting]: module unix returns noop
f Accounting: no Accounting-Status-Type record.
f modcall[accounting]: module radutmp returns noop
f modcall: group accounting returns ok
f Sending Accounting-Response of id 202 to 127.0.0.1:32800
f modcall[accounting]: module detail returns ok
f Accounting: no Accounting-Status-Type record.
f modcall[accounting]: module unix returns noop
f Accounting: no Accounting-Status-Type record.
f modcall[accounting]: module radutmp returns noop
f modcall: group accounting returns ok
f Sending Accounting-Response of id 202 to 127.0.0.1:32800
f what does
Accounting: no Accounting-Status-Type record.
f mean?
f -
f List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
when i write in accounting sql it says:
Going to the next request
--- Walking the entire request list ---
Cleaning up request 6 ID 252 with timestamp 3e441fab
Nothing to do. Sleeping until we see a request.
rad_recv: Accounting-Request packet from host 127.0.0.1:32800, id=252, length=57
User-Name = blabla
User-Password = \3315aH\257l\331\327/\377k\364\242v\254[
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
modcall: entering group preacct
modcall[preacct]: module preprocess returns noop
rlm_realm: No '@' in User-Name = blabla, looking up realm NULL
rlm_realm: No such realm NULL
modcall[preacct]: module suffix returns noop
modcall[preacct]: module files returns noop
modcall: group preacct returns noop
modcall: entering group accounting
rlm_acct_unique: WARNING: Attribute 87 was not found in request, unique ID MAY be
inconsistent
rlm_acct_unique: WARNING: Attribute 44 was not found in request, unique ID MAY be
inconsistent
rlm_acct_unique: Hashing ',Client-IP-Address =
127.0.0.1,NAS-IP-Address = 255.255.255.255,,User-Name = blabla'
rlm_acct_unique: Acct-Unique-Session-ID = 3e3e05c4a4b2e091.
modcall[accounting]: module acct_unique returns ok
radius_xlat: '/var/log/radius/radacct/127.0.0.1/detail-20030208'
rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to
/var/log/radius/radacct/127.0.0.1/detail-20030208
modcall[accounting]: module detail returns ok
Accounting: no Accounting-Status-Type record.
modcall[accounting]: module unix returns noop
Accounting: no Accounting-Status-Type record.
modcall[accounting]: module radutmp returns noop
radius_xlat: 'rlm_sql: packet has no account status type. [user
'blabla', nas '255.255.255.255']'
rlm_sql: packet has no account status type. [user 'blabla', nas '255.255.255.255']
modcall[accounting]: module sql returns invalid
modcall: group accounting returns invalid
Finished request 7
Going to the next request
--- Walking the entire request list ---
Cleaning up request 7 ID 252 with timestamp 3e441fae
Nothing to do. Sleeping until we see a request.
and my radiusd.conf last lines are:
authorize
{
preprocess
chap
mschap
suffix
sql
}
authenticate
{
authype PAP {pap}
authype CHAP {chap}
authype MS-CHAP {ms-chap}
unix
}
preacct
{
preprocess
suffix
files
}
accounting
{
acct_unique
detail
unix
radutmp
sql
}
session
{radutmp
}
post-auth {}
Best regards,
falconmailto:[EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: accounting problem
At 03:09 PM 2/7/2003, you wrote: Hello all freeradius-users, sorry again for my bad english... :) i changed radtest script to do acct, so as a result i got: Accounting: no Accounting-Status-Type record. modcall[accounting]: module unix returns noop Accounting: no Accounting-Status-Type record. modcall[accounting]: module radutmp returns noop modcall: group accounting returns ok Sending Accounting-Response of id 202 to 127.0.0.1:32800 modcall[accounting]: module detail returns ok Accounting: no Accounting-Status-Type record. modcall[accounting]: module unix returns noop Accounting: no Accounting-Status-Type record. modcall[accounting]: module radutmp returns noop modcall: group accounting returns ok Sending Accounting-Response of id 202 to 127.0.0.1:32800 what does Accounting: no Accounting-Status-Type record. mean? Start, Stop, Off, or On. Sorry if I did not list them all, but those are some examples (I think there is an 'Alive' status too). Chris - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re[2]: accounting problem
Hello Alan, Friday, February 7, 2003, 7:11:38 PM, you wrote: AD falcon [EMAIL PROTECTED] wrote: what does Accounting: no Accounting-Status-Type record. mean? AD That attribute isn't in the request. AD Alan DeKok. AD - AD List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html but it is absent in dictionaries, what where i shuold write or read about it??? May be i should write it in acct request value-pairs? PLease help Best regards, falconmailto:[EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Re[2]: accounting problem
falcon [EMAIL PROTECTED] wrote: but it is absent in dictionaries, what where i shuold write or read about it??? May be i should write it in acct request value-pairs? PLease help It's really Acct-Status-Type. Read the dictionaries. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re[2]: accounting problem
Hello Chris, Saturday, February 8, 2003, 12:22:50 AM, you wrote: CB At 03:09 PM 2/7/2003, you wrote: Hello all freeradius-users, sorry again for my bad english... :) i changed radtest script to do acct, so as a result i got: Accounting: no Accounting-Status-Type record. modcall[accounting]: module unix returns noop Accounting: no Accounting-Status-Type record. modcall[accounting]: module radutmp returns noop modcall: group accounting returns ok Sending Accounting-Response of id 202 to 127.0.0.1:32800 modcall[accounting]: module detail returns ok Accounting: no Accounting-Status-Type record. modcall[accounting]: module unix returns noop Accounting: no Accounting-Status-Type record. modcall[accounting]: module radutmp returns noop modcall: group accounting returns ok Sending Accounting-Response of id 202 to 127.0.0.1:32800 what does Accounting: no Accounting-Status-Type record. mean? CB Start, Stop, Off, or On. Sorry if I did not list them all, but those are CB some examples (I think there is an 'Alive' status too). CB Chris CB - CB List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html thanks! :) Best regards, falconmailto:[EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Radius Accounting problem with MaxTnT
Dear all,
I have a problem with radius accounting. More specifically I am using
freeradius v0.8 with oracle 8i backend. The problem arises with some
accounting records, all from a MaxTnT NAS. As can be seen from the log
entries below, the problem is that NAS does not send a username with some
accounting records. As a result the SQL query fails and the record
cannot be written into the database. Does anyone know how I can block such
accounting requests from the MaxTnT NAS or does anybody know if this is a
known MaxTnT bug ???
As a temporary solution I've modified the SQL query and used Oracle's NVL
function as follows to prevent a NULL username in the SQL statement:
accounting_start_query = INSERT into ${acct_table1} (RadAcctId, AcctSessionId,
AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime,
AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop,
AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId,
AcctTerminateCause,
ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay)
values('', '%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',
NVL(%{SQL-User-Name},
'dummyraduser'), '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port-Id}', '%{NAS-Port-Type}',
TO_DATE('%S','-mm-dd hh24:mi:ss'), NULL, '0', '%{Acct-Authentic}',
'%{Connect-Info}',
'', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}',
'%{Framed-Protocol}', '%{Framed-IP-Address}', '%{Acct-Delay-Time}', '0')
This might do the trick but has a performance drawback. If anyone notices
any other problems this may cause please let me know.
RADIUS LOG
--
rad_recv: Accounting-Request packet from host 217.19.74.12:7020, id=34, length=116
NAS-IP-Address = 217.19.74.12
NAS-Port = 2113
NAS-Port-Type = Async
Acct-Status-Type = Start
Acct-Delay-Time = 229
Acct-Session-Id = 369446656
Acct-Authentic = Local
Idle-Timeout = 0
X-Ascend-Modem-PortNo = 62
X-Ascend-Modem-SlotNo = 1
X-Ascend-Modem-ShelfNo = 1
Calling-Station-Id = 2108150497
Called-Station-Id = 8962408080
modcall: entering group preacct
modcall[preacct]: module preprocess returns noop
rlm_realm: Proxy reply, or no user name. Ignoring.
modcall[preacct]: module suffix returns noop
modcall[preacct]: module files returns noop
modcall: group preacct returns noop
modcall: entering group accounting
rlm_acct_unique: WARNING: Attribute NAS-Port-Id was not found in request, unique ID
MAY be inconsistent
rlm_acct_unique: WARNING: Attribute User-Name was not found in request, unique ID MAY
be inconsistent
rlm_acct_unique: Hashing ',Client-IP-Address = 217.19.74.12,NAS-IP-Address =
217.19.74.12,Acct-Session-Id = 369446656,'
rlm_acct_unique: Acct-Unique-Session-ID = e8b5c0d1af61a38f.
modcall[accounting]: module acct_unique returns ok
radius_xlat: '/usr/local/var/log/radius/radacct/217.19.74.12/detail-20021212'
rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/217.19.74.12/detail-20021212
modcall[accounting]: module detail returns ok
modcall[accounting]: module counter returns noop
modcall[accounting]: module unix returns noop
radius_xlat: '/usr/local/var/log/radius/radutmp'
radius_xlat: ''
modcall[accounting]: module radutmp returns ok
radius_xlat: ''
radius_xlat: 'INSERT into radacct (RadAcctId, AcctSessionId, AcctUniqueId, UserName,
Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime,
AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets,
AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType,
FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('',
'369446656', 'e8b5c0d1af61a38f', '', '', '217.19.74.12', '', 'Async',
TO_DATE('2002-12-12 21:54:56','-mm-dd hh24:mi:ss'), NULL, '0', 'Local', '', '',
'0', '0', '8962408080', '2108150497', '', '', '', '', '229', '0')'
rlm_sql (sql): Reserving sql socket id: 3
rlm_sql_oracle: execute query failed in sql_query: ORA-01400: cannot insert NULL into
(URNET.RADACCT.USERNAME)
rlm_sql (sql): Attempting to connect rlm_sql_oracle #3
rlm_sql (sql): Connected new DB handle, #3
rlm_sql_oracle: execute query failed in sql_query: ORA-01400: cannot insert NULL into
(URNET.RADACCT.USERNAME)
rlm_sql (sql): failed after re-connect
rlm_sql (sql): Couldn't update SQL accounting for START packet - ORA-01400: cannot
insert NULL into (URNET.RADACCT.USERNAME)
radius_xlat: 'UPDATE radacct SET AcctStartTime = TO_DATE('2002-12-12
21:54:56','-mm-dd hh24:mi:ss'), AcctStartDelay = '229', ConnectInfo_start = ''
WHERE AcctSessionId = '369446656' AND UserName = '' AND NASIPAddress = '217.19.74.12'
AND AcctStopTime = IS NULL'
rlm_sql_oracle: execute query failed in sql_query: ORA-00936: missing expression
rlm_sql (sql): Attempting to connect
Re: Radius Accounting problem with MaxTnT
Dimitrios E. Digas [EMAIL PROTECTED] wrote: I have a problem with radius accounting. More specifically I am using freeradius v0.8 with oracle 8i backend. The problem arises with some accounting records, all from a MaxTnT NAS. As can be seen from the log entries below, the problem is that NAS does not send a username with some accounting records. As a result the SQL query fails and the record cannot be written into the database. Read 'raddb/sql.conf', and look for sql_user_name. The configuration file tells you how to deal with this problem. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Strange Accounting Problem
Hello, I use freeradius-0.5 on a linux box. I am getting strange accounting behavior. I noticed weird client IP directories being created in my /usr/adm/radacct directory. My normal clients are 192.168.192.22 and 192.168.192.23. I have two directories, 192.168.192.22 and 192.168.192.23, in my /usr/adm/radacct directory, as it should be, and these two directories have details files, as they should. However, I also have many weird directories with names like 208.221.28.8, 40.37.27.8, 0.35.27.8, etc. Like I said, I have many of these weird directories. Each one of these directories has a detail file, but there are only 'Stop' records in these detail files. I started a tcpdump session to capture the traffic from ports 1645 and 1646 (I use the old ports for radius). In the /usr/adm/radacct/208.221.28.8/detail file I have: [WA:root@pri radacct]# cat 208.221.28.8/detail Wed Oct 30 21:03:04 2002 Acct-Status-Type = Stop NAS-IP-Address = 192.168.192.5 Acct-Delay-Time = 0 User-Name = bono NAS-Port = 3460 Acct-Session-Id = 00036E07 Service-Type = Framed-User Framed-Protocol = PPP Acct-Session-Time = 0 Acct-Input-Octets = 0 Acct-Output-Octets = 0 Acct-Input-Packets = 0 Acct-Output-Packets = 0 Client-IP-Address = 208.221.28.8 Timestamp = 1036036984 The corresponding packet in my tcpdump that relates to 208.221.28.8 is: 21:03:04.201975 pri.wildapache.net.radacct 208.221.28.8.32815: [udp sum ok] rad-account-resp 20 [id 18] (DF) (ttl 64, id 0, len 48) Freeradius is creating and sending accounting information to the detail file in 208.221.28.8 This type of activity is very random. That is, I only get this type of weirdness ever so often for different users. Most of the time there is only one entry in a given 'weird client' directory, but sometimes there are multiple entries for different users. These are always 'Stop' records. Does anyone know what is causing this? Have I forgotten/missed something in my configuration? I really need to get this cleared up since it is messing up my statistical records. Any help will be greatly appreciated. Thanks, Murrah Boswell Systems Administrator Wild Apache Internet Services [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Strange Accounting Problem
WA Support [EMAIL PROTECTED] wrote: I use freeradius-0.5 on a linux box. Huh? 0.7 was released nearly 3 months ago. I noticed weird client IP directories being created in my /usr/adm/radacct directory. My normal clients are 192.168.192.22 and 192.168.192.23. I have two directories, 192.168.192.22 and 192.168.192.23, in my /usr/adm/radacct directory, as it should be, and these two directories have details files, as they should. Yeah, it's a bug in older versions of the server. See why upgrading is a good idea? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Strange Accounting Problem
My bad, I am thoroughly scolded! Murrah Boswell Alan DeKok wrote: WA Support [EMAIL PROTECTED] wrote: I use freeradius-0.5 on a linux box. Huh? 0.7 was released nearly 3 months ago. I noticed weird client IP directories being created in my /usr/adm/radacct directory. My normal clients are 192.168.192.22 and 192.168.192.23. I have two directories, 192.168.192.22 and 192.168.192.23, in my /usr/adm/radacct directory, as it should be, and these two directories have details files, as they should. Yeah, it's a bug in older versions of the server. See why upgrading is a good idea? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
accounting problem
I'm using FR 0.7. I have proxying enabled, and the NULL realm accounting host
set to LOCAL. When I send an accounting packet using radclient, an
Accounting-Response packet is never sent. Everything in accounting returns
ok, but no response is sent back.
More info can be provided if necessary.
Kevin
Here is the output using debugging:
rad_recv: Accounting-Request packet from host 192.168.1.10:32768, id=1,
length=138
Thread 2 assigned request 1
--- Walking the entire request list ---
Threads: total/active/spare threads = 5/1/4
Waking up in 5 seconds...
Thread 2 handling request 1, (1 handled so far)
User-Name = test
NAS-IP-Address = 10.0.1.3
NAS-Port = 1
NAS-Port-Type = Async
Acct-Status-Type = Start
Acct-Delay-Time = 0
Acct-Session-Id = 1
Acct-Authentic = RADIUS
Framed-Protocol = PPP
Framed-IP-Address = xxx.xxx.xxx.xxx
Service-Type = Framed-User
modcall: entering group preacct
modcall[preacct]: module preprocess returns noop
rlm_realm: Looking up realm NULL for User-Name = test
rlm_realm: Found realm NULL
rlm_realm: Adding Stripped-User-Name = test
rlm_realm: Proxying request from user test to realm NULL
rlm_realm: Adding Realm = NULL
rlm_realm: Accounting realm is LOCAL.
rlm_realm: acct_port is not set. proxy cancelled
modcall[preacct]: module suffix returns noop
acct_users: Matched DEFAULT at 16
modcall[preacct]: module files returns ok
modcall: group preacct returns ok
modcall: entering group accounting
radius_xlat: 'test'
sql_set_user: escaped user -- 'test'
radius_xlat: 'INSERT INTO radacct (RadAcctId, AcctSessionId, UserName, Realm,
NASIPAddress) VALUES ('', '1', 'test', 'NULL', '10.0.1.3')'
rlm_sql: Reserving sql socket id: 3
rlm_sql: Released sql socket id: 3
modcall[accounting]: module sql0 returns ok
modcall: group accounting returns ok
Finished request 1
Going to the next request
Thread 2 waiting to be assigned a request
--- Walking the entire request list ---
Threads: total/active/spare threads = 5/0/5
Cleaning up request 1 ID 1 with timestamp 3d446c85
Nothing to do. Sleeping until we see a request.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Radius Accounting Problem
Just use acct_unique in radiusd.conf and ignore sessions with equal Acct-Unique-Session-ID (or use unique ID SQL column). we've noticed double/multiple accounting entries recorded in mysql in only one session with the same AcctStartTime (some differs in -- B. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FreeRADIUS accounting problem
Please help. This may have already been solved. If someone knows where I can
find the answer in the mailing list, please let me know.
I encounter a small problem with FreeRADIUS 0.5 release. The test
environment is between a Cisco IOS 12.2 router and a RedHat 7.2 Linux
FreeRADIUS server. FreeRADIUS was compiled on the RH Linux machine using the
enclosed freeradius.spec by way of RPM.
If I use the normal command line to start the radius server as in radiusd
or radiusd -y, the accounting information will be sent from Cisco router
and recorded 3 times in the /var/log/radius/radacct/{NAS IP address}. It
seems that the accounting information sent by the router did not get a reply
from the radius server, so the router retries again and again.
However, if I run the radius server in the debug mode such as radiusd -xy
or radius -xxy, the radius server indeed sends a reply to the router's
accounting information. The accounting information gets to be registered
only once.
The above is true whether I run the radiusd in foreground or background
daemon mode.
I think I am missing something. Please enlighten me. Thanks,
Joseph Liu
JPL
Pasadena, CA
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re[2]: PIX v6.1 accounting problem
Dear Pierre Strazza, It means Cisco has a Vendor-Specific packet structure different from one recommended in RFC (or sends a buggy packet). Can you sniff the packet? --Wednesday, March 20, 2002, 3:45:27 AM, you wrote to [EMAIL PROTECTED]: PS Here is the radius.log extract : PS Wed Mar 20 01:41:30 2002 : Error: WARNING: Malformed RADIUS packet from host PS x.x.x.x: Vendor specific attributes do not exactly fill Vendor-Specific PS Same error is reported while running in debug mode. PS No further accounting information is logged. PS The cisco box is a PIX firewall v6.1, authenticating users thru the PS freeradius server for VPN access. PS Pierre. PS -Message d'origine- PS De : Chris Parker [mailto:[EMAIL PROTECTED]] PS Envoyé : mardi 19 mars 2002 19:13 PS À : [EMAIL PROTECTED] PS Objet : RE: PIX v6.1 accounting problem PS At 05:19 PM 3/19/2002 +0100, Pierre Strazza wrote: The request is not loggued since an error message is reported in the radius.log file, indicating some non conform attributes - not proceeded. the dictionary.cisco seems to be already included in the dictionary file by default .. Any idea ? PS It would really really really help if you could provide the error message PS printed by the server, as well as any printed when you run it in debug PS mode. PS -Chris PS -- PS \\\|||/// \ StarNet Inc. \Chris Parker PS \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering PS | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 PS oOo---(_)---oOo--\-- PS\ Wholesale Internet Services - http://www.megapop.net PS - PS List info/subscribe/unsubscribe? See PS http://www.freeradius.org/list/users.html PS . PS . PS . PS - PS List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- ~/ZARAZA Íî Ãàððè... ÿ áåçóñëîâíî îòäàþ ïðåäïî÷òåíèå åìó, çà âûñîêóþ ïèòàòåëüíîñòü è êàêîå-òî îñîáåííî íåæíîå ìÿñî. (Òâåí) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: PIX v6.1 accounting problem
Pierre Strazza [EMAIL PROTECTED] wrote: Here is the radius.log extract : Wed Mar 20 01:41:30 2002 : Error: WARNING: Malformed RADIUS packet from = host x.x.x.x: Vendor specific attributes do not exactly fill Vendor-Specific Then it's not a valid RADIUS packet. Use 'tcpdump' to get a hex dump of the packet. And talk to Cisco. Get them to fix their broken RADIUS implementation. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Re[2]: PIX v6.1 accounting problem
a t i o n - P o r t = 8 0 -Message d'origine- De : 3APA3A [mailto:[EMAIL PROTECTED]] Envoyé : mercredi 20 mars 2002 09:44 À : Pierre Strazza Objet : Re[2]: PIX v6.1 accounting problem Dear Pierre Strazza, It means Cisco has a Vendor-Specific packet structure different from one recommended in RFC (or sends a buggy packet). Can you sniff the packet? --Wednesday, March 20, 2002, 3:45:27 AM, you wrote to [EMAIL PROTECTED]: PS Here is the radius.log extract : PS Wed Mar 20 01:41:30 2002 : Error: WARNING: Malformed RADIUS packet from host PS x.x.x.x: Vendor specific attributes do not exactly fill Vendor-Specific PS Same error is reported while running in debug mode. PS No further accounting information is logged. PS The cisco box is a PIX firewall v6.1, authenticating users thru the PS freeradius server for VPN access. PS Pierre. PS -Message d'origine- PS De : Chris Parker [mailto:[EMAIL PROTECTED]] PS Envoyé : mardi 19 mars 2002 19:13 PS À : [EMAIL PROTECTED] PS Objet : RE: PIX v6.1 accounting problem PS At 05:19 PM 3/19/2002 +0100, Pierre Strazza wrote: The request is not loggued since an error message is reported in the radius.log file, indicating some non conform attributes - not proceeded. the dictionary.cisco seems to be already included in the dictionary file by default .. Any idea ? PS It would really really really help if you could provide the error message PS printed by the server, as well as any printed when you run it in debug PS mode. PS -Chris PS -- PS \\\|||/// \ StarNet Inc. \Chris Parker PS \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering PS | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 PS oOo---(_)---oOo--\-- PS\ Wholesale Internet Services - http://www.megapop.net PS - PS List info/subscribe/unsubscribe? See PS http://www.freeradius.org/list/users.html PS . PS . PS . PS - PS List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- ~/ZARAZA Íî Ãàððè... ÿ áåçóñëîâíî îòäàþ ïðåäïî÷òåíèå åìó, çà âûñîêóþ ïèòàòåëüíîñòü è êàêîå-òî îñîáåííî íåæíîå ìÿñî. (Òâåí) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html . . . - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
PIX v6.1 accounting problem
Hi again, I need to account acesses made on a PIX firewall v6.1 on the Radius server. Debugging of the radiusd process shows that requests are correctly sent to the radius accounting port, but are not handled, because of some non conform VSA ... Any dictionary for PIX v6.1 ? :-) Regards, Pierre. . - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: PIX v6.1 accounting problem
At 02:55 PM 3/19/2002 +0100, Pierre Strazza wrote: Hi again, I need to account acesses made on a PIX firewall v6.1 on the Radius server. Debugging of the radiusd process shows that requests are correctly sent to the radius accounting port, but are not handled, because of some non conform VSA ... Won't stop it from logging the request. May stop it from logging human readable formats. Can you elaborate on 'not handled'? Any dictionary for PIX v6.1 ? :-) PIX is cisco. Are you enabling the use of 'dictionary.cisco'? -Chris -- \\\|||/// \ StarNet Inc. \Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: PIX v6.1 accounting problem
The request is not loggued since an error message is reported in the radius.log file, indicating some non conform attributes - not proceeded. the dictionary.cisco seems to be already included in the dictionary file by default .. Any idea ? Pierre. -Message d'origine- De : Chris Parker [mailto:[EMAIL PROTECTED]] Envoyé : mardi 19 mars 2002 16:09 À : [EMAIL PROTECTED] Objet : Re: PIX v6.1 accounting problem At 02:55 PM 3/19/2002 +0100, Pierre Strazza wrote: Hi again, I need to account acesses made on a PIX firewall v6.1 on the Radius server. Debugging of the radiusd process shows that requests are correctly sent to the radius accounting port, but are not handled, because of some non conform VSA ... Won't stop it from logging the request. May stop it from logging human readable formats. Can you elaborate on 'not handled'? Any dictionary for PIX v6.1 ? :-) PIX is cisco. Are you enabling the use of 'dictionary.cisco'? -Chris -- \\\|||/// \ StarNet Inc. \Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html . . . - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: PIX v6.1 accounting problem
Here is the radius.log extract : Wed Mar 20 01:41:30 2002 : Error: WARNING: Malformed RADIUS packet from host x.x.x.x: Vendor specific attributes do not exactly fill Vendor-Specific Same error is reported while running in debug mode. No further accounting information is logged. The cisco box is a PIX firewall v6.1, authenticating users thru the freeradius server for VPN access. Pierre. -Message d'origine- De : Chris Parker [mailto:[EMAIL PROTECTED]] Envoyé : mardi 19 mars 2002 19:13 À : [EMAIL PROTECTED] Objet : RE: PIX v6.1 accounting problem At 05:19 PM 3/19/2002 +0100, Pierre Strazza wrote: The request is not loggued since an error message is reported in the radius.log file, indicating some non conform attributes - not proceeded. the dictionary.cisco seems to be already included in the dictionary file by default .. Any idea ? It would really really really help if you could provide the error message printed by the server, as well as any printed when you run it in debug mode. -Chris -- \\\|||/// \ StarNet Inc. \Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html . . . - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Accounting problem with freeradius 0.4
Cyrille Lefranc [EMAIL PROTECTED] wrote: We have encountered the following issue with version 4 of the freeradius server (it works fine with version 3) : Version 0.3 was wrong. We send an Accounting-On request to the server, and expect for the pair 'Acct-Status-Type = Accounting-On' in the reply. Why? http://www.freeradius.org/rfc/rfc2866.html See section 5.13, near the bottom: No attributes should be found in Accounting-Response packets except Proxy-State and possibly Vendor-Specific. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
