Re: Problem with accounting insert into Oracle
/etc/raddb/certs was copied too! How to regenerate the certificates ? In general, how to install a copy of a radius server to another box ? For my SQL problem, any idea ? Thanks all AL Le 13 août 2012 à 18:35, John Dennis a écrit : On 08/13/2012 11:41 AM, Aurélien Lafranchise wrote: I have installed a new linux and it is a fresh install. I copied /etc/raddb from one box to another that's all ! What about your /etc/raddb/certs? Did you copy that too? If so you may have problems if the server cert does not match the new machine. I don't think that's would account for a SQL error, but you do need to be careful with just copying things around. The other difference is that I switch from Fedora 14 to CentOS 6.3. AL http://mobiquithings.com/ Le 13 août 2012 à 17:28, John Dennis a écrit : On 08/13/2012 11:10 AM, Aurélien Lafranchise wrote: It is strange: it was working well on Freeradius 2.1.10-1 and not on my fresh install 2.1.12-3. Any idea ? Do you have any .rpmnew or .rpmsave files under /etc/raddb? If so the server will try to load them. -- John Dennis jden...@redhat.com mailto:jden...@redhat.com Looking to carve out IT costs? www.redhat.com/carveoutcosts/ http://www.redhat.com/carveoutcosts/ -- John Dennis jden...@redhat.com Looking to carve out IT costs? www.redhat.com/carveoutcosts/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problem with accounting insert into Oracle
Hi,
I have the same error for every request in dialup.conf (STOP, START, UPDATE).
The database connection is working well but I have:
[sql] Couldn't insert SQL accounting STOP record - ORA-01756: quoted string not
properly terminated
with sqltrace on you can see the mistake at the end. The request seems to be
truncated:
INSERT into radacct (RadAcctId, AcctSessionId, AcctUniqueId, UserName, Realm,
NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime,
AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop,
AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId,
AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress,
AcctStartDelay, AcctStopDelay, IMSI_3GPP, ChargingID_3GPP, PDPType_3GPP,
ChargingGwAddress_3GPP, GPRSNegotiatedQoSprofile_3GPP, SGSNAddress_3GPP,
GGSNAddress_3GPP, IMSIMCCMNC_3GPP, GGSNMCCMNC_3GPP, NSAPI_3GPP,
SessionStopIndicator_3GPP, SelectionMode_3GPP, ChargingCharacteristics_3GPP,
ChargingGwIPv6Address_3GPP, SGSNIPv6Address_3GPP, GGSNIPv6Address_3GPP,
IPv6DNSServers_3GPP, SGSNMCCMNC_3GPP, TeardownIndicator_3GPP, IMEISV_3GPP,
RATType_3GPP, MSTimeZone_3GPP, CamelChargingInfo_3GPP, PacketFilter_3GPP,
NegotiatedDSCP_3GPP, AllocateIPType_3GPP) VALUES('', 'D4090646343006F3',
'64e5c1c4162df0d5', '447937700458', '', '10.100.100.3', '', 'Ethernet', NULL,
TO_DATE('2012-08-13 11:35:27','-mm-dd hh24:mi:ss'), '74', 'RADIUS', '',
'', '679' + ('0' * 4294967296), '83' + ('0' * 4294967296),
'internet.mbqt.net', '447937700458', 'User-Request', 'Framed-User',
'GPRS-PDP-Context', '10.73.248.60', '0', '0', '234507089001283', '875562739',
'0', '', '98-1B631F', '80.10.0.97', '212.9.6.70', '23450', '', '5', '255', '0',
'0800', '', '', '', '', '20801', '', '', '2', ';
but in the dialup.conf file it is ok:
accounting_stop_query_alt = INSERT into ${acct_table2} (RadAcctId,
AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId,
NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic,
ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets,
CalledStationId, CallingStationId, AcctTerminateCause, ServiceType,
FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay, IMSI_3GPP,
ChargingID_3GPP, PDPType_3GPP, ChargingGwAddress_3GPP,
GPRSNegotiatedQoSprofile_3GPP, SGSNAddress_3GPP, GGSNAddress_3GPP,
IMSIMCCMNC_3GPP, GGSNMCCMNC_3GPP, NSAPI_3GPP, SessionStopIndicator_3GPP,
SelectionMode_3GPP, ChargingCharacteristics_3GPP, ChargingGwIPv6Address_3GPP,
SGSNIPv6Address_3GPP, GGSNIPv6Address_3GPP, IPv6DNSServers_3GPP,
SGSNMCCMNC_3GPP, TeardownIndicator_3GPP, IMEISV_3GPP, RATType_3GPP,
MSTimeZone_3GPP, CamelChargingInfo_3GPP, PacketFilter_3GPP,
NegotiatedDSCP_3GPP, AllocateIPType_3GPP) \
VALUES('', '%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',
'%{SQL-User-Name}', '%{Realm}', \
'%{NAS-IP-Address}', '%{NAS-Port-Id}', '%{NAS-Port-Type}', NULL,
TO_DATE('%S','-mm-dd hh24:mi:ss'), \
'%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Connect-Info}', \
'%{Acct-Input-Octets}' + ('%{%{Acct-Input-Gigawords}:-0}' *
4294967296), \
'%{Acct-Output-Octets}' + ('%{%{Acct-Output-Gigawords}:-0}' *
4294967296), \
'%{Called-Station-Id}', '%{Calling-Station-Id}',
'%{Acct-Terminate-Cause}', '%{Service-Type}', \
'%{Framed-Protocol}', '%{Framed-IP-Address}', '0',
'%{Acct-Delay-Time:-0}', '%{3GPP-IMSI}', '%{3GPP-Charging-ID}',
'%{3GPP-PDP-Type}', '%{3GPP-Charging-Gateway-Address}',
'%{3GPP-GPRS-Negotiated-QoS-profile}', '%{3GPP-SGSN-Address}',
'%{3GPP-GGSN-Address}', '%{3GPP-IMSI-MCC-MNC}', '%{3GPP-GGSN-MCC-MNC}',
'%{3GPP-NSAPI}', '%{3GPP-Session-Stop-Indicator}', '%{3GPP-Selection-Mode}',
'%{3GPP-Charging-Characteristics}', '%{3GPP-Charging-Gateway-IPv6-Address}',
'%{3GPP-SGSN-IPv6-Address}', '%{3GPP-GGSN-IPv6-Address}',
'%{3GPP-IPv6-DNS-Servers}', '%{3GPP-SGSN-MCC-MNC}',
'%{3GPP-Teardown-Indicator}', '%{3GPP-IMEISV}', '%{3GPP-RAT-Type}',
'%{3GPP-MS-TimeZone}', '%{3GPP-Camel-Charging-Info}', '%{3GPP-Packet-Filter}',
'%{3GPP-Negotiated-DSCP}', '%{3GPP-Allocate-IP-Type}')
Any idea ? Is there a global option for the maximum number of characters for a
request ?
Cheers
Aurélien Lafranchise
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with accounting insert into Oracle
Aurélien Lafranchise wrote: I have the same error for every request in dialup.conf (STOP, START, UPDATE). The database connection is working well but I have: [sql] Couldn't insert SQL accounting STOP record - ORA-01756: quoted string not properly terminated with sqltrace on you can see the mistake at the end. The request seems to be truncated: Yes. You can't put infinie amounts of data into the SQL query. The limit is ~2K or so. Any idea ? Is there a global option for the maximum number of characters for a request ? It's limited in the SQL module. You've edited the configuration to log tons of data. This generally isn't useful, or necessary. Fix that, or edit the SQL module to allow more than 2K of data in the expansion. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with accounting insert into Oracle
It seems that Freeradius is getting stuck when inserting hex chain. Does that
remind something to someone ?
AL
Le 13 août 2012 à 13:42, Aurélien Lafranchise a écrit :
Hi,
I have the same error for every request in dialup.conf (STOP, START, UPDATE).
The database connection is working well but I have:
[sql] Couldn't insert SQL accounting STOP record - ORA-01756: quoted string
not properly terminated
with sqltrace on you can see the mistake at the end. The request seems to be
truncated:
INSERT into radacct (RadAcctId, AcctSessionId, AcctUniqueId, UserName, Realm,
NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime,
AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop,
AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId,
AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress,
AcctStartDelay, AcctStopDelay, IMSI_3GPP, ChargingID_3GPP, PDPType_3GPP,
ChargingGwAddress_3GPP, GPRSNegotiatedQoSprofile_3GPP, SGSNAddress_3GPP,
GGSNAddress_3GPP, IMSIMCCMNC_3GPP, GGSNMCCMNC_3GPP, NSAPI_3GPP,
SessionStopIndicator_3GPP, SelectionMode_3GPP, ChargingCharacteristics_3GPP,
ChargingGwIPv6Address_3GPP, SGSNIPv6Address_3GPP, GGSNIPv6Address_3GPP,
IPv6DNSServers_3GPP, SGSNMCCMNC_3GPP, TeardownIndicator_3GPP, IMEISV_3GPP,
RATType_3GPP, MSTimeZone_3GPP, CamelChargingInfo_3GPP, PacketFilter_3GPP,
NegotiatedDSCP_3GPP, AllocateIPType_3GPP) VALUES('', 'D4090646343006F3',
'64e5c1c4162df0d5', '447937700458', '', '10.100.100.3', '', 'Ethernet',
NULL, TO_DATE('2012-08-13 11:35:27','-mm-dd hh24:mi:ss'), '74',
'RADIUS', '', '', '679' + ('0' * 4294967296), '83' + ('0' *
4294967296), 'internet.mbqt.net', '447937700458', 'User-Request',
'Framed-User', 'GPRS-PDP-Context', '10.73.248.60', '0', '0',
'234507089001283', '875562739', '0', '', '98-1B631F', '80.10.0.97',
'212.9.6.70', '23450', '', '5', '255', '0', '0800', '', '', '', '', '20801',
'', '', '2', ';
but in the dialup.conf file it is ok:
accounting_stop_query_alt = INSERT into ${acct_table2} (RadAcctId,
AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId,
NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic,
ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets,
CalledStationId, CallingStationId, AcctTerminateCause, ServiceType,
FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay, IMSI_3GPP,
ChargingID_3GPP, PDPType_3GPP, ChargingGwAddress_3GPP,
GPRSNegotiatedQoSprofile_3GPP, SGSNAddress_3GPP, GGSNAddress_3GPP,
IMSIMCCMNC_3GPP, GGSNMCCMNC_3GPP, NSAPI_3GPP, SessionStopIndicator_3GPP,
SelectionMode_3GPP, ChargingCharacteristics_3GPP, ChargingGwIPv6Address_3GPP,
SGSNIPv6Address_3GPP, GGSNIPv6Address_3GPP, IPv6DNSServers_3GPP,
SGSNMCCMNC_3GPP, TeardownIndicator_3GPP, IMEISV_3GPP, RATType_3GPP,
MSTimeZone_3GPP, CamelChargingInfo_3GPP, PacketFilter_3GPP,
NegotiatedDSCP_3GPP, AllocateIPType_3GPP) \
VALUES('', '%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',
'%{SQL-User-Name}', '%{Realm}', \
'%{NAS-IP-Address}', '%{NAS-Port-Id}', '%{NAS-Port-Type}', NULL,
TO_DATE('%S','-mm-dd hh24:mi:ss'), \
'%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Connect-Info}', \
'%{Acct-Input-Octets}' + ('%{%{Acct-Input-Gigawords}:-0}' *
4294967296), \
'%{Acct-Output-Octets}' + ('%{%{Acct-Output-Gigawords}:-0}' *
4294967296), \
'%{Called-Station-Id}', '%{Calling-Station-Id}',
'%{Acct-Terminate-Cause}', '%{Service-Type}', \
'%{Framed-Protocol}', '%{Framed-IP-Address}', '0',
'%{Acct-Delay-Time:-0}', '%{3GPP-IMSI}', '%{3GPP-Charging-ID}',
'%{3GPP-PDP-Type}', '%{3GPP-Charging-Gateway-Address}',
'%{3GPP-GPRS-Negotiated-QoS-profile}', '%{3GPP-SGSN-Address}',
'%{3GPP-GGSN-Address}', '%{3GPP-IMSI-MCC-MNC}', '%{3GPP-GGSN-MCC-MNC}',
'%{3GPP-NSAPI}', '%{3GPP-Session-Stop-Indicator}', '%{3GPP-Selection-Mode}',
'%{3GPP-Charging-Characteristics}', '%{3GPP-Charging-Gateway-IPv6-Address}',
'%{3GPP-SGSN-IPv6-Address}', '%{3GPP-GGSN-IPv6-Address}',
'%{3GPP-IPv6-DNS-Servers}', '%{3GPP-SGSN-MCC-MNC}',
'%{3GPP-Teardown-Indicator}', '%{3GPP-IMEISV}', '%{3GPP-RAT-Type}',
'%{3GPP-MS-TimeZone}', '%{3GPP-Camel-Charging-Info}',
'%{3GPP-Packet-Filter}', '%{3GPP-Negotiated-DSCP}',
'%{3GPP-Allocate-IP-Type}')
Any idea ? Is there a global option for the maximum number of characters for
a request ?
Cheers
Aurélien Lafranchise
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problem with accounting insert into Oracle
Hi Alan, Thanks for the answer. I need all these data so it is not a clean problem. But I will disable sqltrace when everything will be ok. Could you be more precise on where to increase the 2K limit ? Cheers, AL Aurélien Lafranchise wrote: I have the same error for every request in dialup.conf (STOP, START, UPDATE). The database connection is working well but I have: [sql] Couldn't insert SQL accounting STOP record - ORA-01756: quoted string not properly terminated with sqltrace on you can see the mistake at the end. The request seems to be truncated: Yes. You can't put infinie amounts of data into the SQL query. The limit is ~2K or so. Any idea ? Is there a global option for the maximum number of characters for a request ? It's limited in the SQL module. You've edited the configuration to log tons of data. This generally isn't useful, or necessary. Fix that, or edit the SQL module to allow more than 2K of data in the expansion. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with accounting insert into Oracle
Aurélien Lafranchise wrote: Could you be more precise on where to increase the 2K limit ? All over the place in rlm_sql.c and sql.c. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with accounting insert into Oracle
Ok, it is what I thought. It is strange: it was working well on Freeradius 2.1.10-1 and not on my fresh install 2.1.12-3. Any idea ? AL Aurélien Lafranchise wrote: Could you be more precise on where to increase the 2K limit ? All over the place in rlm_sql.c and sql.c. Alan DeKok. Le 13 août 2012 à 14:47, Aurélien Lafranchise a écrit : Hi Alan, Thanks for the answer. I need all these data so it is not a clean problem. But I will disable sqltrace when everything will be ok. Could you be more precise on where to increase the 2K limit ? Cheers, AL Aurélien Lafranchise wrote: I have the same error for every request in dialup.conf (STOP, START, UPDATE). The database connection is working well but I have: [sql] Couldn't insert SQL accounting STOP record - ORA-01756: quoted string not properly terminated with sqltrace on you can see the mistake at the end. The request seems to be truncated: Yes. You can't put infinie amounts of data into the SQL query. The limit is ~2K or so. Any idea ? Is there a global option for the maximum number of characters for a request ? It's limited in the SQL module. You've edited the configuration to log tons of data. This generally isn't useful, or necessary. Fix that, or edit the SQL module to allow more than 2K of data in the expansion. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with accounting insert into Oracle
On 08/13/2012 11:10 AM, Aurélien Lafranchise wrote: It is strange: it was working well on Freeradius 2.1.10-1 and not on my fresh install 2.1.12-3. Any idea ? Do you have any .rpmnew or .rpmsave files under /etc/raddb? If so the server will try to load them. -- John Dennis jden...@redhat.com Looking to carve out IT costs? www.redhat.com/carveoutcosts/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with accounting insert into Oracle
I have installed a new linux and it is a fresh install. I copied /etc/raddb from one box to another that's all ! The other difference is that I switch from Fedora 14 to CentOS 6.3. AL Le 13 août 2012 à 17:28, John Dennis a écrit : On 08/13/2012 11:10 AM, Aurélien Lafranchise wrote: It is strange: it was working well on Freeradius 2.1.10-1 and not on my fresh install 2.1.12-3. Any idea ? Do you have any .rpmnew or .rpmsave files under /etc/raddb? If so the server will try to load them. -- John Dennis jden...@redhat.com Looking to carve out IT costs? www.redhat.com/carveoutcosts/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with accounting insert into Oracle
On 08/13/2012 11:41 AM, Aurélien Lafranchise wrote: I have installed a new linux and it is a fresh install. I copied /etc/raddb from one box to another that's all ! What about your /etc/raddb/certs? Did you copy that too? If so you may have problems if the server cert does not match the new machine. I don't think that's would account for a SQL error, but you do need to be careful with just copying things around. The other difference is that I switch from Fedora 14 to CentOS 6.3. AL http://mobiquithings.com/ Le 13 août 2012 à 17:28, John Dennis a écrit : On 08/13/2012 11:10 AM, Aurélien Lafranchise wrote: It is strange: it was working well on Freeradius 2.1.10-1 and not on my fresh install 2.1.12-3. Any idea ? Do you have any .rpmnew or .rpmsave files under /etc/raddb? If so the server will try to load them. -- John Dennis jden...@redhat.com mailto:jden...@redhat.com Looking to carve out IT costs? www.redhat.com/carveoutcosts/ http://www.redhat.com/carveoutcosts/ -- John Dennis jden...@redhat.com Looking to carve out IT costs? www.redhat.com/carveoutcosts/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with accounting and sql
Hi Alan,
On 09/12/2011 01:57, Alan DeKok wrote:
OK... the debug log shows you have a little more upgrading to do for
it work best in 2.x, but that's OK.
Indeed - as I have my head in FreeRADIUS today, it may well be time to
clear out all those old User-Passwords!
Except that the accounting is showing the unix module returning fail.
Yes. And I'd been guilty of thinking of an accounting request as more
like a syslog/trap fire and forget message and hadn't really
appreciated that an accounting message can fail. Now suitably educated.
accounting {
...
# Update the wtmp file
#
# If you don't use radlast, you can delete this line.
unix
Delete that line, and it will probably start working.
And indeed it did. Its always the silly simple things, and of course
makes perfect sense what was broken now. Many thanks for the quick
response.
Try using the debug form on http://networkradius.com/. It will
highlight things which you should look at in more detail.
That looks good - I hadn't seen that before, thanks.
Paul.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problem with accounting and sql
Hi
I've been trying to debug why accounting information isn't making it
into the SQL database on our main FR server (2.1.11) - it seems that
this has been the case since upgrading from version 1.something ancient
a few months back.
I have a fairly simple MySQL backed setup - and minimal changes of the
config files to enable this; just to be clear this was a fresh install
of the OS + FreeRADIUS so no danger of old configuration files still
lurking around.
sql is uncommented in both the authorization and accounting sections of
the sites-available/default file (accounting section shown below), and
the sql module is enabled in radiusd.conf - the server works just fine
for auth via SQL as can be seen in the debug.
accounting {
#
# Create a 'detail'ed log of the packets.
# Note that accounting requests which are proxied
# are also logged in the detail file.
detail
# daily
# Update the wtmp file
#
# If you don't use radlast, you can delete this line.
unix
#
# For Simultaneous-Use tracking.
#
# Due to packet losses in the network, the data here
# may be incorrect. There is little we can do about it.
radutmp
# sradutmp
# Return an address to the IP Pool when we see a stop record.
# main_pool
#
# Log traffic to an SQL database.
#
# See Accounting queries in sql.conf
sql
#
# If you receive stop packets with zero session length,
# they will NOT be logged in the database. The SQL module
# will print a message (only in debugging mode), and will
# return noop.
#
# You can ignore these packets by uncommenting the following
# three lines. Otherwise, the server will not respond to the
# accounting request, and the NAS will retransmit.
#
# if (noop) {
# ok
# }
#
# Instead of sending the query to the SQL server,
# write it into a log file.
#
# sql_log
# Cisco VoIP specific bulk accounting
# pgsql-voip
# For Exec-Program and Exec-Program-Wait
exec
# Filter attributes from the accounting response.
attr_filter.accounting_response
#
# See Autz-Type Status-Server for how this works.
#
# Acct-Type Status-Server {
#
# }
}
I can see accounting requests being received, but there seems to be no
sql module action happening to insert them into the database; but I
cannot see why from the debug. I've not changed any of the pre-defined
SQL queries.
The debug log attached (it was a bit big to post inline) has had three
minor hand-amendments:
- SQL server password removed.
- Shared secret for the two clients removed.
- The very long list of clients loaded from SQL reduced to the router
being tested.
Any pointers/suggestions gratefully received.
Regards,
Paul.
[root@auth1 ~]# radiusd -X
FreeRADIUS Version 2.1.11, for host i386-portbld-freebsd8.2, built on Aug 25
2011 at 19:01:41
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file /usr/local/etc/raddb/radiusd.conf
including configuration file /usr/local/etc/raddb/proxy.conf
including files in directory /usr/local/etc/raddb/modules/
including configuration file /usr/local/etc/raddb/modules/wimax
including configuration file /usr/local/etc/raddb/modules/always
including configuration file /usr/local/etc/raddb/modules/attr_filter
including configuration file /usr/local/etc/raddb/modules/attr_rewrite
including configuration file /usr/local/etc/raddb/modules/chap
including configuration file /usr/local/etc/raddb/modules/checkval
including configuration file /usr/local/etc/raddb/modules/counter
including configuration file /usr/local/etc/raddb/modules/cui
including configuration file /usr/local/etc/raddb/modules/detail
including configuration file /usr/local/etc/raddb/modules/detail.example.com
including configuration file /usr/local/etc/raddb/modules/detail.log
including configuration file /usr/local/etc/raddb/modules/digest
including configuration file /usr/local/etc/raddb/modules/dynamic_clients
including configuration file /usr/local/etc/raddb/modules/echo
including configuration file /usr/local/etc/raddb/modules/etc_group
including configuration file /usr/local/etc/raddb/modules/exec
including configuration file /usr/local/etc/raddb/modules/expiration
including configuration file /usr/local/etc/raddb/modules/expr
including configuration file /usr/local/etc/raddb/modules/files
including configuration file /usr/local/etc/raddb/modules/inner-eap
including
Re: Problem with accounting and sql
Paul Thornton wrote:
I've been trying to debug why accounting information isn't making it
into the SQL database on our main FR server (2.1.11) - it seems that
this has been the case since upgrading from version 1.something ancient
a few months back.
OK... the debug log shows you have a little more upgrading to do for
it work best in 2.x, but that's OK.
I have a fairly simple MySQL backed setup - and minimal changes of the
config files to enable this; just to be clear this was a fresh install
of the OS + FreeRADIUS so no danger of old configuration files still
lurking around.
Very good.
sql is uncommented in both the authorization and accounting sections of
the sites-available/default file (accounting section shown below), and
the sql module is enabled in radiusd.conf - the server works just fine
for auth via SQL as can be seen in the debug.
Except that the accounting is showing the unix module returning fail.
accounting {
...
# Update the wtmp file
#
# If you don't use radlast, you can delete this line.
unix
Delete that line, and it will probably start working.
Try using the debug form on http://networkradius.com/. It will
highlight things which you should look at in more detail.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS and Asterisk. Problem with accounting
Pawel Plato wrote: ... I thought that FreeRadius will somehow map these values from Asterisk to values which can be put to radacct table, Not everyone has an Asterisk server. There are standard RADIUS attributes which everyone else uses. See raddb/sql/mysql/dialup.conf. It contains the default queries used by the server. You can edit them to add anything you want. e.g. Asterisk-Start-Time --- acctstarttime, etc. Obviously, it doesn't. I've been googling for whole day concerning this problem, and I wasn't able to find anything related to it, so probably other users had no problems with that. I assume that I would have to create a custom table for supporting asterisk RADIUS packets, but I wasn't able to find anything on google. I would appreciate any kind of help, hint, or advice. See raddb/sql/mysql/schema.sql. Both the schema and queries are editable. All of this is documented in the file doc/rlm_sql, and in the comments at the start of the raddb/sql.conf file. There is *no* need to google for things when the server includes a large amount of documentation. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Blank spaces after username - problem with accounting -MySqldatabase.
It is solved now. I deleted FR .4 and migrated to .7 with fresh clean install. I didn't use the old files. Thanks [EMAIL PROTECTED] wrote: Hi, Please don't be angry. I'm trying to fix this issue because it works perfectly on FR1.1.7 if you've copied the config files direct from 1.1.7 to a 2.0.0 system then there will be quirks. wheres the full debug log? alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Blank spaces after username - problem with accounting -MySqldatabase.
Please don't be angry. I'm trying to fix this issue because it works perfectly on FR1.1.7 Now I'm completely sure that problem is on my side but radius is on default setup. Only thing we changed is uncommenting sql statements (for simul check, author, and account.) in radiusd.conf. Case closed Have a nice day. On Jan 23, 2008 7:25 AM, Alan DeKok [EMAIL PROTECTED] wrote: Marinko Tarlac wrote: a) the user has typed the user name with spaces Yes. User has typed user name with space but why radius didn't ignore them? Why would it? Spaces are perfectly valid in a user name. I repeat, user names and all other records in database are without space. User has entered space and he can connect but he can't see his accounting informations because they are connected with the same user but with space at the end. You keep repeating that. Yes, I understand. Yes, I have read your messages. I think it's clear you either haven't read my responses, or that you haven't understood them. If user with spaces is given access, then it is very likely YOU that configured the server to do that. The default configuration does not have this issue. YOU BROKE THE SERVER. Now go fix it. Stop complaining about the problem. Stop repeated that the users in the database don't have spaces. Stop trying to fix the accounting records. Stop blaming the server. Seems like I'm subscribed for a strange problems ... :) A large part of that is you're so stuck on talking about the problem that you don't want to understand the cause, and you don't want to implement the solution I posted in another message. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Blank spaces after username - problem with accounting -MySqldatabase.
Hi, Please don't be angry. I'm trying to fix this issue because it works perfectly on FR1.1.7 if you've copied the config files direct from 1.1.7 to a 2.0.0 system then there will be quirks. wheres the full debug log? alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Blank spaces after username - problem with accounting - MySqldatabase.
There is a configuration line in radiusd.conf:
nospace_user = yes (default is no)
that will remove trailing space even when entered. By the user. It
doesn't help if the trailing space is in the database.
Ivan Kalik
Kalik Informatika ISP
Dana 22/1/2008, Marinko Tarlac [EMAIL PROTECTED] piše:
Neither. The user is adding the spaces. It looks to me like someone
figured out that you have test accounts. They are using the test
accounts to log in without paying.
Well it is more than one account and they are random usernames (example,
mirije, drogbba, etc. )
You need to to audit your configuration to ensure that you are using
the user name *correctly*.
e.g. this is wrong: SELECT ... %{User-Name} ...
this is correct:SELECT ... '%{User-Name}' ...
One is sure. MySql seems fine and only solution I can do now is to make
querry UPDATE radacct SET UserName='test.user' WHERE
UserName='test.user ';
-
Inside sql.conf everything seems fine.
.
sql_user_name = %{User-Name}
..
authorize_check_query = SELECT id, UserName, Attribute, Value, op \
FROM ${authcheck_table} \
WHERE Username = '%{SQL-User-Name}' \
ORDER BY id
authorize_reply_query = SELECT id, UserName, Attribute, Value, op \
FROM ${authreply_table} \
WHERE Username = '%{SQL-User-Name}' \
ORDER BY id
Also, accounting queries are also the same. ???
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Blank spaces after username - problem with accounting - MySql database.
Marinko Tarlac wrote:
Well it is more than one account and they are random usernames (example,
mirije, drogbba, etc. )
FreeRADIUS does not add spaces to user names. Again, run it in
debugging mode to see *exactly* what it is seeing.
Inside sql.conf everything seems fine.
sql_user_name = %{User-Name}
.
Then run the server in debugging mode to see WHY test-user is being
treated the same as test-user. The user names are NOT the same, and
should NOT be treated identically.
Also, accounting queries are also the same. ???
Once you fix the authentication so that users with spaces are not
authenticated, the accounting should fix itself.
In 2.0.0, you can simply put this at the *start* of the authorize
section:
if (%{User-Name} =~ / /) {
reject
}
It won't fix the problem, but it will ensure that the users get rejected.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Blank spaces after username - problem with accounting -MySqldatabase.
It's more likely to be a MySQL bug. Try the same with a user entry in
users file - if user can authenticate with and without trailing space
then it is freeradius bug. If SELECT . 'test' and SELECT .
'test ' produce the same output, then the problem is with MySQL.
Ivan Kalik
Kalik Informatika ISP
Dana 22/1/2008, Marinko Tarlac [EMAIL PROTECTED] piše:
Thanks but this option didn't help.
I tried with random username and when I add blank space after username user
still can connect... Seems like a radius bug so I will try to install newer
version.
In any case I will inform you about this... Until I fix this issue I will
update radacct with my own script who will remove blank spaces in usernames.
Best regards
2008/1/22 [EMAIL PROTECTED]:
There is a configuration line in radiusd.conf:
nospace_user = yes (default is no)
that will remove trailing space even when entered. By the user. It
doesn't help if the trailing space is in the database.
Ivan Kalik
Kalik Informatika ISP
Dana 22/1/2008, Marinko Tarlac [EMAIL PROTECTED] piše:
Neither. The user is adding the spaces. It looks to me like someone
figured out that you have test accounts. They are using the test
accounts to log in without paying.
Well it is more than one account and they are random usernames (example,
mirije, drogbba, etc. )
You need to to audit your configuration to ensure that you are using
the user name *correctly*.
e.g. this is wrong: SELECT ... %{User-Name} ...
this is correct:SELECT ... '%{User-Name}' ...
One is sure. MySql seems fine and only solution I can do now is to
make
querry UPDATE radacct SET UserName=' test.user' WHERE
UserName='test.user ';
-
Inside sql.conf everything seems fine.
.
sql_user_name = %{User-Name}
..
authorize_check_query = SELECT id, UserName, Attribute, Value, op \
FROM ${authcheck_table} \
WHERE Username = '%{SQL-User-Name}' \
ORDER BY id
authorize_reply_query = SELECT id, UserName, Attribute, Value, op \
FROM ${authreply_table} \
WHERE Username = '%{SQL-User-Name}' \
ORDER BY id
Also, accounting queries are also the same. ???
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Blank spaces after username - problem with accounting - MySqldatabase.
Thanks but this option didn't help.
I tried with random username and when I add blank space after username user
still can connect... Seems like a radius bug so I will try to install newer
version.
In any case I will inform you about this... Until I fix this issue I will
update radacct with my own script who will remove blank spaces in usernames.
Best regards
2008/1/22 [EMAIL PROTECTED]:
There is a configuration line in radiusd.conf:
nospace_user = yes (default is no)
that will remove trailing space even when entered. By the user. It
doesn't help if the trailing space is in the database.
Ivan Kalik
Kalik Informatika ISP
Dana 22/1/2008, Marinko Tarlac [EMAIL PROTECTED] piše:
Neither. The user is adding the spaces. It looks to me like someone
figured out that you have test accounts. They are using the test
accounts to log in without paying.
Well it is more than one account and they are random usernames (example,
mirije, drogbba, etc. )
You need to to audit your configuration to ensure that you are using
the user name *correctly*.
e.g. this is wrong: SELECT ... %{User-Name} ...
this is correct:SELECT ... '%{User-Name}' ...
One is sure. MySql seems fine and only solution I can do now is to
make
querry UPDATE radacct SET UserName=' test.user' WHERE
UserName='test.user ';
-
Inside sql.conf everything seems fine.
.
sql_user_name = %{User-Name}
..
authorize_check_query = SELECT id, UserName, Attribute, Value, op \
FROM ${authcheck_table} \
WHERE Username = '%{SQL-User-Name}' \
ORDER BY id
authorize_reply_query = SELECT id, UserName, Attribute, Value, op \
FROM ${authreply_table} \
WHERE Username = '%{SQL-User-Name}' \
ORDER BY id
Also, accounting queries are also the same. ???
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Blank spaces after username - problem with accounting -MySqldatabase.
MySQL is 5.0.x
Query SELECT * FROM `radcheck` WHERE `UserName` LIKE 'test.user '; (added
space) returns 0 records (not found)
Query SELECT * FROM `radcheck` WHERE `UserName` LIKE 'test.user'; (without
blank space) returns valid records. (password, simultaneus-use and other
check entries.
So this can be called as FreeRadius bug ?
I saw binary option so I will test it later.
Best regards and thanks for your time and ideas you gave to me.
Marinko
2008/1/22 [EMAIL PROTECTED]:
It's more likely to be a MySQL bug. Try the same with a user entry in
users file - if user can authenticate with and without trailing space
then it is freeradius bug. If SELECT . 'test' and SELECT .
'test ' produce the same output, then the problem is with MySQL.
Ivan Kalik
Kalik Informatika ISP
Dana 22/1/2008, Marinko Tarlac [EMAIL PROTECTED] piše:
Thanks but this option didn't help.
I tried with random username and when I add blank space after username
user
still can connect... Seems like a radius bug so I will try to install
newer
version.
In any case I will inform you about this... Until I fix this issue I will
update radacct with my own script who will remove blank spaces in
usernames.
Best regards
2008/1/22 [EMAIL PROTECTED]:
There is a configuration line in radiusd.conf:
nospace_user = yes (default is no)
that will remove trailing space even when entered. By the user. It
doesn't help if the trailing space is in the database.
Ivan Kalik
Kalik Informatika ISP
Dana 22/1/2008, Marinko Tarlac [EMAIL PROTECTED] piše:
Neither. The user is adding the spaces. It looks to me like
someone
figured out that you have test accounts. They are using the test
accounts to log in without paying.
Well it is more than one account and they are random usernames
(example,
mirije, drogbba, etc. )
You need to to audit your configuration to ensure that you are
using
the user name *correctly*.
e.g. this is wrong: SELECT ... %{User-Name} ...
this is correct:SELECT ... '%{User-Name}' ...
One is sure. MySql seems fine and only solution I can do now is to
make
querry UPDATE radacct SET UserName=' test.user' WHERE
UserName='test.user ';
-
Inside sql.conf everything seems fine.
.
sql_user_name = %{User-Name}
..
authorize_check_query = SELECT id, UserName, Attribute, Value, op \
FROM ${authcheck_table} \
WHERE Username = '%{SQL-User-Name}' \
ORDER BY id
authorize_reply_query = SELECT id, UserName, Attribute, Value, op \
FROM ${authreply_table} \
WHERE Username = '%{SQL-User-Name}' \
ORDER BY id
Also, accounting queries are also the same. ???
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Blank spaces after username - problem with accounting -MySqldatabase.
Marinko Tarlac wrote: So this can be called as FreeRadius bug ? No. As I have said, FreeRADIUS does not add spaces to user names. This is the *first* time I can recall seeing this problem in almost 9 years of working with FreeRADIUS. It is *not* a FreeRADIUS issue. If you see spaces, then: a) the user has typed the user name with spaces b) local edits to your configuration files are adding those spaces Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Blank spaces after username - problem with accounting -MySqldatabase.
Alan DeKok wrote: a) the user has typed the user name with spaces Yes. User has typed user name with space but why radius didn't ignore them? I repeat, user names and all other records in database are without space. User has entered space and he can connect but he can't see his accounting informations because they are connected with the same user but with space at the end. This problems has been noticed on our old server. I made myself a completely new php script for database manipulation and we use it on our new server. It works perfectly and without any problems. (FR1.1.7) Old server will be replaced with the new one but you must confess that space problem is a very interesting .. :) Seems like I'm subscribed for a strange problems ... :) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Blank spaces after username - problem with accounting -MySqldatabase.
Marinko Tarlac wrote: a) the user has typed the user name with spaces Yes. User has typed user name with space but why radius didn't ignore them? Why would it? Spaces are perfectly valid in a user name. I repeat, user names and all other records in database are without space. User has entered space and he can connect but he can't see his accounting informations because they are connected with the same user but with space at the end. You keep repeating that. Yes, I understand. Yes, I have read your messages. I think it's clear you either haven't read my responses, or that you haven't understood them. If user with spaces is given access, then it is very likely YOU that configured the server to do that. The default configuration does not have this issue. YOU BROKE THE SERVER. Now go fix it. Stop complaining about the problem. Stop repeated that the users in the database don't have spaces. Stop trying to fix the accounting records. Stop blaming the server. Seems like I'm subscribed for a strange problems ... :) A large part of that is you're so stuck on talking about the problem that you don't want to understand the cause, and you don't want to implement the solution I posted in another message. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Blank spaces after username - problem with accounting - MySql database.
Hi there... It is me again... Few days ago, I wrote about my problem
with accounting. Problem is that accounting doesn't work for some users.
In this case it is test.user... After some investigation with log
files (holly radiusd -X), I can see that problem is in username. As you
can see (line marked with *-*-*-*-*-*-*), some blank spaces were added
to username. I'm not sure how is this possible and who adds this blank
spaces (Mikrotik as nas or radius server?).
Log file is truncated but I believe you can see where is the problem.
-
LOG STARTS
Finished request 13
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 192.168.15.2:48263, id=86,
length=145
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 23427
NAS-Port-Type = Ethernet
User-Name = test.user*-*-*-*-*-*-* (notice blank spaces
before closing )
rlm_realm: No '@' in User-Name = test.user , looking up realm
NULL *-*-*-*-*-*-* (NOTICE BLANK SPACE BEFORE CLOSING )
...
radius_xlat: 'test.user ' *-*-*-*-*-*-* (NOTICE BLANK SPACE BEFORE
CLOSING )
rlm_sql (sql): sql_set_user escaped user -- 'test.user ' *-*-*-*-*-*-*
(NOTICE BLANK SPACE BEFORE CLOSING )
radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM
radcheck WHERE Username = 'test.user ' ORDER BY id'
*-*-*-*-*-*-* (NOTICE BLANK SPACE BEFORE CLOSING )
.
rad_check_password: Found Auth-Type CHAP
auth: type CHAP
Processing the authenticate section of radiusd.conf
modcall: entering group CHAP for request 14
rlm_chap: login attempt by test.user with CHAP password
*-*-*-*-*-*-* (NOTICE BLANK SPACE BEFORE CLOSING )
rlm_chap: Using clear text password testpassword for user test.user
authentication.
rlm_chap: chap user test.user authenticated succesfully *-*-*-*-*-*-*
(user with blank spaces doesn't exist anywhere and especially not in
radcheck table and authentication was successful )
modcall[authenticate]: module chap returns ok for request 14
modcall: leaving group CHAP (returns ok) for request 14
..
radius_xlat: 'INSERT into radacct (AcctSessionId, AcctUniqueId,
UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime,
AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start,
ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId,
CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol,
FramedIPAddress, AcctStartDelay, AcctStopDelay) values('814054d0',
'8ff2e3a7022d4a99', 'test.user ', '', '192.168.15.2', '23427',
'Ethernet', '2008-01-21 23:41:06', '0', '0', 'RADIUS', '', '', '0', '0',
'ht1', '00:19:66:11:59:F7', '', 'Framed-User', 'PPP', '192.168.15.212',
'0', '0')'
-
LOG ENDS
p.s. As I can see in debug lines, raddacct table has been filled with
wrong username so I searched for username test.user and I can see
his traffic. I can solve this problem with small scheduler script who
will replace test.user with test.user but who knows... Maybe
tomorrow I will have more spaces and other signs in username ???
One is sure. MySql seems fine and only solution I can do now is to make
querry UPDATE radacct SET UserName='test.user' WHERE
UserName='test.user ';
FR is 1.1.4 and I will update it and see what's going on...
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with accounting
Hey Marinko, On Jan 14, 2008 9:15 AM, Marinko Tarlac [EMAIL PROTECTED] wrote: Hi We have FreeRadius 1.1.4 and Mikrotik (as a NAS) with MySql as a database. Accounting works fine for all users except for one user. Authentication works fine and NAS sends updates as I specify for all users and I can't find any reason why it doesn't work for specific username. In debugging mode (radiusd -X and radiusd -x) I can see updates but MySql is empty... Maybe you should post some debug output when those accounting updates occur, you might be overlooking something. It would also be wise to turn on mysql logging and monitor the queries running (if at all) as they might be badly processed. Regards, Liran Tal. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problem with accounting
Hi We have FreeRadius 1.1.4 and Mikrotik (as a NAS) with MySql as a database. Accounting works fine for all users except for one user. Authentication works fine and NAS sends updates as I specify for all users and I can't find any reason why it doesn't work for specific username. In debugging mode (radiusd -X and radiusd -x) I can see updates but MySql is empty... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with accounting
On Jan 14, 2008 9:15 AM, Marinko Tarlac [EMAIL PROTECTED] wrote: Hi We have FreeRadius 1.1.4 and Mikrotik (as a NAS) with MySql as a database. Accounting works fine for all users except for one user. Authentication works fine and NAS sends updates as I specify for all users and I can't find any reason why it doesn't work for specific username. In debugging mode (radiusd -X and radiusd -x) I can see updates but MySql is empty... Hi, I suggest you try first with the latest freeradius version available. 1.1.4 is not recent and there have been many bugfixes since that. -- In a sea of glass shards, I hear you screaming --icchan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with accounting
Can you post the debug for Accounting Start packets for that user and one that is being recorded. Ivan Kalik Kalik Informatika ISP Dana 14/1/2008, Marinko Tarlac [EMAIL PROTECTED] piše: Hi We have FreeRadius 1.1.4 and Mikrotik (as a NAS) with MySql as a database. Accounting works fine for all users except for one user. Authentication works fine and NAS sends updates as I specify for all users and I can't find any reason why it doesn't work for specific username. In debugging mode (radiusd -X and radiusd -x) I can see updates but MySql is empty... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem in Accounting
Let's try again: you haven't posted the debug output. From this I can
see that access request are proxied but accounting one aren't. Post the
debug so we can see why.
On first glance there is a lot missing (Acct-Session-Time, number of
octets ...) from this accounting stop packet:
rad_recv: Accounting-Request packet from host 127.0.0.1:34076, id=7,
length=91
Vendor-28382-Attr-8 = 0xac1e01b2
Framed-IP-Address = 10.0.0.178
Calling-Station-Id = 00:0F:66:EE:BE:3A
Acct-Session-Id = N123-1200037051098-1
Acct-Terminate-Cause = User-Request
Acct-Status-Type = Stop
And I don't see Start packet at all.
Ivan Kalik
Kalik Informatika ISP
Dana 11/1/2008, Jayaraman Balasubramanian
[EMAIL PROTECTED] piše:
The logs are given below for access request and accounting request.
*Proxy Radius Server Logs:*
*Access Request Logs *
Sending Access-Request of id 0 to 100.100.0.2 port 1812
Framed-IP-Address = 10.0.0.178
Calling-Station-Id = 00:0F:66:EE:BE:3A
User-Name = steve
User-Password = testing
Service-Type = Authenticate-Only
Message-Authenticator = 0x
Proxy-State = 0x32
NAS-IP-Address := 10.0.0.1
Called-Station-Id := 00:19:D1:21:12:12
NAS-Identifier := N123
Acct-Session-Id := N123-1200037051188-1
NAS-Port-Type := Wireless-802.11
rad_recv: Access-Accept packet from host 100.100.0.2:1812, id=0, length=49
Session-Timeout = 300
Acct-Interim-Interval = 10
Reply-Message = Hello, steve
Proxy-State = 0x32
Sending Access-Accept of id 2 to 127.0.0.1 port 34075
Session-Timeout = 300
Acct-Interim-Interval = 10
Reply-Message = Hello, steve
Class :=
0x4a5241444955532d434c4153533a373032626561633933393337313365633262373161323435323938316265
rad_recv: Access-Request packet from host 127.0.0.1:34076, id=3, length=128
Vendor-28382-Attr-8 = 0xac1e01b2
Framed-IP-Address = 10.0.0.178
Calling-Station-Id = 00:0F:66:EE:BE:3A
Acct-Session-Id = N123-1200037051098-1
User-Name = steve
User-Password = testing
Service-Type = Login-User
Message-Authenticator = 0x1fa6d6da9becb06a7f850f10041ecb1e
*Accounting Request* *Logs* are
Sending Accounting-Response of id 4 to 127.0.0.1 port 34076
rad_recv: Accounting-Request packet from host 127.0.0.1:34076, id=5,
length=85
Vendor-28382-Attr-8 = 0xac1e01b2
Framed-IP-Address = 10.0.0.178
Calling-Station-Id = 00:0F:66:EE:BE:3A
Acct-Session-Id = N123-1200037051098-1
Acct-Status-Type = Interim-Update
Sending Accounting-Response of id 5 to 127.0.0.1 port 34076
rad_recv: Accounting-Request packet from host 127.0.0.1:34076, id=6,
length=85
Vendor-28382-Attr-8 = 0xac1e01b2
Framed-IP-Address = 10.0.0.178
Calling-Station-Id = 00:0F:66:EE:BE:3A
Acct-Session-Id = N123-1200037051098-1
Acct-Status-Type = Interim-Update
Sending Accounting-Response of id 6 to 127.0.0.1 port 34076
rad_recv: Accounting-Request packet from host 127.0.0.1:34076, id=7,
length=91
Vendor-28382-Attr-8 = 0xac1e01b2
Framed-IP-Address = 10.0.0.178
Calling-Station-Id = 00:0F:66:EE:BE:3A
Acct-Session-Id = N123-1200037051098-1
Acct-Terminate-Cause = User-Request
Acct-Status-Type = Stop
*Radius Server Logs*
rad_recv: Access-Request packet from host 10.0.0.1:1814, id=0, length=257
Framed-IP-Address = 10.0.0.178
Calling-Station-Id = 00:0F:66:EE:BE:3A
User-Name = steve
User-Password = testing
Service-Type = Authenticate-Only
Message-Authenticator = 0xbfc958eb3215db3e00890a6b4633b062
Proxy-State = 0x32
NAS-IP-Address = 10.0.0.1
Called-Station-Id = 00:19:D1:21:12:12
NAS-Identifier = N123
Acct-Session-Id = N123-1200037051188-1
NAS-Port-Type = Wireless-802.11
Sending Access-Accept of id 0 to 10.0.0.1 port 1814
Session-Timeout = 300
Acct-Interim-Interval = 10
Reply-Message = Hello, steve
Proxy-State = 0x32.
What can be the problem?? How to solve this?
On 1/10/08, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
You haven't posted the debug output. Post one that has both access and
accounting requests for the same user.
Ivan Kalik
Kalik Informatika ISP
Dana 10/1/2008, Jayaraman Balasubramanian
[EMAIL PROTECTED] piše:
Hi
I have configured the Free Radius Server to work as proxy radius server
with
the following in the proxy.conf
realm NULL {
type = radius
authhost = 100.100.0.2:1812
accthost = 100.100.0.2:1813
secret = testing123
}
All the other conf files are configured properly. AM getting the
following
problem.
For authentication of user, the Access Request packet is transferred to
the
ip address 100.100.0.2. But for Accounting Request the packet is
transfered
locally
Am getting log as sending Accounting Request to 127.0.0.1:4445
What can be the solution ?
--
Regards
Balu
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
Regards
Balu
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem in Accounting
The logs are given below for access request and accounting request.
*Proxy Radius Server Logs:*
*Access Request Logs *
Sending Access-Request of id 0 to 100.100.0.2 port 1812
Framed-IP-Address = 10.0.0.178
Calling-Station-Id = 00:0F:66:EE:BE:3A
User-Name = steve
User-Password = testing
Service-Type = Authenticate-Only
Message-Authenticator = 0x
Proxy-State = 0x32
NAS-IP-Address := 10.0.0.1
Called-Station-Id := 00:19:D1:21:12:12
NAS-Identifier := N123
Acct-Session-Id := N123-1200037051188-1
NAS-Port-Type := Wireless-802.11
rad_recv: Access-Accept packet from host 100.100.0.2:1812, id=0, length=49
Session-Timeout = 300
Acct-Interim-Interval = 10
Reply-Message = Hello, steve
Proxy-State = 0x32
Sending Access-Accept of id 2 to 127.0.0.1 port 34075
Session-Timeout = 300
Acct-Interim-Interval = 10
Reply-Message = Hello, steve
Class :=
0x4a5241444955532d434c4153533a373032626561633933393337313365633262373161323435323938316265
rad_recv: Access-Request packet from host 127.0.0.1:34076, id=3, length=128
Vendor-28382-Attr-8 = 0xac1e01b2
Framed-IP-Address = 10.0.0.178
Calling-Station-Id = 00:0F:66:EE:BE:3A
Acct-Session-Id = N123-1200037051098-1
User-Name = steve
User-Password = testing
Service-Type = Login-User
Message-Authenticator = 0x1fa6d6da9becb06a7f850f10041ecb1e
*Accounting Request* *Logs* are
Sending Accounting-Response of id 4 to 127.0.0.1 port 34076
rad_recv: Accounting-Request packet from host 127.0.0.1:34076, id=5,
length=85
Vendor-28382-Attr-8 = 0xac1e01b2
Framed-IP-Address = 10.0.0.178
Calling-Station-Id = 00:0F:66:EE:BE:3A
Acct-Session-Id = N123-1200037051098-1
Acct-Status-Type = Interim-Update
Sending Accounting-Response of id 5 to 127.0.0.1 port 34076
rad_recv: Accounting-Request packet from host 127.0.0.1:34076, id=6,
length=85
Vendor-28382-Attr-8 = 0xac1e01b2
Framed-IP-Address = 10.0.0.178
Calling-Station-Id = 00:0F:66:EE:BE:3A
Acct-Session-Id = N123-1200037051098-1
Acct-Status-Type = Interim-Update
Sending Accounting-Response of id 6 to 127.0.0.1 port 34076
rad_recv: Accounting-Request packet from host 127.0.0.1:34076, id=7,
length=91
Vendor-28382-Attr-8 = 0xac1e01b2
Framed-IP-Address = 10.0.0.178
Calling-Station-Id = 00:0F:66:EE:BE:3A
Acct-Session-Id = N123-1200037051098-1
Acct-Terminate-Cause = User-Request
Acct-Status-Type = Stop
*Radius Server Logs*
rad_recv: Access-Request packet from host 10.0.0.1:1814, id=0, length=257
Framed-IP-Address = 10.0.0.178
Calling-Station-Id = 00:0F:66:EE:BE:3A
User-Name = steve
User-Password = testing
Service-Type = Authenticate-Only
Message-Authenticator = 0xbfc958eb3215db3e00890a6b4633b062
Proxy-State = 0x32
NAS-IP-Address = 10.0.0.1
Called-Station-Id = 00:19:D1:21:12:12
NAS-Identifier = N123
Acct-Session-Id = N123-1200037051188-1
NAS-Port-Type = Wireless-802.11
Sending Access-Accept of id 0 to 10.0.0.1 port 1814
Session-Timeout = 300
Acct-Interim-Interval = 10
Reply-Message = Hello, steve
Proxy-State = 0x32.
What can be the problem?? How to solve this?
On 1/10/08, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
You haven't posted the debug output. Post one that has both access and
accounting requests for the same user.
Ivan Kalik
Kalik Informatika ISP
Dana 10/1/2008, Jayaraman Balasubramanian
[EMAIL PROTECTED] piše:
Hi
I have configured the Free Radius Server to work as proxy radius server
with
the following in the proxy.conf
realm NULL {
type = radius
authhost = 100.100.0.2:1812
accthost = 100.100.0.2:1813
secret = testing123
}
All the other conf files are configured properly. AM getting the
following
problem.
For authentication of user, the Access Request packet is transferred to
the
ip address 100.100.0.2. But for Accounting Request the packet is
transfered
locally
Am getting log as sending Accounting Request to 127.0.0.1:4445
What can be the solution ?
--
Regards
Balu
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
Regards
Balu
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problem in Accounting
Hi
I have configured the Free Radius Server to work as proxy radius server with
the following in the proxy.conf
realm NULL {
type = radius
authhost = 100.100.0.2:1812
accthost = 100.100.0.2:1813
secret = testing123
}
All the other conf files are configured properly. AM getting the following
problem.
For authentication of user, the Access Request packet is transferred to the
ip address 100.100.0.2. But for Accounting Request the packet is transfered
locally
Am getting log as sending Accounting Request to 127.0.0.1:4445
What can be the solution ?
--
Regards
Balu
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem in Accounting
You haven't posted the debug output. Post one that has both access and
accounting requests for the same user.
Ivan Kalik
Kalik Informatika ISP
Dana 10/1/2008, Jayaraman Balasubramanian
[EMAIL PROTECTED] piše:
Hi
I have configured the Free Radius Server to work as proxy radius server with
the following in the proxy.conf
realm NULL {
type = radius
authhost = 100.100.0.2:1812
accthost = 100.100.0.2:1813
secret = testing123
}
All the other conf files are configured properly. AM getting the following
problem.
For authentication of user, the Access Request packet is transferred to the
ip address 100.100.0.2. But for Accounting Request the packet is transfered
locally
Am getting log as sending Accounting Request to 127.0.0.1:4445
What can be the solution ?
--
Regards
Balu
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problem in accounting with sql counter module max-all-session
Hi,
I have setup freeradius 1.1.2 in FreeBSD 6.0 with mysql support. I
have setup user in radcheck table as follows;
1403 | test01 | | || Max-All-Session | :=
| 1500|
The user test001 is allowed to login total for 25hrs. After finishing
25hrs if the user recharge his account to 30hrs again and I updated
max-all-session to 1800 seconds in radcheck table.
Now when the user tries to connect he get disconneted after 5hrs and
when he tried to reconnect, he couldnot get authenticate. In my radius
log I see ;
Mon Sep 4 17:43:56 2006 : Auth: Invalid user (rlm_sqlcounter: Maximum
never usage time reached): [test01] (from client pppoe-bhw port 4448
cli 0:7:95:10:73:9e)
What could be the problem with sql counter module? In my radiusd.conf
settings I have setup max-all-session counter as follows;
sqlcounter noresetcounter {
driver = rlm_sqlcounter
counter-name = Max-All-Session-Time
check-name = Max-All-Session
sqlmod-inst = sql
key = User-Name
reset = never
query = SELECT SUM(AcctSessionTime) FROM
radacct WHERE UserName='%{%k}'
}
All things are running well except rechargeable account. How could I
make rechargeable sqlcounter module for hourly accounts?
Do I need to create the seperate sqlcounter according to plan? Like if
25hrs then in sqlcounter section reset=25h, if 50hrs reset=50h
etc,
Any suggestion?
Bishal
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with Accounting.
On Tue 18 Apr 2006 00:55, Alejandro Sanchez wrote: Hi. evrybody. I am using freeradius with Sip Express Router (SER) and i am enable accounting on freeradius 1.1.1 but in the log files and the tables of freeradius only save the start request, in other words when i finish a call the method BYE of SIP dosen't trigger the stop of the accounting or the update of it. Do you have the stop records in the detail file? -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc pgploOJoSnxej.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with Accounting.
Hi Peter. I don't have de stop record in the detail file, when i finish the call looks like radius dosen't recive the BYE transaction.. --- Peter Nixon [EMAIL PROTECTED] escribió: On Tue 18 Apr 2006 00:55, Alejandro Sanchez wrote: Hi. evrybody. I am using freeradius with Sip Express Router (SER) and i am enable accounting on freeradius 1.1.1 but in the log files and the tables of freeradius only save the start request, in other words when i finish a call the method BYE of SIP dosen't trigger the stop of the accounting or the update of it. Do you have the stop records in the detail file? -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html ___ Do You Yahoo!? La mejor conexión a Internet y b 2GB/b extra a tu correo por $100 al mes. http://net.yahoo.com.mx - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem in Accounting Port
thanks for the responses. i already do that, i set my client on port 1646, but am just wondering why sometime the error message is still appearing in my raduis.log? Thanks, Emman Quoting Michael Mitchell [EMAIL PROTECTED]: Your client is sending accounting packets to the port on which freeRADIUS is listening for proxy responses. Configure the client to send accounting packets to the correct port (probably 1646), and you should be good... Emman S. Loloy wrote: Hi guys, anyone knows how to solve this problem? Sat Feb 5 12:19:04 2005 : Error: Accounting-Request packet sent to a non-accounting port from client server:1647 - ID 0 : IGNORED Thanks, Emman - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html ** This message was sent through GLOBALink Webmail Service. If you are a GLOBALink Internet subscriber or among its affiliates, go to http://webmail.globalink.net.ph to check emails. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem in Accounting Port
Your client is sending accounting packets to the port on which freeRADIUS is listening for proxy responses. Configure the client to send accounting packets to the correct port (probably 1646), and you should be good... Emman S. Loloy wrote: Hi guys, anyone knows how to solve this problem? Sat Feb 5 12:19:04 2005 : Error: Accounting-Request packet sent to a non-accounting port from client server:1647 - ID 0 : IGNORED Thanks, Emman - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: problem with accounting
Hello Szabo, Friday, June 4, 2004, 2:24:08 PM, you wrote: SG Excuse me for the last mail. SG Here is the log file from radacct directory. Hello Szab, Friday, June 4, 2004, 1:56:02 PM, you wrote: SG I have a problem with accounting. If accounting is turn off on AP, then the SG radius is working. If I turn on the accounting on AP, after authentication SG few seconds the AP brakes the connection. I don't know why do this. Maybe I SG should set some attributes for the users? SG I'm using the MySQL database for user authorization, and accounting to. What is in logs? No, not the detail file. What is in logfile? Try to start radiusd with -X flag and watch it output. -- technik :-) ICQ: 270532579 AIM: gyuriszabo - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: problem with accounting
I'm sorry for the last mail. Hello Szabo, Friday, June 4, 2004, 2:24:08 PM, you wrote: SG Excuse me for the last mail. SG Here is the log file from radacct directory. Hello Szab, Friday, June 4, 2004, 1:56:02 PM, you wrote: SG I have a problem with accounting. If accounting is turn off on AP, then the SG radius is working. If I turn on the accounting on AP, after authentication SG few seconds the AP brakes the connection. I don't know why do this. Maybe I SG should set some attributes for the users? SG I'm using the MySQL database for user authorization, and accounting to. What is in logs? No, not the detail file. What is in logfile? Try to start radiusd with -X flag and watch it output. -- technik :-) ICQ: 270532579 AIM: gyuriszabo Mon Jun 7 19:32:45 2004 : Info: rlm_eap_tls: Length Included Mon Jun 7 19:32:45 2004 : Error: TLS_accept:error in SSLv3 read client certificate A Mon Jun 7 19:32:45 2004 : Info: rlm_eap_tls: Received EAP-TLS ACK message Mon Jun 7 19:32:46 2004 : Info: rlm_eap_tls: Length Included Mon Jun 7 19:32:46 2004 : Info: (other): SSL negotiation finished successfully Mon Jun 7 19:32:46 2004 : Info: rlm_eap_tls: Received EAP-TLS ACK message Mon Jun 7 19:32:46 2004 : Info: rlm_eap_mschapv2: Issuing Challenge Mon Jun 7 19:32:46 2004 : Auth: Login OK: [steve/no User-Password attribute] (from client localhost port 0) Mon Jun 7 19:32:46 2004 : Auth: Login OK: [steve/no User-Password attribute] (from client 193.226.233.43 port 0 cli 00-50-FC-F2-8C-24)
problem with accounting
Hi, my name is George. I have a problem with accounting. If accounting is turn off on AP, then the radius is working. If I turn on the accounting on AP, after authentication few seconds the AP brakes the connection. I don't know why do this. Maybe I should set some attributes for the users? I'm using the MySQL database for user authorization, and accounting to. -- technik :-) ICQ: 270532579 AIM: gyuriszabo - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: problem with accounting
Hello Szab, Friday, June 4, 2004, 1:56:02 PM, you wrote: SG I have a problem with accounting. If accounting is turn off on AP, then the SG radius is working. If I turn on the accounting on AP, after authentication SG few seconds the AP brakes the connection. I don't know why do this. Maybe I SG should set some attributes for the users? SG I'm using the MySQL database for user authorization, and accounting to. What is in logs? -- Best regards, Alexandermailto:[EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: problem with accounting
Excuse me for the last mail. Here is the log file from radacct directory. Hello Szab, Friday, June 4, 2004, 1:56:02 PM, you wrote: SG I have a problem with accounting. If accounting is turn off on AP, then the SG radius is working. If I turn on the accounting on AP, after authentication SG few seconds the AP brakes the connection. I don't know why do this. Maybe I SG should set some attributes for the users? SG I'm using the MySQL database for user authorization, and accounting to. What is in logs? -- technik :-) ICQ: 270532579 AIM: gyuriszabo Thu Jun 3 18:46:10 2004 User-Name = 00300d16f0bf NAS-IP-Address = 192.168.1.4 Called-Station-Id = 00-30-0D-16-F0-BF NAS-Identifier = MMC-1500AP(H) Acct-Status-Type = Accounting-On Acct-Session-Id = 4801 Client-IP-Address = 193.226.233.43 Acct-Unique-Session-Id = 893d160ff71e755c Timestamp = 1086281170 Thu Jun 3 18:47:02 2004 User-Name = fredf NAS-IP-Address = 192.168.1.4 NAS-Port = 1 Service-Type = Framed-User Framed-IP-Address = 0.0.0.0 Framed-MTU = 1400 Called-Station-Id = 00-30-0D-16-F0-BF Calling-Station-Id = 00-50-FC-F2-8C-24 NAS-Identifier = MMC-1500AP(H) Acct-Status-Type = Start Acct-Delay-Time = 0 Acct-Input-Octets = 0 Acct-Output-Octets = 0 Acct-Session-Id = 4802 Acct-Input-Packets = 0 Acct-Output-Packets = 0 Acct-Input-Gigawords = 0 Acct-Output-Gigawords = 0 Event-Timestamp = Jun 4 2004 03:46:57 CEST NAS-Port-Type = Ethernet Connect-Info = CONNECT 10Mbps Ethernet Client-IP-Address = 193.226.233.43 Acct-Unique-Session-Id = 5033f95c272a4be2 Timestamp = 1086281222 Thu Jun 3 18:49:41 2004 User-Name = 00300d16f0bf NAS-IP-Address = 192.168.1.4 Called-Station-Id = 00-30-0D-16-F0-BF NAS-Identifier = MMC-1500AP(H) Acct-Status-Type = Accounting-On Acct-Session-Id = E801 Client-IP-Address = 193.226.233.43 Acct-Unique-Session-Id = 22f70d0dda995ce4 Timestamp = 1086281381 Thu Jun 3 18:51:32 2004 User-Name = fredf NAS-IP-Address = 192.168.1.4 NAS-Port = 1 Service-Type = Framed-User Framed-IP-Address = 0.0.0.0 Framed-MTU = 1400 Called-Station-Id = 00-30-0D-16-F0-BF Calling-Station-Id = 00-50-FC-F2-8C-24 NAS-Identifier = MMC-1500AP(H) Acct-Status-Type = Start Acct-Delay-Time = 0 Acct-Input-Octets = 0 Acct-Output-Octets = 0 Acct-Session-Id = E802 Acct-Input-Packets = 0 Acct-Output-Packets = 0 Acct-Input-Gigawords = 0 Acct-Output-Gigawords = 0 Event-Timestamp = Jun 4 2004 03:51:27 CEST NAS-Port-Type = Ethernet Connect-Info = CONNECT 10Mbps Ethernet Client-IP-Address = 193.226.233.43 Acct-Unique-Session-Id = 6be6b3e61780aa29 Timestamp = 1086281492 Thu Jun 3 18:52:10 2004 User-Name = fredf NAS-IP-Address = 192.168.1.4 NAS-Port = 1 Service-Type = Framed-User Framed-IP-Address = 0.0.0.0 Framed-MTU = 1400 Called-Station-Id = 00-30-0D-16-F0-BF Calling-Station-Id = 00-50-FC-F2-8C-24 NAS-Identifier = MMC-1500AP(H) Acct-Status-Type = Stop Acct-Input-Octets = 1750 Acct-Output-Octets = 0 Acct-Session-Id = E802 Acct-Session-Time = 37 Acct-Input-Packets = 5 Acct-Output-Packets = 0 Acct-Terminate-Cause = Supplicant-Restart Acct-Input-Gigawords = 0 Acct-Output-Gigawords = 0 Event-Timestamp = Jun 4 2004 03:52:04 CEST NAS-Port-Type = Ethernet Connect-Info = CONNECT 10Mbps Ethernet Client-IP-Address = 193.226.233.43 Acct-Unique-Session-Id = 6be6b3e61780aa29 Timestamp = 1086281530 Thu Jun 3 18:52:11 2004 User-Name = fredf NAS-IP-Address = 192.168.1.4 NAS-Port = 2 Service-Type = Framed-User Framed-IP-Address = 0.0.0.0 Framed-MTU = 1400 Called-Station-Id = 00-30-0D-16-F0-BF Calling-Station-Id = 00-50-FC-F2-8C-24 NAS-Identifier = MMC-1500AP(H) Acct-Status-Type = Start Acct-Delay-Time = 0 Acct-Input-Octets = 0 Acct-Output-Octets = 0 Acct-Session-Id = E803 Acct-Input-Packets = 0 Acct-Output-Packets = 0 Acct-Input-Gigawords = 0 Acct-Output-Gigawords = 0 Event-Timestamp = Jun 4 2004 03:52:05 CEST NAS-Port-Type = Ethernet Connect-Info = CONNECT 10Mbps Ethernet Client-IP-Address = 193.226.233.43 Acct-Unique-Session-Id = 9f2c8e1e22b17b10 Timestamp = 1086281531 Thu Jun 3 18:52:18 2004 User-Name = fredf NAS-IP-Address
