I've got freeradius-0.9.3 up and running under RHEL 3.0. I'm having some
problems getting it to log accounting info to oracle though. I've
started radiusd with the -X option and watched a simple test using
radtest. Here are the relevant portions of the debug info with
usernames/passwords/hosts replaced with x's:
Module: Loaded SQL
sql: driver = "rlm_sql_oracle"
sql: server = "db.host.name"
sql: port = ""
sql: login = "xxxxxx"
sql: password = "xxxxxx"
sql: radius_db =
"(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=db.host.name)(PORT=1521))(CON
NECT_DATA=(SID=dbsid)))"
sql: acct_table = "radacct"
sql: acct_table2 = "radacct"
sql: authcheck_table = "radcheck"
sql: authreply_table = "radreply"
sql: groupcheck_table = "radgroupcheck"
sql: groupreply_table = "radgroupreply"
sql: usergroup_table = "usergroup"
sql: nas_table = "nas"
sql: dict_table = "dictionary"
sql: sqltrace = yes
sql: sqltracefile = "/var/log/radius/sqltrace.sql"
sql: deletestalesessions = yes
sql: num_sql_socks = 5
sql: sql_user_name = "%{Stripped-User-Name:-%{User-Name:-DEFAULT}}"
sql: default_user_profile = ""
sql: query_on_not_found = no
<SNIP>
lots of queries here....
<SNIP>
rlm_sql (sql): starting 0
rlm_sql (sql): Attempting to connect rlm_sql_oracle #0
rlm_sql (sql): Connected new DB handle, #0
rlm_sql (sql): starting 1
rlm_sql (sql): Attempting to connect rlm_sql_oracle #1
rlm_sql (sql): Connected new DB handle, #1
rlm_sql (sql): starting 2
rlm_sql (sql): Attempting to connect rlm_sql_oracle #2
rlm_sql (sql): Connected new DB handle, #2
rlm_sql (sql): starting 3
rlm_sql (sql): Attempting to connect rlm_sql_oracle #3
rlm_sql (sql): Connected new DB handle, #3
rlm_sql (sql): starting 4
rlm_sql (sql): Attempting to connect rlm_sql_oracle #4
rlm_sql (sql): Connected new DB handle, #4
Module: Instantiated sql (sql)
Listening on IP address *, ports 1812/udp and 1813/udp.
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1:32784, id=119,
length=57
User-Name = "xxxxxx"
User-Password = "xxxxxx"
NAS-IP-Address = 255.255.255.255
NAS-Port = 1
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "eap" returns noop for request 0
rlm_realm: No '@' in User-Name = "xxxxxx", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
users: Matched DEFAULT at 1
modcall[authorize]: module "files" returns ok for request 0
modcall[authorize]: module "mschap" returns noop for request 0
modcall: group authorize returns ok for request 0
rad_check_password: Found Auth-Type PAM
auth: type "PAM"
modcall: entering group authenticate for request 0
pam_pass: using pamauth string <radiusd> for pam.conf lookup
pam_pass: authentication succeeded for <xxxxxx>
modcall[authenticate]: module "pam" returns ok for request 0
modcall: group authenticate returns ok for request 0
radius_xlat: '/usr/local/admin/bin/telauth '/etc/raddb{FACSTAFF}'
'255.255.255.255' '/etc/raddb{TIGERLINK}' 'xxxxxx''
Exec-Program: /usr/local/admin/bin/telauth '/etc/raddb{FACSTAFF}'
'255.255.255.255' '/etc/raddb{TIGERLINK}' 'xxxxxx'
Exec-Program output:
Exec-Program: returned: 0
Sending Access-Accept of id 119 to 127.0.0.1:32784
UMC-AV = "NOATTR"
Finished request 0
Going to the next request
Shouldn't I see a call to the accounting module that tries to dump
accounting info to oracle?
Here are some relevant parts from radiusd.conf
# Include another file that has the SQL-related configuration.
# This is another file only because it tends to be big.
#
# The following configuration file is for use with MySQL.
#
# For Postgresql, use: ${confdir}/postgresql.conf
# For MS-SQL, use: ${confdir}/mssql.conf
# For Oracle, use: ${confdir}/oraclesql.conf
#
$INCLUDE ${confdir}/oraclesql.conf
accounting {
#
# Ensure that we have a semi-unique identifier for every
# request, and many NAS boxes are broken.
acct_unique
#
# Create a 'detail'ed log of the packets.
# Note that accounting requests which are proxied
# are also logged in the detail file.
# detail
# daily
# unix # wtmp file
sql
#
# For Simultaneous-Use tracking.
#
# Due to packet losses in the network, the data here
# may be incorrect. There's little we can do about it.
# radutmp
# sradutmp
# Return an address to the IP Pool when we see a stop record.
# main_pool
}
Am I missing something some where?
I've added the "sql" module to the authenticate{} section and I
an see it talking to SQL in the debug messages. I just want it to log
accounting data though.. Authentication is handled by the pam module.
And that part works!
Thanks,
Brian Dourty
University of Missouri-Columbia
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
