pb w/ accounting: wrong username (anonymous) used

Markus Krause krause at biochem.mpg.de
Sat Nov 12 17:36:12 CET 2005 

thank you for your fast answer!

so, what i did is:
----- mysql output
mysql> select * from radreply;
+----+----------+-----------+----+-------+
| id | UserName | Attribute | op | Value |
+----+----------+-----------+----+-------+
|  1 | test1    | User-Name | := | test1 |
+----+----------+-----------+----+-------+
1 row in set (0.00 sec)
----- (mysql output)


and now the debug output says: (sorry for long output but i think it is
necessary):
----- radiusd output
auth: type Local
auth: user supplied User-Password matches local User-Password
Login OK: [test1] (from client localhost port 1 cli 000e35c470a8)
  Processing the post-auth section of radiusd.conf
modcall: entering group post-auth for request 5
rlm_sql (sql): Processing sql_postauth
radius_xlat:  'test1'
rlm_sql (sql): sql_set_user escaped user --> 'test1'
radius_xlat:  'INSERT into radpostauth (id, user, pass, reply, date) values ('',
'test1', 'Chap-Password', 'Access-Accept', NOW())'
radius_xlat:  '/var/log/radius/sqltrace.sql'
rlm_sql (sql) in sql_postauth: query is INSERT into radpostauth (id, user, pass,
reply, date) values ('', 'test1', 'Chap-Password', 'Access-Accept', NOW())
rlm_sql (sql): Reserving sql socket id: 2
rlm_sql_mysql: query:  INSERT into radpostauth (id, user, pass, reply, date)
values ('', 'test1', 'Chap-Password', 'Access-Accept', NOW())
rlm_sql (sql): Released sql socket id: 2
  modcall[post-auth]: module "sql" returns ok for request 5
modcall: group post-auth returns ok for request 5
  TTLS: Got tunneled Access-Accept
  rlm_eap: Freeing handler
  modcall[authenticate]: module "eap" returns ok for request 5
modcall: group authenticate returns ok for request 5
Login OK: [anonymous] (from client mpibc-wlan port 1 cli 000e35c470a8)
  Processing the post-auth section of radiusd.conf
modcall: entering group post-auth for request 5
rlm_sql (sql): Processing sql_postauth
radius_xlat:  'anonymous'
rlm_sql (sql): sql_set_user escaped user --> 'anonymous'
radius_xlat:  'INSERT into radpostauth (id, user, pass, reply, date) values ('',
'anonymous', 'Chap-Password', 'Access-Accept', NOW())'
radius_xlat:  '/var/log/radius/sqltrace.sql'
rlm_sql (sql) in sql_postauth: query is INSERT into radpostauth (id, user, pass,
reply, date) values ('', 'anonymous', 'Chap-Password', 'Access-Accept', NOW())
rlm_sql (sql): Reserving sql socket id: 1
rlm_sql_mysql: query:  INSERT into radpostauth (id, user, pass, reply, date)
values ('', 'anonymous', 'Chap-Password', 'Access-Accept', NOW())
rlm_sql (sql): Released sql socket id: 1
  modcall[post-auth]: module "sql" returns ok for request 5
modcall: group post-auth returns ok for request 5
Sending Access-Accept of id 238 to 192.168.10.2:2430
        Session-Timeout = 600
        User-Name := "test1"
        MS-MPPE-Recv-Key =
0x56b4cc2db902f683092c7af8007914faeac139e17d9f97ef09f24c9aecd4f842
        MS-MPPE-Send-Key =
0xa2b8e4ced5618c727d52cd5c1806de2ffb6b9be303963deb64b11b4651fee216
        EAP-Message = 0x03060004
        Message-Authenticator = 0x00000000000000000000000000000000
Finished request 5
Going to the next request
Waking up in 6 seconds...
rad_recv: Accounting-Request packet from host 192.168.10.2:9000, id=15,
length=123
        Acct-Delay-Time = 0
        NAS-Identifier = "AP-T-01"
        User-Name = "anonymous"
        Acct-Status-Type = Start
        Acct-Session-Id = "00:0E:35:C4:70:A8"
        Acct-Authentic = RADIUS
        Calling-Station-Id = "000e35c470a8"
        Called-Station-Id = "000cdb8be098"
        NAS-IP-Address = 192.168.10.2
        Service-Type = Framed-User
        NAS-Port-Type = Wireless-802.11
  Processing the preacct section of radiusd.conf
modcall: entering group preacct for request 6
  modcall[preacct]: module "preprocess" returns noop for request 6
rlm_acct_unique: WARNING: Attribute NAS-Port was not found in request, unique ID
MAY be inconsistent
rlm_acct_unique: Hashing ',Client-IP-Address = 192.168.10.2,NAS-IP-Address =
192.168.10.2,Acct-Session-Id = "00:0E:35:C4:70:A8",User-Name = "anonymous"'
rlm_acct_unique: Acct-Unique-Session-ID = "2c48bc3157ed8558".
  modcall[preacct]: module "acct_unique" returns ok for request 6
  modcall[preacct]: module "files" returns noop for request 6
modcall: group preacct returns ok for request 6
  Processing the accounting section of radiusd.conf
modcall: entering group accounting for request 6
radius_xlat:  '/var/log/radius/radacct/192.168.10.2/detail-20051112'
rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands
to /var/log/radius/radacct/192.168.10.2/detail-20051112
  modcall[accounting]: module "detail" returns ok for request 6
  modcall[accounting]: module "unix" returns noop for request 6
radius_xlat:  '/var/log/radius/radutmp'
radius_xlat:  'anonymous'
  rlm_radutmp: No NAS-Port seen.  Cannot do anything.
  rlm_radumtp: WARNING: checkrad will probably not work!
  modcall[accounting]: module "radutmp" returns noop for request 6
radius_xlat:  'anonymous'
rlm_sql (sql): sql_set_user escaped user --> 'anonymous'
radius_xlat:  'INSERT into radacct (AcctSessionId, AcctUniqueId, UserName,
Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime,
AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop,
AcctInputOctets,
AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause,
ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay)
values('00:0E:35:C4:70:A8', '2c48bc3157ed8558', 'anonymous', '',
'192.168.10.2', '',
'Wireless-802.11', '2005-11-12 19:20:42', '0', '0', 'RADIUS', '', '', '0', '0',
'000cdb8be098', '000e35c470a8', '', 'Framed-User', '', '', '0', '0')'
radius_xlat:  '/var/log/radius/sqltrace.sql'
rlm_sql (sql): Reserving sql socket id: 0
rlm_sql_mysql: query:  INSERT into radacct (AcctSessionId, AcctUniqueId,
UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime,
AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start,
ConnectInfo_stop, AcctInput
Octets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause,
ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay)
values('00:0E:35:C4:70:A8', '2c48bc3157ed8558', 'anonymous', '', '192.168.10.
2', '', 'Wireless-802.11', '2005-11-12 19:20:42', '0', '0', 'RADIUS', '', '',
'0', '0', '000cdb8be098', '000e35c470a8', '', 'Framed-User', '', '', '0', '0')
rlm_sql (sql): Released sql socket id: 0
  modcall[accounting]: module "sql" returns ok for request 6
modcall: group accounting returns ok for request 6
Sending Accounting-Response of id 15 to 192.168.10.2:9000
Finished request 6
----- (radiusd output)

Access-Accept now contains the correct User-Name (or did i misunderstood your
answer??)

but in the mysql table radacct still username=anonymous is inserted. it seems i
am on the wrong way ... or can there something wrong with the accesspoint
(foundry ironpoint 200)

thanks in advance for your help!

regards,
  markus

Zitat von Alan DeKok <aland at ox.org>:
> Markus Krause <krause at biochem.mpg.de> wrote:
> > user can connect via a foundry ironpoint 200, but accounting does not work
> as
> > the username used as entry in the mysql table radacct is always
> "anonymous"!
>
>   Because that's the only User-Name that the NAS sees in the
> Access-Request.  In order to change it in the accounting packets, you
> have to add (or change) a User-Name attribute in the Access-Accept.
> The NAS will then send that name in accounting packets.
>
>   Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>


--
Markus Krause                           email: krause at biochem.mpg.de
Computing Center                        Tel.: 089 - 89 40 85 99
Group Lottspeich / Proteomics           Fax.: 089 - 89 40 85 98

---------------------------------------------------------------------
     This message was sent using https://webmail.biochem.mpg.de
If you encounter any problems please report to rz-linux at biochem.mpg.de

More information about the Freeradius-Users mailing list