Re: Logging based on port request came in on
Walt Reynolds wrote: > Maybe you can help clear me up on something, if it is not in the 1.1.X > version, how was it able to be used in this thread? He's using the CVS head. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Logging based on port request came in on
Maybe you can help clear me up on something, if it is not in the 1.1.X version, how was it able to be used in this thread? http://lists.freeradius.org/mailman/htdig/freeradius-users/2006-March/051600.html Based on the date of the thread he must have been on 1.1.0 or earlier. > Date: Wed, 07 Mar 2007 14:36:48 +0100 > From: Alan DeKok <[EMAIL PROTECTED]> > Subject: Re: Logging based on port request came in on > To: FreeRadius users mailing list > > Message-ID: <[EMAIL PROTECTED]> > Content-Type: text/plain; charset=ISO-8859-1 > > Walt Reynolds wrote: >> > So is there any way to use Packet-Dst-Port attribute in the freeradius >> > internal dictionary? > > It's in the CVS head, not in 1.1.x. > > Alan DeKok. > -- > http://deployingradius.com - The web site of the book > http://deployingradius.com/blog/ - The blog -- Walt Reynolds Principle Systems Security Development Engineer Information Technology Central Services University of Michigan (734) 615-9438 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Logging based on port request came in on
Walt Reynolds wrote: > So is there any way to use Packet-Dst-Port attribute in the freeradius > internal dictionary? It's in the CVS head, not in 1.1.x. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Logging based on port request came in on
So is there any way to use Packet-Dst-Port attribute in the freeradius internal dictionary? Walt Reynolds wrote: > >> Date: Wed, 28 Feb 2007 19:35:48 + >> From: Phil Mayers <[EMAIL PROTECTED]> >> Subject: Re: Logging based on port request came in on >> To: FreeRadius users mailing list >> >> Message-ID: <[EMAIL PROTECTED]> >> Content-Type: text/plain; charset=ISO-8859-1; format=flowed >> >> Walt Reynolds wrote: >>> Hello, >>> >>> I have freeradius 1.1.2 set up to listen on both ports 1812/1813 and >>> 1645/1646. This is simply to separate user and admin login. What I >>> would like to do is to add logging based on the port. I could add >>> %{NAS-Port-Type} to the Detail such as: >>> >>> detailfile = ${radacctdir}/%{NAS-Port-Type}/auth-detail-%Y%m%d >>> >>> The problem with doing this as it uses the string "Wireless-802.11" >>> or "Virtual". I would instead like to use the port the request came >>> in on >> >> NAS-Port-Type is, as you've discovered, the port type of the session >> being authenticated/accounted >> >>> (1812 or 1645) or even modify that string value. I tried to add the >>> string %(request:Packet-Dst-Port) (from the >>> dictionary.freeradius.internal) in the detailfile, but comes back blank. >> > > Since it is in this dictionary, is there something I would have to do > >> You'll need a sufficiently recent version of the server for that to >> work, and IIRC the "preprocess" module needs to be run (you should >> always run it) > > Well, I am using 1.1..2 version of Freeradius. I also am preprocessing, > though I am not sure that would be needed here. As this is a variable > defined in the dictionary file, I was under the impression that I could > use it. > > Either way, here is the section from the config: > > preprocess { > huntgroups = ${confdir}/huntgroups > hints = ${confdir}/hints > with_cisco_vsa_hack = yes > } > > I had added this to the hints files as well, but did not seem do anything: > > >> >>> Am I misreading this in some way. I assume that internally >>> freeradius knows what port the request came in on. >> >> What version are you running? >> >> > > 1.1.2 > > > -- Walt Reynolds Principle Systems Security Development Engineer Information Technology Central Services University of Michigan (734) 615-9438 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Logging based on port request came in on
> Date: Wed, 28 Feb 2007 19:35:48 + > From: Phil Mayers <[EMAIL PROTECTED]> > Subject: Re: Logging based on port request came in on > To: FreeRadius users mailing list > > Message-ID: <[EMAIL PROTECTED]> > Content-Type: text/plain; charset=ISO-8859-1; format=flowed > > Walt Reynolds wrote: >> Hello, >> >> I have freeradius 1.1.2 set up to listen on both ports 1812/1813 and >> 1645/1646. This is simply to separate user and admin login. What I >> would like to do is to add logging based on the port. I could add >> %{NAS-Port-Type} to the Detail such as: >> >> detailfile = ${radacctdir}/%{NAS-Port-Type}/auth-detail-%Y%m%d >> >> The problem with doing this as it uses the string "Wireless-802.11" or >> "Virtual". I would instead like to use the port the request came in on > > NAS-Port-Type is, as you've discovered, the port type of the session > being authenticated/accounted > >> (1812 or 1645) or even modify that string value. I tried to add the >> string %(request:Packet-Dst-Port) (from the >> dictionary.freeradius.internal) in the detailfile, but comes back blank. > Since it is in this dictionary, is there something I would have to do > You'll need a sufficiently recent version of the server for that to > work, and IIRC the "preprocess" module needs to be run (you should > always run it) Well, I am using 1.1..2 version of Freeradius. I also am preprocessing, though I am not sure that would be needed here. As this is a variable defined in the dictionary file, I was under the impression that I could use it. Either way, here is the section from the config: preprocess { huntgroups = ${confdir}/huntgroups hints = ${confdir}/hints with_cisco_vsa_hack = yes } I had added this to the hints files as well, but did not seem do anything: > >> Am I misreading this in some way. I assume that internally freeradius >> knows what port the request came in on. > > What version are you running? > > 1.1.2 -- Walt Reynolds Principle Systems Security Development Engineer Information Technology Central Services University of Michigan (734) 615-9438 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Logging based on port request came in on
Walt Reynolds wrote: > Hello, > > I have freeradius 1.1.2 set up to listen on both ports 1812/1813 and > 1645/1646. This is simply to separate user and admin login. What I > would like to do is to add logging based on the port. I could add > %{NAS-Port-Type} to the Detail such as: > > detailfile = ${radacctdir}/%{NAS-Port-Type}/auth-detail-%Y%m%d > > The problem with doing this as it uses the string "Wireless-802.11" or > "Virtual". I would instead like to use the port the request came in on NAS-Port-Type is, as you've discovered, the port type of the session being authenticated/accounted > (1812 or 1645) or even modify that string value. I tried to add the > string %(request:Packet-Dst-Port) (from the > dictionary.freeradius.internal) in the detailfile, but comes back blank. You'll need a sufficiently recent version of the server for that to work, and IIRC the "preprocess" module needs to be run (you should always run it) > > Am I misreading this in some way. I assume that internally freeradius > knows what port the request came in on. What version are you running? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html