(RADIATOR) Authby GROUP + AuthBy RADIUS + Accounting

Robin Vissers Mon, 6 Mar 2000 06:35:58 -0800
Hi all,

short problem description : 
---------------------------
Accounting information is stored locally and not forwarded to 
the other radius server using Authby GROUP.

Configuration overview
----------------------
As a temporary solution during migration of user database;
users will first be authenticated using DBFILE; if rejected, we'll try 
authentication to anorther radius server.
So far so good but:
Authentications is nicely forwarded, but Accounting information is not.


machineconfig 
-------------
Linux + perl 5.004_04 + Radiator-2.13.1

radius.cfg - realm
------------------

<Realm>
       RewriteUsername tr/A-Z/a-z/
       RewriteUsername s/ //g
       <AuthBy GROUP>
       AuthByPolicy ContinueUntilAccept
          <AuthBy DBFILE>
            Filename %D/users
            DefaultReply Service-Type = Framed-User, Framed-Protocol = PPP, 
Framed-Routing = None, Framed-MTU = 1500, Framed-Compression = Van-Jacobson-TCP-IP
          </AuthBy>
          <AuthBy RADIUS>
            Host my.host.domain.tld
            Secret bubu
            AuthPort 1645
            AcctPort 1646
          </AuthBy>
       </AuthBy>

       AcctLogFileName %L/radacct
       AcctLogFileFormat %{Acct-Session-Id} %{User-Name} %{Timestamp} 
%{Acct-Session-Time} %{Framed-IP-Address} %{Calling-Station-Id}
        PasswordLogFileName %L/password.log
</Realm>


logfile output (trace 4)
------------------------


** in short **
   ACCESS request
Mon Mar  6 14:07:07 2000: DEBUG: Handling with Radius::AuthGROUP
Mon Mar  6 14:07:07 2000: DEBUG: Handling with Radius::AuthDBFILE
Mon Mar  6 14:07:07 2000: DEBUG: Radius::AuthDBFILE looks for match with testuser
Mon Mar  6 14:07:07 2000: DEBUG: Handling with Radius::AuthRADIUS
Mon Mar  6 14:07:07 2000: DEBUG: Forwarding 189 to 222.222.222.222:1645

   ACCOUNTING request
Mon Mar  6 14:07:07 2000: DEBUG: Handling with Radius::AuthGROUP
Mon Mar  6 14:07:07 2000: DEBUG: Handling with Radius::AuthDBFILE
Mon Mar  6 14:07:07 2000: DEBUG:  Adding session for testuser, 111.111.111.111, 62
Mon Mar  6 14:07:07 2000: DEBUG: Accounting accepted



** full log **

Mon Mar  6 14:07:07 2000: DEBUG: Packet dump:
*** Received from 111.111.111.111 port 1645 ....
Code:       Access-Request
Identifier: 140
Authentic:  $<24><187>n<135><6><214><25><189><231>f<239>Q<150>{<235>
Attributes:
        NAS-IP-Address = 111.11.11.11
        NAS-Port = 62
        NAS-Port-Type = Virtual
        User-Name = "testuser"
        Called-Station-Id = "00000000"
        Calling-Station-Id = "00000000"
        CHAP-Password = "<crappedycrap>"
        Service-Type = Framed-User
        Framed-Protocol = PPP

Mon Mar  6 14:07:07 2000: DEBUG: Handling request with Handler 'Realm='
Mon Mar  6 14:07:07 2000: DEBUG: Rewrote user name to testuser
Mon Mar  6 14:07:07 2000: DEBUG: Rewrote user name to testuser
Mon Mar  6 14:07:07 2000: DEBUG: Handling with Radius::AuthGROUP
Mon Mar  6 14:07:07 2000: DEBUG: Handling with Radius::AuthDBFILE
Mon Mar  6 14:07:07 2000: DEBUG: Radius::AuthDBFILE looks for match with testuser
Mon Mar  6 14:07:07 2000: DEBUG: Handling with Radius::AuthRADIUS
Mon Mar  6 14:07:07 2000: DEBUG: Forwarding 189 to 222.222.222.222:1645
Mon Mar  6 14:07:07 2000: DEBUG: Packet dump:
*** Sending to 222.222.222.222 port 1645 ....
Code:       Access-Request
Identifier: 189
Authentic:  $<24><187>n<135><6><214><25><189><231>f<239>Q<150>{<235>
Attributes:
        NAS-IP-Address = 111.111.111.111
        NAS-Port = 62
        NAS-Port-Type = Virtual
        User-Name = "testuser"
        Called-Station-Id = "32750200"
        Calling-Station-Id = "32273887"
        CHAP-Password = "<185>U<2><178>e<166>v$&<9><168><204><30>Ud<211>/"
        Service-Type = Framed-User
        Framed-Protocol = PPP

Mon Mar  6 14:07:07 2000: DEBUG: Packet dump:
*** Received from 111.111.111.111 port 1646 ....
Code:       Accounting-Request
Identifier: 141
Authentic:  <195><154>g5<215>L4<250>q^<176><196><223><234><27><179>
Attributes:
        NAS-IP-Address = 111.111.111.111
        NAS-Port = 62
        NAS-Port-Type = Virtual
        User-Name = "testuser"
        Calling-Station-Id = "111.111.111.111"
        Acct-Status-Type = Start
        Service-Type = Framed-User
        Acct-Session-Id = "00080BA7"
        Framed-Protocol = PPP
        Acct-Delay-Time = 0

Mon Mar  6 14:07:07 2000: DEBUG: Handling request with Handler 'Realm='
Mon Mar  6 14:07:07 2000: DEBUG: Rewrote user name to testuser
Mon Mar  6 14:07:07 2000: DEBUG: Rewrote user name to testuser
Mon Mar  6 14:07:07 2000: DEBUG: Handling with Radius::AuthGROUP
Mon Mar  6 14:07:07 2000: DEBUG: Handling with Radius::AuthDBFILE
Mon Mar  6 14:07:07 2000: DEBUG:  Adding session for testuser, 111.111.111.111, 62
Mon Mar  6 14:07:07 2000: DEBUG: Accounting accepted
Mon Mar  6 14:07:07 2000: DEBUG: Packet dump:
*** Sending to 111.111.111.111 port 1646 ....
Code:       Accounting-Response
Identifier: 141
Authentic:  <195><154>g5<215>L4<250>q^<176><196><223><234><27><179>
Attributes:


Mon Mar  6 14:07:07 2000: DEBUG: Packet dump:
*** Received from 222.222.222.222 port 1645 ....
Code:       Access-Accept
Identifier: 189
Authentic:  <4><130><12><213>~<1><184><148><135>0<174><179>~<8><174><148>
Attributes:
        Service-Type = Framed-User
        Framed-IP-Netmask = 255.255.255.0
        Framed-IP-Address = 255.255.255.254

Mon Mar  6 14:07:07 2000: DEBUG: Received reply in AuthRADIUS for req 189 from 
222.222.222.222:1645
Mon Mar  6 14:07:07 2000: DEBUG: Packet dump:
*** Sending to 111.111.111.111 port 1645 ....
Code:       Access-Accept
Identifier: 140
Authentic:  $<24><187>n<135><6><214><25><189><231>f<239>Q<150>{<235>
Attributes:
        Service-Type = Framed-User
        Framed-IP-Netmask = 255.255.255.0
        Framed-IP-Address = 255.255.255.254

Mon Mar  6 14:07:07 2000: DEBUG: Packet dump:
*** Received from 111.111.111.111 port 1646 ....
Code:       Accounting-Request
Identifier: 142
Authentic:  <133>|<169>)Y<26><139>b<21><212><140><161><173><254>6_
Attributes:
        NAS-IP-Address = 111.111.111.111
        NAS-Port = 62
        NAS-Port-Type = Virtual
        User-Name = "testuser"
        Calling-Station-Id = "111.111.111.111"
        Acct-Status-Type = Stop
        Service-Type = Framed-User
        Acct-Session-Id = "00080BA7"
        Framed-Protocol = PPP
        Acct-Input-Octets = 0
        Acct-Output-Octets = 0
        Acct-Input-Packets = 0
        Acct-Output-Packets = 0
        Acct-Session-Time = 0
        Acct-Delay-Time = 0

Mon Mar  6 14:07:07 2000: DEBUG: Handling request with Handler 'Realm='
Mon Mar  6 14:07:07 2000: DEBUG: Rewrote user name to testuser
Mon Mar  6 14:07:07 2000: DEBUG: Rewrote user name to testuser
Mon Mar  6 14:07:07 2000: DEBUG: Handling with Radius::AuthGROUP
Mon Mar  6 14:07:07 2000: DEBUG: Handling with Radius::AuthDBFILE
Mon Mar  6 14:07:07 2000: DEBUG:  Deleting session for testuser, 111.111.111.111, 62
Mon Mar  6 14:07:07 2000: DEBUG: Accounting accepted
Mon Mar  6 14:07:07 2000: DEBUG: Packet dump:
*** Sending to 111.111.111.111 port 1646 ....
Code:       Accounting-Response
Identifier: 142
Authentic:  <133>|<169>)Y<26><139>b<21><212><140><161><173><254>6_
Attributes:

Mon Mar  6 14:07:07 2000: DEBUG: Packet dump:
*** Received from 111.111.111.111 port 1646 ....
Code:       Accounting-Request
Identifier: 143
Authentic:  <148><18>@<181><140><235>-)<214><172>g,r<195><208>i
Attributes:
        NAS-IP-Address = 111.111.111.111
        NAS-Port = 62
        NAS-Port-Type = Virtual
        User-Name = "testuser"
        Called-Station-Id = "00000000"
        Calling-Station-Id = "00000000"
        Acct-Status-Type = Start
        Acct-Authentic = RADIUS
        Service-Type = Framed-User
        Acct-Session-Id = "00080BA8"
        Framed-Protocol = PPP
        Acct-Delay-Time = 0

Mon Mar  6 14:07:07 2000: DEBUG: Handling request with Handler 'Realm='
Mon Mar  6 14:07:07 2000: DEBUG: Rewrote user name to testuser
Mon Mar  6 14:07:07 2000: DEBUG: Rewrote user name to testuser
Mon Mar  6 14:07:07 2000: DEBUG: Handling with Radius::AuthGROUP
Mon Mar  6 14:07:07 2000: DEBUG: Handling with Radius::AuthDBFILE
Mon Mar  6 14:07:07 2000: DEBUG:  Adding session for testuser, 111.111.111.111, 62
Mon Mar  6 14:07:07 2000: DEBUG: Accounting accepted
Mon Mar  6 14:07:07 2000: DEBUG: Packet dump:
*** Sending to 111.111.111.111 port 1646 ....
Code:       Accounting-Response
Identifier: 143
Authentic:  <148><18>@<181><140><235>-)<214><172>g,r<195><208>i
Attributes:



Mon Mar  6 14:07:55 2000: DEBUG: Packet dump:
*** Received from 111.111.111.111 port 1646 ....
Code:       Accounting-Request
Identifier: 217
Authentic:  G*n<242><205><146><250>DZc<151>?\<228>W<160>
Attributes:
        NAS-IP-Address = 111.111.111.111
        NAS-Port = 62
        NAS-Port-Type = Virtual
        User-Name = "testuser"
        Called-Station-Id = "00000000"
        Calling-Station-Id = "00000000"
        Acct-Status-Type = Stop
        Acct-Authentic = RADIUS
        Service-Type = Framed-User
        Acct-Session-Id = "00080BA8"
        Framed-Protocol = PPP
        Framed-IP-Address = 112.112.112.112
        Acct-Terminate-Cause = User-Request
        Acct-Input-Octets = 2709
        Acct-Output-Octets = 61
        Acct-Input-Packets = 42
        Acct-Output-Packets = 20
        Acct-Session-Time = 48
        Acct-Delay-Time = 0

Mon Mar  6 14:07:55 2000: DEBUG: Handling request with Handler 'Realm='
Mon Mar  6 14:07:55 2000: DEBUG: Rewrote user name to testuser
Mon Mar  6 14:07:55 2000: DEBUG: Rewrote user name to testuser
Mon Mar  6 14:07:55 2000: DEBUG: Handling with Radius::AuthGROUP
Mon Mar  6 14:07:55 2000: DEBUG: Handling with Radius::AuthDBFILE
Mon Mar  6 14:07:55 2000: DEBUG:  Deleting session for testuser, 111.111.111.111, 62
Mon Mar  6 14:07:56 2000: DEBUG: Accounting accepted
Mon Mar  6 14:07:56 2000: DEBUG: Packet dump:
*** Sending to 111.111.111.111 port 1646 ....
Code:       Accounting-Response
Identifier: 217
Authentic:  G*n<242><205><146><250>DZc<151>?\<228>W<160>
Attributes:


So accouting information is finally stored in radacct file


tips 'n tricks are welcome,
best regards,
robin



--
Robin Vissers <[EMAIL PROTECTED]>

===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
(RADIATOR) Authby GROUP + AuthBy RADIUS + Accounting

Reply via email to
