Re: Accounting question

[Arran Cudbard-Bell]

David Peterson wrote:

Here is the accounting packet information I am getting:
rad_recv: Accounting-Request packet from host 172.16.4.2 port 1813, id=5,
length=239
        Acct-Status-Type = Start
        WiMAX-Beginning-Of-Session = 1
        WiMAX-IP-Technology = Reserved-0
        Acct-Session-Id =
"00-12-cf-c3-fb-8c3\000\000\000\000\000\000\000\000\000\000\000\000\000\000\
000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000"
        Framed-IP-Address = 64.186.195.5
        User-Name = "{am=1}33ac5579ce57217426e7434fa60e4...@test.com"
        Calling-Station-Id = "00-12-cf-c3-fb-8c"
        NAS-Identifier = "WC_LAB"
        NAS-IP-Address = 172.16.4.2
        WiMAX-BS-Id = 0x000002030209
        Framed-Pool = "alias"
        Event-Timestamp = "Dec 15 2009 09:04:15 CST"
        WiMAX-GMT-Timezone-offset = 21600
        Acct-Authentic = RADIUS

What I don't get is why the authentication works with clear text and the
accounting has the "hex stuff".  Is this pretty much controlled by the NAS?

The "hex stuff" is the NAS appending 31 null chars to the session id.
FreeRADIUS is converting the unprintable characters into escape codes so that 
they're visible.

The RFC recommendation is that:

"The Acct-Session-Id SHOULD contain UTF-8 encoded 10646 [7] characters."

Which SHOULD limit it to printable chars.

Really this is something your NAS vendor should fix, as it's a bug in their 
code.

...Though if you really want you can trim off the superfluous nulls with:

if(Acct-Session-ID =~ /(.*)/){
        update request {
                Acct-Session-ID := "%{1}"
        }
}


-Arran

David

-----Original Message-----

From: Alan DeKok [mailto:al...@deployingradius.com] Sent: Tuesday, December 15, 2009 9:44 AM

To: David Peterson-WirelessConnections; FreeRadius users mailing list
Subject: Re: Accounting question

David Peterson wrote:

From what I can determine, the username is encrypted even though the
authentication is done in clear text during the EAP authentication.

  It's not "encrypted".  My guess is that you are using WiMAX.

  As always, run the server in debugging mode to see what's going on.

  But if the NAS refuses to send a usable User-Name in an accounting
packet, your only solution is to somehow write the *real* User-Name &&
the hex stuff into an SQL table.  Then, correlated them later when you
receive the accounting packet.

  Alan DeKok.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html