Accounting-Request/Accounting-Response question
Hi,
This isn't specific to FreeRadius, so if its not for
this group, please let me know.
I'm looking into the Accounting-Request packet for
the following :
*** DUMP OF RADIUS PACKET (Net::Radius::Packet=HASH(0x834ac1c))
Code: Accounting-Request
Identifier: 1
Authentic:
\x{0}\x{0}\x{0}\x{0}\x{0}\x{0}\x{0}\x{0}\x{0}\x{0}\x{0}\x{0}\x{0}\x{0}\x{0}\x{0}
Attributes:
Acct-Status-Type:Accounting-On
NAS-IP-Address: 192.168.3.100
Called-Station-Id: 00-BD-5D-FD-4D-38
NAS-Identifier: nas01
Acct-Terminate-Cause: NAS-Reboot
When I get it back, I get :
Code: Accounting-Response
Identifier: 1
Authentic: \x{a}\x{da}\%\x{1f}\x{ff}o\`\x{bf}\(\x{b0}V\x{aa}\x{ba}J;\x{99}
Attributes:
Is there anything that would make this NOT come back like that?
(Except maybe the secret being incorrect).
When I send it, I set :
$req->set_code('Accounting-Request');
$req->set_attr('Acct-Status-Type' => 'Accounting-On');
$req->set_attr('NAS-IP-Address' => '192.168.3.100');
$req->set_attr('Called-Station-Id' => '00-BD-5D-FD-4D-38');
$req->set_attr('NAS-Identifier' => 'nas01');
$req->set_attr('Acct-Terminate-Cause' => 'NAS-Reboot');
$req->set_identifier($ident);
$req->set_authenticator(""); # random authenticator required
though I see from the UPDATE statement:
accounting_onoff_query = "\
UPDATE ${acct_table1} \
SET \
acctstoptime = '%S', \
acctsessiontime= unix_timestamp('%S') - \
unix_timestamp(acctstarttime), \
acctterminatecause = '%{Acct-Terminate-Cause}', \
acctstopdelay = %{%{Acct-Delay-Time}:-0} \
WHERE acctstoptime = NULL \
AND nasipaddress = '%{NAS-IP-Address}' \
AND acctstarttime <= '%S'"
it seems to only really need Acct-Terminate-Cause and
NAS-IP-Address .
Thanks, Tuc
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Extra accounting fields not accounting
Hiya
I am trying to account additional attributes on our accounting server.
It is happily accounting radacct at the moment, but I would like to log
some of the other atributes.
At this moment I am just trying at add one "Acct-Tunnel-Connection". I
have added an extra field into the radacct table, and modified the
accounting start query to use this extra field and referenced the
attribute with '%{Acct-Tunnel-Connection}' at the right place in the
insert statement.
Accounting has continued as normal, but this extra field has not been
written to the db. I am using postgresql for the accounting, and simply
altered the radacct table with
alter table radacct add column tunnelname varchar(255);
any suggestions or ideas as to what I have missed?
Thanks
--
-
Graeme Hinchliffe (BSc)
Core Internet Systems Designer
Zen Internet (http://www.zen.co.uk/)
ICQ 3842605 (link)
Direct: 0845 058 9074
Main : 0845 058 9000
Fax : 0845 058 9005
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Accounting
We at Bristol have used FreeRADIUS with no problems for some time, but I would like to alter the way that accounting is performed, but I am unsure of how to do it. Currently all the accounting is sent to a MySQL database. The 'radacct' table tells me the start/stop of each session and the amount of traffic passed in that time. However the traffic figures are only updated when the user's session terminates. Is there a way to get up-to-date statistics that can be polled, say, on an hourly basis? What I'm getting at is that I want each user to have a daily/weekly/etc traffic quota so the radius server should repeatedly check to see if it has been exceeded. Appropriate action will be taken elsewhere is this is exceeded. Does anyone have any pointers? e.g. can the radius server be queried intermittently for traffic figures? Can the radacct table be updated hourly without forcing a disconnection? Cheers, Jonathan Jonathan Gazeley Systems Support Specialist ResNet | Wireless & VPN Team Information Services University of Bristol - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Accounting
Hi, I do proxy RADIUS correctly. so a radius account can be connected by different NAS'es. Each NAS is owned by a Hotspot Operator. I have different costs of roaming service depending on the Hotspot Operator. How can I controll the NAS of a hotspot Operator (not is valid the nasipaddress) ? How can I include the 'WISPr Operator' or 'WISPr Location' attribute in my Request? An I supposed that these attributes are not supported by radacct table. Is it true?? _ Horóscopo, tarot, numerología... Escucha lo que te dicen los astros. http://astrocentro.msn.es/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
accounting.
hi all, how is accounting implemented in freeradius in case of a prepaid user? thank you. - The DELETE button on Yahoo! Mail is unhappy. Know why?- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Accounting...
Dear all, I've a few account type, one postpaid, one prepaid. If there anyway I can split their Data input in SQL? I've being trying to use class, but I don't know how. both type of the users is in the same realms. Anyone can provided some guide? Regards, Thank You - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
accounting
Two questions that I am seeking answers to. 1. Can freeradius log accounting info in a local file, meaning not to use a sql database? If yes, how to enable that and where the log files will be (configurable?) 2. I loaded freeradius 2.13.fc9.i386. "rpm -qa" shows that freeradius-mysql-2.1.3-1.fc9.i386 is installed. However, "which mysql: shows this command is not available. Do I need to download mysql and install it or does this version of freeradius install mysql automatically? Thanks. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Accounting-Request/Accounting-Response question
Tuc at T-B-O-H.NET wrote:
> I'm looking into the Accounting-Request packet for
> the following :
>
> *** DUMP OF RADIUS PACKET (Net::Radius::Packet=HASH(0x834ac1c))
> Code: Accounting-Request
> Identifier: 1
> Authentic:
> \x{0}\x{0}\x{0}\x{0}\x{0}\x{0}\x{0}\x{0}\x{0}\x{0}\x{0}\x{0}\x{0}\x{0}\x{0}\x{0}
That's wrong. It should be signed by the shared secret.
> When I get it back, I get :
>
> Code: Accounting-Response
> Identifier: 1
> Authentic: \x{a}\x{da}\%\x{1f}\x{ff}o\`\x{bf}\(\x{b0}V\x{aa}\x{ba}J;\x{99}
> Attributes:
>
> Is there anything that would make this NOT come back like that?
What do you mean?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Extra accounting fields not accounting
Oh and in addition to that email :)
I have tried using tcpdump and capturing the accounting packets. and
they do contain the Tunnel-Connection attribute, I checked with Ethereal
to see what extra goodies there were availible
Graeme
On Tue, 2004-07-20 at 17:20, Graeme Hinchliffe wrote:
> Hiya
> I am trying to account additional attributes on our accounting server.
> It is happily accounting radacct at the moment, but I would like to log
> some of the other atributes.
>
> At this moment I am just trying at add one "Acct-Tunnel-Connection". I
> have added an extra field into the radacct table, and modified the
> accounting start query to use this extra field and referenced the
> attribute with '%{Acct-Tunnel-Connection}' at the right place in the
> insert statement.
>
> Accounting has continued as normal, but this extra field has not been
> written to the db. I am using postgresql for the accounting, and simply
> altered the radacct table with
>
> alter table radacct add column tunnelname varchar(255);
>
> any suggestions or ideas as to what I have missed?
>
> Thanks
--
-
Graeme Hinchliffe (BSc)
Core Internet Systems Designer
Zen Internet (http://www.zen.co.uk/)
ICQ 3842605 (link)
Direct: 0845 058 9074
Main : 0845 058 9000
Fax : 0845 058 9005
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RFC 2866 - Accounting ON / Accounting OFF packets
Hi, RFC 2866 (5.5) States 'An Accounting-Request packet MUST have an Acct-Session-Id' but for Accounting Request packets with 'Acct-Status-Type' set to Accounting-On or Accounting-Off, there can be no Acct-Session-Id, as these are global events on the NAS... Unless the NAS is meant to send an Accounting-On or Accounting-Off packet for every session on the access point, when an Accounting-On or Accounting-Off event occurs... Does anyone know of a later RFC that clarifies this ? Also the index 'acctsessiontime' is missing for the radacct table in the default schema; makes the Accounting-On / Accounting-Off queries very slow doing a table scan on 1.4 million rows... Is this intentional or an oversight ? Might be an Idea to specify the default engine as InnoDB for the MySQL schemas. MyISAM (with it's table locks on every update/insert) just doesn't cut it with a reasonably busy RADIUS server; all connections in the db pool get used and users start being rejected. Not good ... Thanks, Arran ** -- Arran Cudbard-Bell ([EMAIL PROTECTED]) Authentication, Authorisation and Accounting Officer Infrastructure Services | ENG1 E1-1-08 University Of Sussex, Brighton EXT:01273 873900 | INT: 3900 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
duplicate accounting with mysql-accounting and radrelay
Hi, there are several things I can imagine to prevent the below, but before re-inventing the wheel, I'm sure somebody of you has a simple solution for this or some good posts to point to ? Here it goes: using freeradius-1.0-pre2 on two servers, setup as follows: - server1 doing local mysql-accounting into table radacct - server2 is only accounting to detail and a detail-relay files for usage with radrelay to replay them to server1 the mysql-db is replicated from server1 (local-db) to server2 (local-db) but server2 does no accounting into sql while still doing auth/author but this shouldn't matter for this. Now, everything fine so far but while testing failover, I got duplicate accounting-records inserted into radacct-table. setup of database and queries is quite straightforward from the supplied sql.conf I were able to understand what happened: - server1 shutdown - session started 21:17:32, auth by server2, acct-start record on server2 saved in detail-relay for radrelay - radrelay on server2 has not yet sent the record from 21:17:32 to server1 - 21:22:02 server1 is up again - an acct-alive received for this session on server1 - server1 inserts a record with accounting_update_query_alt (as expected, no session in radacct yet present, so accounting_update_query fails and _alt kicks in) - 21:24:04 radrelay on server2 sends acct-start record to server1 using radrelay - server1 creates a new acct-session in radacct table (also as expected, accounting_start_query works fine) - from now on, the two sessions are updated "in sync" and closed correctly by server1 Now, banging my head to some walls, there are some more cases where things will go wrong: Scenario2: server1 down - acct-alive sent to server2 - server1 up - acct-stop to server1 - acct-alive from server2 sent by radrelay -> again duplicate sessions in radacct) The easiest thing I could imagine is something with AcctUniqueId to prevent duplicates BUT: AcctUniqueId is different between server1 and server2 for the above session, after going through all logs, Client-IP-Address is server2 instead of the NAS in the packet radrelay sent from server2 to server1 (which is intentional what I've understood) Now one could remove Client-Ip from acct_unique and make it unique in the DB but this alone probably won't really solve the problem. I'd appreciate any hint on solving these duplicate accounting issues -or in general on how to get 100% reliable accounting into my db with two radius servers. Michael - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Duplicating Accounting Requests / accounting to multiple locations
Hi, i'd like to forward accounting requests to multiple locations. We use radius accounting not just for billing/accounting but also monitoring, tr069 configuration and other stuff so we need multiple locations to send the information to. I have found the home_server_pool stuff but the policys avail show only load balancing or destination hashing which is not what i'd like to have. A "duplicate" policy would be what i was looking for. Acknowledge the packet to the sending NAS and sending requests to all final systems and waiting for their acknowlegde. A limit in queue or storage capacity would be acceptable e.g. max 1000 requests outstanding and front dropping afterwards. I have found the "copy-acct-to-home-server" virtual site which makes me wonder about the imposed delay by writing the accounting records to disk and reading again for forwarding. Sounds like a strange solution - a bit like UUCP store and forward copy ... Flo -- Florian Lohoff f...@zz.de signature.asc Description: Digital signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Accounting Packets
Hi all, I'm running FreeRADIUS Version 1.1.3, I need to configure freeradius for ONLY receiving radius accounting packets and saving these on a file and if possible saving the information in a database using postgresql. Can any anyone give me an overview of what i need to do/configure ? BR, CaDhV. _ Discover the new Windows Vista http://search.msn.com/results.aspx?q=windows+vista&mkt=en-US&form=QBRE - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
accounting update
I'm trying to do something like http://www.netexpertise.eu/en/FreeRadius/DailyAcct.html this tutorial so that traffic is collected at a regular intervals. The only thing is that they use a cisco router, which has some shell command configuration (I suppose?), anyway, I don't think my router supports the aaa accounting update commands, neither it has many configuration options. Is there any way to work around this. Freeradius server and client run on a linux computer, with apache, and chillispot(for web based login). Greetz Daan EDIT: Could someone post me some more info about the Acct-Interim-Interval command, how this works and if this could be a workaround for traffic collection on a regular base. I saw on this site how someone did this. >I use freeradius & MySQL. I am able to set frequency of acct update by setting attribute Acct-Interim-Interval in rad[group]reply table to number of seconds between updates. > but I'd like to have some more detailed instructions on what to do. Thanks in advance -- View this message in context: http://www.nabble.com/accounting-update-tf4635760.html#a13238963 Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Accounting logs
trsfile = ${confdir}/attrs
}
attr_filter attr_filter.pre-proxy {
attrsfile = ${confdir}/attrs.pre-proxy
}
attr_filter attr_filter.access_reject {
key = %{User-Name}
attrsfile = ${confdir}/attrs.access_reject
}
attr_filter attr_filter.accounting_response {
key = %{User-Name}
attrsfile = ${confdir}/attrs.accounting_response
}
counter daily {
filename = ${db_dir}/db.daily
key = User-Name
count-attribute = Acct-Session-Time
reset = daily
counter-name = Daily-Session-Time
check-name = Max-Daily-Session
reply-name = Session-Timeout
allowed-servicetype = Framed-User
cache-size = 5000
}
$INCLUDE sql/mysql/counter.conf
always fail {
rcode = fail
}
always reject {
rcode = reject
}
always noop {
rcode = noop
}
always handled {
rcode = handled
}
always updated {
rcode = updated
}
always notfound {
rcode = notfound
}
always ok {
rcode = ok
simulcount = 0
mpp = no
}
expr {
}
digest {
}
expiration {
reply-message = "Password Has Expired\r\n"
}
logintime {
reply-message = "You are calling outside your allowed
timespan\r\n"
minimum-timeout = 60
}
exec {
wait = yes
input_pairs = request
shell_escape = yes
output = none
}
exec echo {
wait = yes
program = "/bin/echo %{User-Name}"
input_pairs = request
output_pairs = reply
shell_escape = yes
}
ippool main_pool {
range-start = 192.168.1.1
range-stop = 192.168.3.254
netmask = 255.255.255.0
cache-size = 800
session-db = ${db_dir}/db.ippool
ip-index = ${db_dir}/db.ipindex
override = no
maximum-timeout = 0
}
policy {
filename = ${confdir}/policy.txt
}
}
instantiate {
exec
expr
expiration
logintime
}
$INCLUDE policy.conf
$INCLUDE sites-enabled/
EOF
acct_users:
DEFAULT Ldap-UserDN = `uid=%{User-Name},ou=people,dc=cadorna,dc=biz`
EOF
sites-enabled/default:
authorize {
preprocess
auth_log
chap
mschap
suffix
eap {
ok = return
}
unix
files
ldap
expiration
logintime
pap
}
authenticate {
Auth-Type PAP {
pap
}
Auth-Type CHAP {
chap
}
Auth-Type MS-CHAP {
mschap
}
unix
Auth-Type LDAP {
ldap
}
eap
}
preacct {
preprocess
acct_unique
suffix
files
}
accounting {
detail
unix
radutmp
attr_filter.accounting_response
}
session {
radutmp
}
post-auth {
Post-Auth-Type REJECT {
attr_filter.access_reject
}
}
pre-proxy {
}
post-proxy {
eap
}
EOF
thanks in advance!
--
--
Open Kairos http://www.openkairos.com
Watch More TV http://sebelk.blogspot.com
Sergio Belkin -
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Accounting
Your NAS' need support for Radius Extensions... the Interm-Accounting attributes. Then, once this is working, you can always add a script to the accouting section to process the limits you want to impose. Kind Regards Etienne Pretorius Network Administrator Kingsley Technologies Email: [EMAIL PROTECTED] Tel: 086 11 KTECH Local Fax: 086 611 5001 International Fax: +27 21 761 9930 Email Disclaimer Acceptable Use Policy Jonathan Gazeley wrote: We at Bristol have used FreeRADIUS with no problems for some time, but I would like to alter the way that accounting is performed, but I am unsure of how to do it. Currently all the accounting is sent to a MySQL database. The 'radacct' table tells me the start/stop of each session and the amount of traffic passed in that time. However the traffic figures are only updated when the user's session terminates. Is there a way to get up-to-date statistics that can be polled, say, on an hourly basis? What I'm getting at is that I want each user to have a daily/weekly/etc traffic quota so the radius server should repeatedly check to see if it has been exceeded. Appropriate action will be taken elsewhere is this is exceeded. Does anyone have any pointers? e.g. can the radius server be queried intermittently for traffic figures? Can the radacct table be updated hourly without forcing a disconnection? Cheers, Jonathan Jonathan Gazeley Systems Support Specialist ResNet | Wireless & VPN Team Information Services University of Bristol - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Accounting
On Thu, Aug 07, 2008 at 11:05:00AM +0100, Jonathan Gazeley wrote: We at Bristol have used FreeRADIUS with no problems for some time, but I would like to alter the way that accounting is performed, but I am unsure of how to do it. Currently all the accounting is sent to a MySQL database. The 'radacct' table tells me the start/stop of each session and the amount of traffic passed in that time. However the traffic figures are only updated when the user's session terminates. Is there a way to get up-to-date statistics that can be polled, say, on an hourly basis? Your NAS needs to support interim accounting. If it does already, it might be as simple as adding: DEFAULT Acct-Interim-Interval = 1800, Fall-Through = yes ...to the "users" file; modify as appropriate of course for your config. The "sql.conf" file will need to have the interim queries defined of course; the default configs do. If your NAS doesn't support interim accoutning (some ethernet switches don't, irritatingly) then you'll need to resort to something like snmp, netflow or pmacct, and go from ip->mac and then mac (callingstationid) to username. What I'm getting at is that I want each user to have a daily/weekly/etc traffic quota so the radius server should repeatedly check to see if it has been exceeded. Appropriate action will be taken elsewhere is this is exceeded. Yeah, we do this. It works very well. If you want to contact me offline I can give you the details. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
accounting method
Hi, I just installed new Freeradius server (2.0.5) using LDAP and mysql for accounting and it's all working grate. I want to change the accounting method so instead of adding one accounting record with NULL at the acctstoptime field at accounting start I want it to be one record for accounting start with the code 1 and another record for stop with code 2. That way I can monitor user concurrency and so . I tried to google it and didn't found anything useful for this , is there anywhere I can read about this or anyone can help me here regarding this? Thanks in advance , Ram - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Accounting
Phil Mayers wrote: Your NAS needs to support interim accounting. Thanks for your help. After your recommendation I did some reading and came across this: http://www.netexpertise.eu/en/freeradius/daily-accounting.html We are using Cisco WiSMs, which don't seem to support the command "aaa accounting update periodic 180" (After "aaa" the only available option is "auth"). I can't find anything useful on Google. Can anyone verify if this is type of setup is possible with WiSMs? The author of the article refers to a "Cisco router" which I took to mean WiSMs as I do not believe our routers here have anything to do with the AAA process. Cheers, Jonathan Jonathan Gazeley Systems Support Specialist ResNet | Wireless & VPN Team Information Services University of Bristol - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Accounting
Phil Mayers wrote: Your NAS needs to support interim accounting. If it does already, it might be as simple as adding: DEFAULT Acct-Interim-Interval = 1800, Fall-Through = yes ...to the "users" file; modify as appropriate of course for your config. I have added the lines above to my "users" file, replacing 1800 with a value of 20. However, the updates do not occur every 20 minutes. Do I also need to enable something on my NAS (Cisco WiSMs) to allow it to provide accounting on demand? I did also try to edit the config on my WiSMs to push the accounting every 20 minutes but was unable to get that to work. The guy who primarily looks after the WiSMs is away at the moment. How is interim accounting normally done? I don't mind if the accounting is pushed or pulled, whatever works. Thanks, Jonathan Jonathan Gazeley Systems Support Specialist ResNet | Wireless & VPN Team Information Services University of Bristol - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Accounting
20 would mean 20 seconds not 20 minutes. Does the interim attribute appear in the Access-Accept packet? You can set up interim accounting by passing that radius attribute or it can be fixed in the NAS configuration. Ivan Kalik Kalik Informatika ISP Dana 12/8/2008, "Jonathan Gazeley" <[EMAIL PROTECTED]> piše: >Phil Mayers wrote: >> Your NAS needs to support interim accounting. >> >> If it does already, it might be as simple as adding: >> >> DEFAULT >> Acct-Interim-Interval = 1800, >> Fall-Through = yes >> >> ...to the "users" file; modify as appropriate of course for your config. > >I have added the lines above to my "users" file, replacing 1800 with a >value of 20. However, the updates do not occur every 20 minutes. Do I >also need to enable something on my NAS (Cisco WiSMs) to allow it to >provide accounting on demand? > >I did also try to edit the config on my WiSMs to push the accounting >every 20 minutes but was unable to get that to work. The guy who >primarily looks after the WiSMs is away at the moment. > >How is interim accounting normally done? I don't mind if the accounting >is pushed or pulled, whatever works. > >Thanks, >Jonathan > > >Jonathan Gazeley >Systems Support Specialist >ResNet | Wireless & VPN Team >Information Services >University of Bristol > > >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Accounting
Jonathan Gazeley wrote: Phil Mayers wrote: Your NAS needs to support interim accounting. If it does already, it might be as simple as adding: DEFAULT Acct-Interim-Interval = 1800, Fall-Through = yes ...to the "users" file; modify as appropriate of course for your config. I have added the lines above to my "users" file, replacing 1800 with a value of 20. However, the updates do not occur every 20 minutes. Do I also need to enable something on my NAS (Cisco WiSMs) to allow it to provide accounting on demand? Not sure. It definitely works; we have it working here. Are you getting *any* accounting from the WISM? You'll need: radius acct add $server_id $server 1813 ascii secret wlan radius_server acct add $wlan_id $server_id I notice we've got: wlan session-timeout $wlan_id 1800 ...statements in our config, but I'm not an expert on the WISMs so I don't know if that's required. I did also try to edit the config on my WiSMs to push the accounting every 20 minutes but was unable to get that to work. The guy who primarily looks after the WiSMs is away at the moment. How is interim accounting normally done? I don't mind if the accounting is pushed or pulled, whatever works. Accounting is always pushed from the NAS to the Radius server. Thanks, Jonathan Jonathan Gazeley Systems Support Specialist ResNet | Wireless & VPN Team Information Services University of Bristol - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
voip accounting
Hi there, I have setup a SuSE 11 server with freeradius and mysql. The freeradius and mysql are rpm packages from the SuSE 11 dvd. How can I setup voip accounting on this server? Which files should I configure in mysql and freeradius and how should i do it? regards, Noel - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Accounting Software
Hello: My first try on freeRADIUS. I am going to setup a test freeRADIUS server with CentOS 5.2 & mySQL for learning about RADIUS server. Questions: 1. Is there a GUI application to setup freeRADIUS? 2. Is there a free accounting package (must interface with mySQL) I can use? Thanks. Sam - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Oracle accounting
ï
We are
using the Oracle database for storing the FreeRadius accounting data. Can the
SQL queries/updates in the oraclesql.conf be customized ?
Another thing, in the RADACCT table, how to differentiate between the
"START" and "STOP" records ? the record status field is not
stored!
Many
thanks
Ayman
Alashquar
-Original Message-From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]On Behalf Of Truong
Manh CuongSent: 17/02/2004 12:32 ÙTo:
[EMAIL PROTECTED]Subject: Realm -> no
response configured
I add realm cuong {} to /raddb/proxy.conf.
User account is stored in postgres
database
The log report: no response
configured, reject.
I login using [EMAIL PROTECTED], but in postgresql,
there is only user tmcuong.
How can radius authenticate this
user -> accept connect and write Realm value to Realm field of radacct table
?
Please give me some
helps,
Thanks a
lot.
Manh
Cuong.
--- Walking the entire request
list ---
Cleaning up request 1 ID 16 with
timestamp 4031d058
Nothing to
do. Sleeping until we
see a request.
rad_recv:
Access-Request packet from host 172.16.67.93:1152, id=17,
length=70
User-Name = "[EMAIL PROTECTED]"
User-Password
= "tmcuong"
NAS-Port = 0
Acct-Session-Time = 225
Session-Timeout = 0
modcall: entering
group authorize for request 2
modcall[authorize]: module
"preprocess" returns ok for request 2
rlm_realm: Looking up realm "card" for User-Name = "[EMAIL PROTECTED]"
rlm_realm: Found realm "card"
rlm_realm: Adding Stripped-User-Name = "tmcuong"
rlm_realm: Proxying request from
user tmcuong to realm
card
rlm_realm: Adding Realm =
"card"
rlm_realm: Preparing to proxy authentication request to
realm "card"
modcall[authorize]: module
"suffix" returns updated for request 2
radius_xlat: 'tmcuong'
rlm_sql (sql): sql_set_user escaped user
--> 'tmcuong'
radius_xlat: 'SELECT id, UserName, Attribute, Value, Op
??FROM radcheck ??WHERE Username = 'tmcuong' ??ORDER BY
id'
rlm_sql (sql): Reserving sql socket id:
2
rlm_sql_postgresql: query:
SELECT id, UserName, Attribute, Value, Op ??FROM radcheck ??WHERE Username =
'tmcuong' ??ORDER BY
id
rlm_sql_postgresql: Status:
PGRES_TUPLES_OK
rlm_sql_postgresql: affected
rows =
radius_xlat: 'SELECT radgroupcheck.id, radgroupcheck.GroupName, ??radgroupcheck.Attribute, radgroupcheck.Value,radgroupcheck.Op ??FROM radgroupcheck, usergroup ??WHERE usergroup.Username = 'tmcuong'
AND usergroup.GroupName = radgroupcheck.GroupName
??ORDER BY radgroupcheck.id'
rlm_sql_postgresql: query:
SELECT radgroupcheck.id, radgroupcheck.GroupName, ??radgroupcheck.Attribute, radgroupcheck.Value,radgroupcheck.Op ??FROM radgroupcheck, usergroup ??WHERE usergroup.Username = 'tmcuong'
AND usergroup.GroupName = radgroupcheck.GroupName
??ORDER BY radgroupcheck.id
rlm_sql_postgresql: Status:
PGRES_TUPLES_OK
rlm_sql_postgresql: affected
rows =
radius_xlat: 'SELECT id, UserName, Attribute, Value, Op
??FROM radreply ??WHERE Username = 'tmcuong' ??ORDER BY
id'
rlm_sql_postgresql: query:
SELECT id, UserName, Attribute, Value, Op ??FROM radreply ??WHERE Username =
'tmcuong' ??ORDER BY
id
rlm_sql_postgresql: Status:
PGRES_TUPLES_OK
rlm_sql_postgresql: affected
rows =
radius_xlat: 'SELECT radgroupreply.id, radgroupreply.GroupName, radgroupreply.Attribute, ??radgroupreply.Value, radgroupreply.Op ??FROM
radgroupreply,usergroup
??WHERE usergroup.Username = 'tmcuong' AND usergroup.GroupName
= radgroupreply.GroupName
??ORDER BY radgroupreply.id'
rlm_sql_postgresql: query:
SELECT radgroupreply.id, radgroupreply.GroupName, radgroupreply.Attribute, ??radgroupreply.Value, radgroupreply.Op ??FROM
radgroupreply,usergroup
??WHERE usergroup.Username = 'tmcuong' AND usergroup.GroupName
= radgroupreply.GroupName
??ORDER BY radgroupreply.id
rlm_sql_postgresql: Status:
PGRES_TUPLES_OK
rlm_sql_postgresql: affected
rows =
rlm_sql (sql): Released sql socket id:
2
modcall[authorize]: module
"sql" returns ok for request
2
users: Matched DEFAULT at 152
modcall[authorize]: module
"files" returns ok for request 2
modcall: group
authorize returns updated for request 2
There was no response configured:
rejecting request 2
Server rejecting request
2.
Finished request
2
Going to the next
request
--- Walking the entire request
list ---
Waking up in 1 seconds...
--- Walking the entire request
list ---
Waking up in 1 seconds...
--- Walking the entire request
list ---
Sending Access-Reject of id 17 to
172.16.67.93:1152
Waking up in 4
seconds...
--- Walking the entire request
list ---
Radius Accounting
I am beginer of radius. How does radius record user download usage. In radius accounting table, which field does record user download usage. CREATE TABLE radacct ( RadAcctId bigint(21) NOT NULL auto_increment, AcctSessionId varchar(32) NOT NULL default '', AcctUniqueId varchar(32) NOT NULL default '', UserName varchar(64) NOT NULL default '', Realm varchar(64) default '', NASIPAddress varchar(15) NOT NULL default '', NASPortId int(12) default NULL, NASPortType varchar(32) default NULL, AcctStartTime datetime NOT NULL default '-00-00 00:00:00', AcctStopTime datetime NOT NULL default '-00-00 00:00:00', AcctSessionTime int(12) default NULL, AcctAuthentic varchar(32) default NULL, ConnectInfo_start varchar(32) default NULL, ConnectInfo_stop varchar(32) default NULL, AcctInputOctets bigint(12) default NULL, AcctOutputOctets bigint(12) default NULL, CalledStationId varchar(50) NOT NULL default '', CallingStationId varchar(50) NOT NULL default '', AcctTerminateCause varchar(32) NOT NULL default '', ServiceType varchar(32) default NULL, FramedProtocol varchar(32) default NULL, FramedIPAddress varchar(15) NOT NULL default '', AcctStartDelay int(12) default NULL, AcctStopDelay int(12) default NULL, PRIMARY KEY (RadAcctId), KEY UserName (UserName), KEY FramedIPAddress (FramedIPAddress), KEY AcctSessionId (AcctSessionId), KEY AcctUniqueId (AcctUniqueId), KEY AcctStartTime (AcctStartTime), KEY AcctStopTime (AcctStopTime), KEY NASIPAddress (NASIPAddress) ) ; - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Accounting Directory
Hello it is possible to add another accounting directory (radaccnt) in sql.conf, the same database? default config - acct_table1 = "radacct" acct_table2 = "radacct" would be acct_table1 = "radacct, radacct1" acct_table2 = "radacct, radacct1" so that accnt stop and start would be updated in 2 tables. = wilfredo pahilanga apellido jr. technical support mactan online bacolod city, philippines +63 34 4348311 __ Do you Yahoo!? Yahoo! Mail SpamGuard - Read only the mail you want. http://antispam.yahoo.com/tools - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
IP Accounting
I want to sell hotspot's by the minute. What is the reccomended setup there? I have my hotspot aps authenticating now and i have a hot spot sign up page so people can sign up but I dont have anything set up where it keeps tracks of their minutes use or even checks if they have minute when they are attemping to continue using. Does anyon have any reccomendations there? Daniel Baughman - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
SQL Accounting
Ok I have the accounting publishing properly to my text files but the database isn't populating with accounting data, how do I tell it to do that? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Radius Accounting
Accounting-Request!!!!
Where it is the archive that goes off the command sql for the Mysql? the command is Accounting-Request Thank's Herbert Souza __ Yahoo! Mail - O melhor e-mail do Brasil! Abra sua conta agora: http://br.yahoo.com/info/mail.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Disabling accounting
Hiya Is it possible to stop freeradius from listening on the accounting port? I have tried commenting out all the accounting settings, but it still listens to the accounting port. Any magic options that will set it to only listen to radius port? Thanks in advance. -- - Graeme Hinchliffe (BSc) Core Team Member Zen Internet (http://www.zen.co.uk) ICQ 3842605 (link) Direct: 0845 058 9074 Main : 0845 058 9000 Fax : 0845 058 9005 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
accounting question
Hi everyone, I have freeradius working correct at this moment and now is my question how can I enable accounting? I mean: how can I give users more or less time / more or less session bytes with freeradius? I use freeradius version 0.9.3 running on a p1 with 64 mb memory (I guess) with linux slackware. This works perfect. I hope someone can help me, Tim Bots - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Q: accounting
Hi all, is it possible to configure the radius server such as it starts a new accounting record (SQL) at the begining of a new month, even if the user didn't logout an login at that time? Didi -- - Didi Rieder [EMAIL PROTECTED] PGPKey ID: 3431D0B0 - pgp0.pgp Description: PGP signature
Accounting Duplication
I have a server that is a proxy for requests on certain “CalledStationId” ‘s to another freeradius server. The problem is that I am getting accounting records on both servers. What am I missing turn off accounting for requests that proxy? Anson Rinesmith
Accounting Report
I have already setup my radius server (Freeradius0.9.3). I use clear-text password in local configuration file, and it works. But i can't see any accounting report in my server, in /var/log/radius/radacct. Do somebody know how to solve this problem. Thank you Monica M. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
accounting backup
Just reading docs/configurable_failover, at the example
# Handle accounting packets
accounting {
detail# always log to detail, stopping if it fails
redundant {
sql1# try module sql1
sql2# if that's down, try module sql2
handled # otherwise drop the request as
# it's been "handled" by the "always"
# module (see doc/rlm_always)
}
}
#---
How do i setup freeradius to log accounting in two mysql server at the
"same time"? Currently im running freeradius with only one database back
end. How do i specify in accounting section?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
intermediate accounting
Hello list Is it possible to activate "intermediate accounting" in freeradius ? the objective is: i have a proxy radius (radius1) , that autenticate and send accounting packets to another radius server (radius2) sometimes, i have client's that when thei disconnect, radius2 don't receive the stop packet for accounting of that session, so i have think in doing intermediate accounting, radius1 will send accounting packets to radius2 in interval's of 10 minutes, so if there is a problem and stop packet from radius1 doesn't reach radius2 i will have some information from accounting because radius1 have previously send that information so i loose some information but i don't lose it all ... Best regards
Accounting Attributes
I have Cisco 2509 NAS box. I want it to send me all the accounting attributes mentioned in RFC's and that is used by freeRADIUS. Presently, it sends very few accounting attributes. Can anyone tell me how to configure NAS to add more accounting attributes besides what it sends. Thanks, Nishant - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
copying accounting
Is it possible to keep accounting for several realms locally along with sending it to third party AAA server? I.e. i need to write accounting for customers visiting us from another network, but also send it to their home AAA server. -- SY, Alexander Serkin, Moscow Cellular Communications ph. +7(095)7952089 fa. +7(095)7952084 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Accounting question
Hello, I have successfully installed radius. It is working very nice. Great job. I have following question. I would like to do accounting. So every dial-up user will be able to go on line only for 60 minutes. Then when he uses his limit he should not be able to go on line any more? Is it possible to set up this ? If yes please could you point me where I can find some help how to set it up. PS login accounting from my NAS is already working. Bartosz - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
mysql accounting
Those of you that use mysql with freeradius, can anyone recommend some software for linux to process mysql radacct table logs? Do you just roll your own scripts to query the logs and make reports? Seems simple enough, but "what are others doing?" is always a good question :-) Thanks, Ken A - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radius accounting
hello I'm using NTRadping as test utility and it works like a charm I'm wondering guys about why radius sends the accounting * Accounting-response unlike the when doing authentication it sends * Access-Accept what does it mean i cant get it really is just an initial response and there is another action has to come afterward any advice thank vary much indeed ___ Do you Yahoo!? Win 1 of 4,000 free domain names from Yahoo! Enter now. http://promotions.yahoo.com/goldrush - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Accounting Duplicate
Hi all, I have a problem with inserting accounting datas. Anyone have a idea Here is my Radius debug log and sql.conf file linux:/var/log # radiusd -Xx Mon Sep 6 14:12:29 2004 : Info: Starting - reading configuration files ... Mon Sep 6 14:12:29 2004 : Debug: reread_config: reading radiusd.conf Mon Sep 6 14:12:29 2004 : Debug: Config: including file: /etc/raddb/proxy.conf Mon Sep 6 14:12:29 2004 : Debug: Config: including file: /etc/raddb/clients.conf Mon Sep 6 14:12:29 2004 : Debug: Config: including file: /etc/raddb/snmp.conf Mon Sep 6 14:12:29 2004 : Debug: Config: including file: /etc/raddb/sql.conf Mon Sep 6 14:12:29 2004 : Debug: main: prefix = "/usr" Mon Sep 6 14:12:29 2004 : Debug: main: localstatedir = "/var" Mon Sep 6 14:12:29 2004 : Debug: main: logdir = "/var/log/radius" Mon Sep 6 14:12:29 2004 : Debug: main: libdir = "/usr/lib/freeradius" Mon Sep 6 14:12:29 2004 : Debug: main: radacctdir = "/var/log/radius/radacct" Mon Sep 6 14:12:29 2004 : Debug: main: hostname_lookups = no Mon Sep 6 14:12:29 2004 : Debug: main: max_request_time = 30 Mon Sep 6 14:12:29 2004 : Debug: main: cleanup_delay = 5 Mon Sep 6 14:12:29 2004 : Debug: main: max_requests = 1024 Mon Sep 6 14:12:29 2004 : Debug: main: delete_blocked_requests = 0 Mon Sep 6 14:12:29 2004 : Debug: main: port = 0 Mon Sep 6 14:12:29 2004 : Debug: main: allow_core_dumps = no Mon Sep 6 14:12:29 2004 : Debug: main: log_stripped_names = no Mon Sep 6 14:12:29 2004 : Debug: main: log_file = "/var/log/radius/radius.log" Mon Sep 6 14:12:29 2004 : Debug: main: log_auth = no Mon Sep 6 14:12:29 2004 : Debug: main: log_auth_badpass = no Mon Sep 6 14:12:29 2004 : Debug: main: log_auth_goodpass = no Mon Sep 6 14:12:29 2004 : Debug: main: pidfile = "/var/run/radiusd/radiusd.pid" Mon Sep 6 14:12:29 2004 : Debug: main: user = "radiusd" Mon Sep 6 14:12:29 2004 : Debug: main: group = "radiusd" Mon Sep 6 14:12:29 2004 : Debug: main: usercollide = no Mon Sep 6 14:12:29 2004 : Debug: main: lower_user = "no" Mon Sep 6 14:12:29 2004 : Debug: main: lower_pass = "no" Mon Sep 6 14:12:29 2004 : Debug: main: nospace_user = "no" Mon Sep 6 14:12:29 2004 : Debug: main: nospace_pass = "no" Mon Sep 6 14:12:29 2004 : Debug: main: checkrad = "/usr/sbin/checkrad" Mon Sep 6 14:12:29 2004 : Debug: main: proxy_requests = yes Mon Sep 6 14:12:29 2004 : Debug: proxy: retry_delay = 5 Mon Sep 6 14:12:29 2004 : Debug: proxy: retry_count = 3 Mon Sep 6 14:12:29 2004 : Debug: proxy: synchronous = no Mon Sep 6 14:12:29 2004 : Debug: proxy: default_fallback = yes Mon Sep 6 14:12:29 2004 : Debug: proxy: dead_time = 120 Mon Sep 6 14:12:29 2004 : Debug: proxy: post_proxy_authorize = yes Mon Sep 6 14:12:29 2004 : Debug: proxy: wake_all_if_all_dead = no Mon Sep 6 14:12:29 2004 : Debug: security: max_attributes = 200 Mon Sep 6 14:12:29 2004 : Debug: security: reject_delay = 1 Mon Sep 6 14:12:29 2004 : Debug: security: status_server = no Mon Sep 6 14:12:29 2004 : Debug: main: debug_level = 0 Mon Sep 6 14:12:29 2004 : Debug: read_config_files: reading dictionary Mon Sep 6 14:12:29 2004 : Debug: read_config_files: reading naslist Mon Sep 6 14:12:29 2004 : Info: Using deprecated naslist file. Support for this will go away soon. Mon Sep 6 14:12:29 2004 : Debug: read_config_files: reading clients Mon Sep 6 14:12:29 2004 : Info: Using deprecated clients file. Support for this will go away soon. Mon Sep 6 14:12:29 2004 : Debug: read_config_files: reading realms Mon Sep 6 14:12:29 2004 : Debug: radiusd: entering modules setup Mon Sep 6 14:12:29 2004 : Debug: Module: Library search path is /usr/lib/freeradius Mon Sep 6 14:12:29 2004 : Debug: Module: Loaded expr Mon Sep 6 14:12:29 2004 : Debug: Module: Instantiated expr (expr) Mon Sep 6 14:12:29 2004 : Debug: Module: Loaded PAP Mon Sep 6 14:12:29 2004 : Debug: pap: encryption_scheme = "crypt" Mon Sep 6 14:12:29 2004 : Debug: Module: Instantiated pap (pap) Mon Sep 6 14:12:29 2004 : Debug: Module: Loaded CHAP Mon Sep 6 14:12:29 2004 : Debug: Module: Instantiated chap (chap) Mon Sep 6 14:12:29 2004 : Debug: Module: Loaded MS-CHAP Mon Sep 6 14:12:29 2004 : Debug: mschap: use_mppe = yes Mon Sep 6 14:12:29 2004 : Debug: mschap: require_encryption = no Mon Sep 6 14:12:29 2004 : Debug: mschap: require_strong = no Mon Sep 6 14:12:29 2004 : Debug: mschap: passwd = "(null)" Mon Sep 6 14:12:29 2004 : Debug: mschap: authtype = "MS-CHAP" Mon Sep 6 14:12:29 2004 : Debug: Module: Instantiated mschap (mschap) Mon Sep 6 14:12:29 2004 : Debug: Module: Loaded System Mon Sep 6 14:12:29 2004 : Debug: unix: cache = no Mon Sep 6 14:12:29 2004 : Debug: unix: passwd = "(null)" Mon Sep 6 14:12:29 2004 : Debug: unix: shadow = "(null)" Mon Sep 6 14:12:29 2004
Accounting Duplicate
Hi all, I have a problem with accounting. My problem is duplicate Anyone have a idea Here is my Radius debug log and sql.conf file linux:/var/log # radiusd -Xx Mon Sep 6 14:12:29 2004 : Info: Starting - reading configuration files ... Mon Sep 6 14:12:29 2004 : Debug: reread_config: reading radiusd.conf Mon Sep 6 14:12:29 2004 : Debug: Config: including file: /etc/raddb/proxy.conf Mon Sep 6 14:12:29 2004 : Debug: Config: including file: /etc/raddb/clients.conf Mon Sep 6 14:12:29 2004 : Debug: Config: including file: /etc/raddb/snmp.conf Mon Sep 6 14:12:29 2004 : Debug: Config: including file: /etc/raddb/sql.conf Mon Sep 6 14:12:29 2004 : Debug: main: prefix = "/usr" Mon Sep 6 14:12:29 2004 : Debug: main: localstatedir = "/var" Mon Sep 6 14:12:29 2004 : Debug: main: logdir = "/var/log/radius" Mon Sep 6 14:12:29 2004 : Debug: main: libdir = "/usr/lib/freeradius" Mon Sep 6 14:12:29 2004 : Debug: main: radacctdir = "/var/log/radius/radacct" Mon Sep 6 14:12:29 2004 : Debug: main: hostname_lookups = no Mon Sep 6 14:12:29 2004 : Debug: main: max_request_time = 30 Mon Sep 6 14:12:29 2004 : Debug: main: cleanup_delay = 5 Mon Sep 6 14:12:29 2004 : Debug: main: max_requests = 1024 Mon Sep 6 14:12:29 2004 : Debug: main: delete_blocked_requests = 0 Mon Sep 6 14:12:29 2004 : Debug: main: port = 0 Mon Sep 6 14:12:29 2004 : Debug: main: allow_core_dumps = no Mon Sep 6 14:12:29 2004 : Debug: main: log_stripped_names = no Mon Sep 6 14:12:29 2004 : Debug: main: log_file = "/var/log/radius/radius.log" Mon Sep 6 14:12:29 2004 : Debug: main: log_auth = no Mon Sep 6 14:12:29 2004 : Debug: main: log_auth_badpass = no Mon Sep 6 14:12:29 2004 : Debug: main: log_auth_goodpass = no Mon Sep 6 14:12:29 2004 : Debug: main: pidfile = "/var/run/radiusd/radiusd.pid" Mon Sep 6 14:12:29 2004 : Debug: main: user = "radiusd" Mon Sep 6 14:12:29 2004 : Debug: main: group = "radiusd" Mon Sep 6 14:12:29 2004 : Debug: main: usercollide = no Mon Sep 6 14:12:29 2004 : Debug: main: lower_user = "no" Mon Sep 6 14:12:29 2004 : Debug: main: lower_pass = "no" Mon Sep 6 14:12:29 2004 : Debug: main: nospace_user = "no" Mon Sep 6 14:12:29 2004 : Debug: main: nospace_pass = "no" Mon Sep 6 14:12:29 2004 : Debug: main: checkrad = "/usr/sbin/checkrad" Mon Sep 6 14:12:29 2004 : Debug: main: proxy_requests = yes Mon Sep 6 14:12:29 2004 : Debug: proxy: retry_delay = 5 Mon Sep 6 14:12:29 2004 : Debug: proxy: retry_count = 3 Mon Sep 6 14:12:29 2004 : Debug: proxy: synchronous = no Mon Sep 6 14:12:29 2004 : Debug: proxy: default_fallback = yes Mon Sep 6 14:12:29 2004 : Debug: proxy: dead_time = 120 Mon Sep 6 14:12:29 2004 : Debug: proxy: post_proxy_authorize = yes Mon Sep 6 14:12:29 2004 : Debug: proxy: wake_all_if_all_dead = no Mon Sep 6 14:12:29 2004 : Debug: security: max_attributes = 200 Mon Sep 6 14:12:29 2004 : Debug: security: reject_delay = 1 Mon Sep 6 14:12:29 2004 : Debug: security: status_server = no Mon Sep 6 14:12:29 2004 : Debug: main: debug_level = 0 Mon Sep 6 14:12:29 2004 : Debug: read_config_files: reading dictionary Mon Sep 6 14:12:29 2004 : Debug: read_config_files: reading naslist Mon Sep 6 14:12:29 2004 : Info: Using deprecated naslist file. Support for this will go away soon. Mon Sep 6 14:12:29 2004 : Debug: read_config_files: reading clients Mon Sep 6 14:12:29 2004 : Info: Using deprecated clients file. Support for this will go away soon. Mon Sep 6 14:12:29 2004 : Debug: read_config_files: reading realms Mon Sep 6 14:12:29 2004 : Debug: radiusd: entering modules setup Mon Sep 6 14:12:29 2004 : Debug: Module: Library search path is /usr/lib/freeradius Mon Sep 6 14:12:29 2004 : Debug: Module: Loaded expr Mon Sep 6 14:12:29 2004 : Debug: Module: Instantiated expr (expr) Mon Sep 6 14:12:29 2004 : Debug: Module: Loaded PAP Mon Sep 6 14:12:29 2004 : Debug: pap: encryption_scheme = "crypt" Mon Sep 6 14:12:29 2004 : Debug: Module: Instantiated pap (pap) Mon Sep 6 14:12:29 2004 : Debug: Module: Loaded CHAP Mon Sep 6 14:12:29 2004 : Debug: Module: Instantiated chap (chap) Mon Sep 6 14:12:29 2004 : Debug: Module: Loaded MS-CHAP Mon Sep 6 14:12:29 2004 : Debug: mschap: use_mppe = yes Mon Sep 6 14:12:29 2004 : Debug: mschap: require_encryption = no Mon Sep 6 14:12:29 2004 : Debug: mschap: require_strong = no Mon Sep 6 14:12:29 2004 : Debug: mschap: passwd = "(null)" Mon Sep 6 14:12:29 2004 : Debug: mschap: authtype = "MS-CHAP" Mon Sep 6 14:12:29 2004 : Debug: Module: Instantiated mschap (mschap) Mon Sep 6 14:12:29 2004 : Debug: Module: Loaded System Mon Sep 6 14:12:29 2004 : Debug: unix: cache = no Mon Sep 6 14:12:29 2004 : Debug: unix: passwd = "(null)" Mon Sep 6 14:12:29 2004 : Debug: unix: shadow = "(null)" Mon Sep 6 14:12:29 2004
Limit accounting
Hi, how can limit accounting at one user at once? in file attr, 'port-limit' attribute? I would one user for one user accounting... Thanks in advance
realm + accounting
hi,
i need store acct data on two places when send acct to realm
is this possible or some way like that?
realm serv.com {
type= radius
authhost= radius2.serv.com:1645
accthost= LOCAL, radius2.serv.com:1813
}
thanks
--
-
Marek Cervenka
Centrum Vypocetni Techniky
CVT - http://cvt.fpf.slu.cz
FPF SLU OPAVA - http://www.fpf.slu.cz
=
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
proxy accounting
I have a problem with the proxy accounting feature. I set the proxy.conf with a couple of radius servers with the same realm name. For the authentication the proxy works fine, but with the proxy accounting not. I received in the error log "...arrived too late for request..." , and this is because the accounting request it is managed inside the freeradius and when the proxy accounting reply arrives the accounting request is close. The problem appears when the first option in the proxy.conf for a real is down, the second radius option is never use. My freeradius version is 0.9-pre. Regards, Esteban - Obtené tu casilla gratis con 20MB, en: http://www.aconectarse.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Accounting freeradius
Hello,
freeradius 1.0.1 is fine working. Authentifikation is over winbind to a M$
Domain.
With Radiusreport i see Logon and Logoff times and total times for any
Users.
But i will the accounting for traffic off all users.
any help, for settings in radius.conf or must i installed any other
packages.
from radiusd -X:
Processing the preacct section of radiusd.conf
modcall: entering group preacct for request 33
modcall[preacct]: module "preprocess" returns noop for request 33
rlm_acct_unique: WARNING: Attribute NAS-Port was not found in request,
unique ID MAY be inconsistent
rlm_acct_unique: Hashing ',Client-IP-Address = 172.20.49.102,NAS-IP-Address
= 172.20.49.102,Acct-Session-Id = "0061",User-Name = "panekm"'
rlm_acct_unique: Acct-Unique-Session-ID = "040f6e4aaad7aa47".
modcall[preacct]: module "acct_unique" returns ok for request 33
rlm_realm: No '@' in User-Name = "panekm", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[preacct]: module "suffix" returns noop for request 33
modcall[preacct]: module "files" returns noop for request 33
modcall: group preacct returns ok for request 33
Processing the accounting section of radiusd.conf
modcall: entering group accounting for request 33
radius_xlat: '/var/log/freeradius/radacct/172.20.49.102/detail-2004'
rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y
expands to /var/log/freeradius/radacct/172.20.49.102/detail-2004
modcall[accounting]: module "detail" returns ok for request 33
modcall[accounting]: module "unix" returns noop for request 33
radius_xlat: '/var/log/freeradius/radutmp'
radius_xlat: 'panekm'
rlm_radutmp: No NAS-Port seen. Cannot do anything.
rlm_radumtp: WARNING: checkrad will probably not work!
modcall[accounting]: module "radutmp" returns noop for request 33
modcall: group accounting returns ok for request 33
Sending Accounting-Response of id 76 to 172.20.49.102:1037
Finished request 33
Going to the next request
--- Walking the entire request list ---
Cleaning up request 33 ID 76 with timestamp 417d1d45
Is this all okay, or is ist false ??
THX
Regards / Grüße / Danke
Marco Panek
...
Smurfit Europa Carton GmbH
Information Systems (IS)
Tilsiter Straße 144
D-22047 Hamburg
Tel:+49 (0)40 30901 191
Fax: +49 (0)40 30901 5191
[EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Accounting request
Hi.., Can anyone help me… how to add attribute for accounting request. I need to keep record for Calling & Called –Station-Id…. Tq …
ADSL Accounting
I am having trouble with usage based statistics because freeradius stores its Acct-Input-Octets and Acct-Output-Octets octets in an integer. While this is great for Dial-up monitoring it a bit of a problem for ADSL when the Input and Output values often exceed 4294967295 bytes at which point it resets to 0. I have asked our provider to send us the Gigawords attribute but they do not support it. So my question is are the Freeradius developers working on a solution to this one at the moment, or is this a complete rewrite into another language to overcome it? Anyone know a way round it other than me writing a daemon that collects the data and then passes it to freeradius afterward. Cheers Mike _ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Accounting records
Hello, Where does freeradius store the accounting records ? Thanks, Prabha N - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Accounting proxying
Now we have both radrelay and radsqlrelay, there is more than one way to proxy accounting requests. I'd like to discuss this topic on the list, and see in a concret case which one is more suitable. Let's take the following case: all the accounting go in a single database. (this base may be replicated later but it's outside of the current topic) We want the requests to be buffered in detail files if the database is momently slow, or maybe down / unreachable. I see at least three possible designs with radrelay/radsqlrelay... 1. The proxy stores all the accounting requests in a single local file, then radrelay forwards it to a server which does accounting only. ++ || +--->| realm | || server | ||| |++ | +---+ auth |++ | |---+|| | |--->| realm | | proxy || server | | | acct || | |+ ++ +---+|__ +---+ ++ <__> |---| || | | |---| radrelay| acct |->| data | |---|>| server |->| base | |---| || | | +---+ ++ \__/ detail file 2. The proxy sorts the accounting requests by realms and writes a detail file per realm. Then we start one radsqlrelay instance per realm (with the appropriate sql module) to feed the database. ++ || +--->| realm | || server | ||| |++ | +---+ auth |++ | |---+|| | |--->| realm | | proxy || server | | | acct || | |+ ++ +---+| +---+ __ |---|-+ radsqlrealy <__> |---|-| instances | | |---|-| ->| data | |---|-| ->| base | +---+-| | | +---+ \__/ one detail file per realm 3. The proxy forwards everything to the real server. However, the realm server stores the request in a detail file and answers quickly to the proxy. A radsqlrelay instance (this time on the realm server) feeds the database... ++ || +--->| realm | detail || server |---+ ||| | |++ +---+ | |---| +---+ | |---| radsqlrelay | | auth + acct | |---| + | |-+ +---+ | | proxy | ++ | | |-+|| | | | || realm | detail| +---+ +--->| server |---+ | || | | __ ++ +---+ |<__> |---| || | |---| +--->| data | |---| >| base | +---+ radsqlrelay | | \__/ Which one do you think is the most effective ? Any constructive criticism is welcome ! -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius accounting
Hi! I have a question regarding to radius accounting. Is it possible to account radius on a central radius server. For example, I have 4 freeradius Server. Three radius Server make the authentication/authorization and one radius Server holds the accountig information: |radius1| |radius2| |radius3| | | | | | | \|/ \ | / \ | / \ | / \|/ \ | / \ | / |radius4-ACCT| Is this possible ? Thanks in advance, Ahmad -- Ahmad Cheikh-Moussa NetUSE AG Dr.-Hell-Straße, 24107 Kiel, Germany Telefon: +49 431 2390 400 -- Telefax: +49 431 2390 499 Service: [EMAIL PROTECTED] -- http://NetUSE.DE/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
MYSQL accounting
I am running Freeradius 1.0.1 on Fedora Core 3 and authenticating
wireless users with PEAP. I am trying to get accounting to work, but I don't
understand the results that I am getting. The first entry has the MAC
address as the UserName, no realm, and the AcctAtthentic is Local.
INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm,
NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime,
AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop,
AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId,
AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress,
AcctStartDelay, AcctStopDelay) values('-0002',
'cb6600bfed39629d', '0080c813ae30', '', '127.0.0.1', '1', 'Wireless-802.11',
'2005-02-04 17:28:36', '0', '0', 'Local', 'CONNECT 11Mbps 802.11b', '', '0',
'0', '00-11-95-8C-D5-BE:OGWN', '00-80-C8-13-AE-30', '', '', '', '', '',
'0');
Next comes authentication:
INSERT into radpostauth (id, user, pass, reply, date) values ('',
'DI107079-3800=5C=5Ctom', 'Chap-Password', 'Access-Accept', NOW());
INSERT into radpostauth (id, user, pass, reply, date) values ('',
'DI107079-3800=5C=5Ctom', 'Chap-Password', 'Access-Accept', NOW());
Next comes the Accounting-Start, and that's where the questions start.
Here we have the Stripped-UserName, the domain, and the AcctAtthentic is
Radius.
INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm,
NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime,
AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop,
AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId,
AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress,
AcctStartDelay, AcctStopDelay) values('0000-0002',
'3ccf0ee5ef643776', 'tom', 'DI107079-3800', '127.0.0.1', '1',
'Wireless-802.11', '2005-02-04 17:28:36', '0', '0', 'RADIUS', 'CONNECT
11Mbps 802.11b', '', '0', '0', '00-11-95-8C-D5-BE:OGWN',
'00-80-C8-13-AE-30', '', '', '', '', '', '0');
Is this supposed to be an update of the record above?
The Accounting-Stop updates the first record by matching the MAC address.
How do I get the second record closed if the Stripped-UserName is not
passed? Can I take the UserName out of the update?
UPDATE radacct SET AcctStopTime = '2005-02-04 17:39:46', AcctSessionTime =
'669', AcctInputOctets = '', AcctOutputOctets = '', AcctTerminateCause = '',
AcctStopDelay = '', ConnectInfo_stop = 'CONNECT 11Mbps 802.11b' WHERE
AcctSessionId = '-0002' AND UserName = '0080c813ae30' AND
NASIPAddress = '127.0.0.1';
Sorry for the long post. Thanks in advance for any help.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
L2TP accounting
Hello, it seems freeradius does not support L2TP accounting for Tunnel-Start and Tunnel-Stop, it is not a problem because it works but I would like to know if there is any way to add support to account them. It's freeradius 1.0.1-2 (from debian/testing package) on a Debian box. > Wed Mar 2 20:44:04 2005 : Info: rlm_sql (sql): Unsupported Acct-Status-Type = 9 > Wed Mar 2 20:44:19 2005 : Error: rlm_radutmp: NAS racceso4 port 0 unknown packet type 10) > Wed Mar 2 20:44:19 2005 : Info: rlm_sql (sql): Unsupported Acct-Status-Type = 10 > Wed Mar 2 20:44:19 2005 : Error: rlm_radutmp: NAS racceso4 port 0 unknown packet type 10) > Wed Mar 2 20:44:19 2005 : Info: rlm_sql (sql): Unsupported Acct-Status-Type = 10 Thanks in advance, regards -- David Manchado - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
SQL-Accounting
Hello, is it possible to call only a simple "Stored Procedure" (SP) on the MySQL-Server to do the Accounting Job, like the sql-log module (rlm_sql_log(5)), but do not log in file, instead of this, call the SP: I can't find more Information for such configuration. Thanx for help, Tim - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
accounting manipulation
I have a working freeradius2 setup, in which I proxy accounting tickets to many home_servers using details file writing and detail listeners. For one of this home_server (let's call it HS1) I want to rewrite the Acct-(In|Out)put-Octets and Acct-(|n|Out)put-Gigawords with a value* taken from another home_server (let's call it HS2). I thought I could you use the perl module to do the math in the pre-proxy section of my HS1 Vhost, but i realised i have to ensure rewriting of attributes have to be done after and only after proxying accounting to HS2... Teh problem remains in the fact proxying to HS2 and proxing to HS1 are two separates virtualhosts... how can i ensure proxying to HS1 (and so attribute rewriting) will be done only after proxying to HS2? I am not a perl guru (either) is it possible to update attrbutes using rlm_perl? how? (the wiki dind't told me much about it) * Actually, the value should be the result of snmp or sql or else done on HS2... with math operation done on it to get the new Acct-(In|Out)put-Octets and Acct-(|n|Out)put-Gigawords values OMG i'm not sure it's very clear! begin:vcard fn:Alexandre Chapellon n:Chapellon;Alexandre org;quoted-printable:Mana;Syst=C3=A8me adr;quoted-printable:;;;Papeete;;;Polyn=C3=A9sie Fran=C3=A7aise email;internet:alexandre.chapel...@mana.pf title;quoted-printable:Administrateur syst=C3=A9mes et r=C3=A9seaux tel;work:479952 x-mozilla-html:FALSE url:http://www.mana.pf version:2.1 end:vcard - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Accounting error
Dear All I hope anyone can help me with these errors I have in the radius.log file: Error: rlm_sql_getvpdata: database query error Error: rlm_sql (sql): SQL query error; rejecting user Error: rlm_sql (sql): Couldn't update SQL accounting ALIVE record - 0 I am using freeradius 1.1.7 with freetds and MSSQL 2005 as the backend database, the radius receives interim accounting update packets to calculate users utlized bandwidth and the data is inserted into the MSSQL database using SQL Procedures. Does anyone knows what may cause these errors to occure, note that when I run radius -X most of the update statements return with status ok and for the statements that return with this error, they run fine from the MSSQL console. Thanks in advance Ahmed Adel - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RADIUS accounting
what's the meaning of accounting in radius aaa ? is it means measuring of consumed resources only or users' activities like executed commands for example on an ssh service is being logged ? -- Mohamed M. Hagag محمد محمود حجاج http://www.linkedin.com/in/mohamedhagag http://bintoo.sf.net/drpl/ http://mohamedhagag.wordpress.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Decoupled accounting
Hi All, I'm using freeradius 2.1.6 and want to move to decoupled accounting. I understand the example configs, but one question I still have is this: do I have to have preacct and accounting sections in my "virtual.blah.com" file (very similar to the default file) which is in the sites-enabled dir, even though I will have preacct and accounting sections in the decoupled-accounting file? Regards, Ranbir -- Kanwar Ranbir Sandhu Linux 2.6.27.25-170.2.72.fc10.x86_64 x86_64 GNU/Linux 13:16:02 up 5 days, 4:42, 5 users, load average: 1.43, 1.36, 1.26 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FreeRadius Accounting
Hello,I'm trying to implement accounting function kind of "open access" using FreeRadius that would allow the visitors 30 minutes of low bandwith network connetivity (say 200 kps) every 72 hours. I'm using Chillispot as captive portal and Solaris9 as the OS.Please guide me. Has someone implemented similar kind of scenario or any suggestions ??Thanks for your time and replies.Regards. Brings words and photos together (easily) with PhotoMail - it's free and works with Yahoo! Mail.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
VSA Accounting
How does one refer to VSAs in the accounting queries in sql.conf? I figure it would just be the name of the attribute from the dictionary, but what if there's a VSA name the conflicts with a standard name (e.g. "Realm")? Is there a prefix that can be used to differenciate them? Also, what's a better method: extending the radacct table to include these VSAs, or using a table specifically for the VSAs? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
PIX Accounting
Hello to the list I've configured my PIX 6.3(5) to authenticate PPTP VPN by FreeRadius. I've noticed that if a user login fails, PIX send a STOP Accounting Packet and then a START packet: in this way I have serious problem to track the simultaneous use of the users: I think it is not normal. I know...it is not a problem of freeradius...but maybe somebody of the list had the same problem in the past: do you have some suggestions? Tnx Regards Sergio Sagliocco - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Accounting problem
Hi, I tried to configure my freeradius with EAP-PEAP auth with
accounting. My aim is to have unique account, in other words only one
user can access with the same user and password.
I read that there are two method for accounting the first is using the
radutmp file and the second is using the sql accounting.
I configured my radius.conf file in this way:
preacct {
preprocess
acct_uninque
suffix
}
accounting {
acct_unique
detail
unix
radutmp
}
seassion {
radutmp
sql (??)
}
In my sql.conf file I had uncomment the simul_count_query.
In this way I suppose that I have enabled both account types.
When I try to connect 2 laptop with the same user and password, both are
authenticated and if I see the radacct table or I write in console
radwho I can find the accounting of the same user two times.
What is wrong in my configuration?
It is possible to do accounting without the sql database?
Does Anyone know a guide for configure accountig?
Thanks a lot.
Bye Antonio
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
mysql accounting
I have a quick question on the mysql accounting. I am working on my own interface for managing the freeradius+mysql setup. Everything is working great, I can view all my users, see who's connected, add new users, manage static vs. dynamic IP's, etc..The problem is it doesnt seem to log authentication failures into the radacct table. It logs all the successes just fine, but it would be very beneficial to have it log the failures too. I have the sql module turned on in the accounting section of the config and have uncommented all of the accounting queries. Any help appreciated. Thanks Sean Taylor Systems Administrator Valutel Communications - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Accounting error
Hi; I have this error in the log file: rlm_sql: packet has no account status type. [user '', nas x.x.x.x] Error: rlm_unix: no Accounting-Status-Type attribute in request. Error: rlm_radutmp: No Accounting-Status-Type record. I am using postgreSql Database. Any idea? Thanks Elie Hani - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Accounting stopped
Hi All, Since a power cut last Sunday FreeRadius has stopped writing to its log files and updating radacct in MySQL. It is continuing to authenticate users. It gives no error messages running radiusd -X. I've tried upgrading from 1.0.3 to 1.1.3 with no effect. I've been working round the clock for five days now and seem no closer to a solution. Any hints, tips or advice would be very welcome. Regards, Sean -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Daily accounting
Hi everyone, I have seen a lot of people who are trying to get traffic accounting collected at regular intervals to generate graphs and view per day/month etc... I have made a few modifications in order to achieve this. You can see it at http://www.netexpertise.eu/en/FreeRadius/DailyAcct.html It works on Mysql setup but can be adapted to any db. I'd be grateful to get some feedback on this. A lot of ISPs are running into this problem. Hope this helps Regards, David - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Accounting Logs
With FreeRadius, Is it possible to log accounting data to both SQL and to standard Radius files? We would like to upgrade our Cistron Radius to FreeRadius, and our accounting system (Rodopi) uses standard Radius logs, but we would like to switch to SQL. Thanks, Kevin. -- Kevin Hemsley [EMAIL PROTECTED] NF7J - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Accounting -Response
A week ago i was trying to find out how can i add some attributes to accounting response from a MySQL backend! Alan DeKoK showed me that the mechanism wasn't very good and that i don't send the right attributes in accounting -response! We've made some work for optimisation but found out that we still need to send some attributes meaning: when sending accounting-stop the response from FreeRADIUS should be [-Command] // ex. play 'thanks for calling through us' [-Voice-Message-Promt] specific(from sql)- [-Session-Timeout](for accounting-start response)! The mechanism is complex and we don't see other solution but adding these attributes only in Accounting-Response! I understand that should be a unique standard for this but the rfc has reserves to send attributes in accountind-response and we've created a dictionary for this purpose so it shouldn't be any problems! The problem is, as i think, that FreeRADIUS doesn't have a configurable query for accounting-response as it has for authentication-response! I tried to find in the source the place to add the stuff i need but it seems that it will take to long to understand the complex strucutre of pointers used by developers! Anyway if someone can help thanks! We have the perfect Group for you. Check out the handy changes to Yahoo! Groups. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Accounting-Response
Well i write because i still hope for a categoric answer to the previous post about sending attributes in Accounting-Response! --If possible how to set or where to find some documentation about how structures in freeradius are built! --or if it's not possible(i don't know it's tooo dificult) say so!Hope i'm not too insistent and a good day! the previous post "A week ago i was trying to find out how can i add some attributes to accounting response from a MySQL backend! Alan DeKoK showed me that the mechanism wasn't very good and that i don't send the right attributes in accounting -response! We've made some work for optimisation but found out that we still need to send some attributes meaning:when sending accounting-stop the response from FreeRADIUS should be [-Command] // ex. play 'thanks for calling through us' [-Voice-Message-Promt]specific(from sql)- [-Session-Timeout](for accounting-start response)! The mechanism is complex and we don't see other solution but adding these attributes only in Accounting-Response! I understand that should be a unique standard for this but the rfc has reserves to send attributes in accountind-response and we've created a dictionary for this purpose so it shouldn't be any problems! The problem is, as i think, that FreeRADIUS doesn't have a configurable query for accounting-response as it has for authentication-response!I tried to find in the source the place to add the stuff i need but it seems that it will take to long to understand the complex strucutre of pointers used by developers!Anyway if someone can help thanks! " Cheap Talk? Check out Yahoo! Messenger's low PC-to-Phone call rates. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
prepaid accounting
Hi, I need to find a solution for my one-time event based accounting problem. I have users which buy prepaid cards and use them to add credit to their web accounts. User download videos later using their credits. I’m asked to use radius for authentication and accounting. I couldn’t figure out how I can do this with freeradius. Is it doable with freeradius? If not, please show me the way to do this. Regards, Engin Deveci - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
LAN accounting
I'm newbie,I wanna know that can i use FreeRadius+Dialup_admin as a LAN accounting? --Mohsen - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Accounting question
When I connect to my AP, authenticated by freeradius using EAP-TLS, I get an entry into radpostauth, entries in /var/log/radius/radacct/192.168.3.115/detail-auth and detail-reply files, but I am not getting any entries into radacct. I don't know whether this is because the NAS is not sending any accounting packets or my setup is not correct. However, since I am getting the entries into radpostauth, I think I must have the setup correct. In what circumstances are accounting packets sent from the NAS? How can I test to see whether the packets are being sent? What sort of information is supposed to be stored in radacct? -- Ian Truelsen s/v Sting Email: [EMAIL PROTECTED] AIM: ihtruelsen MSN: [EMAIL PROTECTED] Google Talk: [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Radius accounting
Hy all,
i use freeradius 1.1.3
here is my problem:
i use radiusaccounting into a mysql database.
I want to extract information out of the accounting packet and insert it
into the sql database:
My Acct-Session-Id looks like this.
Acct-Session-Id = "domain\\user"Thu Mar 1 14:29:58 2007"NC"
the last field, here NC is one of this NC|WSAM|JSAM
So i put this to acct_users:
DEFAULT Acct-Session-Id =~ "^.*(NC|JSAM|WSAM).*"
My-ST == `%{1}`
My-ST is defined in dictionary
ATTRIBUTE My-ST 3004string
i see that rad_xlat gives the correct value to My-ST but i cant use it in
the sql statement.
Its empty.
acct_users: Matched entry DEFAULT at line 23
radius_xlat: 'WSAM'
How can i define new Attributes? And use them in sql.conf
Thanks a lot-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Duplicate accounting
I just installed freeradius Am using with Globalpops I am getting some duplicate accounting start on logins Not all the time but on occasions. I have had GP check their end they are only seeing the one coming from the nas but say this issue maybe on my end not responding fast enough, and their radius sends another The accounting records are of same seesionid, etc Is their any setting for this to make things better, any suggestions? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
accounting EAP
Hi all some can tell me how to active accounting on freeradius for EAP Thanks jacques - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
proxy-accounting
Hi, my FR is acting as proxy server. What I need to do is next: - when I get accounting from router i need to cut some things of (Acct-Session-Id) How can I do this with FR? Thank you http://www.email.si/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
accounting file
Hi Someone can tell me if thre is a accounting file to registrer all sessions ? Thanks Jacques - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
accounting question
Hi, I have a question about radius, Is there anyone on this list that can help? I'm sure this is a very common request. I have a situation where radius accounting is logged to a mysql database. I'd like to find a way to show the accurate number of users that are currently online. Up till now this has been done by querying the database to find entries in the radacct table that have value 0 for AccountStopTime. However there are quite a number of entries in this 'radacct' table that have the 0 as AccountStopTime but are not active sessions. What would be a way to get just the sessions that are active? kind regards, Luke -- ._ :| .| |.|/.|_ :|__.|_|.|\.|_ :0421 276 282. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Accounting ReceiveQueue
In which case the accounting queue is getting so big (see below) while a authorization works perfect? Proto Recv-Q Send-Q Local Address Foreign Address State moon:~# netstat -l |grep radius udp0 0 *:radius*:* udp 100608 0 *:radius-acct *:* Thanks in advance. Edgars - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Accounting question
Hello,
I have a question regarding the way accounting is done. I configured
freeradius 1.0.1 with openssl and mysql support on a Fedora Core 3
system. I'm using it with PEAP and TLS for wireless authentication.
The authentication works fine, but the accounting packets are always
missing the username and the IPs of client and NAS seem to be
interchanged.
Here is a sample packet extracted from running radiusd with debugging:
rad_recv: Accounting-Request packet from host 192.168.30.11:1223,
id=211, length=182
Acct-Status-Type = Alive
Acct-Session-Id = "0002e3412adf-000e6ad5debc-b0e1"
NAS-IP-Address = 192.168.30.34
Acct-Input-Octets = 10179
Acct-Output-Octets = 11165
Acct-Input-Packets = 47
Acct-Output-Packets = 97
Vendor-Specific = 0x45415020557365726e616d652069733a204a4f53455048
Vendor-Specific = 0x564c414e2049442069733a2030
Vendor-Specific = 0x4553534944203d2055746570736120486f742053706f74
Vendor-Specific = 0x45415020547970652069733a204541502d50454150
Acct-Session-Time = 63418
My question is Isn the NAS suppossed to be the wireless access
point? (in our case 192.168.30.11, not 192.168.30.34). Isn't the
client suppossed to be the computer from which the user authenticated?
(192.168.30.34 instead of .11). Is this just access point related? or
can I configure it in clients.conf?
The relevant portion of clients.conf looks like this:
client 192.168.30.0/24 {
secret = XX
shortname = wifiAP
}
Thanks for any help,
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
accounting-request
hello,I had a problem with my freeradius. when I debug
and send radest there no rad-recev about
accounting-request there only about access-request.
can anyone help me whats wrong with my configuration??
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file:
/usr/local/radius/etc/raddb/proxy.conf
Config: including file:
/usr/local/radius/etc/raddb/clients.conf
Config: including file:
/usr/local/radius/etc/raddb/snmp.conf
Config: including file:
/usr/local/radius/etc/raddb/sql.conf
main: prefix = "/usr/local/radius"
main: localstatedir = "/usr/local/radius/var"
main: logdir = "/usr/local/radius/var/log/radius"
main: libdir = "/usr/local/radius/lib"
main: radacctdir =
"/usr/local/radius/var/log/radius/radacct"
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 1812
main: allow_core_dumps = no
main: log_stripped_names = yes
main: log_file =
"/usr/local/radius/var/log/radius/radius.log"
main: log_auth = yes
main: log_auth_badpass = yes
main: log_auth_goodpass = yes
main: pidfile =
"/usr/local/radius/var/run/radiusd/radiusd.pid"
main: user = "(null)"
main: group = "(null)"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/local/radius/sbin/checkrad"
main: proxy_requests = no
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = yes
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will
go away soon.
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/local/radius/lib
Module: Loaded exec
exec: wait = yes
exec: program = "(null)"
exec: input_pairs = "request"
exec: output_pairs = "(null)"
exec: packet_type = "(null)"
rlm_exec: Wait=yes but no output defined. Did you mean
output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
pap: encryption_scheme = "crypt"
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = no
mschap: require_strong = no
mschap: with_ntdomain_hack = no
mschap: passwd = "(null)"
mschap: authtype = "MS-CHAP"
mschap: ntlm_auth = "(null)"
Module: Instantiated mschap (mschap)
Module: Loaded System
unix: cache = no
unix: passwd = "(null)"
unix: shadow = "(null)"
unix: group = "(null)"
unix: radwtmp =
"/usr/local/radius/var/log/radius/radwtmp"
unix: usegroup = no
unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded preprocess
preprocess: huntgroups =
"/usr/local/radius/etc/raddb/huntgroups"
preprocess: hints =
"/usr/local/radius/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
realm: format = "suffix"
realm: delimiter = "@"
realm: ignore_default = no
realm: ignore_null = no
Module: Instantiated realm (suffix)
Module: Loaded files
files: usersfile =
"/usr/local/radius/etc/raddb/users"
files: acctusersfile =
"/usr/local/radius/etc/raddb/acct_users"
files: preproxy_usersfile =
"/usr/local/radius/etc/raddb/preproxy_users"
files: compat = "no"
Module: Instantiated files (files)
Module: Loaded Acct-Unique-Session-Id
acct_unique: key = "User-Name, Acct-Session-Id,
NAS-IP-Address, Client-IP-Address, NAS-Port"
Module: Instantiated acct_unique (acct_unique)
Module: Loaded detail
detail: detailfile =
"/usr/local/radius/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
radutmp: filename =
"/usr/local/radius/var/log/radius/radutmp"
radutmp: username = "%{User-Name}"
radutmp: case_sensitive = yes
radutmp: check_with_nas = yes
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Module: Loaded SQL
sql: driver = "rlm_sql_mysql"
accounting-request
hello,I had a problem with my freeradius. when I debug
and send radest there no rad-recev about
accounting-request there only about access-request.
can anyone help me whats wrong with my configuration??
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file:
/usr/local/radius/etc/raddb/proxy.conf
Config: including file:
/usr/local/radius/etc/raddb/clients.conf
Config: including file:
/usr/local/radius/etc/raddb/snmp.conf
Config: including file:
/usr/local/radius/etc/raddb/sql.conf
main: prefix = "/usr/local/radius"
main: localstatedir = "/usr/local/radius/var"
main: logdir = "/usr/local/radius/var/log/radius"
main: libdir = "/usr/local/radius/lib"
main: radacctdir =
"/usr/local/radius/var/log/radius/radacct"
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 1812
main: allow_core_dumps = no
main: log_stripped_names = yes
main: log_file =
"/usr/local/radius/var/log/radius/radius.log"
main: log_auth = yes
main: log_auth_badpass = yes
main: log_auth_goodpass = yes
main: pidfile =
"/usr/local/radius/var/run/radiusd/radiusd.pid"
main: user = "(null)"
main: group = "(null)"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/local/radius/sbin/checkrad"
main: proxy_requests = no
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = yes
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will
go away soon.
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/local/radius/lib
Module: Loaded exec
exec: wait = yes
exec: program = "(null)"
exec: input_pairs = "request"
exec: output_pairs = "(null)"
exec: packet_type = "(null)"
rlm_exec: Wait=yes but no output defined. Did you mean
output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
pap: encryption_scheme = "crypt"
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = no
mschap: require_strong = no
mschap: with_ntdomain_hack = no
mschap: passwd = "(null)"
mschap: authtype = "MS-CHAP"
mschap: ntlm_auth = "(null)"
Module: Instantiated mschap (mschap)
Module: Loaded System
unix: cache = no
unix: passwd = "(null)"
unix: shadow = "(null)"
unix: group = "(null)"
unix: radwtmp =
"/usr/local/radius/var/log/radius/radwtmp"
unix: usegroup = no
unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded preprocess
preprocess: huntgroups =
"/usr/local/radius/etc/raddb/huntgroups"
preprocess: hints =
"/usr/local/radius/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
realm: format = "suffix"
realm: delimiter = "@"
realm: ignore_default = no
realm: ignore_null = no
Module: Instantiated realm (suffix)
Module: Loaded files
files: usersfile =
"/usr/local/radius/etc/raddb/users"
files: acctusersfile =
"/usr/local/radius/etc/raddb/acct_users"
files: preproxy_usersfile =
"/usr/local/radius/etc/raddb/preproxy_users"
files: compat = "no"
Module: Instantiated files (files)
Module: Loaded Acct-Unique-Session-Id
acct_unique: key = "User-Name, Acct-Session-Id,
NAS-IP-Address, Client-IP-Address, NAS-Port"
Module: Instantiated acct_unique (acct_unique)
Module: Loaded detail
detail: detailfile =
"/usr/local/radius/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
radutmp: filename =
"/usr/local/radius/var/log/radius/radutmp"
radutmp: username = "%{User-Name}"
radutmp: case_sensitive = yes
radutmp: check_with_nas = yes
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Module: Loaded SQL
sql: driver = "rlm_sql_mysql"
Accounting VSAs
I was wondering if it is possible to modify the accounting queries to
accept our own Vendor Specific Attributes.
I would like to insert the Ascend-Data-Rate attribute we receive from
our Ascent (Lucent) MAX TNT machine running TAOS 11. Upon browsing the
sql.conf file, my thinking was that if most of the attributes get %{}
"escaped" and turned into "variables" that are inserted and modified,
that VSAs would too. Upon some testing, at least in my case, I have
found that this isn't true.
I find that the NAS sends many Vendor-Specific lines that
dictionary.ascend contains and FreeRADIUS therefore decodes, but I am
stumped as to how to include these in our queries.
Is here any documentation or workarounds?
Thanks,
Wes
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
accounting analysis
Hello do you a free tool to generate analysis from freeradius accounting ? --- Marc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Post Accounting
Hi freeradius community! I want to do something with freeradius but i haven't find any information how to do that. The problem is I want to run SQL query after accounting stop request with in sql module. I found that sql module have postauth_query feature. So i want same functionality but after accounting stop request.. Is there any way to do it? (Note that i don't want to use SQL trigger) Thanks for your responses devrim - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Post Accounting
Thanks for reply Paolo, But i wonder that can i use both sql accounting and acctusersfile same time? And i i do how? Thanks.. devrim I do some post-proccesing for accounting and I do it through the exec module. I call at the end of accounting section one instance of the exec module wich calls a script wich does some post-processing, updates some tables and distinguish processing between Start/Alive/Stop. - Original Message - From: Devrim Seral To: freeradius-users at lists.freeradius.org Sent: Friday, October 07, 2005 6:04 PM Subject: Post Accounting Hi freeradius community! I want to do something with freeradius but i haven't find any information how to do that. The problem is I want to run SQL query after accounting stop request with in sql module. I found that sql module have postauth_query feature. So i want same functionality but after accounting stop request.. Is there any way to do it? (Note that i don't want to use SQL trigger) Thanks for your responses devrim -- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- next part --An HTML attachment was scrubbed...URL: https://list.xs4all.nl/pipermail/freeradius-users/attachments/20051007/611a308e/attachment-0001.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
accounting scripts ?
Hello I'm searching for scripts that are able to parse the radacct/xxx.xxx.xxx.xxx/detail-xxx file to perform some simple statistics ? Thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Testing accounting
Hi, I've got 2 radius servers in HA mode behind a load balancer. My load balancer needs to test the 2 radius servers to make sure they are responding. I need to send some payload to the accounting port to test this. Can someone tell me which payload I could send to test the accounting port ? Regards, -- Sebastien Cantos <[EMAIL PROTECTED]> Network / System Manager Neopost DIVA - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
accounting question
we keep getting a lot of missed stop packets that we never had problems with when we ran icradius. I don't know what the problem could be but I am getting ready to turn accounting off for us. However I have a major concern with this. We are using the mysql option with freeradius including the nas table. We use a flat file, proxy.conf, for our remote realm configurations. We proxy for a number of remote realms running their own radius authentication and they receive accounting information we receive from our upstream passed on to them. If I turn accounting off, is there a way we can still pass accounting through to our remote realms, or is it a global on/off switch that affects everyone? I just don't want to keep track of it locally until we can figure out what is causing this. I do notice a number of error messages about 0 length stop packets being received and I assume they are rejected. I have also contacted our upstream provider and asked them to be sure all is well with what they pass us. We use 1645:1646 and have those ports in iptables to freely accept.. are there possibly other ports I should be putting in there? -- Chuck - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Accounting-Response
Hello ! Short question -- My FR 1.0 doesn't send Accounting-Response when sql module fail. Is it correct? I think it must always send response packets as an indication that acct packet just recieved. My NAS send acct-request packets in infinity loop until response pkt recived. Explanation --- Is it normal behaviour of FreeRADIUS when it does not send Accounting-Response packet to Accounting-Request? My sql module fails to insert data to DB because server due to different reasons send duplicated accounting-stop packet, and I have unique index on sessions table. We use Nomadix HSG as an our central access server for wireless connections. Nomadix send acct-request packets in infinity loop until response pkt recived. Radius debug - Tue Nov 15 12:40:33 2005 : Error: rlm_sql_oracle: execute query failed in sql_query: ORA-1: unique constraint (WIFI.RADACCT_UNIQUEID) violated Tue Nov 15 12:40:33 2005 : Error: rlm_sql (sql): failed after re-connect Tue Nov 15 12:40:33 2005 : Error: rlm_sql (sql): Couldn't insert SQL accounting STOP record - ORA-1: unique constraint (WIFI.RADACCT_UNIQUEID) violated Tue Nov 15 12:40:33 2005 : Debug: rlm_sql (sql): Released sql socket id: 1 Tue Nov 15 12:40:33 2005 : Debug: modsingle[accounting]: returned from sql (rlm_sql) for request 17 Tue Nov 15 12:40:33 2005 : Debug: modcall[accounting]: module "sql" returns fail for request 17 Tue Nov 15 12:40:33 2005 : Debug: modcall: group accounting returns fail for request 17 Tue Nov 15 12:40:33 2005 : Debug: Finished request 17 Tue Nov 15 12:40:33 2005 : Debug: Going to the next request Tue Nov 15 12:40:33 2005 : Debug: --- Walking the entire request list --- Tue Nov 15 12:40:33 2005 : Debug: Waking up in 2 seconds... Tue Nov 15 12:40:35 2005 : Debug: --- Walking the entire request list --- Tue Nov 15 12:40:35 2005 : Debug: Cleaning up request 14 ID 2 with timestamp 437974c7 Tue Nov 15 12:40:35 2005 : Debug: Waking up in 1 seconds... Tue Nov 15 12:40:36 2005 : Debug: --- Walking the entire request list --- Tue Nov 15 12:40:36 2005 : Debug: Cleaning up request 15 ID 6 with timestamp 437974c9 Tue Nov 15 12:40:36 2005 : Debug: Waking up in 6 seconds... rad_recv: Accounting-Request packet from host 213.24.217.233:1025, id=8, length=162 Thanks a lot for your help -- Ruslan A Dautkhanov - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RADIUS Accounting
Hi All, I have installed freeRADIUS 1.0.5 recently and configured it. It works perfectly for authenticating users connecting through WLAN AP. I have a little problem with RADIUS accounting. I understand that the accounting requests should be sent by the NAS to the RADIUS server. My problem is how can we set the frequency of sending these accounting requests. That is how often the NAS will send accounting requests to the RADIUS server? Can we configure that setting (frequency of sending the accounting requests) through freeRADIUS conf files or do we need to configure it throough the configuration interface of the NAS? Thanking You., Madhuraka Godahewa Telecommunications Engineer Research and Development Unit Electroteks Global Networks (Pvt.) Ltd. Mobile: + 94-777-647055 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Radius Accounting
Hello
First of all let be begin by wishing you a "happy new year".
I am mailing you in regard to a particular problem I am facing.
I am writing a program in java which will read the accounting
data being sent by the NAS client and insert it into the database.
This is required by my organization inorder to verify whether
radius server is able to insert records into mysql database without
any leakage.
I have opened a port and have configured the NAS client so
that the accounting data is sent to both the radius server and my
program. My program is also receiving the accounting data. I am
dumping some data as received by my program at the end of the
mail (please look at it).
Some information is in binary and some in text format. My parsing
program is able to extract some data like h323_conf_id,
h323_remote_address,
h323_disconnect_cause etc. However a lot of the information is in
binary. and is probabaly application specific.
I want to know whether it is anyhow possible for my program to understand
the binary data being carried by the UDP packet. This I need because
I need the values of some variables like Acct-Session_Time, Calling_
Station_Id, Called_Station_Id. but I cannot locate it in the data I am
receiving.
I am sure that Radius server is receiving all variable values because it is
writing all
this in a flat file and inserting into ther database.
Please if you could help in any way I will be much obliged.
Kind regards
Navonil
Data being received by my program from NAS client
0220DE27 1h323-setup-time=12:53:55.284 UTC Fri Jan 2 2004
!h323-gw-id=imassipipgw.8 2h323-conf-id=02134F2A 21F78648 56343434
34EF h323-call-origin=answer h323-call-type=VoIPA
;h323-incoming-conf-id=02134F2A 21F78648 56343434 34EF
subscriber=Unknown session-protocol=cisco-'gw-rxd-cdn=ton:0,npi:1,
#:009053225520*+/0.93h323-connect-time=12:53:59.952 UTC Fri Jan 2 2004
< 6h323-disconnect-time=12:53:59.952 UTC Fri Jan 2 2004
h323-disconnect-cause=1C( "h323-remote-address=80.70.65.206
release-source=6 h323-voice-quality=-1' !gw-rxd-cgn=ton:2,npi:1,
#:48O48009053225520��f-)
[EMAIL PROTECTED]
00220DE37 1h323-setup-time=12:53:55.288 UTC Fri Jan 2 2004
!h323-gw-id=imassipipgw.8 2h323-conf-id=02134F2A 21F78648 56343434
34EF"h323-call-origin=originate h323-call-type=VoIPA
;h323-incoming-conf-id=02134F2A 21F78648 56343434 34EF
subscriber=Unknownsession-protocol=cisco- 'gw-rxd-cdn=ton:0,npi:1,
#:009053225520*+/0.93h323-connect-time=12:53:59.956 UTC Fri Jan 2 2004
< 6h323-disconnect-time=12:53:59.956 UTC Fri Jan 2 2004
h323-disconnect-cause=1C* $h323-remote-address=213.232.102.47
release-source=6 h323-voice-quality=-17 1alert-timepoint=12:53:59.676
UTC Fri Jan 2 2004' !gw-rxd-cgn=ton:2,npi:1,#:486
0gw-final-xlated-cdn=ton:0,npi:1,#:0090532255200
*gw-final-xlated-cgn=ton:2,npi:1,#:48O48009053225520��f-)
�4��7Km*&�ϱ�F�,
00220DE67 1h323-setup-time=12:54:02.548 UTC Fri Jan 2 2004
!h323-gw-id=imassipipgw.8 2h323-conf-id=00FF 00AF4817 000F0001
2D0A1A2C h323-call-origin=answer h323-call-type=VoIPA
;h323-incoming-conf-id=00FF 00AF4817 000F0001 2D0A1A2C
subscriber=Unknown session-protocol=cisco("gw-rxd-cdn=ton:0,npi:1,
#:0096321*+/0.9 3h323-connect-time=12:54:02.836 UTC Fri Jan 2 2004<
6h323-disconnect-time=12:54:02.836 UTC Fri Jan 2 2004
h323-disconnect-cause=1C( "h323-remote-address=80.70.65.206
release-source=6 h323-voice-quality=-1-
'gw-rxd-cgn=ton:0,npi:1,pi:0,si:0,#:0680.70.65.206(06 0096321��f-)
�MO)��4�D,
00220DE77 1h323-setup-time=12:54:02.552 UTC Fri Jan 2 2004
!h323-gw-id=imassipipgw.8 2h323-conf-id=00FF 00AF4817 000F0001
2D0A1A2C"h323-call-origin=originate h323-call-type=VoIPA
;h323-incoming-conf-id=00FF 00AF4817 000F0001 2D0A1A2C
subscriber=Unknownsession-protocol=cisco( "gw-rxd-cdn=ton:0,npi:1,
#:0096321*+/0.9 3h323-connect-time=12:54:02.840 UTC Fri Jan 2 2004<
6h323-disconnect-time=12:54:02.840 UTC Fri Jan 2 2004
h323-disconnect-cause=1C* $h323-remote-address=213.232.102.47
release-source=6 h323-voice-quality=-1-
'gw-rxd-cgn=ton:0,npi:1,pi:0,si:0,#:061 +gw-final-xlated-cdn=ton:0,npi:1,
#:00963216 0gw-final-xlated-cgn=ton:0,npi:1,pi:0,si:0,
#:0680.70.65.206(060096321��f-)
(70��E�N4{M9,
00220DEA7 1h323-setup-time=12:54:06.868 UTC Fri Jan 2 2004
!h323-gw-id=imassipipgw.8 2h323-conf-id=3504600A 8D566D16 1D060006
D7A56E33 h323-call-origin=answer h323-call-type=VoIPA
;h323-incoming-conf-id=3504600A 8D566D16 1D060006 D7A56E33
subscriber=Unknown session-protocol=cisco/)gw-rxd-cdn=ton:0,npi:1,
#:00911125596365*+/0.9 3h323-connect-time=12:54:18.308 UTC Fri Jan 2 2004
< 6h323-disconnect-time=12:54:18.308 UTC Fri Jan 2 2004
h323-disconnect-cause=10( "h323-remote-address=80.70.65.206
Proxy Accounting
Dear All,
We have FreeRADIUS Version 2.1.1 installed with mysql.
Some of our users are authenticated via an external radius so we have
configured a realm and proxy.
All works well except accounting. The Freeradius does not seems to be
sending the accounting to the remote server (local accounting to mysql works
fine).
This is the configuration we used:
File realm:
realm one {
format = suffix
delimiter = "#"
ignore_default = no
ignore_null = no
}
File proxy.conf:
home_server pri_home_server {
type = auth+acct
ipaddr = x.x.x.x
port = 1812
secret = **
response_window = 20
zombie_period = 40
revive_interval = 120
status_check = status-server
check_interval = 30
num_answers_to_alive = 3
}
home_server sec_home_server {
type = auth+acct
ipaddr = y.y.y.y
port = 1812
secret = **
response_window = 20
zombie_period = 40
revive_interval = 120
status_check = status-server
check_interval = 30
num_answers_to_alive = 3
}
home_server_pool auth_failover_pool {
type = fail-over
home_server = pri_home_server
home_server = sec_home_server
}
realm users{
type = radius
auth_pool = auth_failover_pool
acct_pool = auth_failover_pool
nostrip
}
When using tcpdump on the server we don’t see any accounting request being
issued by the radius.
Your help please.
Regards,
Adi.
--
View this message in context:
http://www.nabble.com/Proxy-Accounting-tp26090474p26090474.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Accounting question
Radius is storing the accounting information using the EAP hashed username. Is there a way to change it to store the clear text username with the accounting info? David Peterson Engineer Wireless Connections 166 Milan Ave., Norwalk, Oh. 44857 ACCessing the Future Today!! ofc. 419.660.6100 ext 2287 cell 419-706-7355 fax 419-668-4077 <http://www.wirelessconnections.net/> http://www.wirelessconnections.net This transmission and any files attached to it, may contain confidential and/or privileged information and intended only for the named recipient. If you are not the intended recipient, you are hereby notified that any disclosure, reproduction, retransmission, dissemination, disclosure, copying or any use of the information or files contained is strictly prohibited. If you have received this transmission in error, please notify the sender by reply transmission and delete this electronic mail - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: accounting
On 12/15/2009 05:42 PM, rosect...@yahoo.com wrote: Two questions that I am seeking answers to. 1. Can freeradius log accounting info in a local file, meaning not to use a sql database? If yes, how to enable that and where the log files will be (configurable?) yes, read /etc/raddb/sites-available/default, look for "accounting" and read /etc/raddb/modules/detail 2. I loaded freeradius 2.13.fc9.i386. "rpm -qa" shows that freeradius-mysql-2.1.3-1.fc9.i386 is installed. However, "which mysql: shows this command is not available. Do I need to download mysql and install it or does this version of freeradius install mysql automatically? read http://wiki.freeradius.org/Red_Hat_FAQ -- John Dennis Looking to carve out IT costs? www.redhat.com/carveoutcosts/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: accounting
1. Can freeradius log accounting info in a local file, meaning not to use a sql database? If yes, how to enable that and where the log files will be (configurable?) You needn't use a database if you do ot want. Depend on the level of the detail you want there is the var/log/freeradius directory where you can find log files. You can find the exact directory in radiusd.conf. 2. I loaded freeradius 2.13.fc9.i386. "rpm -qa" shows that freeradius-mysql-2.1.3-1.fc9.i386 is installed. However, "which mysql: shows this command is not available. Do I need to download mysql and install it or does this version of freeradius install mysql automatically? You needn't. In the file radiusd.conf you can see the file you need. _ Date una vuelta por Sietes y conoce el pueblo de los expertos en Windows 7 http://www.sietesunpueblodeexpertos.com/- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
accounting question
Hi, I have redundant NAS nodes and they obviously have two different NAS-IP. If one NAS fails, the entity for which I'm accounting traffic is automatically switched over to the redundant NAS which can keep sending accounting records to Radius. However, the records will have different NAS-IP, NAS-Identier and NAS-Port-ID. The acct-session-id and framed-ip-addrss will be the same (and this is what I use to identify the entity for which I collect acct info). Is there any way that this new records will be written to the same file as before the failover so that I can correlate the records? I see that the acct directory is in /var/log/freeradius/radacct//. This directory name is what is bothering me. Is there any way to change this? Thanks Marlon - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
