Re: Radius copy accounting
Cool. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Radius copy accounting
Many thanks
I have then create a new dictionary with IANA number of my entreprise
and add a new attribute
Now I can see it in the proxyed packet.
> Yes Thanks But I tried to force in preacct with update reply { Realm
> += "%{Realm}" } but still no attribute realm in the packet proxied to
> other radius?
..and you were already told that 'Realm' is an internal attribute - you
need to define your own attribute...or borrow another that isnt of
concern - and then assign that eg
All info here :-)
http://www.lmgtfy.com/?q=FreeRadius+radrelay+proxying+the+Realm+attribut
e+to+the+home_server&l=1
Eric B.
***
*DISCLAIMER*
This electronic transmission (and any attached document) is intended
exclusively for the person or entity to whom it is addressed and may
contain confidential and/or privileged material.
Any disclosure, copying, distribution or other action based upon
the information by persons or entities other than the intended recipient
is prohibited. If you receive this message in error, please contact the
sender and delete the material from any and all computers.
Mobistar does not warrant a proper and complete transmission of this
information, nor does it accept liability for any delays.
*END OF DISCLAIMER*
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Radius copy accounting
On Wed, Aug 08, 2012 at 11:35:36AM +0200, BELLIERE Eric wrote:
> Yes Thanks But I tried to force in preacct with update reply { Realm +=
> "%{Realm}" }
This is pointless.
> but still no attribute realm in the packet proxied to other
> radius?
Please re-read what I wrote:
On Mon, Aug 06, 2012 at 01:39:06PM +0100, Matthew Newton wrote:
> Realm is an internal attribute (see dictionary.freeradius.internal)
> and as such doesn't appear in any packets in transit.
So read dictionary.freeradius.internal: "These attributes CANNOT
go in the reply item list. Range: 1000+" Realm is 1045...
It's an internal attribute ONLY. You can NOT get it to appear in a
packet. To do so you need to copy to a different attribute that
can go in the packet.
Matthew
--
Matthew Newton, Ph.D.
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253,
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Radius copy accounting
Hi,
> Yes Thanks But I tried to force in preacct with update reply { Realm +=
> "%{Realm}" } but still no attribute realm in the packet proxied to other
> radius?
..and you were already told that 'Realm' is an internal attribute - you need to
define
your own attribute...or borrow another that isnt of concern - and then assign
that eg
http://www.lmgtfy.com/?q=FreeRadius+radrelay+proxying+the+Realm+attribute+to+the+home_server&l=1
please ask your site admins to stop blocking access to Google.
see the first answer to this very same question - given by Matthew
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Radius copy accounting
Yes Thanks But I tried to force in preacct with update reply { Realm +=
"%{Realm}" } but still no attribute realm in the packet proxied to other
radius?
Eric B.
Send Freeradius-Users mailing list submissions to
freeradius-users@lists.freeradius.org
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.freeradius.org/mailman/listinfo/freeradius-users
or, via email, send a message with subject or body 'help' to
freeradius-users-requ...@lists.freeradius.org
You can reach the person managing the list at
freeradius-users-ow...@lists.freeradius.org
When replying, please edit your Subject line so it is more specific than
"Re: Contents of Freeradius-Users digest..."
Today's Topics:
1. RE: Radius copy accounting (BELLIERE Eric)
2. Re: Radius copy accounting (Fajar A. Nugraha)
3. Re: Problem with EAP Authentication working not every time
(stefan novak)
--
*DISCLAIMER*
This electronic transmission (and any attached document) is intended
exclusively for the person or entity to whom it is addressed and may
contain confidential and/or privileged material.
Any disclosure, copying, distribution or other action based upon
the information by persons or entities other than the intended recipient
is prohibited. If you receive this message in error, please contact the
sender and delete the material from any and all computers.
Mobistar does not warrant a proper and complete transmission of this
information, nor does it accept liability for any delays.
*END OF DISCLAIMER*
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Radius copy accounting
Please do NOT send, forward, or reply an entire digest mail. It's rude, useless, and will only make others unwilling to help you. On Wed, Aug 8, 2012 at 3:19 PM, BELLIERE Eric wrote: > Thanks but with sql I can send the attribute to Oracle DB without any > problem? If you included excerpts of messages from the ORIGINAL thread (instead of the digest), it would help others understand what you're talking about. Anyway, you should spend some time to understand how radius works. In short, do you have the list of attributes in the original accounting request? I'm not talking about the detail file, but rather the accounting packet that FR receives. If you PROXY that packet to another radius, then by default you'd get (roughly) what's in the original packet. Which doesn't include REALM attribute. You COULD add an attribute (e.g. using unlang, see http://freeradius.org/radiusd/man/unlang.html), probably in pre-proxy section. However if you want to do that, you need to use another attribute (i.e. NOT realm, since it's FR's internal attribute), and the destination radius server also needs to understand that attribute. It's easy enough if the destination server is also FR (in which case you can just create a custom attribute in both servers, or hijack one of the ununsed vendor-spesific attributes), but it might not be so easy with other radius servers. Logging to an oracle db does not involve proxying the accounting packet, so you can pretty much use whatever attributes or variables that FR recognizes, including internal attributes. -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Radius copy accounting
Thanks but with sql I can send the attribute to Oracle DB without any
problem? So can you please help me with this unlang command to add? And
where?
In preacct section of my virtual sites?
Eric B.
-Original Message-
From:
freeradius-users-bounces+eric.belliere=mail.mobistar.be@lists.freeradius
.org
[mailto:freeradius-users-bounces+eric.belliere=mail.mobistar...@lists.fr
eeradius.org] On Behalf Of freeradius-users-requ...@lists.freeradius.org
Sent: Monday 6 August 2012 15:34
To: freeradius-users@lists.freeradius.org
Subject: Freeradius-Users Digest, Vol 88, Issue 24
Send Freeradius-Users mailing list submissions to
freeradius-users@lists.freeradius.org
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.freeradius.org/mailman/listinfo/freeradius-users
or, via email, send a message with subject or body 'help' to
freeradius-users-requ...@lists.freeradius.org
You can reach the person managing the list at
freeradius-users-ow...@lists.freeradius.org
When replying, please edit your Subject line so it is more specific than
"Re: Contents of Freeradius-Users digest..."
Today's Topics:
1. Re: Radius copy accounting (Matthew Newton)
2. Re: Radius copy accounting (alan buxey)
3. Re: RES: FR 3 Event-Timestamp wrong format and Mysql
FROM_UNIXTIME error (Alan DeKok)
4. Duplicate Radius Accounting (Christopher Manigan)
5. Re: Duplicate Radius Accounting (Alan DeKok)
6. Freeradius Accounting (Robert Souter)
--
Message: 1
Date: Mon, 6 Aug 2012 13:39:06 +0100
From: Matthew Newton
To: FreeRadius users mailing list
Subject: Re: Radius copy accounting
Message-ID: <20120806123906.gb15...@rootmail.cc.le.ac.uk>
Content-Type: text/plain; charset=us-ascii
On Mon, Aug 06, 2012 at 02:30:14PM +0200, BELLIERE Eric wrote:
> As you can see this schema is working well except that the attribute
REALM is not include in the packet?
>
> We can see it in the detail file but when FR proxy the packet this
attribute is missing?
Realm is an internal attribute (see dictionary.freeradius.internal) and
as such doesn't appear in any packets in transit.
Matthew
--
Matthew Newton, Ph.D.
Systems Architect (UNIX and Networks), Network Services, I.T. Services,
University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253,
--
Message: 2
Date: Mon, 6 Aug 2012 13:49:08 +0100
From: alan buxey
To: FreeRadius users mailing list
Subject: Re: Radius copy accounting
Message-ID: <20120806124908.ga15...@lboro.ac.uk>
Content-Type: text/plain; charset=us-ascii
Hi,
>As you can see this schema is working well except that the
attribute REALM
>is not include in the packet?
as already said this is an internal engine attribute. if you want this
to be exposed in other systems, you will need to use eg 'unlang' to
populate a suitable attribute with this value
alan
--
Message: 3
Date: Mon, 06 Aug 2012 14:59:34 +0200
From: Alan DeKok
To: FreeRadius users mailing list
Subject: Re: RES: FR 3 Event-Timestamp wrong format and Mysql
FROM_UNIXTIME error
Message-ID: <501fbfb6.7080...@deployingradius.com>
Content-Type: text/plain; charset=ISO-8859-1
lscrlstld wrote:
> '%{NAS-Port-Type}', FROM_UNIXTIME(%{Event-Timestamp}),
Well, that's wrong. That was fixed ~2 weeks ago. I also said it
should be %{integer:Event-Timestamp}
Please grab an updated copy of the dialup.conf file.
Alan DeKok.
--
Message: 4
Date: Mon, 6 Aug 2012 13:13:44 +
From: Christopher Manigan
To: "freeradius-users@lists.freeradius.org"
Subject: Duplicate Radius Accounting
Message-ID:
<72d41b40ee32e749ae3ae3b7190aa7ce1e142...@mail01.corp.towerstream.com>
Content-Type: text/plain; charset="us-ascii"
In my logs I see many entries like the following:
Info: WARNING: Child is hung for request 51651 in component
module .3
Error: Dropping request (2049 is too many): from client myhost.mysite
port 32869 - ID: 239
In the last ~10 hours, the status server reports the following for
accounting:
Responses0
Duplicate954442
Malformed115045
Invalid 564029
Dropped 0
Unknown 0
Radius will hang and start to time out and eventually die. It looks
like the duplicate count gets extremely high very quickly. Could it be
the NAS that are pointing to it? Or could it be my radius configs
somehow causing this? I am not really sure how to prove it out or
troubleshoot. I can increase the max requests but I don't think that is
the right solution.
Chris
--
Message: 5
Date: Mon, 06 Aug 2012 15:19:52 +0200
From: Alan DeKok
To: FreeRadius users mailing list
Sub
Re: Radius copy accounting
Hi, >As you can see this schema is working well except that the attribute REALM >is not include in the packet? as already said this is an internal engine attribute. if you want this to be exposed in other systems, you will need to use eg 'unlang' to populate a suitable attribute with this value alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Radius copy accounting
On Mon, Aug 06, 2012 at 02:30:14PM +0200, BELLIERE Eric wrote: > As you can see this schema is working well except that the attribute REALM is > not include in the packet? > > We can see it in the detail file but when FR proxy the packet this attribute > is missing? Realm is an internal attribute (see dictionary.freeradius.internal) and as such doesn't appear in any packets in transit. Matthew -- Matthew Newton, Ph.D. Systems Architect (UNIX and Networks), Network Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
