Re: NAS-Post in Netgear Accounting-Packet

2008-08-19 Thread Stefan Puch 

In the Start-Packets and Interim-Update-Packets it seems to be right.

But ALL the Stop-Packets have 0 as NAS-Port.

So, you agree that this is a bug of the Access-Point?

Thank you for your reply.

Wolfgang Burger


Hello, I've got three WG102 Access Points from Netgear. I'm using the latest 
firmware Version 4.0.27 because it should Fixed the issue that 802.1x 
Authentication does not work with machine authentication


But I can confirm that the accounting it still NOT working everytime. Looking 
into my logfiles I can see that the cases which worked fine everytime the same 
port is used.

Here are two examples, the first one worked fine, the Session-Id is always the 
same:
Wed Aug 13 20:05:14 2008
Service-Type = Framed-User
Acct-Status-Type = Start
User-Name = test1
Framed-MTU = 1488
Acct-Session-Id =1
Acct-Authentic = RADIUS
Acct-Delay-Time = 0
Called-Station-Id = 00184DC8:Network
Calling-Station-Id = 001A73XX
NAS-Identifier = APBuero
NAS-Port-Type = Wireless-802.11
Connect-Info = CONNECT 11Mbps 802.11b
NAS-IP-Address = 192.168.XX.XX
NAS-Port = 1
NAS-Port-Id = STA port # 1
Acct-Unique-Session-Id = 866e0c5655a05a0b
Timestamp = 1218650714
Request-Authenticator = Verified


Wed Aug 13 20:10:13 2008
Service-Type = Framed-User
Acct-Status-Type = Interim-Update
User-Name = test1
Framed-MTU = 1488
Acct-Session-Id =1
Acct-Authentic = RADIUS
Acct-Session-Time = 299
Acct-Delay-Time = 0
Called-Station-Id = 00184DC8:Network
Calling-Station-Id = 001A73XX
NAS-Identifier = APBuero
NAS-Port-Type = Wireless-802.11
Connect-Info = CONNECT 11Mbps 802.11b
NAS-IP-Address = 192.168.XX.XX
NAS-Port = 1
NAS-Port-Id = STA port # 1
Acct-Unique-Session-Id = 866e0c5655a05a0b
Timestamp = 1218651013
Request-Authenticator = Verified


Wed Aug 13 20:34:33 2008
Service-Type = Framed-User
Acct-Status-Type = Stop
User-Name = test1
Framed-MTU = 1488
Acct-Session-Id =1
Acct-Authentic = RADIUS
Acct-Session-Time = 1758
Acct-Terminate-Cause = User-Request
Acct-Delay-Time = 0
Called-Station-Id = 00184DC8:Network
Calling-Station-Id = 001A73XX
NAS-Identifier = APBuero
NAS-Port-Type = Wireless-802.11
Connect-Info = CONNECT 11Mbps 802.11b
NAS-IP-Address = 192.168.XX.XX
NAS-Port = 1
NAS-Port-Id = STA port # 1
Acct-Unique-Session-Id = 866e0c5655a05a0b
Timestamp = 1218652473
Request-Authenticator = Verified


But this second one from today fails with the error:

Tue Aug 19 18:11:30 2008 : Auth: Login OK: [test2 /via Auth-Type = EAP] (from 
client AP-Halle1 port 1 cli 001302BE)
Tue Aug 19 18:12:30 2008 : Error: rlm_radutmp: Logout for NAS AP-Halle1 port 0, 
but no Login record


When looking into detail log I can also see, that the Session-Id and the port 
changed and I don't know why


Tue Aug 19 18:11:30 2008
Service-Type = Framed-User
Acct-Status-Type = Start
User-Name = test2
Framed-MTU = 1488
Acct-Session-Id =6
Acct-Authentic = RADIUS
Acct-Delay-Time = 0
Called-Station-Id = :Network
Calling-Station-Id = 001302BE
NAS-Identifier = AP-Halle1
NAS-Port-Type = Wireless-802.11
Connect-Info = CONNECT 11Mbps 802.11b
NAS-IP-Address = 192.168.xx.xx
NAS-Port = 1
NAS-Port-Id = STA port # 1
Acct-Unique-Session-Id = 11f6ee9422434136
Timestamp = 1219162290
Request-Authenticator = Verified

Tue Aug 19 18:12:30 2008
Service-Type = Framed-User
Acct-Status-Type = Stop
User-Name = test2
Framed-MTU = 1488
Acct-Session-Id =6
Acct-Authentic = RADIUS
Acct-Session-Time = 60
Acct-Terminate-Cause = User-Request
Acct-Delay-Time = 0
Called-Station-Id = :Network
Calling-Station-Id = 001302BE
NAS-Identifier = AP-Halle1
NAS-Port-Type = Wireless-802.11
Connect-Info = CONNECT 11Mbps 802.11b
NAS-IP-Address = 192.168.xx.xx
NAS-Port = 0
NAS-Port-Id = STA port # 0
Acct-Unique-Session-Id = 9c44efbf7672967b
Timestamp = 1219162350
Request-Authenticator = Verified

---
Obviously the netgear access point uses port 1 on start but port 0 on stop.
Also the user is definitely NOT connected anymore but radwho shows the 
following:


# radwho -R
User-Name = test2
Acct-Session-Id =6

Re: NAS-Post in Netgear Accounting-Packet

2008-08-19 Thread Ivan Kalik 
Tue Aug 19 18:11:30 2008 : Auth: Login OK: [test2 /via Auth-Type = EAP] (from
client AP-Halle1 port 1 cli 001302BE)
Tue Aug 19 18:12:30 2008 : Error: rlm_radutmp: Logout for NAS AP-Halle1 port 0,
but no Login record

..
It's shows that the user is still connected...
Does anyone know how this is possible?


Login was on port 1. Logout on 0. Acct-Unique-Session-Id is different so
session was never closed. Fix NAS to send proper information. Or get one
that does.

Ivan Kalik
Kalik Informatika ISP

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

NAS-Post in Netgear Accounting-Packet

2008-07-01 Thread Wolfgang Burger 

Hi list,

please have a look at this Accounting-Request.
It was sent by a netgear WG102 WLAN-Access-Point:

rad_recv: Accounting-Request packet from host 192.168.1.133 port 1033, 
id=48, length=194

Service-Type = Framed-User
Acct-Status-Type = Stop
User-Name = burgerw
Framed-MTU = 1488
Acct-Session-Id =2
Acct-Authentic = RADIUS
Acct-Session-Time = 159
Acct-Terminate-Cause = User-Request
Acct-Delay-Time = 0
Called-Station-Id = 061B2F76F3B6:MPIIB-Guests
Calling-Station-Id = 0019E3D7B020
Framed-IP-Address = 192.168.20.34
NAS-Identifier = netgear3
NAS-Port-Type = Wireless-802.11
Connect-Info = CONNECT 54Mbps 802.11g
NAS-IP-Address = 192.168.1.133
NAS-Port = 0
NAS-Port-Id = STA port # 0

The output of radwho -R:
User-Name = burgerw
Acct-Session-Id =2
NAS-IP-Address = 192.168.1.133
NAS-Port = 1
Service-type = Login-User
Framed-IP-Address =
Acct-Session-Time = 359
Calling-Station-Id = 0019E3D7B020

The error:
rlm_radutmp: Logout for NAS netgear3 port 0, but no Login record


Is the Access-Point sending the wrong NAS-Port? 
If so, I would contact Netgear. I just want to confirm what`s the 
problem.


Thanks and best regards

Wolfgang Burger



Mit freundlichen Grüßen


Wolfgang Burger [EMAIL PROTECTED]

Max-Planck-Institut fuer Immunbiologie
Scientific Data Processing Unit
(+00 49) 761 / 5108 461
Stuebeweg 51
D-79108 Freiburg
Germany

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: NAS-Post in Netgear Accounting-Packet

2008-07-01 Thread Ivan Kalik 
Is the Access-Point sending the wrong NAS-Port?
If so, I would contact Netgear. I just want to confirm what`s the 
problem.


Have a look at more accounting packets. It's quite likely that AP is
sending port 0 for all of them.

Ivan Kalik
Kalik Informatika ISP

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: NAS-Post in Netgear Accounting-Packet

2008-07-01 Thread Wolfgang Burger 


Am 01.07.2008 um 11:42 schrieb Ivan Kalik:


Is the Access-Point sending the wrong NAS-Port? 


Have a look at more accounting packets. It's quite likely that AP is
sending port 0 for all of them.

Ivan Kalik
Kalik Informatika ISP

In the Start-Packets and Interim-Update-Packets it seems to be 
right.

But ALL the Stop-Packets have 0 as NAS-Port.

So, you agree that this is a bug of the Access-Point?

Thank you for your reply.

Wolfgang Burger


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html