Re: Problem with accounting insert into Oracle
/etc/raddb/certs was copied too! How to regenerate the certificates ? In general, how to install a copy of a radius server to another box ? For my SQL problem, any idea ? Thanks all AL Le 13 août 2012 à 18:35, John Dennis a écrit : On 08/13/2012 11:41 AM, Aurélien Lafranchise wrote: I have installed a new linux and it is a fresh install. I copied /etc/raddb from one box to another that's all ! What about your /etc/raddb/certs? Did you copy that too? If so you may have problems if the server cert does not match the new machine. I don't think that's would account for a SQL error, but you do need to be careful with just copying things around. The other difference is that I switch from Fedora 14 to CentOS 6.3. AL http://mobiquithings.com/ Le 13 août 2012 à 17:28, John Dennis a écrit : On 08/13/2012 11:10 AM, Aurélien Lafranchise wrote: It is strange: it was working well on Freeradius 2.1.10-1 and not on my fresh install 2.1.12-3. Any idea ? Do you have any .rpmnew or .rpmsave files under /etc/raddb? If so the server will try to load them. -- John Dennis jden...@redhat.com mailto:jden...@redhat.com Looking to carve out IT costs? www.redhat.com/carveoutcosts/ http://www.redhat.com/carveoutcosts/ -- John Dennis jden...@redhat.com Looking to carve out IT costs? www.redhat.com/carveoutcosts/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problem with accounting insert into Oracle
Hi, I have the same error for every request in dialup.conf (STOP, START, UPDATE). The database connection is working well but I have: [sql] Couldn't insert SQL accounting STOP record - ORA-01756: quoted string not properly terminated with sqltrace on you can see the mistake at the end. The request seems to be truncated: INSERT into radacct (RadAcctId, AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay, IMSI_3GPP, ChargingID_3GPP, PDPType_3GPP, ChargingGwAddress_3GPP, GPRSNegotiatedQoSprofile_3GPP, SGSNAddress_3GPP, GGSNAddress_3GPP, IMSIMCCMNC_3GPP, GGSNMCCMNC_3GPP, NSAPI_3GPP, SessionStopIndicator_3GPP, SelectionMode_3GPP, ChargingCharacteristics_3GPP, ChargingGwIPv6Address_3GPP, SGSNIPv6Address_3GPP, GGSNIPv6Address_3GPP, IPv6DNSServers_3GPP, SGSNMCCMNC_3GPP, TeardownIndicator_3GPP, IMEISV_3GPP, RATType_3GPP, MSTimeZone_3GPP, CamelChargingInfo_3GPP, PacketFilter_3GPP, NegotiatedDSCP_3GPP, AllocateIPType_3GPP) VALUES('', 'D4090646343006F3', '64e5c1c4162df0d5', '447937700458', '', '10.100.100.3', '', 'Ethernet', NULL, TO_DATE('2012-08-13 11:35:27','-mm-dd hh24:mi:ss'), '74', 'RADIUS', '', '', '679' + ('0' * 4294967296), '83' + ('0' * 4294967296), 'internet.mbqt.net', '447937700458', 'User-Request', 'Framed-User', 'GPRS-PDP-Context', '10.73.248.60', '0', '0', '234507089001283', '875562739', '0', '', '98-1B631F', '80.10.0.97', '212.9.6.70', '23450', '', '5', '255', '0', '0800', '', '', '', '', '20801', '', '', '2', '; but in the dialup.conf file it is ok: accounting_stop_query_alt = INSERT into ${acct_table2} (RadAcctId, AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay, IMSI_3GPP, ChargingID_3GPP, PDPType_3GPP, ChargingGwAddress_3GPP, GPRSNegotiatedQoSprofile_3GPP, SGSNAddress_3GPP, GGSNAddress_3GPP, IMSIMCCMNC_3GPP, GGSNMCCMNC_3GPP, NSAPI_3GPP, SessionStopIndicator_3GPP, SelectionMode_3GPP, ChargingCharacteristics_3GPP, ChargingGwIPv6Address_3GPP, SGSNIPv6Address_3GPP, GGSNIPv6Address_3GPP, IPv6DNSServers_3GPP, SGSNMCCMNC_3GPP, TeardownIndicator_3GPP, IMEISV_3GPP, RATType_3GPP, MSTimeZone_3GPP, CamelChargingInfo_3GPP, PacketFilter_3GPP, NegotiatedDSCP_3GPP, AllocateIPType_3GPP) \ VALUES('', '%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', \ '%{NAS-IP-Address}', '%{NAS-Port-Id}', '%{NAS-Port-Type}', NULL, TO_DATE('%S','-mm-dd hh24:mi:ss'), \ '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Connect-Info}', \ '%{Acct-Input-Octets}' + ('%{%{Acct-Input-Gigawords}:-0}' * 4294967296), \ '%{Acct-Output-Octets}' + ('%{%{Acct-Output-Gigawords}:-0}' * 4294967296), \ '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Acct-Terminate-Cause}', '%{Service-Type}', \ '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{Acct-Delay-Time:-0}', '%{3GPP-IMSI}', '%{3GPP-Charging-ID}', '%{3GPP-PDP-Type}', '%{3GPP-Charging-Gateway-Address}', '%{3GPP-GPRS-Negotiated-QoS-profile}', '%{3GPP-SGSN-Address}', '%{3GPP-GGSN-Address}', '%{3GPP-IMSI-MCC-MNC}', '%{3GPP-GGSN-MCC-MNC}', '%{3GPP-NSAPI}', '%{3GPP-Session-Stop-Indicator}', '%{3GPP-Selection-Mode}', '%{3GPP-Charging-Characteristics}', '%{3GPP-Charging-Gateway-IPv6-Address}', '%{3GPP-SGSN-IPv6-Address}', '%{3GPP-GGSN-IPv6-Address}', '%{3GPP-IPv6-DNS-Servers}', '%{3GPP-SGSN-MCC-MNC}', '%{3GPP-Teardown-Indicator}', '%{3GPP-IMEISV}', '%{3GPP-RAT-Type}', '%{3GPP-MS-TimeZone}', '%{3GPP-Camel-Charging-Info}', '%{3GPP-Packet-Filter}', '%{3GPP-Negotiated-DSCP}', '%{3GPP-Allocate-IP-Type}') Any idea ? Is there a global option for the maximum number of characters for a request ? Cheers Aurélien Lafranchise - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with accounting insert into Oracle
Aurélien Lafranchise wrote: I have the same error for every request in dialup.conf (STOP, START, UPDATE). The database connection is working well but I have: [sql] Couldn't insert SQL accounting STOP record - ORA-01756: quoted string not properly terminated with sqltrace on you can see the mistake at the end. The request seems to be truncated: Yes. You can't put infinie amounts of data into the SQL query. The limit is ~2K or so. Any idea ? Is there a global option for the maximum number of characters for a request ? It's limited in the SQL module. You've edited the configuration to log tons of data. This generally isn't useful, or necessary. Fix that, or edit the SQL module to allow more than 2K of data in the expansion. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with accounting insert into Oracle
It seems that Freeradius is getting stuck when inserting hex chain. Does that remind something to someone ? AL Le 13 août 2012 à 13:42, Aurélien Lafranchise a écrit : Hi, I have the same error for every request in dialup.conf (STOP, START, UPDATE). The database connection is working well but I have: [sql] Couldn't insert SQL accounting STOP record - ORA-01756: quoted string not properly terminated with sqltrace on you can see the mistake at the end. The request seems to be truncated: INSERT into radacct (RadAcctId, AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay, IMSI_3GPP, ChargingID_3GPP, PDPType_3GPP, ChargingGwAddress_3GPP, GPRSNegotiatedQoSprofile_3GPP, SGSNAddress_3GPP, GGSNAddress_3GPP, IMSIMCCMNC_3GPP, GGSNMCCMNC_3GPP, NSAPI_3GPP, SessionStopIndicator_3GPP, SelectionMode_3GPP, ChargingCharacteristics_3GPP, ChargingGwIPv6Address_3GPP, SGSNIPv6Address_3GPP, GGSNIPv6Address_3GPP, IPv6DNSServers_3GPP, SGSNMCCMNC_3GPP, TeardownIndicator_3GPP, IMEISV_3GPP, RATType_3GPP, MSTimeZone_3GPP, CamelChargingInfo_3GPP, PacketFilter_3GPP, NegotiatedDSCP_3GPP, AllocateIPType_3GPP) VALUES('', 'D4090646343006F3', '64e5c1c4162df0d5', '447937700458', '', '10.100.100.3', '', 'Ethernet', NULL, TO_DATE('2012-08-13 11:35:27','-mm-dd hh24:mi:ss'), '74', 'RADIUS', '', '', '679' + ('0' * 4294967296), '83' + ('0' * 4294967296), 'internet.mbqt.net', '447937700458', 'User-Request', 'Framed-User', 'GPRS-PDP-Context', '10.73.248.60', '0', '0', '234507089001283', '875562739', '0', '', '98-1B631F', '80.10.0.97', '212.9.6.70', '23450', '', '5', '255', '0', '0800', '', '', '', '', '20801', '', '', '2', '; but in the dialup.conf file it is ok: accounting_stop_query_alt = INSERT into ${acct_table2} (RadAcctId, AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay, IMSI_3GPP, ChargingID_3GPP, PDPType_3GPP, ChargingGwAddress_3GPP, GPRSNegotiatedQoSprofile_3GPP, SGSNAddress_3GPP, GGSNAddress_3GPP, IMSIMCCMNC_3GPP, GGSNMCCMNC_3GPP, NSAPI_3GPP, SessionStopIndicator_3GPP, SelectionMode_3GPP, ChargingCharacteristics_3GPP, ChargingGwIPv6Address_3GPP, SGSNIPv6Address_3GPP, GGSNIPv6Address_3GPP, IPv6DNSServers_3GPP, SGSNMCCMNC_3GPP, TeardownIndicator_3GPP, IMEISV_3GPP, RATType_3GPP, MSTimeZone_3GPP, CamelChargingInfo_3GPP, PacketFilter_3GPP, NegotiatedDSCP_3GPP, AllocateIPType_3GPP) \ VALUES('', '%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', \ '%{NAS-IP-Address}', '%{NAS-Port-Id}', '%{NAS-Port-Type}', NULL, TO_DATE('%S','-mm-dd hh24:mi:ss'), \ '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Connect-Info}', \ '%{Acct-Input-Octets}' + ('%{%{Acct-Input-Gigawords}:-0}' * 4294967296), \ '%{Acct-Output-Octets}' + ('%{%{Acct-Output-Gigawords}:-0}' * 4294967296), \ '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Acct-Terminate-Cause}', '%{Service-Type}', \ '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{Acct-Delay-Time:-0}', '%{3GPP-IMSI}', '%{3GPP-Charging-ID}', '%{3GPP-PDP-Type}', '%{3GPP-Charging-Gateway-Address}', '%{3GPP-GPRS-Negotiated-QoS-profile}', '%{3GPP-SGSN-Address}', '%{3GPP-GGSN-Address}', '%{3GPP-IMSI-MCC-MNC}', '%{3GPP-GGSN-MCC-MNC}', '%{3GPP-NSAPI}', '%{3GPP-Session-Stop-Indicator}', '%{3GPP-Selection-Mode}', '%{3GPP-Charging-Characteristics}', '%{3GPP-Charging-Gateway-IPv6-Address}', '%{3GPP-SGSN-IPv6-Address}', '%{3GPP-GGSN-IPv6-Address}', '%{3GPP-IPv6-DNS-Servers}', '%{3GPP-SGSN-MCC-MNC}', '%{3GPP-Teardown-Indicator}', '%{3GPP-IMEISV}', '%{3GPP-RAT-Type}', '%{3GPP-MS-TimeZone}', '%{3GPP-Camel-Charging-Info}', '%{3GPP-Packet-Filter}', '%{3GPP-Negotiated-DSCP}', '%{3GPP-Allocate-IP-Type}') Any idea ? Is there a global option for the maximum number of characters for a request ? Cheers Aurélien Lafranchise - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problem with accounting insert into Oracle
Hi Alan, Thanks for the answer. I need all these data so it is not a clean problem. But I will disable sqltrace when everything will be ok. Could you be more precise on where to increase the 2K limit ? Cheers, AL Aurélien Lafranchise wrote: I have the same error for every request in dialup.conf (STOP, START, UPDATE). The database connection is working well but I have: [sql] Couldn't insert SQL accounting STOP record - ORA-01756: quoted string not properly terminated with sqltrace on you can see the mistake at the end. The request seems to be truncated: Yes. You can't put infinie amounts of data into the SQL query. The limit is ~2K or so. Any idea ? Is there a global option for the maximum number of characters for a request ? It's limited in the SQL module. You've edited the configuration to log tons of data. This generally isn't useful, or necessary. Fix that, or edit the SQL module to allow more than 2K of data in the expansion. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with accounting insert into Oracle
Aurélien Lafranchise wrote: Could you be more precise on where to increase the 2K limit ? All over the place in rlm_sql.c and sql.c. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with accounting insert into Oracle
Ok, it is what I thought. It is strange: it was working well on Freeradius 2.1.10-1 and not on my fresh install 2.1.12-3. Any idea ? AL Aurélien Lafranchise wrote: Could you be more precise on where to increase the 2K limit ? All over the place in rlm_sql.c and sql.c. Alan DeKok. Le 13 août 2012 à 14:47, Aurélien Lafranchise a écrit : Hi Alan, Thanks for the answer. I need all these data so it is not a clean problem. But I will disable sqltrace when everything will be ok. Could you be more precise on where to increase the 2K limit ? Cheers, AL Aurélien Lafranchise wrote: I have the same error for every request in dialup.conf (STOP, START, UPDATE). The database connection is working well but I have: [sql] Couldn't insert SQL accounting STOP record - ORA-01756: quoted string not properly terminated with sqltrace on you can see the mistake at the end. The request seems to be truncated: Yes. You can't put infinie amounts of data into the SQL query. The limit is ~2K or so. Any idea ? Is there a global option for the maximum number of characters for a request ? It's limited in the SQL module. You've edited the configuration to log tons of data. This generally isn't useful, or necessary. Fix that, or edit the SQL module to allow more than 2K of data in the expansion. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with accounting insert into Oracle
On 08/13/2012 11:10 AM, Aurélien Lafranchise wrote: It is strange: it was working well on Freeradius 2.1.10-1 and not on my fresh install 2.1.12-3. Any idea ? Do you have any .rpmnew or .rpmsave files under /etc/raddb? If so the server will try to load them. -- John Dennis jden...@redhat.com Looking to carve out IT costs? www.redhat.com/carveoutcosts/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with accounting insert into Oracle
I have installed a new linux and it is a fresh install. I copied /etc/raddb from one box to another that's all ! The other difference is that I switch from Fedora 14 to CentOS 6.3. AL Le 13 août 2012 à 17:28, John Dennis a écrit : On 08/13/2012 11:10 AM, Aurélien Lafranchise wrote: It is strange: it was working well on Freeradius 2.1.10-1 and not on my fresh install 2.1.12-3. Any idea ? Do you have any .rpmnew or .rpmsave files under /etc/raddb? If so the server will try to load them. -- John Dennis jden...@redhat.com Looking to carve out IT costs? www.redhat.com/carveoutcosts/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with accounting insert into Oracle
On 08/13/2012 11:41 AM, Aurélien Lafranchise wrote: I have installed a new linux and it is a fresh install. I copied /etc/raddb from one box to another that's all ! What about your /etc/raddb/certs? Did you copy that too? If so you may have problems if the server cert does not match the new machine. I don't think that's would account for a SQL error, but you do need to be careful with just copying things around. The other difference is that I switch from Fedora 14 to CentOS 6.3. AL http://mobiquithings.com/ Le 13 août 2012 à 17:28, John Dennis a écrit : On 08/13/2012 11:10 AM, Aurélien Lafranchise wrote: It is strange: it was working well on Freeradius 2.1.10-1 and not on my fresh install 2.1.12-3. Any idea ? Do you have any .rpmnew or .rpmsave files under /etc/raddb? If so the server will try to load them. -- John Dennis jden...@redhat.com mailto:jden...@redhat.com Looking to carve out IT costs? www.redhat.com/carveoutcosts/ http://www.redhat.com/carveoutcosts/ -- John Dennis jden...@redhat.com Looking to carve out IT costs? www.redhat.com/carveoutcosts/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with accounting and sql
Hi Alan, On 09/12/2011 01:57, Alan DeKok wrote: OK... the debug log shows you have a little more upgrading to do for it work best in 2.x, but that's OK. Indeed - as I have my head in FreeRADIUS today, it may well be time to clear out all those old User-Passwords! Except that the accounting is showing the unix module returning fail. Yes. And I'd been guilty of thinking of an accounting request as more like a syslog/trap fire and forget message and hadn't really appreciated that an accounting message can fail. Now suitably educated. accounting { ... # Update the wtmp file # # If you don't use radlast, you can delete this line. unix Delete that line, and it will probably start working. And indeed it did. Its always the silly simple things, and of course makes perfect sense what was broken now. Many thanks for the quick response. Try using the debug form on http://networkradius.com/. It will highlight things which you should look at in more detail. That looks good - I hadn't seen that before, thanks. Paul. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problem with accounting and sql
Hi I've been trying to debug why accounting information isn't making it into the SQL database on our main FR server (2.1.11) - it seems that this has been the case since upgrading from version 1.something ancient a few months back. I have a fairly simple MySQL backed setup - and minimal changes of the config files to enable this; just to be clear this was a fresh install of the OS + FreeRADIUS so no danger of old configuration files still lurking around. sql is uncommented in both the authorization and accounting sections of the sites-available/default file (accounting section shown below), and the sql module is enabled in radiusd.conf - the server works just fine for auth via SQL as can be seen in the debug. accounting { # # Create a 'detail'ed log of the packets. # Note that accounting requests which are proxied # are also logged in the detail file. detail # daily # Update the wtmp file # # If you don't use radlast, you can delete this line. unix # # For Simultaneous-Use tracking. # # Due to packet losses in the network, the data here # may be incorrect. There is little we can do about it. radutmp # sradutmp # Return an address to the IP Pool when we see a stop record. # main_pool # # Log traffic to an SQL database. # # See Accounting queries in sql.conf sql # # If you receive stop packets with zero session length, # they will NOT be logged in the database. The SQL module # will print a message (only in debugging mode), and will # return noop. # # You can ignore these packets by uncommenting the following # three lines. Otherwise, the server will not respond to the # accounting request, and the NAS will retransmit. # # if (noop) { # ok # } # # Instead of sending the query to the SQL server, # write it into a log file. # # sql_log # Cisco VoIP specific bulk accounting # pgsql-voip # For Exec-Program and Exec-Program-Wait exec # Filter attributes from the accounting response. attr_filter.accounting_response # # See Autz-Type Status-Server for how this works. # # Acct-Type Status-Server { # # } } I can see accounting requests being received, but there seems to be no sql module action happening to insert them into the database; but I cannot see why from the debug. I've not changed any of the pre-defined SQL queries. The debug log attached (it was a bit big to post inline) has had three minor hand-amendments: - SQL server password removed. - Shared secret for the two clients removed. - The very long list of clients loaded from SQL reduced to the router being tested. Any pointers/suggestions gratefully received. Regards, Paul. [root@auth1 ~]# radiusd -X FreeRADIUS Version 2.1.11, for host i386-portbld-freebsd8.2, built on Aug 25 2011 at 19:01:41 Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /usr/local/etc/raddb/radiusd.conf including configuration file /usr/local/etc/raddb/proxy.conf including files in directory /usr/local/etc/raddb/modules/ including configuration file /usr/local/etc/raddb/modules/wimax including configuration file /usr/local/etc/raddb/modules/always including configuration file /usr/local/etc/raddb/modules/attr_filter including configuration file /usr/local/etc/raddb/modules/attr_rewrite including configuration file /usr/local/etc/raddb/modules/chap including configuration file /usr/local/etc/raddb/modules/checkval including configuration file /usr/local/etc/raddb/modules/counter including configuration file /usr/local/etc/raddb/modules/cui including configuration file /usr/local/etc/raddb/modules/detail including configuration file /usr/local/etc/raddb/modules/detail.example.com including configuration file /usr/local/etc/raddb/modules/detail.log including configuration file /usr/local/etc/raddb/modules/digest including configuration file /usr/local/etc/raddb/modules/dynamic_clients including configuration file /usr/local/etc/raddb/modules/echo including configuration file /usr/local/etc/raddb/modules/etc_group including configuration file /usr/local/etc/raddb/modules/exec including configuration file /usr/local/etc/raddb/modules/expiration including configuration file /usr/local/etc/raddb/modules/expr including configuration file /usr/local/etc/raddb/modules/files including configuration file /usr/local/etc/raddb/modules/inner-eap including
Re: Problem with accounting and sql
Paul Thornton wrote: I've been trying to debug why accounting information isn't making it into the SQL database on our main FR server (2.1.11) - it seems that this has been the case since upgrading from version 1.something ancient a few months back. OK... the debug log shows you have a little more upgrading to do for it work best in 2.x, but that's OK. I have a fairly simple MySQL backed setup - and minimal changes of the config files to enable this; just to be clear this was a fresh install of the OS + FreeRADIUS so no danger of old configuration files still lurking around. Very good. sql is uncommented in both the authorization and accounting sections of the sites-available/default file (accounting section shown below), and the sql module is enabled in radiusd.conf - the server works just fine for auth via SQL as can be seen in the debug. Except that the accounting is showing the unix module returning fail. accounting { ... # Update the wtmp file # # If you don't use radlast, you can delete this line. unix Delete that line, and it will probably start working. Try using the debug form on http://networkradius.com/. It will highlight things which you should look at in more detail. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS and Asterisk. Problem with accounting
Pawel Plato wrote: ... I thought that FreeRadius will somehow map these values from Asterisk to values which can be put to radacct table, Not everyone has an Asterisk server. There are standard RADIUS attributes which everyone else uses. See raddb/sql/mysql/dialup.conf. It contains the default queries used by the server. You can edit them to add anything you want. e.g. Asterisk-Start-Time --- acctstarttime, etc. Obviously, it doesn't. I've been googling for whole day concerning this problem, and I wasn't able to find anything related to it, so probably other users had no problems with that. I assume that I would have to create a custom table for supporting asterisk RADIUS packets, but I wasn't able to find anything on google. I would appreciate any kind of help, hint, or advice. See raddb/sql/mysql/schema.sql. Both the schema and queries are editable. All of this is documented in the file doc/rlm_sql, and in the comments at the start of the raddb/sql.conf file. There is *no* need to google for things when the server includes a large amount of documentation. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Blank spaces after username - problem with accounting -MySqldatabase.
It is solved now. I deleted FR .4 and migrated to .7 with fresh clean install. I didn't use the old files. Thanks [EMAIL PROTECTED] wrote: Hi, Please don't be angry. I'm trying to fix this issue because it works perfectly on FR1.1.7 if you've copied the config files direct from 1.1.7 to a 2.0.0 system then there will be quirks. wheres the full debug log? alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Blank spaces after username - problem with accounting -MySqldatabase.
Please don't be angry. I'm trying to fix this issue because it works perfectly on FR1.1.7 Now I'm completely sure that problem is on my side but radius is on default setup. Only thing we changed is uncommenting sql statements (for simul check, author, and account.) in radiusd.conf. Case closed Have a nice day. On Jan 23, 2008 7:25 AM, Alan DeKok [EMAIL PROTECTED] wrote: Marinko Tarlac wrote: a) the user has typed the user name with spaces Yes. User has typed user name with space but why radius didn't ignore them? Why would it? Spaces are perfectly valid in a user name. I repeat, user names and all other records in database are without space. User has entered space and he can connect but he can't see his accounting informations because they are connected with the same user but with space at the end. You keep repeating that. Yes, I understand. Yes, I have read your messages. I think it's clear you either haven't read my responses, or that you haven't understood them. If user with spaces is given access, then it is very likely YOU that configured the server to do that. The default configuration does not have this issue. YOU BROKE THE SERVER. Now go fix it. Stop complaining about the problem. Stop repeated that the users in the database don't have spaces. Stop trying to fix the accounting records. Stop blaming the server. Seems like I'm subscribed for a strange problems ... :) A large part of that is you're so stuck on talking about the problem that you don't want to understand the cause, and you don't want to implement the solution I posted in another message. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Blank spaces after username - problem with accounting -MySqldatabase.
Hi, Please don't be angry. I'm trying to fix this issue because it works perfectly on FR1.1.7 if you've copied the config files direct from 1.1.7 to a 2.0.0 system then there will be quirks. wheres the full debug log? alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Blank spaces after username - problem with accounting - MySqldatabase.
There is a configuration line in radiusd.conf: nospace_user = yes (default is no) that will remove trailing space even when entered. By the user. It doesn't help if the trailing space is in the database. Ivan Kalik Kalik Informatika ISP Dana 22/1/2008, Marinko Tarlac [EMAIL PROTECTED] piše: Neither. The user is adding the spaces. It looks to me like someone figured out that you have test accounts. They are using the test accounts to log in without paying. Well it is more than one account and they are random usernames (example, mirije, drogbba, etc. ) You need to to audit your configuration to ensure that you are using the user name *correctly*. e.g. this is wrong: SELECT ... %{User-Name} ... this is correct:SELECT ... '%{User-Name}' ... One is sure. MySql seems fine and only solution I can do now is to make querry UPDATE radacct SET UserName='test.user' WHERE UserName='test.user '; - Inside sql.conf everything seems fine. . sql_user_name = %{User-Name} .. authorize_check_query = SELECT id, UserName, Attribute, Value, op \ FROM ${authcheck_table} \ WHERE Username = '%{SQL-User-Name}' \ ORDER BY id authorize_reply_query = SELECT id, UserName, Attribute, Value, op \ FROM ${authreply_table} \ WHERE Username = '%{SQL-User-Name}' \ ORDER BY id Also, accounting queries are also the same. ??? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Blank spaces after username - problem with accounting - MySql database.
Marinko Tarlac wrote: Well it is more than one account and they are random usernames (example, mirije, drogbba, etc. ) FreeRADIUS does not add spaces to user names. Again, run it in debugging mode to see *exactly* what it is seeing. Inside sql.conf everything seems fine. sql_user_name = %{User-Name} . Then run the server in debugging mode to see WHY test-user is being treated the same as test-user. The user names are NOT the same, and should NOT be treated identically. Also, accounting queries are also the same. ??? Once you fix the authentication so that users with spaces are not authenticated, the accounting should fix itself. In 2.0.0, you can simply put this at the *start* of the authorize section: if (%{User-Name} =~ / /) { reject } It won't fix the problem, but it will ensure that the users get rejected. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Blank spaces after username - problem with accounting -MySqldatabase.
It's more likely to be a MySQL bug. Try the same with a user entry in users file - if user can authenticate with and without trailing space then it is freeradius bug. If SELECT . 'test' and SELECT . 'test ' produce the same output, then the problem is with MySQL. Ivan Kalik Kalik Informatika ISP Dana 22/1/2008, Marinko Tarlac [EMAIL PROTECTED] piše: Thanks but this option didn't help. I tried with random username and when I add blank space after username user still can connect... Seems like a radius bug so I will try to install newer version. In any case I will inform you about this... Until I fix this issue I will update radacct with my own script who will remove blank spaces in usernames. Best regards 2008/1/22 [EMAIL PROTECTED]: There is a configuration line in radiusd.conf: nospace_user = yes (default is no) that will remove trailing space even when entered. By the user. It doesn't help if the trailing space is in the database. Ivan Kalik Kalik Informatika ISP Dana 22/1/2008, Marinko Tarlac [EMAIL PROTECTED] piše: Neither. The user is adding the spaces. It looks to me like someone figured out that you have test accounts. They are using the test accounts to log in without paying. Well it is more than one account and they are random usernames (example, mirije, drogbba, etc. ) You need to to audit your configuration to ensure that you are using the user name *correctly*. e.g. this is wrong: SELECT ... %{User-Name} ... this is correct:SELECT ... '%{User-Name}' ... One is sure. MySql seems fine and only solution I can do now is to make querry UPDATE radacct SET UserName=' test.user' WHERE UserName='test.user '; - Inside sql.conf everything seems fine. . sql_user_name = %{User-Name} .. authorize_check_query = SELECT id, UserName, Attribute, Value, op \ FROM ${authcheck_table} \ WHERE Username = '%{SQL-User-Name}' \ ORDER BY id authorize_reply_query = SELECT id, UserName, Attribute, Value, op \ FROM ${authreply_table} \ WHERE Username = '%{SQL-User-Name}' \ ORDER BY id Also, accounting queries are also the same. ??? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Blank spaces after username - problem with accounting - MySqldatabase.
Thanks but this option didn't help. I tried with random username and when I add blank space after username user still can connect... Seems like a radius bug so I will try to install newer version. In any case I will inform you about this... Until I fix this issue I will update radacct with my own script who will remove blank spaces in usernames. Best regards 2008/1/22 [EMAIL PROTECTED]: There is a configuration line in radiusd.conf: nospace_user = yes (default is no) that will remove trailing space even when entered. By the user. It doesn't help if the trailing space is in the database. Ivan Kalik Kalik Informatika ISP Dana 22/1/2008, Marinko Tarlac [EMAIL PROTECTED] piše: Neither. The user is adding the spaces. It looks to me like someone figured out that you have test accounts. They are using the test accounts to log in without paying. Well it is more than one account and they are random usernames (example, mirije, drogbba, etc. ) You need to to audit your configuration to ensure that you are using the user name *correctly*. e.g. this is wrong: SELECT ... %{User-Name} ... this is correct:SELECT ... '%{User-Name}' ... One is sure. MySql seems fine and only solution I can do now is to make querry UPDATE radacct SET UserName=' test.user' WHERE UserName='test.user '; - Inside sql.conf everything seems fine. . sql_user_name = %{User-Name} .. authorize_check_query = SELECT id, UserName, Attribute, Value, op \ FROM ${authcheck_table} \ WHERE Username = '%{SQL-User-Name}' \ ORDER BY id authorize_reply_query = SELECT id, UserName, Attribute, Value, op \ FROM ${authreply_table} \ WHERE Username = '%{SQL-User-Name}' \ ORDER BY id Also, accounting queries are also the same. ??? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Blank spaces after username - problem with accounting -MySqldatabase.
MySQL is 5.0.x Query SELECT * FROM `radcheck` WHERE `UserName` LIKE 'test.user '; (added space) returns 0 records (not found) Query SELECT * FROM `radcheck` WHERE `UserName` LIKE 'test.user'; (without blank space) returns valid records. (password, simultaneus-use and other check entries. So this can be called as FreeRadius bug ? I saw binary option so I will test it later. Best regards and thanks for your time and ideas you gave to me. Marinko 2008/1/22 [EMAIL PROTECTED]: It's more likely to be a MySQL bug. Try the same with a user entry in users file - if user can authenticate with and without trailing space then it is freeradius bug. If SELECT . 'test' and SELECT . 'test ' produce the same output, then the problem is with MySQL. Ivan Kalik Kalik Informatika ISP Dana 22/1/2008, Marinko Tarlac [EMAIL PROTECTED] piše: Thanks but this option didn't help. I tried with random username and when I add blank space after username user still can connect... Seems like a radius bug so I will try to install newer version. In any case I will inform you about this... Until I fix this issue I will update radacct with my own script who will remove blank spaces in usernames. Best regards 2008/1/22 [EMAIL PROTECTED]: There is a configuration line in radiusd.conf: nospace_user = yes (default is no) that will remove trailing space even when entered. By the user. It doesn't help if the trailing space is in the database. Ivan Kalik Kalik Informatika ISP Dana 22/1/2008, Marinko Tarlac [EMAIL PROTECTED] piše: Neither. The user is adding the spaces. It looks to me like someone figured out that you have test accounts. They are using the test accounts to log in without paying. Well it is more than one account and they are random usernames (example, mirije, drogbba, etc. ) You need to to audit your configuration to ensure that you are using the user name *correctly*. e.g. this is wrong: SELECT ... %{User-Name} ... this is correct:SELECT ... '%{User-Name}' ... One is sure. MySql seems fine and only solution I can do now is to make querry UPDATE radacct SET UserName=' test.user' WHERE UserName='test.user '; - Inside sql.conf everything seems fine. . sql_user_name = %{User-Name} .. authorize_check_query = SELECT id, UserName, Attribute, Value, op \ FROM ${authcheck_table} \ WHERE Username = '%{SQL-User-Name}' \ ORDER BY id authorize_reply_query = SELECT id, UserName, Attribute, Value, op \ FROM ${authreply_table} \ WHERE Username = '%{SQL-User-Name}' \ ORDER BY id Also, accounting queries are also the same. ??? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Blank spaces after username - problem with accounting -MySqldatabase.
Marinko Tarlac wrote: So this can be called as FreeRadius bug ? No. As I have said, FreeRADIUS does not add spaces to user names. This is the *first* time I can recall seeing this problem in almost 9 years of working with FreeRADIUS. It is *not* a FreeRADIUS issue. If you see spaces, then: a) the user has typed the user name with spaces b) local edits to your configuration files are adding those spaces Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Blank spaces after username - problem with accounting -MySqldatabase.
Alan DeKok wrote: a) the user has typed the user name with spaces Yes. User has typed user name with space but why radius didn't ignore them? I repeat, user names and all other records in database are without space. User has entered space and he can connect but he can't see his accounting informations because they are connected with the same user but with space at the end. This problems has been noticed on our old server. I made myself a completely new php script for database manipulation and we use it on our new server. It works perfectly and without any problems. (FR1.1.7) Old server will be replaced with the new one but you must confess that space problem is a very interesting .. :) Seems like I'm subscribed for a strange problems ... :) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Blank spaces after username - problem with accounting -MySqldatabase.
Marinko Tarlac wrote: a) the user has typed the user name with spaces Yes. User has typed user name with space but why radius didn't ignore them? Why would it? Spaces are perfectly valid in a user name. I repeat, user names and all other records in database are without space. User has entered space and he can connect but he can't see his accounting informations because they are connected with the same user but with space at the end. You keep repeating that. Yes, I understand. Yes, I have read your messages. I think it's clear you either haven't read my responses, or that you haven't understood them. If user with spaces is given access, then it is very likely YOU that configured the server to do that. The default configuration does not have this issue. YOU BROKE THE SERVER. Now go fix it. Stop complaining about the problem. Stop repeated that the users in the database don't have spaces. Stop trying to fix the accounting records. Stop blaming the server. Seems like I'm subscribed for a strange problems ... :) A large part of that is you're so stuck on talking about the problem that you don't want to understand the cause, and you don't want to implement the solution I posted in another message. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Blank spaces after username - problem with accounting - MySql database.
Hi there... It is me again... Few days ago, I wrote about my problem with accounting. Problem is that accounting doesn't work for some users. In this case it is test.user... After some investigation with log files (holly radiusd -X), I can see that problem is in username. As you can see (line marked with *-*-*-*-*-*-*), some blank spaces were added to username. I'm not sure how is this possible and who adds this blank spaces (Mikrotik as nas or radius server?). Log file is truncated but I believe you can see where is the problem. - LOG STARTS Finished request 13 Going to the next request Waking up in 5 seconds... rad_recv: Access-Request packet from host 192.168.15.2:48263, id=86, length=145 Service-Type = Framed-User Framed-Protocol = PPP NAS-Port = 23427 NAS-Port-Type = Ethernet User-Name = test.user*-*-*-*-*-*-* (notice blank spaces before closing ) rlm_realm: No '@' in User-Name = test.user , looking up realm NULL *-*-*-*-*-*-* (NOTICE BLANK SPACE BEFORE CLOSING ) ... radius_xlat: 'test.user ' *-*-*-*-*-*-* (NOTICE BLANK SPACE BEFORE CLOSING ) rlm_sql (sql): sql_set_user escaped user -- 'test.user ' *-*-*-*-*-*-* (NOTICE BLANK SPACE BEFORE CLOSING ) radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'test.user ' ORDER BY id' *-*-*-*-*-*-* (NOTICE BLANK SPACE BEFORE CLOSING ) . rad_check_password: Found Auth-Type CHAP auth: type CHAP Processing the authenticate section of radiusd.conf modcall: entering group CHAP for request 14 rlm_chap: login attempt by test.user with CHAP password *-*-*-*-*-*-* (NOTICE BLANK SPACE BEFORE CLOSING ) rlm_chap: Using clear text password testpassword for user test.user authentication. rlm_chap: chap user test.user authenticated succesfully *-*-*-*-*-*-* (user with blank spaces doesn't exist anywhere and especially not in radcheck table and authentication was successful ) modcall[authenticate]: module chap returns ok for request 14 modcall: leaving group CHAP (returns ok) for request 14 .. radius_xlat: 'INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('814054d0', '8ff2e3a7022d4a99', 'test.user ', '', '192.168.15.2', '23427', 'Ethernet', '2008-01-21 23:41:06', '0', '0', 'RADIUS', '', '', '0', '0', 'ht1', '00:19:66:11:59:F7', '', 'Framed-User', 'PPP', '192.168.15.212', '0', '0')' - LOG ENDS p.s. As I can see in debug lines, raddacct table has been filled with wrong username so I searched for username test.user and I can see his traffic. I can solve this problem with small scheduler script who will replace test.user with test.user but who knows... Maybe tomorrow I will have more spaces and other signs in username ??? One is sure. MySql seems fine and only solution I can do now is to make querry UPDATE radacct SET UserName='test.user' WHERE UserName='test.user '; FR is 1.1.4 and I will update it and see what's going on... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with accounting
Hey Marinko, On Jan 14, 2008 9:15 AM, Marinko Tarlac [EMAIL PROTECTED] wrote: Hi We have FreeRadius 1.1.4 and Mikrotik (as a NAS) with MySql as a database. Accounting works fine for all users except for one user. Authentication works fine and NAS sends updates as I specify for all users and I can't find any reason why it doesn't work for specific username. In debugging mode (radiusd -X and radiusd -x) I can see updates but MySql is empty... Maybe you should post some debug output when those accounting updates occur, you might be overlooking something. It would also be wise to turn on mysql logging and monitor the queries running (if at all) as they might be badly processed. Regards, Liran Tal. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problem with accounting
Hi We have FreeRadius 1.1.4 and Mikrotik (as a NAS) with MySql as a database. Accounting works fine for all users except for one user. Authentication works fine and NAS sends updates as I specify for all users and I can't find any reason why it doesn't work for specific username. In debugging mode (radiusd -X and radiusd -x) I can see updates but MySql is empty... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with accounting
On Jan 14, 2008 9:15 AM, Marinko Tarlac [EMAIL PROTECTED] wrote: Hi We have FreeRadius 1.1.4 and Mikrotik (as a NAS) with MySql as a database. Accounting works fine for all users except for one user. Authentication works fine and NAS sends updates as I specify for all users and I can't find any reason why it doesn't work for specific username. In debugging mode (radiusd -X and radiusd -x) I can see updates but MySql is empty... Hi, I suggest you try first with the latest freeradius version available. 1.1.4 is not recent and there have been many bugfixes since that. -- In a sea of glass shards, I hear you screaming --icchan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with accounting
Can you post the debug for Accounting Start packets for that user and one that is being recorded. Ivan Kalik Kalik Informatika ISP Dana 14/1/2008, Marinko Tarlac [EMAIL PROTECTED] piše: Hi We have FreeRadius 1.1.4 and Mikrotik (as a NAS) with MySql as a database. Accounting works fine for all users except for one user. Authentication works fine and NAS sends updates as I specify for all users and I can't find any reason why it doesn't work for specific username. In debugging mode (radiusd -X and radiusd -x) I can see updates but MySql is empty... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem in Accounting
Let's try again: you haven't posted the debug output. From this I can see that access request are proxied but accounting one aren't. Post the debug so we can see why. On first glance there is a lot missing (Acct-Session-Time, number of octets ...) from this accounting stop packet: rad_recv: Accounting-Request packet from host 127.0.0.1:34076, id=7, length=91 Vendor-28382-Attr-8 = 0xac1e01b2 Framed-IP-Address = 10.0.0.178 Calling-Station-Id = 00:0F:66:EE:BE:3A Acct-Session-Id = N123-1200037051098-1 Acct-Terminate-Cause = User-Request Acct-Status-Type = Stop And I don't see Start packet at all. Ivan Kalik Kalik Informatika ISP Dana 11/1/2008, Jayaraman Balasubramanian [EMAIL PROTECTED] piše: The logs are given below for access request and accounting request. *Proxy Radius Server Logs:* *Access Request Logs * Sending Access-Request of id 0 to 100.100.0.2 port 1812 Framed-IP-Address = 10.0.0.178 Calling-Station-Id = 00:0F:66:EE:BE:3A User-Name = steve User-Password = testing Service-Type = Authenticate-Only Message-Authenticator = 0x Proxy-State = 0x32 NAS-IP-Address := 10.0.0.1 Called-Station-Id := 00:19:D1:21:12:12 NAS-Identifier := N123 Acct-Session-Id := N123-1200037051188-1 NAS-Port-Type := Wireless-802.11 rad_recv: Access-Accept packet from host 100.100.0.2:1812, id=0, length=49 Session-Timeout = 300 Acct-Interim-Interval = 10 Reply-Message = Hello, steve Proxy-State = 0x32 Sending Access-Accept of id 2 to 127.0.0.1 port 34075 Session-Timeout = 300 Acct-Interim-Interval = 10 Reply-Message = Hello, steve Class := 0x4a5241444955532d434c4153533a373032626561633933393337313365633262373161323435323938316265 rad_recv: Access-Request packet from host 127.0.0.1:34076, id=3, length=128 Vendor-28382-Attr-8 = 0xac1e01b2 Framed-IP-Address = 10.0.0.178 Calling-Station-Id = 00:0F:66:EE:BE:3A Acct-Session-Id = N123-1200037051098-1 User-Name = steve User-Password = testing Service-Type = Login-User Message-Authenticator = 0x1fa6d6da9becb06a7f850f10041ecb1e *Accounting Request* *Logs* are Sending Accounting-Response of id 4 to 127.0.0.1 port 34076 rad_recv: Accounting-Request packet from host 127.0.0.1:34076, id=5, length=85 Vendor-28382-Attr-8 = 0xac1e01b2 Framed-IP-Address = 10.0.0.178 Calling-Station-Id = 00:0F:66:EE:BE:3A Acct-Session-Id = N123-1200037051098-1 Acct-Status-Type = Interim-Update Sending Accounting-Response of id 5 to 127.0.0.1 port 34076 rad_recv: Accounting-Request packet from host 127.0.0.1:34076, id=6, length=85 Vendor-28382-Attr-8 = 0xac1e01b2 Framed-IP-Address = 10.0.0.178 Calling-Station-Id = 00:0F:66:EE:BE:3A Acct-Session-Id = N123-1200037051098-1 Acct-Status-Type = Interim-Update Sending Accounting-Response of id 6 to 127.0.0.1 port 34076 rad_recv: Accounting-Request packet from host 127.0.0.1:34076, id=7, length=91 Vendor-28382-Attr-8 = 0xac1e01b2 Framed-IP-Address = 10.0.0.178 Calling-Station-Id = 00:0F:66:EE:BE:3A Acct-Session-Id = N123-1200037051098-1 Acct-Terminate-Cause = User-Request Acct-Status-Type = Stop *Radius Server Logs* rad_recv: Access-Request packet from host 10.0.0.1:1814, id=0, length=257 Framed-IP-Address = 10.0.0.178 Calling-Station-Id = 00:0F:66:EE:BE:3A User-Name = steve User-Password = testing Service-Type = Authenticate-Only Message-Authenticator = 0xbfc958eb3215db3e00890a6b4633b062 Proxy-State = 0x32 NAS-IP-Address = 10.0.0.1 Called-Station-Id = 00:19:D1:21:12:12 NAS-Identifier = N123 Acct-Session-Id = N123-1200037051188-1 NAS-Port-Type = Wireless-802.11 Sending Access-Accept of id 0 to 10.0.0.1 port 1814 Session-Timeout = 300 Acct-Interim-Interval = 10 Reply-Message = Hello, steve Proxy-State = 0x32. What can be the problem?? How to solve this? On 1/10/08, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: You haven't posted the debug output. Post one that has both access and accounting requests for the same user. Ivan Kalik Kalik Informatika ISP Dana 10/1/2008, Jayaraman Balasubramanian [EMAIL PROTECTED] piše: Hi I have configured the Free Radius Server to work as proxy radius server with the following in the proxy.conf realm NULL { type = radius authhost = 100.100.0.2:1812 accthost = 100.100.0.2:1813 secret = testing123 } All the other conf files are configured properly. AM getting the following problem. For authentication of user, the Access Request packet is transferred to the ip address 100.100.0.2. But for Accounting Request the packet is transfered locally Am getting log as sending Accounting Request to 127.0.0.1:4445 What can be the solution ? -- Regards Balu - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Regards Balu - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem in Accounting
The logs are given below for access request and accounting request. *Proxy Radius Server Logs:* *Access Request Logs * Sending Access-Request of id 0 to 100.100.0.2 port 1812 Framed-IP-Address = 10.0.0.178 Calling-Station-Id = 00:0F:66:EE:BE:3A User-Name = steve User-Password = testing Service-Type = Authenticate-Only Message-Authenticator = 0x Proxy-State = 0x32 NAS-IP-Address := 10.0.0.1 Called-Station-Id := 00:19:D1:21:12:12 NAS-Identifier := N123 Acct-Session-Id := N123-1200037051188-1 NAS-Port-Type := Wireless-802.11 rad_recv: Access-Accept packet from host 100.100.0.2:1812, id=0, length=49 Session-Timeout = 300 Acct-Interim-Interval = 10 Reply-Message = Hello, steve Proxy-State = 0x32 Sending Access-Accept of id 2 to 127.0.0.1 port 34075 Session-Timeout = 300 Acct-Interim-Interval = 10 Reply-Message = Hello, steve Class := 0x4a5241444955532d434c4153533a373032626561633933393337313365633262373161323435323938316265 rad_recv: Access-Request packet from host 127.0.0.1:34076, id=3, length=128 Vendor-28382-Attr-8 = 0xac1e01b2 Framed-IP-Address = 10.0.0.178 Calling-Station-Id = 00:0F:66:EE:BE:3A Acct-Session-Id = N123-1200037051098-1 User-Name = steve User-Password = testing Service-Type = Login-User Message-Authenticator = 0x1fa6d6da9becb06a7f850f10041ecb1e *Accounting Request* *Logs* are Sending Accounting-Response of id 4 to 127.0.0.1 port 34076 rad_recv: Accounting-Request packet from host 127.0.0.1:34076, id=5, length=85 Vendor-28382-Attr-8 = 0xac1e01b2 Framed-IP-Address = 10.0.0.178 Calling-Station-Id = 00:0F:66:EE:BE:3A Acct-Session-Id = N123-1200037051098-1 Acct-Status-Type = Interim-Update Sending Accounting-Response of id 5 to 127.0.0.1 port 34076 rad_recv: Accounting-Request packet from host 127.0.0.1:34076, id=6, length=85 Vendor-28382-Attr-8 = 0xac1e01b2 Framed-IP-Address = 10.0.0.178 Calling-Station-Id = 00:0F:66:EE:BE:3A Acct-Session-Id = N123-1200037051098-1 Acct-Status-Type = Interim-Update Sending Accounting-Response of id 6 to 127.0.0.1 port 34076 rad_recv: Accounting-Request packet from host 127.0.0.1:34076, id=7, length=91 Vendor-28382-Attr-8 = 0xac1e01b2 Framed-IP-Address = 10.0.0.178 Calling-Station-Id = 00:0F:66:EE:BE:3A Acct-Session-Id = N123-1200037051098-1 Acct-Terminate-Cause = User-Request Acct-Status-Type = Stop *Radius Server Logs* rad_recv: Access-Request packet from host 10.0.0.1:1814, id=0, length=257 Framed-IP-Address = 10.0.0.178 Calling-Station-Id = 00:0F:66:EE:BE:3A User-Name = steve User-Password = testing Service-Type = Authenticate-Only Message-Authenticator = 0xbfc958eb3215db3e00890a6b4633b062 Proxy-State = 0x32 NAS-IP-Address = 10.0.0.1 Called-Station-Id = 00:19:D1:21:12:12 NAS-Identifier = N123 Acct-Session-Id = N123-1200037051188-1 NAS-Port-Type = Wireless-802.11 Sending Access-Accept of id 0 to 10.0.0.1 port 1814 Session-Timeout = 300 Acct-Interim-Interval = 10 Reply-Message = Hello, steve Proxy-State = 0x32. What can be the problem?? How to solve this? On 1/10/08, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: You haven't posted the debug output. Post one that has both access and accounting requests for the same user. Ivan Kalik Kalik Informatika ISP Dana 10/1/2008, Jayaraman Balasubramanian [EMAIL PROTECTED] piše: Hi I have configured the Free Radius Server to work as proxy radius server with the following in the proxy.conf realm NULL { type = radius authhost = 100.100.0.2:1812 accthost = 100.100.0.2:1813 secret = testing123 } All the other conf files are configured properly. AM getting the following problem. For authentication of user, the Access Request packet is transferred to the ip address 100.100.0.2. But for Accounting Request the packet is transfered locally Am getting log as sending Accounting Request to 127.0.0.1:4445 What can be the solution ? -- Regards Balu - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Regards Balu - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problem in Accounting
Hi I have configured the Free Radius Server to work as proxy radius server with the following in the proxy.conf realm NULL { type = radius authhost = 100.100.0.2:1812 accthost = 100.100.0.2:1813 secret = testing123 } All the other conf files are configured properly. AM getting the following problem. For authentication of user, the Access Request packet is transferred to the ip address 100.100.0.2. But for Accounting Request the packet is transfered locally Am getting log as sending Accounting Request to 127.0.0.1:4445 What can be the solution ? -- Regards Balu - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem in Accounting
You haven't posted the debug output. Post one that has both access and accounting requests for the same user. Ivan Kalik Kalik Informatika ISP Dana 10/1/2008, Jayaraman Balasubramanian [EMAIL PROTECTED] piše: Hi I have configured the Free Radius Server to work as proxy radius server with the following in the proxy.conf realm NULL { type = radius authhost = 100.100.0.2:1812 accthost = 100.100.0.2:1813 secret = testing123 } All the other conf files are configured properly. AM getting the following problem. For authentication of user, the Access Request packet is transferred to the ip address 100.100.0.2. But for Accounting Request the packet is transfered locally Am getting log as sending Accounting Request to 127.0.0.1:4445 What can be the solution ? -- Regards Balu - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problem in accounting with sql counter module max-all-session
Hi, I have setup freeradius 1.1.2 in FreeBSD 6.0 with mysql support. I have setup user in radcheck table as follows; 1403 | test01 | | || Max-All-Session | := | 1500| The user test001 is allowed to login total for 25hrs. After finishing 25hrs if the user recharge his account to 30hrs again and I updated max-all-session to 1800 seconds in radcheck table. Now when the user tries to connect he get disconneted after 5hrs and when he tried to reconnect, he couldnot get authenticate. In my radius log I see ; Mon Sep 4 17:43:56 2006 : Auth: Invalid user (rlm_sqlcounter: Maximum never usage time reached): [test01] (from client pppoe-bhw port 4448 cli 0:7:95:10:73:9e) What could be the problem with sql counter module? In my radiusd.conf settings I have setup max-all-session counter as follows; sqlcounter noresetcounter { driver = rlm_sqlcounter counter-name = Max-All-Session-Time check-name = Max-All-Session sqlmod-inst = sql key = User-Name reset = never query = SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='%{%k}' } All things are running well except rechargeable account. How could I make rechargeable sqlcounter module for hourly accounts? Do I need to create the seperate sqlcounter according to plan? Like if 25hrs then in sqlcounter section reset=25h, if 50hrs reset=50h etc, Any suggestion? Bishal - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with Accounting.
On Tue 18 Apr 2006 00:55, Alejandro Sanchez wrote: Hi. evrybody. I am using freeradius with Sip Express Router (SER) and i am enable accounting on freeradius 1.1.1 but in the log files and the tables of freeradius only save the start request, in other words when i finish a call the method BYE of SIP dosen't trigger the stop of the accounting or the update of it. Do you have the stop records in the detail file? -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc pgploOJoSnxej.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with Accounting.
Hi Peter. I don't have de stop record in the detail file, when i finish the call looks like radius dosen't recive the BYE transaction.. --- Peter Nixon [EMAIL PROTECTED] escribió: On Tue 18 Apr 2006 00:55, Alejandro Sanchez wrote: Hi. evrybody. I am using freeradius with Sip Express Router (SER) and i am enable accounting on freeradius 1.1.1 but in the log files and the tables of freeradius only save the start request, in other words when i finish a call the method BYE of SIP dosen't trigger the stop of the accounting or the update of it. Do you have the stop records in the detail file? -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html ___ Do You Yahoo!? La mejor conexión a Internet y b 2GB/b extra a tu correo por $100 al mes. http://net.yahoo.com.mx - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem in Accounting Port
thanks for the responses. i already do that, i set my client on port 1646, but am just wondering why sometime the error message is still appearing in my raduis.log? Thanks, Emman Quoting Michael Mitchell [EMAIL PROTECTED]: Your client is sending accounting packets to the port on which freeRADIUS is listening for proxy responses. Configure the client to send accounting packets to the correct port (probably 1646), and you should be good... Emman S. Loloy wrote: Hi guys, anyone knows how to solve this problem? Sat Feb 5 12:19:04 2005 : Error: Accounting-Request packet sent to a non-accounting port from client server:1647 - ID 0 : IGNORED Thanks, Emman - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html ** This message was sent through GLOBALink Webmail Service. If you are a GLOBALink Internet subscriber or among its affiliates, go to http://webmail.globalink.net.ph to check emails. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem in Accounting Port
Your client is sending accounting packets to the port on which freeRADIUS is listening for proxy responses. Configure the client to send accounting packets to the correct port (probably 1646), and you should be good... Emman S. Loloy wrote: Hi guys, anyone knows how to solve this problem? Sat Feb 5 12:19:04 2005 : Error: Accounting-Request packet sent to a non-accounting port from client server:1647 - ID 0 : IGNORED Thanks, Emman - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: problem with accounting
Hello Szabo, Friday, June 4, 2004, 2:24:08 PM, you wrote: SG Excuse me for the last mail. SG Here is the log file from radacct directory. Hello Szab, Friday, June 4, 2004, 1:56:02 PM, you wrote: SG I have a problem with accounting. If accounting is turn off on AP, then the SG radius is working. If I turn on the accounting on AP, after authentication SG few seconds the AP brakes the connection. I don't know why do this. Maybe I SG should set some attributes for the users? SG I'm using the MySQL database for user authorization, and accounting to. What is in logs? No, not the detail file. What is in logfile? Try to start radiusd with -X flag and watch it output. -- technik :-) ICQ: 270532579 AIM: gyuriszabo - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: problem with accounting
I'm sorry for the last mail. Hello Szabo, Friday, June 4, 2004, 2:24:08 PM, you wrote: SG Excuse me for the last mail. SG Here is the log file from radacct directory. Hello Szab, Friday, June 4, 2004, 1:56:02 PM, you wrote: SG I have a problem with accounting. If accounting is turn off on AP, then the SG radius is working. If I turn on the accounting on AP, after authentication SG few seconds the AP brakes the connection. I don't know why do this. Maybe I SG should set some attributes for the users? SG I'm using the MySQL database for user authorization, and accounting to. What is in logs? No, not the detail file. What is in logfile? Try to start radiusd with -X flag and watch it output. -- technik :-) ICQ: 270532579 AIM: gyuriszabo Mon Jun 7 19:32:45 2004 : Info: rlm_eap_tls: Length Included Mon Jun 7 19:32:45 2004 : Error: TLS_accept:error in SSLv3 read client certificate A Mon Jun 7 19:32:45 2004 : Info: rlm_eap_tls: Received EAP-TLS ACK message Mon Jun 7 19:32:46 2004 : Info: rlm_eap_tls: Length Included Mon Jun 7 19:32:46 2004 : Info: (other): SSL negotiation finished successfully Mon Jun 7 19:32:46 2004 : Info: rlm_eap_tls: Received EAP-TLS ACK message Mon Jun 7 19:32:46 2004 : Info: rlm_eap_mschapv2: Issuing Challenge Mon Jun 7 19:32:46 2004 : Auth: Login OK: [steve/no User-Password attribute] (from client localhost port 0) Mon Jun 7 19:32:46 2004 : Auth: Login OK: [steve/no User-Password attribute] (from client 193.226.233.43 port 0 cli 00-50-FC-F2-8C-24)
problem with accounting
Hi, my name is George. I have a problem with accounting. If accounting is turn off on AP, then the radius is working. If I turn on the accounting on AP, after authentication few seconds the AP brakes the connection. I don't know why do this. Maybe I should set some attributes for the users? I'm using the MySQL database for user authorization, and accounting to. -- technik :-) ICQ: 270532579 AIM: gyuriszabo - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: problem with accounting
Hello Szab, Friday, June 4, 2004, 1:56:02 PM, you wrote: SG I have a problem with accounting. If accounting is turn off on AP, then the SG radius is working. If I turn on the accounting on AP, after authentication SG few seconds the AP brakes the connection. I don't know why do this. Maybe I SG should set some attributes for the users? SG I'm using the MySQL database for user authorization, and accounting to. What is in logs? -- Best regards, Alexandermailto:[EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: problem with accounting
Excuse me for the last mail. Here is the log file from radacct directory. Hello Szab, Friday, June 4, 2004, 1:56:02 PM, you wrote: SG I have a problem with accounting. If accounting is turn off on AP, then the SG radius is working. If I turn on the accounting on AP, after authentication SG few seconds the AP brakes the connection. I don't know why do this. Maybe I SG should set some attributes for the users? SG I'm using the MySQL database for user authorization, and accounting to. What is in logs? -- technik :-) ICQ: 270532579 AIM: gyuriszabo Thu Jun 3 18:46:10 2004 User-Name = 00300d16f0bf NAS-IP-Address = 192.168.1.4 Called-Station-Id = 00-30-0D-16-F0-BF NAS-Identifier = MMC-1500AP(H) Acct-Status-Type = Accounting-On Acct-Session-Id = 4801 Client-IP-Address = 193.226.233.43 Acct-Unique-Session-Id = 893d160ff71e755c Timestamp = 1086281170 Thu Jun 3 18:47:02 2004 User-Name = fredf NAS-IP-Address = 192.168.1.4 NAS-Port = 1 Service-Type = Framed-User Framed-IP-Address = 0.0.0.0 Framed-MTU = 1400 Called-Station-Id = 00-30-0D-16-F0-BF Calling-Station-Id = 00-50-FC-F2-8C-24 NAS-Identifier = MMC-1500AP(H) Acct-Status-Type = Start Acct-Delay-Time = 0 Acct-Input-Octets = 0 Acct-Output-Octets = 0 Acct-Session-Id = 4802 Acct-Input-Packets = 0 Acct-Output-Packets = 0 Acct-Input-Gigawords = 0 Acct-Output-Gigawords = 0 Event-Timestamp = Jun 4 2004 03:46:57 CEST NAS-Port-Type = Ethernet Connect-Info = CONNECT 10Mbps Ethernet Client-IP-Address = 193.226.233.43 Acct-Unique-Session-Id = 5033f95c272a4be2 Timestamp = 1086281222 Thu Jun 3 18:49:41 2004 User-Name = 00300d16f0bf NAS-IP-Address = 192.168.1.4 Called-Station-Id = 00-30-0D-16-F0-BF NAS-Identifier = MMC-1500AP(H) Acct-Status-Type = Accounting-On Acct-Session-Id = E801 Client-IP-Address = 193.226.233.43 Acct-Unique-Session-Id = 22f70d0dda995ce4 Timestamp = 1086281381 Thu Jun 3 18:51:32 2004 User-Name = fredf NAS-IP-Address = 192.168.1.4 NAS-Port = 1 Service-Type = Framed-User Framed-IP-Address = 0.0.0.0 Framed-MTU = 1400 Called-Station-Id = 00-30-0D-16-F0-BF Calling-Station-Id = 00-50-FC-F2-8C-24 NAS-Identifier = MMC-1500AP(H) Acct-Status-Type = Start Acct-Delay-Time = 0 Acct-Input-Octets = 0 Acct-Output-Octets = 0 Acct-Session-Id = E802 Acct-Input-Packets = 0 Acct-Output-Packets = 0 Acct-Input-Gigawords = 0 Acct-Output-Gigawords = 0 Event-Timestamp = Jun 4 2004 03:51:27 CEST NAS-Port-Type = Ethernet Connect-Info = CONNECT 10Mbps Ethernet Client-IP-Address = 193.226.233.43 Acct-Unique-Session-Id = 6be6b3e61780aa29 Timestamp = 1086281492 Thu Jun 3 18:52:10 2004 User-Name = fredf NAS-IP-Address = 192.168.1.4 NAS-Port = 1 Service-Type = Framed-User Framed-IP-Address = 0.0.0.0 Framed-MTU = 1400 Called-Station-Id = 00-30-0D-16-F0-BF Calling-Station-Id = 00-50-FC-F2-8C-24 NAS-Identifier = MMC-1500AP(H) Acct-Status-Type = Stop Acct-Input-Octets = 1750 Acct-Output-Octets = 0 Acct-Session-Id = E802 Acct-Session-Time = 37 Acct-Input-Packets = 5 Acct-Output-Packets = 0 Acct-Terminate-Cause = Supplicant-Restart Acct-Input-Gigawords = 0 Acct-Output-Gigawords = 0 Event-Timestamp = Jun 4 2004 03:52:04 CEST NAS-Port-Type = Ethernet Connect-Info = CONNECT 10Mbps Ethernet Client-IP-Address = 193.226.233.43 Acct-Unique-Session-Id = 6be6b3e61780aa29 Timestamp = 1086281530 Thu Jun 3 18:52:11 2004 User-Name = fredf NAS-IP-Address = 192.168.1.4 NAS-Port = 2 Service-Type = Framed-User Framed-IP-Address = 0.0.0.0 Framed-MTU = 1400 Called-Station-Id = 00-30-0D-16-F0-BF Calling-Station-Id = 00-50-FC-F2-8C-24 NAS-Identifier = MMC-1500AP(H) Acct-Status-Type = Start Acct-Delay-Time = 0 Acct-Input-Octets = 0 Acct-Output-Octets = 0 Acct-Session-Id = E803 Acct-Input-Packets = 0 Acct-Output-Packets = 0 Acct-Input-Gigawords = 0 Acct-Output-Gigawords = 0 Event-Timestamp = Jun 4 2004 03:52:05 CEST NAS-Port-Type = Ethernet Connect-Info = CONNECT 10Mbps Ethernet Client-IP-Address = 193.226.233.43 Acct-Unique-Session-Id = 9f2c8e1e22b17b10 Timestamp = 1086281531 Thu Jun 3 18:52:18 2004 User-Name = fredf NAS-IP-Address