radius 0.9.3 / mysql 4.0.16: no logging
Good morning all,
We have a server with a really old copy of FreeRADIUS logging accounting
data to mysql 3.xx. We are now in the process of upgrading to the latest
stable of mysql 4 and freeradius.
We've built the system on a separate machine and it works during
testing, except it doesn't log anything to mysql. We have authorisation
checks using flat files, but use mysql for logging.
radtest works fine, nothing in mysql. radiusd -x shows it connects fine
to the mysql server, and mysqld shows it has connected.
Yet there is no sqltrace.sql file either.
We have confirmed the username/password details can log in, and the
table names are correct. The accounting{} part is as default, with 'sql'
right above 'unix'.
Some help would be appreciated. We are at a loss!
Thanks,
James Green
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radius 0.9.3 / mysql 4.0.16: no logging
ZORBADELOS KONSTANTINOS wrote:
At Mon, 15 Dec 2003 10:25:36 +,
James Green wrote:
Use radiusd -X and see what happens with the requests. You should see
the sql queries that the server tries to execute.
Zorbadelos,
This has been done. That is how I know it connects to the database, but
doesn't perform any SQL queries.
I can get it to look up the user in the database even, it just refuses
to log the result in the database.
Its driving me up the wall :-(
James
Good morning all,
We have a server with a really old copy of FreeRADIUS logging accounting
data to mysql 3.xx. We are now in the process of upgrading to the latest
stable of mysql 4 and freeradius.
We've built the system on a separate machine and it works during
testing, except it doesn't log anything to mysql. We have authorisation
checks using flat files, but use mysql for logging.
radtest works fine, nothing in mysql. radiusd -x shows it connects fine
to the mysql server, and mysqld shows it has connected.
Yet there is no sqltrace.sql file either.
We have confirmed the username/password details can log in, and the
table names are correct. The accounting{} part is as default, with 'sql'
right above 'unix'.
Some help would be appreciated. We are at a loss!
Thanks,
James Green
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
==
Kostas Zorbadelos
Currently at: Otenet IT Department
mailto: [EMAIL PROTECTED]
Out there in the darkness, out there in the night
out there in the starlight, one soul burns brighter
than a thousand suns.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radius 0.9.3 / mysql 4.0.16: no logging
ZORBADELOS KONSTANTINOS wrote:
At Mon, 15 Dec 2003 12:57:24 +,
James Green wrote:
ZORBADELOS KONSTANTINOS wrote:
You said you used radiusd -x and not radiusd -X (case is important).
Please send the output you receive from radiusd -X. See the rlm_sql
and radius_xlat messages. Perhaps something is wrong with the
configuration of queries.
Hello again.
Right, we've just had our NAS configured to the same spec that the
exising (non-test) one is which logs things fine.
Yet we still don't see anything in our database on the test number.
Here's the debug output - I hope someone can point the finger...
rad_recv: Access-Request packet from host 81.20.32.130:2048, id=40,
length=317
Attr-172818433 =
0x202449643a2041707469732e76696e666f2020496d6167654e616d653d6665706d64202056657273696f6e3d332e362e32703220204275696c644e756d6265723d3332383420204275696c64446174653d31322f31392f3230303020204275696c6454696d653d31363a33313a333820204d616368696e653d4255494c4430332020557365723d4275696c642020546172676574426f6172643d736363202054617267657450726f636573736f723d50504336303320204272616e63683d7033363220204578702024
NAS-IP-Address = 81.20.32.130
User-Name = [EMAIL PROTECTED]
CHAP-Password = 0x017095d941e007b1ca52c6ee6137cf8d65
Called-Station-Id = 08714719098
Calling-Station-Id = 1493660030
NAS-Port = 17236748
NAS-Port-Type = Async
Framed-Protocol = PPP
Service-Type = Framed-User
modcall: entering group authorize for request 3
modcall[authorize]: module preprocess returns ok for request 3
radius_xlat: '/var/log/radiusd/radacct/81.20.32.130/auth-detail-20031215'
rlm_detail:
/var/log/radiusd/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands
to /var/log/radiusd/radacct/81.20.32.130/auth-detail-20031215
modcall[authorize]: module auth_log returns ok for request 3
rlm_chap: Setting 'Auth-Type := CHAP'
modcall[authorize]: module chap returns ok for request 3
modcall[authorize]: module eap returns noop for request 3
rlm_realm: Looking up realm wapmob for User-Name = [EMAIL PROTECTED]
rlm_realm: Found realm wapmob
rlm_realm: Adding Stripped-User-Name = james
rlm_realm: Proxying request from user james to realm wapmob
rlm_realm: Adding Realm = wapmob
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module suffix returns noop for request 3
radius_xlat: '[EMAIL PROTECTED]'
rlm_sql (sql): sql_set_user escaped user -- '[EMAIL PROTECTED]'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE
Username = '[EMAIL PROTECTED]' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 1
rlm_sql_mysql: query: SELECT id,UserName,Attribute,Value,op FROM
radcheck WHERE Username = '[EMAIL PROTECTED]' ORDER BY id
rlm_sql (sql): User [EMAIL PROTECTED] not found in radcheck
radius_xlat: 'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
FROM radgroupcheck,usergroup WHERE usergroup.Username = '[EMAIL PROTECTED]'
AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
rlm_sql_mysql: query: SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
FROM radgroupcheck,usergroup WHERE usergroup.Username = '[EMAIL PROTECTED]'
AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id
radius_xlat: 'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
FROM radgroupreply,usergroup WHERE usergroup.Username = '[EMAIL PROTECTED]'
AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql_mysql: query: SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
FROM radgroupreply,usergroup WHERE usergroup.Username = '[EMAIL PROTECTED]'
AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id
rlm_sql (sql): User [EMAIL PROTECTED] not found in radgroupcheck
rlm_sql (sql): User not found
rlm_sql (sql): Released sql socket id: 1
modcall[authorize]: module sql returns notfound for request 3
users: Matched DEFAULT at 152
users: Matched DEFAULT at 159
modcall[authorize]: module files returns ok for request 3
modcall[authorize]: module mschap returns noop for request 3
modcall: group authorize returns ok for request 3
rad_check_password: Found Auth-Type Local
auth: type Local
auth: user supplied CHAP-Password matches local User-Password
Login OK: [james/CHAP-Password] (from client intelliplus port 17236748
cli 1493660030)
modcall: entering group post-auth for request 3
radius_xlat: '/var/log/radiusd/radacct/81.20.32.130/reply-detail-20031215'
rlm_detail:
/var/log/radiusd/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d
expands to /var/log/radiusd/radacct/81.20.32.130/reply-detail-20031215
modcall[post-auth]: module reply_log returns ok for request 3
modcall: group post-auth returns ok for request 3
Re: radius 0.9.3 / mysql 4.0.16: no logging
Nick Davis wrote:
James,
All of your accounting data is being written to the details files. You must
not have put sql in the accounting section of radius.conf.
You mean this?:
accounting {
#
# Ensure that we have a semi-unique identifier for every
# request, and many NAS boxes are broken.
acct_unique
sql
#
# Create a 'detail'ed log of the packets.
# Note that accounting requests which are proxied
# are also logged in the detail file.
detail
# daily
unix# wtmp file
#
# For Simultaneous-Use tracking.
#
# Due to packet losses in the network, the data here
# may be incorrect. There's little we can do about it.
radutmp
# sradutmp
# Return an address to the IP Pool when we see a stop record.
# main_pool
}
Been there for some time.
Also make sure the sql queries in sql.conf are correct for the radacct
table.
I've not touched them. The only thing I did was make it use
radacct_table1/table2, for which I searched and replaced. mysql.err
shows nothing, and I've logged into the mysql server using the radius
user account and successfully inserted some data.
I find it suspicous that although I see SQL queries to SELECT data in
the authorisation and authentication phase, I see no SQL being performed
for accounting data.
Take a look at my radius.conf for reference to using mysql for
accounting and
user/pass/groups (auth).
http://mrtizmo.com/freeradius/
Thanks for this, can't see much in there that's different to mine!
James
Hope some of this helps!
Nick
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL Cisco Call Detail
Mail_Man wrote: Can someone point me in the right direction to where I can find information on setting up Free Radius so that it collects all the call detail records from a cisco as5300 gateway and stores it in a database? TIA -Seth Call detail? You mean calltracker? If so then good luck :D. We did it by: - configure the cisco to use calltracker and output it to the syslog. - tell the cisco to forward the syslog onto a linux box - configure the linux box to accept the incoming syslog requests and pipe it through to a perl script - write a perl script to accept the syslog lines, process them and store them in the database using the ct_hndl field as the key. You cannot match the ct_hndl to the radius keys though, so you won't be able to easily match the calltracker logs to the radius logs. We contacted our cisco gold partner resellers and they contacted cisco themselves, and no-one could figure out a reliable matching system. Cisco advised to not bother with the radius logs, but use the calltracker logs instead. Thanks, James Green - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Time limits
Alan DeKok wrote: James Green [EMAIL PROTECTED] wrote: For example, if [EMAIL PROTECTED] logged in, we might have him on a 2 hours per day access permitted tariff. rlm_counter I guess then rlm_sqlcounter is the only way forward, since rlm_counter doesn't have any documentation that I can detect? James - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Time limits
Hi all, Apologies if this in a FAQ somewhere. I have a working FreeRadius installation and have been asked to implement a situation whereby we can assign time credits to logged-in users upon payment. For example, if [EMAIL PROTECTED] logged in, we might have him on a 2 hours per day access permitted tariff. I am however lost in the documentation - I don't know where to look. Can someone please provide some pointers? Many thanks, James Green - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Modems can login but ISDN users cannot?
Hi all, Got a FreeRadius installation working fine for analog modem users. A client is now trying to send through loads of ISDN traffic, and he's getting the following: 691: username/password declined (windows errors message) radius.log shows his test username as Login: ok. Yet Radius isn't logging him in the details logs at all. Any ideas? Thanks, James - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Can't log new attribs?
Hi all,
I've configured a Cisco to send through the Cisco-NAS-Port attribute
during an accounting start query and stop query.
I can see the attribute appear in our radius log files, but I can't get
the new attribute into our mysql database.
I added Cisco-NAS-Port as a column to the radacct_start table, and
modified sql.conf thus:
accounting_start_query = INSERT into ${acct_table1} (RadAcctId,
AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId,
NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime,
AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets,
AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause,
ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay,
AcctStopDelay, Cisco-NAS-Port) values('', '%{Acct-Session-Id}',
'%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}',
'%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S', '0', '0',
'%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0',
'%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}',
'%{Framed-Protocol}', '%{Framed-IP-Address}', '%{Acct-Delay-Time}', '0',
'%{Cisco-NAS-Port}')
Restarted freeradius, dialled in, got logged in, but no logging occured
at all in mysql. Waited a bit, still nothing. Disconnected, edited the
file back to original, restarted and then logs came through as normal
(data was therefore being lost).
Can someone point out what it wrong above, or what I am missing please?
Thanks,
James Green
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
No radius attribs?
Hi there,
Slightly odd problem. We have a Nortel NAS box with 1,000 modems taking
calls and as the radius query comes in, tcpdump shows this:
14:53:47.158236 81.20.32.130.2048 mars.uk.stealthnet.net.datametrics:
rad-access-req 320 [id 91] Attr[ Pass [|radius]
14:53:47.159057 mars.uk.stealthnet.net.datametrics 81.20.32.130.2048:
rad-access-accept 20 [id 91] (DF)
As you can see, no attribs. This causes the connection to fail pretty
much immediately.
We also have a Cisco, which presents the right attribs and works fine:
14:53:50.262689 europa.21748 mars.uk.stealthnet.net.datametrics:
rad-access-req 136 [id 178] Attr[ Framed_proto{PPP} [EMAIL PROTECTED]
[|radius]
14:53:50.263259 mars.uk.stealthnet.net.datametrics europa.21748:
rad-access-accept 20 [id 178] (DF)
Any ideas why this would be happening? We believe the secret is correct,
etc. The guys working on the Nortel have one theory but we're looking
for some enlightenment from kind selves too if we may.
Anything off the top of your heads? Thanks in advance!
James
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No radius attribs?
James Green wrote: Hi there, Slightly odd problem. We have a Nortel NAS box with 1,000 modems taking calls and as the radius query comes in, tcpdump shows this: This has been resolved. Apparently the Nortel box wasn't assigning IPs correctly. James - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Username Length Restrictions?
Hi there,
I have a client who uses auto-generated usernames used for logging into
radius, and he has complained that his usernames are unable to log in to
our equipment (a cisco 5350 + freeradius 0.8.1).
The username consists of 59 characters, then 11 for the @realm.
I see from radiusd.h the following:
typedef struct radclient {
uint32_tipaddr;
uint32_tnetmask;
charlongname[256];
u_char secret[32];
charshortname[32];
charnastype[32];
charlogin[32];
charpassword[32];
struct radclient*next;
} RADCLIENT;
Is this, with the 'login[32]' causing the length limit? If so can it be
increased to say login[255] without causing other elements to break?
Some assistance or advice would be appreciated. It is doubtful that the
usernames being auto-generated can be reduced in length.
Thanks,
James
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Logging - how to specify what to log?
Hi there,
I've been asked as a matter of urgency to ensure that the logs we get
from RADIUS include the CLI (Caller-ID), that is, the telephone number
of the person making the call. This should prove they called us.
I believe I need to log the %{Calling-Station-Id} attribute.
Problem: I have no idea what file to edit.
I can see a slew of attributes being logged to the detail-* files,
except this attribute.
Maybe FreeRADIUS doesn't get this attribute? It's a Cisco AS5350 talking
to it, with a couple of E1 ISDN-30s plugged in. I can't find much about
this on Cisco's website or the freeradius mailing list. Indeed, apart
from a mention as part of a list of attributes, the Oreilly RADIUS book
doesn't cover it.
Help! :-)
Thanks a lot.
James Green
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
