Re: Issue with radius accounting
Hi, I am not interested in any argument, i wanted to check what may be the problem with my radius server as accounting is successful with free radius on other server. ..and as per response to emails you are sending me directly, this is nothing to do with the RADIUS server config. if a RADIUS server doesnt get accounting packets from a NAS then is an issue of the NAS - why do you believe that the NAS would send accounting packets to BOTH NASs ? a NAS will usually use just one RADIUS server and only use the next one if it gets no response (eg for auth) from the RADIUS server. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Issue with radius accounting
Arvind Bahuguni wrote: I am not interested in any argument, i wanted to check what may be the problem with my radius server as accounting is successful with free radius on other server. You were given an answer. You could have believed it, or asked a clarifying question. Instead, you argued with the answer. And then insisted you weren't arguing. You can continue to post *more* questions, just not the same ones. If you post one more message arguing about it, you will be unsubscribed and banned. If you post one more reply containing hundreds of lines of useless text, you will be unsubscribed and banned. It's really not hard. Follow instructions, and you *will* fix the problem. That's what this list is for. This list is *not* for people who refuse to follow instructions. They will be unsubscribed and banned. This is your last warning. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Issue with radius accounting
Hi Alan, I am suspecting some radius setting on my server because free radius on other server is responding and authentication and accounting is successful. On May 24, 2013 7:56 PM, freeradius-users-requ...@lists.freeradius.org wrote: Send Freeradius-Users mailing list submissions to freeradius-users@lists.freeradius.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.freeradius.org/mailman/listinfo/freeradius-users or, via email, send a message with subject or body 'help' to freeradius-users-requ...@lists.freeradius.org You can reach the person managing the list at freeradius-users-ow...@lists.freeradius.org When replying, please edit your Subject line so it is more specific than Re: Contents of Freeradius-Users digest... Today's Topics: 1. AES-GCM (Pieter Hulshoff) 2. Re: AES-GCM (Phil Mayers) 3. Re: AES-GCM (Pieter Hulshoff) 4. Re: AES-GCM (Phil Mayers) 5. Re: AES-GCM (Pieter Hulshoff) 6. Re: issue with radius accounting (Alan DeKok) 7. Re: Failure authenticate using IPv6 (Alan DeKok) 8. Re: Retrieving eDirectory VLAN attributes (Alan DeKok) -- Message: 1 Date: Fri, 24 May 2013 12:44:02 +0200 From: Pieter Hulshoff phuls...@xs4all.nl To: freeradius-users@lists.freeradius.org Subject: AES-GCM Message-ID: 2687107.xyZuJZ1fbJ@spaceballsml Content-Type: text/plain; charset=us-ascii Hello all, Does FreeRADIUS support AES-GCM in EAP-TLS? I couldn't find the term in the documentation, the wiki or the mailinglist archives, but perhaps I'm looking in the wrong place? Kind regards, Pieter Hulshoff -- Message: 2 Date: Fri, 24 May 2013 12:21:47 +0100 From: Phil Mayers p.may...@imperial.ac.uk To: freeradius-users@lists.freeradius.org Subject: Re: AES-GCM Message-ID: 519f4d4b.4080...@imperial.ac.uk Content-Type: text/plain; charset=ISO-8859-1; format=flowed On 24/05/13 11:44, Pieter Hulshoff wrote: Hello all, Does FreeRADIUS support AES-GCM in EAP-TLS? I couldn't find the term in the documentation, the wiki or the mailinglist archives, but perhaps I'm looking in the wrong place? Typically this is down the TLS libraries; it's not usually the case that the application needs to do anything. That said, EAP-TLS is typically TLS 1.0. AIUI, AEAD ciphers require TLS 1.2 - see section 4 of RFC 5288. But again, FreeRADIUS doesn't involve itself in this level of detail - that's an aspect of the TLS library (OpenSSL) we use, and whatever the EAP-TLS client is using. Note also that EAP-TLS (unlike other TLS-based EAP methods, such as PEAP or TTLS) never actually sends any data over the TLS session; essentially, it consists solely of the handshake. In TLS terms, EAP-TLS never sends any TLS records of type=23 (application data). So, the negotiated cipher is not used for very much. PEAP and TTLS have inner EAP exchanges, that are protected with the TLS session, and sent as TLS type=23 records. Slightly OT, there seems to be some degree of uncertainty about GCM in general, and whether it's a sensible cipher mode - for example, see http://www.imperialviolet.org/2013/01/13/rwc03.html -- Message: 3 Date: Fri, 24 May 2013 13:47:36 +0200 From: Pieter Hulshoff phuls...@xs4all.nl To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Subject: Re: AES-GCM Message-ID: 2024766.p6x3QSbeB1@spaceballsml Content-Type: text/plain; charset=us-ascii On Friday, May 24, 2013 12:21:47 PM Phil Mayers wrote: On 24/05/13 11:44, Pieter Hulshoff wrote: Hello all, Does FreeRADIUS support AES-GCM in EAP-TLS? I couldn't find the term in the documentation, the wiki or the mailinglist archives, but perhaps I'm looking in the wrong place? Typically this is down the TLS libraries; it's not usually the case that the application needs to do anything. It seems I have a lot to learn yet about what is and is not a part of FreeRADIUS. My apologies for pushing (slightly) OT subjects onto the mailinglist. That said, EAP-TLS is typically TLS 1.0. AIUI, AEAD ciphers require TLS 1.2 - see section 4 of RFC 5288. But again, FreeRADIUS doesn't involve itself in this level of detail - that's an aspect of the TLS library (OpenSSL) we use, and whatever the EAP-TLS client is using. I guess that if we want to use AEAD cyphers we'll need to find another TLS library or adapt/contribute to OpenSSL? Note also that EAP-TLS (unlike other TLS-based EAP methods, such as PEAP or TTLS) never actually sends any data over the TLS session; essentially, it consists solely of the handshake. In TLS terms, EAP-TLS never sends any TLS records of type=23 (application data). So, the negotiated cipher is not used for very much. The EAP-TLS Finished (type=20) are secured/signed with this negotiated cipher though
Re: Issue with radius accounting
On 2013-05-25, at 12:39 PM, Arvind Bahuguni arvind...@gmail.com wrote: Hi Alan, I am suspecting some radius setting on my server because free radius on other server is responding and authentication and accounting is successful For one, you need to edit your posts. It's ridiculous to reply to a digest message, and include hundreds of lines of irrelevant text. And if you know so much more than me about RADIUS, you shouldn't be asking questions on this list. If you're going to ask questions and then argue with the answers, you will be unsubscribed from the list and banned permanently. Alan DeKok.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Issue with radius accounting
I am not interested in any argument, i wanted to check what may be the problem with my radius server as accounting is successful with free radius on other server. On May 26, 2013 6:51 AM, freeradius-users-requ...@lists.freeradius.org wrote: Send Freeradius-Users mailing list submissions to freeradius-users@lists.freeradius.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.freeradius.org/mailman/listinfo/freeradius-users or, via email, send a message with subject or body 'help' to freeradius-users-requ...@lists.freeradius.org You can reach the person managing the list at freeradius-users-ow...@lists.freeradius.org When replying, please edit your Subject line so it is more specific than Re: Contents of Freeradius-Users digest... Today's Topics: 1. Re: Issue with radius accounting (Alan DeKok) 2. user from particular NAS-IP-Address (Pete Ashdown) 3. Re: user from particular NAS-IP-Address (Alan DeKok) 4. Error: rlm_sql_unixodbc: SQL down 08S01 [unixODBC][FreeTDS][SQL Server]Unable to connect: Adaptive Server is unavailable or does notexist (Bill Grant) 5. Re: Error: rlm_sql_unixodbc: SQL down 08S01 [unixODBC][FreeTDS][SQL Server]Unable to connect: Adaptive Server is unavailable or doesnot exist (Alan DeKok) 6. RE: Error: rlm_sql_unixodbc: SQL down 08S01 [unixODBC][FreeTDS][SQL Server]Unable to connect: Adaptive Server is unavailable or doesnot exist (Bill Grant) 7. Re: Auth-Type = Reject not being obeyed (Matthew Melbourne) -- Message: 1 Date: Sat, 25 May 2013 13:30:57 -0400 From: Alan DeKok al...@deployingradius.com To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Cc: freeradius-users@lists.freeradius.org freeradius-users@lists.freeradius.org Subject: Re: Issue with radius accounting Message-ID: b66bb339-4b2c-4608-bb8f-8c6e35f02...@deployingradius.com Content-Type: text/plain; charset=us-ascii On 2013-05-25, at 12:39 PM, Arvind Bahuguni arvind...@gmail.com wrote: Hi Alan, I am suspecting some radius setting on my server because free radius on other server is responding and authentication and accounting is successful For one, you need to edit your posts. It's ridiculous to reply to a digest message, and include hundreds of lines of irrelevant text. And if you know so much more than me about RADIUS, you shouldn't be asking questions on this list. If you're going to ask questions and then argue with the answers, you will be unsubscribed from the list and banned permanently. Alan DeKok. -- next part -- An HTML attachment was scrubbed... URL: http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130525/dc49bb28/attachment-0001.html -- Message: 2 Date: Sat, 25 May 2013 14:31:12 -0600 From: Pete Ashdown pashd...@xmission.com To: freeradius-users@lists.freeradius.org Subject: user from particular NAS-IP-Address Message-ID: 20130525203112.ga20...@xmission.com Content-Type: text/plain; charset=us-ascii I'm trying to restrict a guest user from a single NAS-IP-Address via users and I can't get it to work. Doesn't work: testNAS-IP-Address == 127.0.0.1 Auth-Type := Accept testNAS-IP-Address == 127.0.1.1 Auth-Type := Accept Works, but it isn't restricted by NAS: test Auth-Type := Accept I've also tried Calling-Station-ID == 127.0.1.1 to no avail. Also, how would I do this for a group of NAS IP addresses? Is it possible to assign them to a group in clients.conf that can be later checked against in users? Where is the documentation of what can be tested against in the users file? -- Message: 3 Date: Sat, 25 May 2013 18:23:44 -0400 From: Alan DeKok al...@deployingradius.com To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Subject: Re: user from particular NAS-IP-Address Message-ID: 51a139f0.9070...@deployingradius.com Content-Type: text/plain; charset=ISO-8859-1 Pete Ashdown wrote: I'm trying to restrict a guest user from a single NAS-IP-Address via users and I can't get it to work. Doesn't work: test NAS-IP-Address == 127.0.0.1 Auth-Type := Accept That's wrong. Why? See the debug output. It *tells* you what's wrong, and how to fix it. See man users. It *documents* the format of the users file. See the sample raddb/users file. Look for Auth-Type. There are *examples* of how to do this. Also, how would I do this for a group of NAS IP addresses? Is it possible to assign them to a group in clients.conf that can be later checked against in users? See raddb/huntgroups. You can group NASes, and check the group membership later. Where
Re: issue with radius accounting
Arvind Bahuguni wrote: Hi, Need help in resolving radius issues. My radius server is not processing accounting packets, radius server is sending access-accept but not proceeding further with accounting, it will send access-accept and start waiting for another request. This is in the FAQ. Read it. Looks like some radius server setting issues, please help me . So... the RADIUS server doesn't receive packets, and you blame it? How about blaming the system which *sends* the accounting packets? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
issue with radius accounting
Hi, Need help in resolving radius issues. My radius server is not processing accounting packets, radius server is sending access-accept but not proceeding further with accounting, it will send access-accept and start waiting for another request. Looks like some radius server setting issues, please help me . Thanks, Arvind - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Duplicate Radius Accounting
In my logs I see many entries like the following: Info: WARNING: Child is hung for request 51651 in component core module queue.3 Error: Dropping request (2049 is too many): from client myhost.mysite port 32869 - ID: 239 In the last ~10 hours, the status server reports the following for accounting: Responses0 Duplicate954442 Malformed115045 Invalid 564029 Dropped 0 Unknown 0 Radius will hang and start to time out and eventually die. It looks like the duplicate count gets extremely high very quickly. Could it be the NAS that are pointing to it? Or could it be my radius configs somehow causing this? I am not really sure how to prove it out or troubleshoot. I can increase the max requests but I don't think that is the right solution. Chris - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Duplicate Radius Accounting
Christopher Manigan wrote: In my logs I see many entries like the following: Info: WARNING: Child is hung for request 51651 in component core module queue.3 Error: Dropping request (2049 is too many): from client myhost.mysite port 32869 - ID: 239 Something is blocking the server. This is usually a slow database. In the last ~10 hours, the status server reports the following for accounting: Responses 0 Duplicate 954442 Malformed 115045 Invalid564029 That is *terrible*. Zero responses? It indicates a catastrophic failure in the system. And *malformed* packets? Something is sending NON RADIUS packets to the RADIUS port. Go fix that. And invalid packets? Something is sending non-accounting packets to the accounting port. Dropped0 Unknown0 Radius will hang and start to time out and eventually die. It looks like the duplicate count gets extremely high very quickly. Could it be the NAS that are pointing to it? Or could it be my radius configs somehow causing this? I am not really sure how to prove it out or troubleshoot. I can increase the max requests but I don't think that is the right solution. Your RADIUS system is horribly slow, and isn't finishing any requests. Go fix that. The default configuration *works*. And your NAS is broken. Something is very, very, wrong in your network. Find out what it is. Ensure that only RADIUS accounting packets go to the RADIUS accounting port. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Duplicate Radius Accounting
If you're using Mikrotik, update to the latest version... I had many problems with older versions (2.9.x) On 6.8.2012 15:19, Alan DeKok wrote: Christopher Manigan wrote: In my logs I see many entries like the following: Info: WARNING: Child is hung for request 51651 in component core module queue.3 Error: Dropping request (2049 is too many): from client myhost.mysite port 32869 - ID: 239 Something is blocking the server. This is usually a slow database. In the last ~10 hours, the status server reports the following for accounting: Responses0 Duplicate954442 Malformed115045 Invalid 564029 That is *terrible*. Zero responses? It indicates a catastrophic failure in the system. And *malformed* packets? Something is sending NON RADIUS packets to the RADIUS port. Go fix that. And invalid packets? Something is sending non-accounting packets to the accounting port. Dropped 0 Unknown 0 Radius will hang and start to time out and eventually die. It looks like the duplicate count gets extremely high very quickly. Could it be the NAS that are pointing to it? Or could it be my radius configs somehow causing this? I am not really sure how to prove it out or troubleshoot. I can increase the max requests but I don't think that is the right solution. Your RADIUS system is horribly slow, and isn't finishing any requests. Go fix that. The default configuration *works*. And your NAS is broken. Something is very, very, wrong in your network. Find out what it is. Ensure that only RADIUS accounting packets go to the RADIUS accounting port. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Duplicate Radius Accounting
The status page I was looking at for these numbers had the labels and values mismatched. There do not appear to be an malformed or invalid messages now that they are lined up. Radius has been restarted, so the numbers are all pretty low right now. I will reply again when I have some more numbers to share later today, but over the last 40 minutes I am seeing 4077 duplicates and 14566 drops for accounting, which still seems high to me. So that eliminates any malformed/invalid/zero response issues. As for the errors I see in the logs, I do not believe it to be a slow database. The database is responsive to other queries against the radius database while we experience timeouts and crashses. Do you have any suggestions on how we might troubleshoot that end of it? Chris From: freeradius-users-bounces+cmanigan=towerstream@lists.freeradius.org [freeradius-users-bounces+cmanigan=towerstream@lists.freeradius.org] on behalf of Alan DeKok [al...@deployingradius.com] Sent: Monday, August 06, 2012 9:19 AM To: FreeRadius users mailing list Subject: Re: Duplicate Radius Accounting Christopher Manigan wrote: In my logs I see many entries like the following: Info: WARNING: Child is hung for request 51651 in component core module queue.3 Error: Dropping request (2049 is too many): from client myhost.mysite port 32869 - ID: 239 Something is blocking the server. This is usually a slow database. In the last ~10 hours, the status server reports the following for accounting: Responses 0 Duplicate 954442 Malformed 115045 Invalid564029 That is *terrible*. Zero responses? It indicates a catastrophic failure in the system. And *malformed* packets? Something is sending NON RADIUS packets to the RADIUS port. Go fix that. And invalid packets? Something is sending non-accounting packets to the accounting port. Dropped0 Unknown0 Radius will hang and start to time out and eventually die. It looks like the duplicate count gets extremely high very quickly. Could it be the NAS that are pointing to it? Or could it be my radius configs somehow causing this? I am not really sure how to prove it out or troubleshoot. I can increase the max requests but I don't think that is the right solution. Your RADIUS system is horribly slow, and isn't finishing any requests. Go fix that. The default configuration *works*. And your NAS is broken. Something is very, very, wrong in your network. Find out what it is. Ensure that only RADIUS accounting packets go to the RADIUS accounting port. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Duplicate Radius Accounting
On 06/08/12 16:11, Christopher Manigan wrote: So that eliminates any malformed/invalid/zero response issues. As for the errors I see in the logs, I do not believe it to be a slow database. The database is responsive to other queries against the radius database while we experience timeouts and crashses. Unless you are querying with the same type of queries against the same tables, that doesn't mean much. SQL servers are capable of parallel operation, and read versus write queries behave different, of course. Alan's suggestion is a good one - when people report this problem it's almost always slow SQL servers. Specifically, it's usually people who are putting their accounting into SQL, but aren't maintaining the SQL table e.g. there are too few or too many indices, they're not archiving off old rows, etc. The other thing to check is the radutmp module, which is very slow when the utmp file is large, and almost always unused and/or inferior to SQL. Other things to check are LDAP queries or exec scripts. I assume you are running 2.1.12, and not an older version (which might contain bugs, but probably not ones which cause this behaviour). Do you have any suggestions on how we might troubleshoot that end of it? Either run the server in debug mode with radiusd -X and look how it is responding under load, or use standard system admin tools to determine load patterns (top, vmstat, iostat, strace, etc.) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Duplicate Radius Accounting
Christopher Manigan wrote: Do you have any suggestions on how we might troubleshoot that end of it? You've eliminated the problems I suggested. I have nothing more to suggest. Either your understanding of the problem is wrong, or the problem doesn't exist. Fix one. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Duplicating radius accounting requests
Hi, I have a requirement to duplicate the radius accounting request messages to multiple destinations. Although the requests are duplicated, there should be a single response sent to the original source of radius acc request. Is this possible with free radius server (acting as proxy) ? thanks Sunderjeet - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Duplicating radius accounting requests
On Thu, Mar 1, 2012 at 9:24 PM, Sunderjeet Singh sunde...@gmail.com wrote: Hi, I have a requirement to duplicate the radius accounting request messages to multiple destinations. Although the requests are duplicated, there should be a single response sent to the original source of radius acc request. Is this possible with free radius server (acting as proxy) ? Nope. Not directly as proxy. You could: - record the accounting in multiple detail files (use multiple instance of the detail module) - create virtual servers that reads each file and send it to the correct destination. Use sites-available/copy-acct-to-home-server as a starting point -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Duplicating radius accounting requests
Will it involve any disk operation? (Sorry I'm new to freeradius and evaluating radius proxies for my requirement) Rate I need would be about 1000+ radius messages per second. Sunderjeet Sent from BlackBerry® on Airtel -Original Message- From: Fajar A. Nugraha l...@fajar.net Sender: freeradius-users-bounces+sunderjs=gmail@lists.freeradius.org Date: Thu, 1 Mar 2012 21:29:59 To: FreeRadius users mailing listfreeradius-users@lists.freeradius.org Reply-To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Subject: Re: Duplicating radius accounting requests On Thu, Mar 1, 2012 at 9:24 PM, Sunderjeet Singh sunde...@gmail.com wrote: Hi, I have a requirement to duplicate the radius accounting request messages to multiple destinations. Although the requests are duplicated, there should be a single response sent to the original source of radius acc request. Is this possible with free radius server (acting as proxy) ? Nope. Not directly as proxy. You could: - record the accounting in multiple detail files (use multiple instance of the detail module) - create virtual servers that reads each file and send it to the correct destination. Use sites-available/copy-acct-to-home-server as a starting point -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Duplicating radius accounting requests
On Thu, Mar 1, 2012 at 9:42 PM, sunde...@gmail.com wrote: Will it involve any disk operation? (Sorry I'm new to freeradius and evaluating radius proxies for my requirement) Yes, but it shouldn't matter much. The writes and reads are AFAIK sequential. Rate I need would be about 1000+ radius messages per second. The biggest problem with that is can the home server REALLY respond that fast (with roundtrip and processing delay). You might want to look at rlm_replicate instead, which is basically copy acct packets to home servers, but don't care whether they succesfully receive/process it or not -- Fajar Sunderjeet Sent from BlackBerry® on Airtel -Original Message- From: Fajar A. Nugraha l...@fajar.net Sender: freeradius-users-bounces+sunderjs=gmail@lists.freeradius.org Date: Thu, 1 Mar 2012 21:29:59 To: FreeRadius users mailing listfreeradius-users@lists.freeradius.org Reply-To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Subject: Re: Duplicating radius accounting requests On Thu, Mar 1, 2012 at 9:24 PM, Sunderjeet Singh sunde...@gmail.com wrote: Hi, I have a requirement to duplicate the radius accounting request messages to multiple destinations. Although the requests are duplicated, there should be a single response sent to the original source of radius acc request. Is this possible with free radius server (acting as proxy) ? Nope. Not directly as proxy. You could: - record the accounting in multiple detail files (use multiple instance of the detail module) - create virtual servers that reads each file and send it to the correct destination. Use sites-available/copy-acct-to-home-server as a starting point -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Sample Radius Accounting Data
I'm trying to find some sample accounting data from freeradius, preferably in a mysql database to run some test analyses on. I'm considdering using Freeradius + Mysql accounting in my environment, and don't have the infrastructure to generate test data, and would like to analyze some to see what useful metrics I can actually extract from it. If anyone here knows of some good sample data online (my searches have turned up nothing) or is willing to provide some in the form of a sanitized mysql dump, I'd much appreciate it and I'm sure others might as well :) Thanks in advance! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Active Directory with Radius Accounting
I have setup FreeRadius to work with Active Directory for User name Authentication. My next step is going to be to start authenticating the MAC address as well. I have setup my sql database and created the required schema. I have uncommented the lines in radiusd.conf and sql.conf and sites-available/default.conf to start doing radius accounting. My access point is pointing the radius server for accounting. Would it be the acme of foolishness on my part to assume that is all I need to do for my radius server to start logging the information from my connecting clients? Joseph R. McSparin Network Administrator Hill Country Memorial Hospital 830 990 6638 phone 830 990 6623 fax jmcspa...@hillcountrymemorial.org -- This email message and any attachments are for the sole use of the intended recipient(s) and contain confidential and/or privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message and any attachments. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Active Directory with Radius Accounting
McSparin, Joe wrote: My access point is pointing the radius server for accounting. Would it be the acme of foolishness on my part to assume that is all I need to do for my radius server to start logging the information from my connecting clients? Is the NAS sending accounting packets? As always, see radiusd -X Or, raddebug. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Active Directory with Radius Accounting
=hillcountrymemorial.org@lists .freeradius.org] On Behalf Of Alan DeKok Sent: Tuesday, January 03, 2012 5:00 PM To: FreeRadius users mailing list Subject: Re: Active Directory with Radius Accounting McSparin, Joe wrote: My access point is pointing the radius server for accounting. Would it be the acme of foolishness on my part to assume that is all I need to do for my radius server to start logging the information from my connecting clients? Is the NAS sending accounting packets? As always, see radiusd -X Or, raddebug. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- This email message and any attachments are for the sole use of the intended recipient(s) and contain confidential and/or privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message and any attachments. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Active Directory with Radius Accounting
Never mind I got it the radutmp wasn't in the var/log directory Joseph R. McSparin Network Administrator Hill Country Memorial Hospital 830 990 6638 phone 830 990 6623 fax jmcspa...@hillcountrymemorial.org -Original Message- From: freeradius-users-bounces+jmcsparin=hillcountrymemorial.org@lists.freerad ius.org [mailto:freeradius-users-bounces+jmcsparin=hillcountrymemorial.org@lists .freeradius.org] On Behalf Of Alan DeKok Sent: Tuesday, January 03, 2012 5:00 PM To: FreeRadius users mailing list Subject: Re: Active Directory with Radius Accounting McSparin, Joe wrote: My access point is pointing the radius server for accounting. Would it be the acme of foolishness on my part to assume that is all I need to do for my radius server to start logging the information from my connecting clients? Is the NAS sending accounting packets? As always, see radiusd -X Or, raddebug. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- This email message and any attachments are for the sole use of the intended recipient(s) and contain confidential and/or privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message and any attachments. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
problem in opensips+radius accounting
Hello: I am doing accounting with opensips+freeradius+radiusclient-ng.Now when i make a call using X-Lite,the radius server has response,but the accounting message is not right,the attribute service-type and eap-service-typeis present in the log,I dont know what is the matter,how to set service-type?Your timely help will be greatly appreciated. Here is the response of the freeradius: Acct-Status-Type = Start User-Service-Type = IAPP-Register EAP-Key-Name = \000\000\000\310 Error-Cause = Invite Attr-55 = 0x4d33d5c7 Sip-From-Tag = 2c29a446 Sip-To-Tag = 1fb68f517efd4f6682a527d79cf5809b Acct-Session-Id = YzIxMDNjMTRlNTUxYTJiYmRkNzhkYmU4MThmZWM3OWQ. User-Name = 3901@192.168.118.39 Calling-Station-Id = sip:3901@192.168.118.39 Called-Station-Id = sip:3902@192.168.118.39 Sip-Translated-Request-URI = sip:192.168.118.41:16591 Attr-223 = 0x3c7369703a33393031403139322e3136382e3131382e34313a33323435343e NAS-Port = 5060 Acct-Delay-Time = 0 NAS-IP-Address = 192.168.118.39 The config file of opensips related to radius is as fllowed: # - acc params - /* what sepcial events should be accounted ? */ modparam(acc, early_media, 1) modparam(acc, report_ack, 1) modparam(acc, report_cancels, 1) /* by default ww do not adjust the direct of the sequential requests. if you enable this parameter, be sure the enable append_fromtag in rr module */ modparam(acc, detect_direction, 0) /* account triggers (flags) */ modparam(acc, failed_transaction_flag, 3) modparam(acc, log_flag, 1) modparam(acc, log_missed_flag, 2) /* uncomment the following lines to enable DB accounting also */ #modparam(acc, db_flag, 1) #modparam(acc, db_missed_flag, 2) modparam(acc,aaa_flag,2) modparam(acc,aaa_missed_flag,3) modparam(acc,service_type,15) #modparam(aaa_radius, radius_config, /usr/local/etc/radiusclient-ng/radiusclient.conf) modparam(acc,aaa_url,radius:/usr/local/etc/radiusclient-ng/radiusclient.conf) modparam(acc, aaa_extra,User-Name=$Au ;\ Calling-Station-Id=$from;\ Called-Station-Id=$to ;\ Sip-Translated-Request-URI=$ruri;\ Sip-RPid=$avp(s:rpid);\ Canonical-URI=$avp(s:can_uri);\ Billing-Party=$avp(s:billing_party);\ Divert-Reason=$avp(s:divert_reason);\ X-RTP-Stat=$hdr(X-RTP-Stat);\ Contact=$hdr(contact);\ Event=$hdr(event);\ SIP-Proxy-IP=$avp(s:sip_proxy_ip);\ ENUM-TLD=$avp(s:enum_tld)) The dictionary file of opensips is as followed: Attributes ### ATTRIBUTE Sip-Uri-User 208 string # Proprietary, auth_radius ATTRIBUTE Sip-Group211 string # Proprietary, group_radius ATTRIBUTE Sip-Rpid 213 string # Proprietary, auth_radius ATTRIBUTE SIP-AVP 225 string # Proprietary, avp_radius ATTRIBUTE Sip-Call-Duration227 integer ATTRIBUTE Sip-Call-Setuptime 228 integer ###lines add### ATTRIBUTE Sip-Method101 integer ATTRIBUTE Sip-Response-Code 102 integer# Schulzrinne, acc ATTRIBUTE Sip-To-Tag104 string # Schulzrinne, acc ATTRIBUTE Sip-From-Tag 105 string # Schulzrinne, acc ATTRIBUTE Sip-Translated-Request-URI107 string # Proprietary, acc ATTRIBUTE Source-IP 214 string ATTRIBUTE Source-Port 215 string ATTRIBUTE Sip-Src-IP108 string # Proprietary, acc ATTRIBUTE Sip-Src-Port 109 string # Proprietary, acc ATTRIBUTE Digest-Response 206 string # Sterman, auth_radius ATTRIBUTE Sip-Uri-User 208 string # Proprietary, auth_radius ATTRIBUTE Sip-Group 211 string # Proprietary, group_radius ATTRIBUTE Sip-Rpid 213 string # Proprietary, auth_radius ATTRIBUTE SIP-AVP 225 string # Proprietary, avp_radius ATTRIBUTE Digest-Realm 1063 string# Sterman, auth_radius ATTRIBUTE Digest-Nonce 1064 string# Sterman, auth_radius ATTRIBUTE Digest-Method 1065 string# Sterman, auth_radius ATTRIBUTE Digest-URI1066 string# Sterman, auth_radius ATTRIBUTE Digest-QOP1067 string# Sterman, auth_radius ATTRIBUTE Digest-Algorithm 1068 string# Sterman, auth_radius ATTRIBUTE Digest-Body-Digest1069 string# Sterman, auth_radius ATTRIBUTE Digest-CNonce 1070 string# Sterman,
Help: Radius Accounting Request and Message Authenticator
Hi all, I'm a ICLoS's software engineering and I'm developing a WiMax ASN. I had already develop the client authentication and authorization modules for freeradius 2.1.8, successfully (EAP-TTLS). Now I'm building the Radius Accounting module but I have a problem with the Request-Authenticator find in the message of Accounting-Request. When I send a Radius Accounting-Request, the server's log shows: Received packet from 192.168.2.130 with invalid Message-Authenticator! (Shared secret is incorrect.) Dropping packet without response. I think it's wrong to calculate HMAC-MD5 (is it exactly the same to the case of Authentication Request?). I'm studing on the RFC 2866 but I found that there are only 16 octets to zero in the Authenticator field. Where can I found further informations? Thanks in advance, Alessio Grasso - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help: Radius Accounting Request and Message Authenticator
Alessio Grasso wrote: I'm a ICLoS's software engineering and I'm developing a WiMax ASN. Well... this is the FreeRADIUS list. It's for questions about FreeRADIUS. I think it's wrong to calculate HMAC-MD5 (is it exactly the same to the case of Authentication Request?). I'm studing on the RFC 2866 but I found that there are only 16 octets to zero in the Authenticator field. Where can I found further informations? See the *other* RFCs, or read the FreeRADIUS source code. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Automatic Radius Accounting when Authenticated
Hi, Is possible in FR 2.x doing automatic accounting when client is authenticated. Thank's Teguh Kurniawan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Automatic Radius Accounting when Authenticated
Teguh Kurniawan wrote: Hi, Is possible in FR 2.x doing automatic accounting when client is authenticated. What does that mean? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Automatic Radius Accounting when Authenticated
I mean, we don't need to send Accounting Start packet, which not supported by client. On Wed, Mar 17, 2010 at 6:21 PM, Alan DeKok al...@deployingradius.com wrote: Teguh Kurniawan wrote: Hi, Is possible in FR 2.x doing automatic accounting when client is authenticated. What does that mean? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Automatic Radius Accounting when Authenticated
Teguh Kurniawan wrote: I mean, we don't need to send Accounting Start packet, which not supported by client. I have no idea what that means. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Automatic Radius Accounting when Authenticated
I'm sorry for my language. I'll try to re explain. What I mean is, radius accounting (radacct) automatic started when accepted client is authenticated. Client no need to send Accounting Start command to radius. On Thu, Mar 18, 2010 at 7:03 AM, Alan DeKok al...@deployingradius.com wrote: Teguh Kurniawan wrote: I mean, we don't need to send Accounting Start packet, which not supported by client. I have no idea what that means. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Automatic Radius Accounting when Authenticated
On Thu, Mar 18, 2010 at 7:23 AM, Teguh Kurniawan teguhkurniawanwij...@gmail.com wrote: I'm sorry for my language. I'll try to re explain. What I mean is, radius accounting (radacct) automatic started when accepted client is authenticated. Client no need to send Accounting Start command to radius. What would you need it for? There are several types of accounting request packets, some of them are Start, Interim-updates, and Stop. If you're doing traffic accounting (i.e. monitoring how much traffic a client uses) you need NAS to send them all (or at least Start-Stop). I'm guessing you want to enable traffic accounting for NAS which does not support radius accounting. You can't. -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Free Radius accounting and duplicate session entries in radacct with different output/input octets
Hey, Firstly, is the accounting part of FreeRadius used by major organisations? Due to the possibility and indeed occurrence of duplicate sessions appearing in the radacct table and other issues I've found, it doesn't seem to be all that robust a solution. I realise freeradius is just reporting what it is sent from the NAS and so is not to blame. Secondly, I've experienced duplicate accounting sessions appearing which report different input/output octets. Over the set of the data, it has happened infrequently but it is undesirable. Comparing the data inserted into the radacct table and the logs, one (or more) of the duplicate sessions will reflect the logs and one of the duplicates will show completely different input/output octets. It's worth noting that these duplicate sessions share the same AcctSessionTime, AcctSessionId, AcctUniqueId and UserName. Any ideas on what the cause of this could be? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Free Radius accounting and duplicate session entries in radacct with different output/input octets
Ade Slade wrote: Firstly, is the accounting part of FreeRadius used by major organisations? http://freeradius.org/press/survey.html If by major, you mean 10 million or more users, yes. Due to the possibility and indeed occurrence of duplicate sessions appearing in the radacct table and other issues I've found, it doesn't seem to be all that robust a solution. I realise freeradius is just reporting what it is sent from the NAS and so is not to blame. RADIUS is a robust solution if you (a) buy a reasonable NAS, and (b) understand its limitations. Secondly, I've experienced duplicate accounting sessions appearing which report different input/output octets. Over the set of the data, it has happened infrequently but it is undesirable. Comparing the data inserted into the radacct table and the logs, one (or more) of the duplicate sessions will reflect the logs and one of the duplicates will show completely different input/output octets. It's worth noting that these duplicate sessions share the same AcctSessionTime, AcctSessionId, AcctUniqueId and UserName. Any ideas on what the cause of this could be? Your NAS is broken. Buy a real NAS. *ALL* of the data in an accounting packet is generated by the NAS. If it sends two packets for the same user with the same session time, session Id, and username, BUT different input/output octets, then it's BROKEN. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Echo the radius accounting request
Hi, Thanks for your mail. I want to send the radius accounting packets to home server but the home server is not radius server. It will take that accounting packet and procees for billing and I also need the following thing in echo request username= us...@doamain.com calling-station-id= user1 username= us...@doamain.com calling-station-id= user2 Is it possible? Cheers Ganesh --- On Fri, 8/21/09, Ivan Kalik t...@kalik.net wrote: From: Ivan Kalik t...@kalik.net Subject: Re: Echo the radius accounting request To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Date: Friday, August 21, 2009, 9:32 PM RAS --- Free radius Proxy Radius 1) I want to echo the free radius accounting request with modified two radius attributes to another proxy radius server. See copy-acct-to-home-server virtual server. 2) but another radius server will not send any aknowledgement back to freeradius server. And freeradius will mark it as dead and stop sending packets to it. Why would you want to break the home server so it would stop responding? Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Echo the radius accounting request
On Mon, Aug 24, 2009 at 5:35 PM, ganesh nagpuregnagpure_m...@yahoo.com wrote: Hi, Thanks for your mail. I want to send the radius accounting packets to home server but the home server is not radius server. It will take that accounting packet and procees for billing In that case why bother proxying radius packets? Why not simply write the acct packets to a database and have your billing application read the database? and I also need the following thing in echo request username= us...@doamain.com calling-station-id= user1 username= us...@doamain.com calling-station-id= user2 should be easy from freeradius' default radacct table. -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Echo the radius accounting request
Hi, Does anyone know how to configure the following things. RAS --- Free radius Proxy Radius 1) I want to echo the free radius accounting request with modified two radius attributes to another proxy radius server. 2) but another radius server will not send any aknowledgement back to freeradius server. IS it possibe? Thanks in advance Ganehs - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Echo the radius accounting request
RAS --- Free radius Proxy Radius 1) I want to echo the free radius accounting request with modified two radius attributes to another proxy radius server. See copy-acct-to-home-server virtual server. 2) but another radius server will not send any aknowledgement back to freeradius server. And freeradius will mark it as dead and stop sending packets to it. Why would you want to break the home server so it would stop responding? Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RADIUS accounting
what's the meaning of accounting in radius aaa ? is it means measuring of consumed resources only or users' activities like executed commands for example on an ssh service is being logged ? -- Mohamed M. Hagag محمد محمود حجاج http://www.linkedin.com/in/mohamedhagag http://bintoo.sf.net/drpl/ http://mohamedhagag.wordpress.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: RADIUS accounting
On 18/7/09 18:43, Mohammed Hagag wrote: what's the meaning of accounting in radius aaa ? is it means measuring of consumed resources only or users' activities like executed commands for example on an ssh service is being logged ? http://www.ietf.org/rfc/rfc2866.txt http://en.wikipedia.org/wiki/RADIUS#Accounting -- Steven Carr Systems Development Officer SLS/ITS/Systems - (0191) 515 3953 signature.asc Description: OpenPGP digital signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: RADIUS accounting
I,m sorry but i did read the RFC and the wikipedia article, still it's not clear for me :( , i'm so sorry, if any one can clarify it for me, his is very apriticated. Thanks Best Regards. On Sat, Jul 18, 2009 at 9:27 PM, Steven Carr steven.c...@sunderland.ac.ukwrote: On 18/7/09 18:43, Mohammed Hagag wrote: what's the meaning of accounting in radius aaa ? is it means measuring of consumed resources only or users' activities like executed commands for example on an ssh service is being logged ? http://www.ietf.org/rfc/rfc2866.txt http://en.wikipedia.org/wiki/RADIUS#Accounting -- Steven Carr Systems Development Officer SLS/ITS/Systems - (0191) 515 3953 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Mohamed M. Hagag محمد محمود حجاج http://www.linkedin.com/in/mohamedhagag http://bintoo.sf.net/drpl/ http://mohamedhagag.wordpress.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Need Help on Radius - accounting respond
Hi all the FR receive the accounting request: rad_recv: Accounting-Request packet from host 172.26.0.8 port 1645, id=186, length=399 User-Name = 087301 NAS-IP-Address = 0.0.0.0 Service-Type = Dialout-Framed-User Class = 0x436c6173733d333030 Cisco-AVPair = h323-incoming-conf-id=b97aff16 c99911dd 8125d127 98296413 h323-conf-id = h323-conf-id=b97aff16 c99911dd 8125d127 98296413 h323-setup-time = h323-setup-time= 4:43:17.000 UTC Mon Dec 15 2008 h323-connect-time = h323-connect-time= 4:43:21.000 UTC Mon Dec 15 2008 h323-call-type = h323-call-type=VOIP Called-Station-Id = 087312 Calling-Station-Id = 087301 Acct-Status-Type = Start Acct-Session-Id = b97aff16 c99911dd 8125d127 98296413 Event-Timestamp = Dec 15 2008 11:43:21 ICT NAS-Port-Type = Ethernet then FR should send accounting respond : h323-credit-amount=customer balance at the time of authentication h323-return-code=0(accept)/2(reject) h323-billing-model=2 but FR send: Sending Accounting-Response of id 192 to 172.26.0.8 port 1645 can the FR do that? if yes, where should i edit if i want to send response to NAS i should add the attribute in the attrs.accounting-response : h323-credit-amount=* ANY h323-return-code=* ANY h323-billing-model=* ANY i check the attrs.accounting-reponse: # # Configuration file for the rlm_attr_filter module. # Please see rlm_attr_filter(5) manpage for more information. # # $Id$ # # This configuration file is used to remove almost all of the attributes # From an Accounting-Response message. The RFC's say that an # Accounting-Response packet can contain only a few attributes. # We enforce that here. # DEFAULT Vendor-Specific =* ANY, Message-Authenticator =* ANY, Proxy-State =* ANY, 1 more question: i read the man unlang times but cannot figure out how to use it could you give the example for specific case such as Access Reject/ update the Access Reject/Accept Thanks Ha`- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Need Help on Radius - accounting respond
Do Nguyen Ha wrote: then FR should send accounting respond : h323-credit-amount=customer balance at the time of authentication h323-return-code=0(accept)/2(reject) h323-billing-model=2 but FR send: Sending Accounting-Response of id 192 to 172.26.0.8 port 1645 can the FR do that? if yes, where should i edit Yes, it can do that. You can edit the acct_users file to add these attributes. if i want to send response to NAS i should add the attribute in the attrs.accounting-response : h323-credit-amount=* ANY h323-return-code=* ANY h323-billing-model=* ANY No. i read the man unlang times but cannot figure out how to use it could you give the example for specific case such as Access Reject/ update the Access Reject/Accept Example of what? The default configuration ships with a number of examples. See raddb/policy.conf for a few simple ones. Do you have *specific* questions about the man unlang documentation? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Manually Creating a RADIUS Accounting packet
Hello List, I have FreeRadius accepting the packet and inserting all the values - except for NAS-Port-Id - into the accounting database. Could someone perhaps point out what attribute is missing for it to log the NAS-Port-Id. php code: pack(C,$code). //Packet Type Code (=Accounting-Request) pack(C,$identifier). //Packet identifier pack(CC,$length/256,$length%256). //Packet Length pack(a*,$request_authenticator). //Request Authenticator pack(CC,40,6,0,0,0,2). //Acct-Status-Type (=Stop) pack(CC,46,6,0,0,0,1). //Acct-Session-Time (=1) pack(CCa*,44,2+strlen($session),$session). //Acct-Session-Id pack(CCa*,1,2+strlen($username),$username). //User-Name pack(CC,4,6, $nas_ip[0],$nas_ip[1],$nas_ip[2],$nas_ip[3]). //NAS-IP-Address pack(CCa*,87,2+strlen($port),$port). //NAS-Port-Id pack(CC,61,6,0,0,0,5); //NAS-Port-Type (=Virtual) -- Kind Regards Etienne Pretorius - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: gdm and radius accounting
On Sun, Apr 20, 2008 at 8:45 PM, Alan DeKok [EMAIL PROTECTED] wrote: sub wrote: what I was expecting (but I'm not an expert, it's possible that it's not a radius feature and I misunderstood it) is that the client periodically sends accounting-request packets (I'm alive!) to the server and so the server updates the sql db. It would have helped to say that. Instead, you said: it does accounting start and stop, but I want it do accounting! yes, you're right...sorry. And due to the way that PAM works, it's impossible to send alive packets. The pam_radius module is called *only* for start/stop. So it *only* sends start/stop packets. ok, instead I was trying to see if I could receive alive packets as I said. I don't want something magic but if the users enters and he has only one more minute for his daily session, he we'll be able to be logged if he doesn't logoff by hand. I don't understand that sentence. I *think* you're trying to ask if the PAM module supports Session-Timeout. And no, it doesn't, because PAM has no such capability. yes. More or less I have a radius accounting server and I hoped it was able to send pam a timeout valued for the user. The nicest thing would have been some kind of disconnect message sent by the server to the client in order to logoff the user. But I understood it's not possible. maybe I misundersood how radius accounting works... Explain what you mean using full sentences. The more explanation the better. Leaving words out means that it's difficult to understand you. Alan DeKok. - thanks a lot for your help! sub - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
gdm and radius accounting
Hello everybody, I simply and correctly setup my ubuntu linux box to use freeradius authentication; actually the problem is that I'm not able to use radius accounting. I think that I correctly setup my radius server to use sql as accounting mode but the radius server neither receives accounting packets from the client (I see it starting the server with the -XXX option). The only accounting thing that it's saving in the sql db is the post auth section that inserts a line for a correct authentication response. on the client side I only modified the pam - gdm configuration file that is #%PAM-1.0 authrequisite pam_nologin.so authsufficient pam_radius_auth.so authrequiredpam_env.so readenv=1 authrequiredpam_env.so readenv=1 envfile=/etc/default/locale @include common-auth authoptionalpam_gnome_keyring.so account requiredpam_radius_auth.so @include common-account session requiredpam_limits.so @include common-session session optionalpam_gnome_keyring.so auto_start @include common-password whitch step have I forgotten? what's wrong? thank you for your help, sub - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: gdm and radius accounting
sub wrote: Hello everybody, I simply and correctly setup my ubuntu linux box to use freeradius authentication; actually the problem is that I'm not able to use radius accounting. I think that I correctly setup my radius server to use sql as accounting mode but the radius server neither receives accounting packets from the client (I see it starting the server with the -XXX option). The only accounting thing that it's saving in the sql db is the post auth section that inserts a line for a correct authentication response. on the client side I only modified the pam - gdm configuration file that is #%PAM-1.0 authrequisite pam_nologin.so authsufficient pam_radius_auth.so authrequiredpam_env.so readenv=1 authrequiredpam_env.so readenv=1 envfile=/etc/default/locale @include common-auth authoptionalpam_gnome_keyring.so account requiredpam_radius_auth.so @include common-account session requiredpam_limits.so @include common-session session optionalpam_gnome_keyring.so auto_start @include common-password whitch step have I forgotten? what's wrong? I don't know if the pam_radius_auth module does accounting; try adding it to the session config thank you for your help, sub - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: gdm and radius accounting
On Sun, Apr 20, 2008 at 6:46 PM, Phil Mayers [EMAIL PROTECTED] wrote: I don't know if the pam_radius_auth module does accounting; try adding it to the session config I tried putting the line in the session section and it really works. the server received an accounting request of start at the user login and an accounting-request stop at logout. it's ok but what I really need is accounting because I can't wait for the user action to save informations in the db. In the page of the project (http://www.freeradius.org/pam_radius_auth/) I see This is the PAM to RADIUS authentication module. It allows any PAM-capable machine to become a RADIUS client for authentication and accounting requests. so I think that the pam_radius_auth module shoud support acconting :-p furthermore at this page we've an example of the pam configuration file. http://www.freeradius.org/pam_radius_auth/USAGE some help? sub - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: gdm and radius accounting
sub wrote: I tried putting the line in the session section and it really works. the server received an accounting request of start at the user login and an accounting-request stop at logout. So it is receiving accounting packets. That's how accounting works. it's ok but what I really need is accounting because I can't wait for the user action to save informations in the db. This sentence makes no sense. You want... some kind of accounting which is independent of user login and logout? What kind of magic accounting is that? In the page of the project (http://www.freeradius.org/pam_radius_auth/) I see This is the PAM to RADIUS authentication module. It allows any PAM-capable machine to become a RADIUS client for authentication and accounting requests. so I think that the pam_radius_auth module shoud support acconting :-p It does. You verified that it does. It sends accounting stop/start messages. That is what accounting *means*. furthermore at this page we've an example of the pam configuration file. http://www.freeradius.org/pam_radius_auth/USAGE some help? Perhaps you could explain what you mean by what I really need is accounting... and why the existing, standards-compliant accounting in the module isn't sufficient for your needs. Or maybe you're thinking of something else other than accounting? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: gdm and radius accounting
I tried putting the line in the session section and it really works. the server received an accounting request of start at the user login and an accounting-request stop at logout. it's ok but what I really need is accounting because I can't wait for the user action to save informations in the db. ??? That's how accounting works. You might try returning Acct-Interim-Interval (normal values are between 10 and 30 minutes) to see if you will get updates for longer sessions. If you are thinking of restricting sessions than have a look at Session-Timeout and Idle-Timeout attributes. Again no guarantee that pam module supports them. Ivan Kalik Kalik Informatika iSP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: gdm and radius accounting
On Sun, Apr 20, 2008 at 8:05 PM, Alan DeKok [EMAIL PROTECTED] wrote: sub wrote: it's ok but what I really need is accounting because I can't wait for the user action to save informations in the db. This sentence makes no sense. You want... some kind of accounting which is independent of user login and logout? What kind of magic accounting is that? Alan, what I was expecting (but I'm not an expert, it's possible that it's not a radius feature and I misunderstood it) is that the client periodically sends accounting-request packets (I'm alive!) to the server and so the server updates the sql db. I don't want something magic but if the users enters and he has only one more minute for his daily session, he we'll be able to be logged if he doesn't logoff by hand. (...) Or maybe you're thinking of something else other than accounting? Alan DeKok. maybe I misundersood how radius accounting works... thanks for your help, sub - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: gdm and radius accounting
sub wrote: what I was expecting (but I'm not an expert, it's possible that it's not a radius feature and I misunderstood it) is that the client periodically sends accounting-request packets (I'm alive!) to the server and so the server updates the sql db. It would have helped to say that. Instead, you said: it does accounting start and stop, but I want it do accounting! And due to the way that PAM works, it's impossible to send alive packets. The pam_radius module is called *only* for start/stop. So it *only* sends start/stop packets. I don't want something magic but if the users enters and he has only one more minute for his daily session, he we'll be able to be logged if he doesn't logoff by hand. I don't understand that sentence. I *think* you're trying to ask if the PAM module supports Session-Timeout. And no, it doesn't, because PAM has no such capability. maybe I misundersood how radius accounting works... Explain what you mean using full sentences. The more explanation the better. Leaving words out means that it's difficult to understand you. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radius accounting problem on Wintendo
Hi. Freeradius on wintendo, seems to have problem with accounting. It send the accounting data as hex values. Bay-Networks-Attr-196 = 0x73686f77206c6f672066696c65207461696c Bay-Networks-Attr-196 = 0x65786974 The strange is that this works on Linux and Sun. And the dictionary.bay doesn't contain Attr-196 nor on Linux and Windows. Any Clue ? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radius accounting problem on Wintendo
Peder Bach wrote: Freeradius on wintendo, seems to have problem with accounting. It send the accounting data as hex values. No. It's *printing* them as hex, because it doesn't know what they are. Bay-Networks-Attr-196 = 0x73686f77206c6f672066696c65207461696c Bay-Networks-Attr-196 = 0x65786974 The strange is that this works on Linux and Sun. And the dictionary.bay doesn't contain Attr-196 nor on Linux and Windows. See? It doesn't know what attribute 196 is. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Radius accounting
Hy all,
i use freeradius 1.1.3
here is my problem:
i use radiusaccounting into a mysql database.
I want to extract information out of the accounting packet and insert it
into the sql database:
My Acct-Session-Id looks like this.
Acct-Session-Id = domain\\userThu Mar 1 14:29:58 2007NC
the last field, here NC is one of this NC|WSAM|JSAM
So i put this to acct_users:
DEFAULT Acct-Session-Id =~ ^.*(NC|JSAM|WSAM).*
My-ST == `%{1}`
My-ST is defined in dictionary
ATTRIBUTE My-ST 3004string
i see that rad_xlat gives the correct value to My-ST but i cant use it in
the sql statement.
Its empty.
acct_users: Matched entry DEFAULT at line 23
radius_xlat: 'WSAM'
How can i define new Attributes? And use them in sql.conf
Thanks a lot-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Radius accounting
[EMAIL PROTECTED] wrote:
So i put this to acct_users:
DEFAULT Acct-Session-Id =~ ^.*(NC|JSAM|WSAM).*
My-ST == `%{1}`
Please read man users. You are putting the attribute in the reply
list. You are using ==, which is a comparison operator, rather than ='.
i see that rad_xlat gives the correct value to My-ST but i cant use it
in the sql statement.
Its empty.
acct_users: Matched entry DEFAULT at line 23
radius_xlat: 'WSAM'
How can i define new Attributes? And use them in sql.conf
Read doc/variables.txt
If you fix the operator to '=', you can probably reference it in the
SQL statement as %{reply:My-ST}.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Current Opensource radius accounting details parser
On Wed 11 Apr 2007, Murray Hooper wrote: Are there any open source programs that parse the accounting logs produced by freeradius? I can find a couple in Google, but they appear to have been left behind in 1999. Hi Murray I have been using some code I wrote called detail2db.pl, which is a modified version of h323detail2db.pl (which is part of FreeRADIUS) which is specific to Cisco H323 VoIP VSAs. This version pretty much uses standard radius attributes. While I have been using it in production for many years I haven't got around to releasing it because I have been planning to rewrite it in python, or in absence of that at least with a separate config file. The code is horrid, and I hardly remember how some bits of it work, but it DOES work. Anyway, for what it's worth, here it is. I guess I will stick it into FreeRADIUS cvs later today also. It does have the advantages of automatically handling detail files compressed with a number of compression formats (I auto compress my detail files from cron to save space), of handling multiple detail files at once, of deleting duplicate records when it finds them in the DB, and of being stupidly difficult to understand and modify :-D Cheers -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc detail2db.pl Description: Perl program - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Current Opensource radius accounting details parser
Are there any open source programs that parse the accounting logs produced by freeradius? I can find a couple in Google, but they appear to have been left behind in 1999. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Current Opensource radius accounting details parser
Murray Hooper wrote: Are there any open source programs that parse the accounting logs produced by freeradius? I can find a couple in Google, but they appear to have been left behind in 1999. Accounting detail file formats haven't changed in years, so they probably work fine. I recall radiusContext was quite good when I last used it, and it's written in python so should be very easy to extend. They reason you probably didn't find many is that often people push the accounting into an SQL server, either directly using rlm_sql, relayed using rlm_sql_log or via radrelay and a 2nd server, which obviously makes most of these packages redundant for parsing purposes. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radius accounting and syslog
On Mon 02 Apr 2007, Archie Holland wrote: I'm preparing to transition from NavisRadius to FreeRadius. NavisRadius allowed me to log stop/start events via syslog. Is there any _EASY_ way to emulate this behavior in FreeRadius? rlm_acctlog in cvs head... -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radius accounting and syslog
I'm preparing to transition from NavisRadius to FreeRadius. NavisRadius allowed me to log stop/start events via syslog. Is there any _EASY_ way to emulate this behavior in FreeRadius? -- = The Net That Works! Archie Hollandhttp://www.blue.net 1(270)735-3553 Bluegrass Network LLC 1(270)765-6361, ext6220 Senior Systems Administrator Fax: 1(270)737-0580 = The AdminBlue Team = Archie Holland Mitzi ReynoldsDouglas Lamb Tommy ChismCheryl Ruckriegel Keith Corbin = mailto:[EMAIL PROTECTED] == - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radius accounting and syslog
Archie Holland wrote: I'm preparing to transition from NavisRadius to FreeRadius. NavisRadius allowed me to log stop/start events via syslog. Is there any _EASY_ way to emulate this behavior in FreeRadius? Run a Perl script, and have it write to syslog. There is a syslog module for the server on bugs.freeradius.org, but last time I looked at it, I decided not to add it in... Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Alvarion issue with radius accounting in Free Radius server
Hello,I am writing to see if anyone on the list is using Alarion breezeAcess radios with free radius for accounting? If can you give me a helping hand, I am trying to get freeradius to understand what the radios is sending and have it mapped the attributes to the right sql fields. I can send some debug data if needed . We are in Russia working on a project for schools kids and the orphanges and we need ot account trafice with our network of Alvarion radios -- Robert Dukes - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Capturing the inner authentication ID for Radius accounting
I have been looking for a way to maintain accurate wireless access and usage
information for security auditing purposes. The problem I have is that
wireless network users may choose to provide an alternative identity by
providing an outer identity in the supplicant software. Although the user
still need a legitimate user id/password to pass the EAP TTLS
authentication. So far I could not find a standard way to track the user
identity via Radius accounting records. I do manage to configure the
FreeRadius to send the inner authentication user ID to the Cisco Aironet
Access point (IOS 12.3(7)JA) using the Radius attribute Class (ID 25).
For example, in my users file, the following is configured for guest access:
DEFAULT Hint == guest
Auth-Type = sql,
Class = %{User-Name},
Session-Timeout = 3600,
Fall-Through = No
The actual user id used in the EAP-TTLS authentication is passed to the
Cisco Aironet AP via the Class attribute. I have observed that both the
Radius start and stop records sent by the Cisco Aironet AP contained the
Class attribute with the actual user's ID. The reason I chose the Class
attribute is that it is the only attribute honored by the Aironet AP in
Access-Accept message and also included in the radius accounting send by the
Aironet AP according to the Cisco IOS Software Config Guide for Aironet APs.
Although it seems to work for me, I am not sure about the use of attribute
Class for tracking user ID would interfere with other operation (like the
one attribute Class was originally designed for)?
Also, the attribute Class is of type Octet. Does anyone know of a way to
convert it to text in SQL? I would like to convert it to text before
writing it into the mySQL database, preferably by way of the
accounting_xx_query in the sql.conf file.
Thanks
Cedric
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Capturing the inner authentication ID for Radius accounting
CHui [EMAIL PROTECTED] wrote: Although it seems to work for me, I am not sure about the use of attribute Class for tracking user ID would interfere with other operation (like the one attribute Class was originally designed for)? It was designed for local sites to do whatever they wanted. So you're doing the right thing. Also, the attribute Class is of type Octet. Does anyone know of a way to convert it to text in SQL? Edit the dictionary, and change octets to string. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Radius accounting file scanning and upload to database
Actually I was told by the development of such thing ( ie decoupled SQL logging ) in the radius server some time ago, that is a good thing but I am currently using my own relay logging and it is already very stable and very fast ( using bulk insert ), it just suffers the limitation that it is one day late, and thus I have these questions :- The radius server method, I believe is also based on scanning a directory of files, how does it handle files which are still growing ( ie unfinished files ) ? Or it is assuming that the files have been completed ( ie there are no files which are still active ! ) ? Cheers - Original Message - From: Alan DeKok [EMAIL PROTECTED] To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Sent: Saturday, December 24, 2005 1:38 AM Subject: Re: Radius accounting file scanning and upload to database Ming-Ching Tiew [EMAIL PROTECTED] wrote: I am logging to MSSQL and I have tried in the past to do it directly, I find that the stability is POOR and reliability is NOT ACCEPTABLE. For example, the sql driver does not reconnect upon failure. I tried fixing it myself but I also faced other weird problems which are difficult to troubleshoot. See rlm_sql_log in the 1.1.0-pre0 image. It should help. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Radius accounting file scanning and upload to database
Ming-Ching Tiew [EMAIL PROTECTED] wrote: The radius server method, I believe is also based on scanning a directory No. of files, how does it handle files which are still growing ( ie unfinished files ) ? Or it is assuming that the files have been completed ( ie there are no files which are still active ! ) ? No. The server radsqlrelay program co-operate with locking to ensure that growing files are handled. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Radius accounting file scanning and upload to database
From: Lewis Bergman [EMAIL PROTECTED] This is probably a stupid question but whay not log the accounting directly to the sql via the sql module? Reasons :- I am logging to MSSQL and I have tried in the past to do it directly, I find that the stability is POOR and reliability is NOT ACCEPTABLE. For example, the sql driver does not reconnect upon failure. I tried fixing it myself but I also faced other weird problems which are difficult to troubleshoot. Also per record logging is way too slow to cope with the speed I am looking for. I am in fact using the TDS BULK INSERT mechanism for insertion. It is much much faster than per record logging. All in all, I find that logging to database via radius server directly is a bad design, more so for a heavy radius server with lots of traffic, and worse if it is across the network (WAN!) , due to network instablity, database server load conditions etc etc etc. Cheers - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Radius accounting file scanning and upload to database
Ming-Ching Tiew [EMAIL PROTECTED] wrote: I am logging to MSSQL and I have tried in the past to do it directly, I find that the stability is POOR and reliability is NOT ACCEPTABLE. For example, the sql driver does not reconnect upon failure. I tried fixing it myself but I also faced other weird problems which are difficult to troubleshoot. See rlm_sql_log in the 1.1.0-pre0 image. It should help. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Radius accounting file scanning and upload to database
Ming-Ching Tiew wrote: I have implemented a file scanning mechanism to scan the radius accounting detail file and subsequently upload to database server but at the time of scanning, I detect the presence of a yesterday file ( ie a completed file). This will mean that my accounting record inside the database is one day late. Now I understand there is a way to instruct radius server to change the file name hourly, so theoretically I should be able to scan the presence of last hour completed file, and then upload to database server. However, assumming the scanning, processing, and subsequent uploading to database server is very slow, it could mean that from the start of one scan to the next scan, if more than one hour has passed, I would have missed one of the last hour file. Anyone has a better idea of how to process an hourly file more gracefully ? This is probably a stupid question but whay not log the accounting directly to the sql via the sql module? -- Lewis Bergman Texas Communications 4309 Maple St. Abilene, TX 79602-8044 Off. 325-691-1301 Cell 325-439-0533 fax 325-695-6841 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Radius accounting file scanning and upload to database
I have implemented a file scanning mechanism to scan the radius accounting detail file and subsequently upload to database server but at the time of scanning, I detect the presence of a yesterday file ( ie a completed file). This will mean that my accounting record inside the database is one day late. Now I understand there is a way to instruct radius server to change the file name hourly, so theoretically I should be able to scan the presence of last hour completed file, and then upload to database server. However, assumming the scanning, processing, and subsequent uploading to database server is very slow, it could mean that from the start of one scan to the next scan, if more than one hour has passed, I would have missed one of the last hour file. Anyone has a better idea of how to process an hourly file more gracefully ? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: RADIUS Accounting
It should be sent everytime they connect/disconnect. Don't think you can change it David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bernell Williams Sent: 09 December 2005 04:16 To: FreeRadius users mailing list Subject: Re: RADIUS Accounting Madhuraka Godahewa wrote: Hi All, I have installed freeRADIUS 1.0.5 recently and configured it. It works perfectly for authenticating users connecting through WLAN AP. I have a little problem with RADIUS accounting. I understand that the accounting requests should be sent by the NAS to the RADIUS server. My problem is how can we set the frequency of sending these accounting requests. That is how often the NAS will send accounting requests to the RADIUS server? Can we configure that setting (frequency of sending the accounting requests) through freeRADIUS conf files or do we need to configure it throough the configuration interface of the NAS? Thanking You., Madhuraka Godahewa Telecommunications Engineer Research and Development Unit Electroteks Global Networks (Pvt.) Ltd. Mobile: + 94-777-647055 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html I use freeradius MySQL. I am able to set frequency of acct update by setting attribute Acct-Interim-Interval in rad[group]reply table to number of seconds between updates. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RADIUS Accounting
Hi All, I have installed freeRADIUS 1.0.5 recently and configured it. It works perfectly for authenticating users connecting through WLAN AP. I have a little problem with RADIUS accounting. I understand that the accounting requests should be sent by the NAS to the RADIUS server. My problem is how can we set the frequency of sending these accounting requests. That is how often the NAS will send accounting requests to the RADIUS server? Can we configure that setting (frequency of sending the accounting requests) through freeRADIUS conf files or do we need to configure it throough the configuration interface of the NAS? Thanking You., Madhuraka Godahewa Telecommunications Engineer Research and Development Unit Electroteks Global Networks (Pvt.) Ltd. Mobile: + 94-777-647055 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: RADIUS Accounting
Madhuraka Godahewa wrote: Hi All, I have installed freeRADIUS 1.0.5 recently and configured it. It works perfectly for authenticating users connecting through WLAN AP. I have a little problem with RADIUS accounting. I understand that the accounting requests should be sent by the NAS to the RADIUS server. My problem is how can we set the frequency of sending these accounting requests. That is how often the NAS will send accounting requests to the RADIUS server? Can we configure that setting (frequency of sending the accounting requests) through freeRADIUS conf files or do we need to configure it throough the configuration interface of the NAS? Thanking You., Madhuraka Godahewa Telecommunications Engineer Research and Development Unit Electroteks Global Networks (Pvt.) Ltd. Mobile: + 94-777-647055 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html I use freeradius MySQL. I am able to set frequency of acct update by setting attribute Acct-Interim-Interval in rad[group]reply table to number of seconds between updates. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Can I add extra fields to the radius accounting database?
Miguel Angel Quiles wrote:
I've got freeradius 1.0.2 on a SUSE 9.3. I was thinking if I
could add a new field to the radius accounting. I'm using mysql.
I already added the field to the radacct table in the radius
database. And I've tried to modify the sql.conf file in the raddb
directory. When I restart the service the freeradius won't start
because off an error.
Posting the error messages would help a lot.
I've created the field TunnelType, and I added the values in the
different queries, such as:
accounting_update_query_alt = INSERT into ${acct_table1} (AcctSessionId,
AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType,
AcctStartTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start,
AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId,
ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, TunnelType)
values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',
'%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',
'%{NAS-Port-Type}', DATE_SUB('%S',INTERVAL (%{Acct-Session-Time:-0} +
%{Acct-Delay-Time:-0}) SECOND), '%{Acct-Session-Time}', '%{Acct-Authentic}',
'', '%{Acct-Input-Octets}', '%{Acct-Output-Octets}', '%{Called-Station-Id}',
'%{Calling-Station-Id}', '%{Service-Type}', '%{Framed-Protocol}',
'%{Framed-IP-Address}', '0', '%{Tunnel-Type:0}')
^^
Did you try %{Tunnel-Type} ? (without the digit for the tag)
--
Nicolas Baradakis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Can I add extra fields to the radius accounting database?
Thanks Nicolas,
I've changed %{Tunnel-Type}, I also had another mistake. I changed
everything and it works perfect.
Thanks.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Radius accounting problem for SER
Hi,
I'm new to freeradius and SER, hence I'm having some problem in
accounting calls from my sip phone. My configuration file (ser.cfg) for
my SER is as follows, and currently the radius accounting module is used
to keep track of start and stop times for VoIP calls made.
The accounting log details that I'm getting from freeradius is as
follows - note that I do not get any start or stop auth-type!
Please help as this is quite urgent :-)
Regards,
YY
ACCOUNTING DETAILS
-
Thu Apr 7 16:53:19 2005
Acct-Status-Type = Failed --Why ?
Service-Type = Sip-Session
Sip-Response-Code = 0
Sip-Method = 1
User-Name = [EMAIL PROTECTED]
Calling-Station-Id = sip:[EMAIL PROTECTED]
Called-Station-Id = sip:[EMAIL PROTECTED]
Sip-Translated-Req-ID = sip:[EMAIL PROTECTED]
Acct-Session-Id = [EMAIL PROTECTED]
Sip-To-Tag = n/a
Sip-From-Tag = 000ded22eeb2008b35455873-1507a868
Sip-Cseq = 101
NAS-IP-Address = 192.168.1.2
NAS-Port = 5060
Acct-Delay-Time = 0
Client-IP-Address = 127.0.0.1
Acct-Unique-Session-Id = 1a95db24d20f72a1
Realm = orion.lab.test.com.au
Timestamp = 1112863999
Thu Apr 7 17:39:44 2005
Acct-Status-Type = Failed - Why ?
Service-Type = Sip-Session
Sip-Response-Code = 0
Sip-Method = 1
User-Name = [EMAIL PROTECTED]
Calling-Station-Id = sip:[EMAIL PROTECTED]
Called-Station-Id = sip:[EMAIL PROTECTED]
Sip-Translated-Req-ID = sip:[EMAIL PROTECTED]
Acct-Session-Id = [EMAIL PROTECTED]
Sip-To-Tag = n/a
Sip-From-Tag = 000ded22eeb2008c4a24089e-7fba04fa
Sip-Cseq = 101
NAS-IP-Address = 192.168.1.2
NAS-Port = 5060
Acct-Delay-Time = 0
Client-IP-Address = 127.0.0.1
Acct-Unique-Session-Id = fa9197df9e254d17
Realm = orion.lab.test.com.au
Timestamp = 1112866784
SER.CFG
---
#
# simple quick-start config script
#
# --- global configuration parameters
# Uncomment these lines to enter debugging mode
debug=7
fork=yes
listen=192.168.1.2
# replies should include extensive warnings
sip_warning=yes
# locally generated messages should include server's signature
server_signature=yes
log_stderror=yes
check_via=no# (cmd. line: -v)
dns=no # (cmd. line: -r)
rev_dns=no # (cmd. line: -R)
fifo=/tmp/ser_fifo
# -- module loading --
# Uncomment this if you want to use SQL database
loadmodule /usr/local/lib/ser/modules/mysql.so
loadmodule /usr/local/lib/ser/modules/sl.so
loadmodule /usr/local/lib/ser/modules/tm.so
loadmodule /usr/local/lib/ser/modules/rr.so
loadmodule /usr/local/lib/ser/modules/maxfwd.so
loadmodule /usr/local/lib/ser/modules/usrloc.so
loadmodule /usr/local/lib/ser/modules/registrar.so
loadmodule /usr/local/lib/ser/modules/exec.so
loadmodule /usr/local/lib/ser/modules/uri.so
loadmodule /usr/local/lib/ser/modules/textops.so
# RADIUS support
loadmodule /usr/local/lib/ser/modules/acc.so
# Uncomment this if you want digest authentication
# mysql.so must be loaded !
loadmodule /usr/local/lib/ser/modules/auth.so
loadmodule /usr/local/lib/ser/modules/auth_radius.so
# - setting module-specific parameters ---
# -- usrloc params --
# Uncomment this if you want to use SQL database
# for persistent storage and comment the previous line
modparam(usrloc, db_mode, 2)
# -- rr params --
# add value to ;lr param to make some broken UAs happy
modparam(rr, enable_full_lr, 1)
# -- acc params --
modparam(acc, radius_config,
/usr/local/etc/radiusclient/radiusclient.conf)
modparam(acc, radius_missed_flag, 2)
modparam(acc, radius_flag, 1)
# -- auth_radius params --
modparam(auth_radius, radius_config,
/usr/local/etc/radiusclient/radiusclient.conf)
# - request routing logic ---
# main routing logic
route{
# initial sanity checks -- messages with
# max_forwards==0, or excessively long requests
if (!mf_process_maxfwd_header(10)) {
log(1,LOG: Too many hops);
sl_send_reply(483,Too Many Hops);
break;
};
if ( msg:len max_len ) {
log(1,LOG: Message too big);
sl_send_reply(513, Message too big);
break;
};
# loose-route processing
if(loose_route()){
t_relay();
break;
};
if(uri==myself){
# All REGISTER attempts are processed and must always be
authenticated
if (method==REGISTER){
if (!radius_www_authorize()) {
www_challenge(, 0);
break;
};
save(location);
break;
};
# destinations routed through gateway
if(uri=~^sip:[0-9]{5,[EMAIL PROTECTED]){
route(1
Re: Radius accounting problem for SER
yy [EMAIL PROTECTED] wrote: I'm new to freeradius and SER, hence I'm having some problem in accounting calls from my sip phone. My configuration file (ser.cfg) for my SER is as follows, Please ask SER questions on the SER list. This is the FreeRADIUS list. The accounting log details that I'm getting from freeradius is as follows - note that I do not get any start or stop auth-type! That makes no sense. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
empty AcctTerminateCause in Radius Accounting
Hi, I am currently using the Radius Server for Accounting purposes from Quintum DX 2030 Media Gateway, Everything is working fine, however, i have a small problem. Whenever a session terminates with a zero duration, The AcctTerminateCause field in RadAcct Table is always empty for that particular session. The SQL Trace shows the AcctTerminateCause as ''. However, the logs in radacct directory under /var/log/radius shows the account termination cause. Which means that Radius is recieving this field but not writing it to the database (in my case MySQL). Do i need some special configuration to do this ? or is it an undocumented feature of FreeRadius. Your help is highly appreciated. regards, A. A. Mughal __ Do you Yahoo!? Yahoo! Mail - Easier than ever with enhanced search. Learn more. http://info.mail.yahoo.com/mail_250 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: empty AcctTerminateCause in Radius Accounting
guys i fixed the problem myself, just needed to chnage the Acct-Terminate-Cause variable in sql.conf to 'Quintum-h323-disconnect-cause' according the radius accounting logs. __ Do you Yahoo!? Take Yahoo! Mail with you! Get it on your mobile phone. http://mobile.yahoo.com/maildemo - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Scripts for RaDius Accounting packet for billing purposes
Hi. I use RH8 for my FR server. I already connected FR authentication with mysql. It seems that it is OK when I use py-radius to get user authentication from the content of the Mysql db that i created. now I want to try FR accounting where it should be recorded in radacct table in mysql. I try NTradping for Windows mechine as a client. It's seems working. But where can i find a script that generates accounting packets with the attributes that suites the table? Is there anyone who had develop some kind of scripts for accountig purposes maybe? __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radius accounting for gnugk
Hello,
I'm running freeradius 0.9.3, using pgsql-voip.conf for recording
accounting records. Have no problem using it with either Cisco or
Quintum gateways, but when gnugk trys to send accounting records, I'm
getting the following.
Couldn't update SQL accounting STOP record - ERROR: invalid input
syntax for type timestamp with time zone: CONTEXT: PL/pgSQL function
strip_dot while casting return value to function's return type
A check with sql trace shows following.. as you can see, some datas are
missing such as h323-call-type, h323-call-origin, h323-conf-id...
basically any of the Cisco VSA attributes. However, I do have
with_cisco_vsa_hack turned on, and the setup does work with Cisco and
Quintum which both uses Cisco VSA.
INSERT into Stop(RadiusServerName, UserName,
NASIPAddress, AcctTime,AcctSessionTime, AcctInputOctets,
AcctOutputOctets, CalledStationId, CallingStationId,
AcctDelayTime, H323RemoteAddress, CiscoNASPort, h323callorigin,
h323confid, h323connecttime, h323disconnectcause,
h323disconnecttime, h323gwid, h323setuptime)
values('myservername', 'test', '192.168.0.100', now(),
'10', '0', '0', '8186811', 'test', '0',
NULLIF('', '')::inet, '', '', '', strip_dot(''),
'', strip_dot(''), '', strip_dot(''));
The detail file shows the following.
Tue Nov 23 23:27:11 2004
Acct-Status-Type = Stop
NAS-IP-Address = 192.168.0.100
NAS-Identifier = PPIGK002
NAS-Port-Type = Virtual
Service-Type = Login-User
Acct-Session-Id = 41a437810001
User-Name = test
Framed-IP-Address = 192.168.1.26
Acct-Session-Time = 0
Calling-Station-Id = test
Called-Station-Id = 8186811
h323-gw-id = PPIGK002
h323-conf-id = 7BA3CDEF 3220EF44 87036791 99198BF
h323-call-origin = proxy
h323-call-type = VoIP
h323-setup-time = 23:26:57.000 PST Tue Nov 23 2004
h323-disconnect-time = 23:27:05.000 PST Tue Nov 23 2004
h323-disconnect-cause = 29
h323-remote-address = 192.168.1.26
Acct-Delay-Time = 0
Client-IP-Address = 127.0.0.1
Acct-Unique-Session-Id = d993e611037d8547
Timestamp = 1101281231
I'm not sure if I just need to add something to the dictionary file or
if it's something that needs to be configured.
Thanks,
Robin
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Radius accounting on VOIP
I am new to freeradius, so hope some one on this list can guide me in the right direction. I am going to set up a Freeradius server witch collect accounting from the VOIP system based on a cisco 5300 box as NAS, but what sould i change in freeradius for this to work ? Do i have to put in a new dictionary ? and where do i get this Can i log those voip accounting to mysql database or is only possible to log to pgsql ? Regards Per Jørgensen - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Radius accounting issue
I cannot get Radius accounting to work. I am running Freeradius 0.9.3 on Solaris 9. Authentication works fine. When I start radius in debug mode I see processing the config file with no errors and listening on the proper ports that I have set in the /etc/services file. /etc/services excerpt radius 1645/udpradius #radius radius-acct 1646/udpradius-acct #radius accounting radius-proxy1649/udpradius-proxy#radius proxy radiusd.conf excerpt Listening on IP address *, ports 1645/udp and 1646/udp, with proxy on 1647/udp. Ready to process requests. Then I see the following: rad_recv: Accounting-Request packet from host 192.168.1.14:1027, id=176, length=210 Ignoring request from unknown home server 192.168.1.14:1027 --- Walking the entire request list --- Nothing to do. Sleeping until we see a request. rad_recv: Accounting-Request packet from host 192.168.1.14:1027, id=177, length=241 Ignoring request from unknown home server 192.168.1.14:1027 --- Walking the entire request list --- Nothing to do. Sleeping until we see a request. rad_recv: Accounting-Request packet from host 192.168.1.14:1027, id=178, length=239 Ignoring request from unknown home server 192.168.1.14:1027 --- Walking the entire request list --- Nothing to do. Sleeping until we see a request. rad_recv: Accounting-Request packet from host 192.168.1.14:1027, id=179, length=211 Ignoring request from unknown home server 192.168.1.14:1027 What do I need to do to get accounting to start working? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Radius accounting issue
Russell Premont [EMAIL PROTECTED] wrote: Then I see the following: rad_recv: Accounting-Request packet from host 192.168.1.14:1027, id=176, length=210 Ignoring request from unknown home server 192.168.1.14:1027 Why do you have the client sending packets to port 1027? The debug log of the server, and /etc/services, shows that accounting packets should be sent to port 1646. What do I need to do to get accounting to start working? What RADIUS client are you using? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Radius Accounting with Checkpoint Firewalls..
Hi all.. Has anyone had any experience with getting accounting working, from a checkpoint firewall ( secureplatform ).. Authentications works fine.. It seems that the fw, doesnt send any accounting information.
Re: radius accounting
Maybe the RFCs would be a good place to start? Start with 2865 and 2866 --- On Saturday 04 September 2004 04:13, jassim El-mansori wrote: hello I'm using NTRadping as test utility and it works like a charm I'm wondering guys about why radius sends the accounting * Accounting-response unlike the when doing authentication it sends * Access-Accept what does it mean i cant get it really is just an initial response and there is another action has to come afterward any advice thank vary much indeed ___ Do you Yahoo!? Win 1 of 4,000 free domain names from Yahoo! Enter now. http://promotions.yahoo.com/goldrush - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radius accounting
Try with the accounting RFC http://www.freeradius.org/rfc/rfc2866.html You also have the related RFCs http://www.freeradius.org/rfc/ Greetings, Rodrigo On Friday 03 September 2004 23:13, jassim El-mansori wrote: hello I'm using NTRadping as test utility and it works like a charm I'm wondering guys about why radius sends the accounting * Accounting-response unlike the when doing authentication it sends * Access-Accept what does it mean i cant get it really is just an initial response and there is another action has to come afterward any advice thank vary much indeed ___ Do you Yahoo!? Win 1 of 4,000 free domain names from Yahoo! Enter now. http://promotions.yahoo.com/goldrush - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radius accounting
hello I'm using NTRadping as test utility and it works like a charm I'm wondering guys about why radius sends the accounting * Accounting-response unlike the when doing authentication it sends * Access-Accept what does it mean i cant get it really is just an initial response and there is another action has to come afterward any advice thank vary much indeed ___ Do you Yahoo!? Win 1 of 4,000 free domain names from Yahoo! Enter now. http://promotions.yahoo.com/goldrush - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: problems with radius accounting when using mysql
Anson Rinesmith wrote:
Run radius in debug mode (radiusd -X) and see if you can figure out what is
happening.
-Original Message-
From: [EMAIL PROTECTED] [mailto:freeradius-
[EMAIL PROTECTED] On Behalf Of Maqbool Hashim
Sent: Wednesday, June 30, 2004 11:24 AM
To: [EMAIL PROTECTED]
Subject: problems with radius accounting when using mysql
Hi,
I have radius set up to get authentication information from a mysql
database. I want it to log accounting information to the radacct table
in my
mysql database. I have set up the accounting section in my radiusd.conf
file as follows:
accounting {
acct_unique
detail
unix
sql
radutmp
}
However radius is still logging accounting information to the files and
I can't see anything in the radacct table in my database. (I have
rebooted the radius server).
Am I missing a crucial setting here?
Regards,
Maqbool
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Thanks, I had another look at the debug messages from the radiusd
server, I can't see anything that illuminating in there. I see the sql
module being loaded:
Module: Loaded SQL
.
.
.
.
sql: accounting_update_query = UPDATE radacct SET FramedIPAddress =
'%{Framed-IP-Address}' WHERE AcctSessionId =
'%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress=
'%{NAS-IP-Address}' AND AcctStopTime = 0
sql: accounting_update_query_alt =
Thats the sql query that should get executed when the accounting section
is processed. However when there is an authentication request from a
NAS, I only see sql queries and connections to the mysql server during
the authorize section:
modcall[authorize]: module suffix returns noop for request 1
radius_xlat: 'ben'
rlm_sql (sql): sql_set_user escaped user -- 'ben'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE
Username = 'ben' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 3
rlm_sql_mysql: query: SELECT id,UserName,Attribute,Value,op FROM
radcheck WHERE Username = 'ben' ORDER BY id
:
:
:
But I don't see anything like modcall[accounting] and an sql query.
Should I be? And if I'm not what setting have I missed? The accounting
section in radiusd.conf looks as I gave above.
Regards,
Maqbool
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
problems with radius accounting when using mysql
Hi,
I have radius set up to get authentication information from a mysql
database. I want it to log accounting information to the radacct table
in my
mysql database. I have set up the accounting section in my radiusd.conf
file as follows:
accounting {
acct_unique
detail
unix
sql
radutmp
}
However radius is still logging accounting information to the files and
I can't see anything in the radacct table in my database. (I have
rebooted the radius server).
Am I missing a crucial setting here?
Regards,
Maqbool
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: problems with radius accounting when using mysql
Run radius in debug mode (radiusd -X) and see if you can figure out what is
happening.
-Original Message-
From: [EMAIL PROTECTED] [mailto:freeradius-
[EMAIL PROTECTED] On Behalf Of Maqbool Hashim
Sent: Wednesday, June 30, 2004 11:24 AM
To: [EMAIL PROTECTED]
Subject: problems with radius accounting when using mysql
Hi,
I have radius set up to get authentication information from a mysql
database. I want it to log accounting information to the radacct table
in my
mysql database. I have set up the accounting section in my radiusd.conf
file as follows:
accounting {
acct_unique
detail
unix
sql
radutmp
}
However radius is still logging accounting information to the files and
I can't see anything in the radacct table in my database. (I have
rebooted the radius server).
Am I missing a crucial setting here?
Regards,
Maqbool
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Using MYSQL 5.0 Stored Procedure for RADIUS Accounting queries
Hi All, I need to fire number of SQL statements (mainly Update/INSERT) after Radius Server receives ACCOUNTING_STOP, ACCOUNTING_START packets. I looked into sql.conf and can't make out a way to add N no. of queries at receipt of packets. Is it possible to use MYSQL 5.0 stored procedure feature for SQL stmts defined in sql.conf? If Yes ...Could U be kind enough to add an example about it? Thanks in Advance, Sagar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Radius Accounting
RE: [Fwd: RE: Radius Accounting]
In radacct table, radius write start,stop time,upload,download data rate,and amount of time that userlogin in a certain session. This is done automatically by radius, and these data is sent to radius by router. You can use sql query to sum the customer usage. You can use phpPgAdmin to view your database (if you use postgresql) or phpMyAdmin (for MySQL) Have fun. Manh Cuong. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 18, 2004 3:44 PM To: [EMAIL PROTECTED] Subject: [Fwd: RE: Radius Accounting] Hi Truong, I am really appreciated you can reply me. I am a beginer in radius. I still have some questions regarding the radius, as I start doing the radius login authentication and usage metter. If possible, could you please replay to me. Do you know how radius record customer usage in radacct table. When some one login to radius network, is download usage automatically recorded in this radacct table? Thanks for your reply. Regards, Raymond - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Radius Accounting
Well the attributes mentioned AcctInputOctets AcctOutputOctets can have upto 2GByte info, beyond that new attributes are introduced that ill store the GigaBytes information. Now how to get these new attributes into the database ? Regards Ayman Alashquar -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Truong Manh Cuong Sent: 18/02/2004 09:26 To: [EMAIL PROTECTED] Subject: RE: Radius Accounting Hi, AcctInputOctets bigint(12) default NULL, AcctOutputOctets bigint(12) default NULL, Is download and upload rate . Have fun. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, February 18, 2004 12:09 PM To: [EMAIL PROTECTED] Subject: Radius Accounting I am beginer of radius. How does radius record user download usage. In radius accounting table, which field does record user download usage. CREATE TABLE radacct ( RadAcctId bigint(21) NOT NULL auto_increment, AcctSessionId varchar(32) NOT NULL default '', AcctUniqueId varchar(32) NOT NULL default '', UserName varchar(64) NOT NULL default '', Realm varchar(64) default '', NASIPAddress varchar(15) NOT NULL default '', NASPortId int(12) default NULL, NASPortType varchar(32) default NULL, AcctStartTime datetime NOT NULL default '-00-00 00:00:00', AcctStopTime datetime NOT NULL default '-00-00 00:00:00', AcctSessionTime int(12) default NULL, AcctAuthentic varchar(32) default NULL, ConnectInfo_start varchar(32) default NULL, ConnectInfo_stop varchar(32) default NULL, AcctInputOctets bigint(12) default NULL, AcctOutputOctets bigint(12) default NULL, CalledStationId varchar(50) NOT NULL default '', CallingStationId varchar(50) NOT NULL default '', AcctTerminateCause varchar(32) NOT NULL default '', ServiceType varchar(32) default NULL, FramedProtocol varchar(32) default NULL, FramedIPAddress varchar(15) NOT NULL default '', AcctStartDelay int(12) default NULL, AcctStopDelay int(12) default NULL, PRIMARY KEY (RadAcctId), KEY UserName (UserName), KEY FramedIPAddress (FramedIPAddress), KEY AcctSessionId (AcctSessionId), KEY AcctUniqueId (AcctUniqueId), KEY AcctStartTime (AcctStartTime), KEY AcctStopTime (AcctStopTime), KEY NASIPAddress (NASIPAddress) ) ; - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Radius Accounting
Hi, AcctInputOctets bigint(12) default NULL, AcctOutputOctets bigint(12) default NULL, Is download and upload rate . Have fun. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, February 18, 2004 12:09 PM To: [EMAIL PROTECTED] Subject: Radius Accounting I am beginer of radius. How does radius record user download usage. In radius accounting table, which field does record user download usage. CREATE TABLE radacct ( RadAcctId bigint(21) NOT NULL auto_increment, AcctSessionId varchar(32) NOT NULL default '', AcctUniqueId varchar(32) NOT NULL default '', UserName varchar(64) NOT NULL default '', Realm varchar(64) default '', NASIPAddress varchar(15) NOT NULL default '', NASPortId int(12) default NULL, NASPortType varchar(32) default NULL, AcctStartTime datetime NOT NULL default '-00-00 00:00:00', AcctStopTime datetime NOT NULL default '-00-00 00:00:00', AcctSessionTime int(12) default NULL, AcctAuthentic varchar(32) default NULL, ConnectInfo_start varchar(32) default NULL, ConnectInfo_stop varchar(32) default NULL, AcctInputOctets bigint(12) default NULL, AcctOutputOctets bigint(12) default NULL, CalledStationId varchar(50) NOT NULL default '', CallingStationId varchar(50) NOT NULL default '', AcctTerminateCause varchar(32) NOT NULL default '', ServiceType varchar(32) default NULL, FramedProtocol varchar(32) default NULL, FramedIPAddress varchar(15) NOT NULL default '', AcctStartDelay int(12) default NULL, AcctStopDelay int(12) default NULL, PRIMARY KEY (RadAcctId), KEY UserName (UserName), KEY FramedIPAddress (FramedIPAddress), KEY AcctSessionId (AcctSessionId), KEY AcctUniqueId (AcctUniqueId), KEY AcctStartTime (AcctStartTime), KEY AcctStopTime (AcctStopTime), KEY NASIPAddress (NASIPAddress) ) ; - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Question regarding radius accounting.
On Fri, 30 Jan 2004 10:49:50 -0500 David Lomax [EMAIL PROTECTED] wrote: All, New to this list so please forgive any stupid questions. I have set up FreeRadius 0.9.3 with MySQL 4.0 I currently have this up and working correctly. However when my NAS tries to update the accounting Information it fails because the SQL UPDATE information sent is invalid. Right now I have nothing in my accounting table therefore I understand why This UPDATE won't work. However I don't really know what records I should add in here. I figured there should be one with the IP address of my NAS Device however the rest is a little murky. Any help would be great When a request is authenticated initially it should insert into the table. Are the sessions that are producing the update older than the RADACCT config using SQL? -- - Graeme Hinchliffe (BSc) Core Team Member Zen Internet (http://www.zen.co.uk) ICQ 3842605 (link) Direct: 0845 058 9074 Main : 0845 058 9000 Fax : 0845 058 9005 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Question regarding radius accounting.
I don't believe so, however let me check this. Thanks Dave -Original Message- From: Graeme Hinchliffe [mailto:[EMAIL PROTECTED] Sent: Friday, January 30, 2004 11:11 AM To: [EMAIL PROTECTED] Subject: Re: Question regarding radius accounting. On Fri, 30 Jan 2004 10:49:50 -0500 David Lomax [EMAIL PROTECTED] wrote: All, New to this list so please forgive any stupid questions. I have set up FreeRadius 0.9.3 with MySQL 4.0 I currently have this up and working correctly. However when my NAS tries to update the accounting Information it fails because the SQL UPDATE information sent is invalid. Right now I have nothing in my accounting table therefore I understand why This UPDATE won't work. However I don't really know what records I should add in here. I figured there should be one with the IP address of my NAS Device however the rest is a little murky. Any help would be great When a request is authenticated initially it should insert into the table. Are the sessions that are producing the update older than the RADACCT config using SQL? -- - Graeme Hinchliffe (BSc) Core Team Member Zen Internet (http://www.zen.co.uk) ICQ 3842605 (link) Direct: 0845 058 9074 Main : 0845 058 9000 Fax : 0845 058 9005 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
