Accounting logs

Fri Apr 25 15:45:57 CEST 2008

Is your NAS sending accounting packets?

Ivan Kalik
Kalik Informatika ISP

Dana 25/4/2008, "Sergio Belkin" <sebelk at gmail.com> piše:

>I see any detail-%Y%m%d log files but only auth-detail-%Y%m%d files.
>What am I doing wrong?
>
>My config files:
>
>radiusd.conf:
>
>prefix = /usr/local-2.0.2
>exec_prefix = ${prefix}
>sysconfdir = ${prefix}/etc
>localstatedir = ${prefix}/var
>sbindir = ${exec_prefix}/sbin
>logdir = ${localstatedir}/log/radius
>raddbdir = ${sysconfdir}/raddb
>radacctdir = ${logdir}/radacct
>confdir = ${raddbdir}
>run_dir = ${localstatedir}/run/radiusd
>db_dir = $(raddbdir)
>libdir = ${exec_prefix}/lib
>pidfile = ${run_dir}/radiusd.pid
>user = radiusd
>group = radiusd
>max_request_time = 30
>cleanup_delay = 5
>max_requests = 1024
>listen {
>	type = auth
>	ipaddr = 190.125.213.5
>	port = 0
>}
>listen {
>	ipaddr = 190.125.213.5
>	port = 0
>	type = acct
>}
>hostname_lookups = no
>allow_core_dumps = no
>regular_expressions	= yes
>extended_expressions	= yes
>log {
>	destination = files
>	file = ${logdir}/radius.log
>	syslog_facility = daemon
>	stripped_names = yes
>	auth = yes
>	auth_badpass = no
>	auth_goodpass = no
>}
>checkrad = ${sbindir}/checkrad
>security {
>	max_attributes = 190
>	reject_delay = 1
>	status_server = yes
>}
>proxy_requests  = no
>$INCLUDE proxy.conf
>$INCLUDE clients.conf
>snmp	= no
>$INCLUDE snmp.conf
>thread pool {
>	start_servers = 5
>	max_servers = 32
>	min_spare_servers = 3
>	max_spare_servers = 10
>	max_requests_per_server = 0
>}
>modules {
>	pap {
>		auto_header = yes
>	}
>	chap {
>		authtype = CHAP
>	}
>	pam {
>		pam_auth = radiusd
>	}
>	unix {
>		radwtmp = ${logdir}/radwtmp
>	}
>$INCLUDE eap.conf
>	mschap {
>	}
>	ldap {
>		server = "ldap.cadorna.biz
>		identity = "cn=freeradius,ou=applications,dc=cadorna,dc=biz"
>		port = 636
>		password = jejeje0essoleplop
>		basedn = "ou=people,dc=cadorna,dc=biz"
>		filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
>		ldap_connections_number = 5
>		timeout = 4
>		timelimit = 3
>		net_timeout = 1
>		tls {
>			start_tls = no
>			cacertfile	= /etc/raddb-2.0.2/cacert.pem
>			randfile		= /dev/urandom
>			require_cert	= "allow"
>		}
>		access_attr = "radiusAllowed"
>		dictionary_mapping = ${confdir}/ldap.attrmap
>		edir_account_policy_check = no
>	}
>	realm IPASS {
>		format = prefix
>		delimiter = "/"
>	}
>	realm suffix {
>		format = suffix
>		delimiter = "@"
>	}
>	realm realmpercent {
>		format = suffix
>		delimiter = "%"
>	}
>	realm ntdomain {
>		format = prefix
>		delimiter = "\\"
>	}
>	checkval {
>		item-name = Calling-Station-Id
>		check-name = Calling-Station-Id
>		data-type = string
>	}
>
>	preprocess {
>		huntgroups = ${confdir}/huntgroups
>		hints = ${confdir}/hints
>		with_ascend_hack = no
>		ascend_channels_per_line = 23
>		with_ntdomain_hack = no
>		with_specialix_jetstream_hack = no
>		with_cisco_vsa_hack = no
>	}
>	files {
>		usersfile = ${confdir}/users
>		acctusersfile = ${confdir}/acct_users
>		preproxy_usersfile = ${confdir}/preproxy_users
>		compat = no
>	}
>	detail {
>		detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d
>		detailperm = 0600
>		header = "%t"
>		suppress {
>			 User-Password
>		}
>	}
>	 detail auth_log {
>		 detailfile = ${radacctdir}/%{Client-IP-Address}/auth-detail-%Y%m%d
>		suppress {
>			 User-Password
>		}
>	 }
>	acct_unique {
>		key = "User-Name, Acct-Session-Id, NAS-IP-Address,
>Client-IP-Address, NAS-Port"
>	}
>	$INCLUDE sql.conf
>
>	radutmp {
>		filename = ${logdir}/radutmp
>		username = %{User-Name}
>		case_sensitive = yes
>		check_with_nas = yes
>		perm = 0600
>		callerid = "yes"
>	}
>	radutmp sradutmp {
>		filename = ${logdir}/sradutmp
>		perm = 0644
>		callerid = "no"
>	}
>	attr_filter attr_filter.post-proxy {
>		attrsfile = ${confdir}/attrs
>	}
>	attr_filter attr_filter.pre-proxy {
>		attrsfile = ${confdir}/attrs.pre-proxy
>	}
>	attr_filter attr_filter.access_reject {
>		key = %{User-Name}
>		attrsfile = ${confdir}/attrs.access_reject
>	}
>	attr_filter attr_filter.accounting_response {
>		key = %{User-Name}
>		attrsfile = ${confdir}/attrs.accounting_response
>	}
>	counter daily {
>		filename = ${db_dir}/db.daily
>		key = User-Name
>		count-attribute = Acct-Session-Time
>		reset = daily
>		counter-name = Daily-Session-Time
>		check-name = Max-Daily-Session
>		reply-name = Session-Timeout
>		allowed-servicetype = Framed-User
>		cache-size = 5000
>	}
>	$INCLUDE sql/mysql/counter.conf
>	always fail {
>		rcode = fail
>	}
>	always reject {
>		rcode = reject
>	}
>	always noop {
>		rcode = noop
>	}
>	always handled {
>		rcode = handled
>	}
>	always updated {
>		rcode = updated
>	}
>	always notfound {
>		rcode = notfound
>	}
>	always ok {
>		rcode = ok
>		simulcount = 0
>		mpp = no
>	}
>	expr {
>	}
>	digest {
>	}
>	expiration {
>		reply-message = "Password Has Expired\r\n"
>	}
>	logintime {
>		reply-message = "You are calling outside your allowed timespan\r\n"
>		minimum-timeout = 60
>	}
>	exec {
>		wait = yes
>		input_pairs = request
>		shell_escape = yes
>		output = none
>	}
>	exec echo {
>		wait = yes
>		program = "/bin/echo %{User-Name}"
>		input_pairs = request
>		output_pairs = reply
>		shell_escape = yes
>	}
>	ippool main_pool {
>		range-start = 192.168.1.1
>		range-stop = 192.168.3.254
>		netmask = 255.255.255.0
>		cache-size = 800
>		session-db = ${db_dir}/db.ippool
>		ip-index = ${db_dir}/db.ipindex
>		override = no
>		maximum-timeout = 0
>	}
>	policy {
>	       filename = ${confdir}/policy.txt
>	}
>}
>instantiate {
>	exec
>	expr
>	expiration
>	logintime
>}
>$INCLUDE policy.conf
>$INCLUDE sites-enabled/
>
>
>EOF
>
>acct_users:
>
>DEFAULT  Ldap-UserDN = `uid=%{User-Name},ou=people,dc=cadorna,dc=biz`
>
>EOF
>
>sites-enabled/default:
>
>authorize {
>	preprocess
>	auth_log
>	chap
>	mschap
>	suffix
>	eap {
>		ok = return
>	}
>	unix
>	files
>	ldap
>	expiration
>	logintime
>	pap
>}
>authenticate {
>	Auth-Type PAP {
>		pap
>	}
>	Auth-Type CHAP {
>		chap
>	}
>	Auth-Type MS-CHAP {
>		mschap
>	}
>	unix
>	Auth-Type LDAP {
>		ldap
>	}
>	eap
>}
>preacct {
>	preprocess
>	acct_unique
>	suffix
>	files
>}
>accounting {
>	detail
>	unix
>	radutmp
>	attr_filter.accounting_response
>}
>session {
>	radutmp
>}
>post-auth {
>	Post-Auth-Type REJECT {
>		attr_filter.access_reject
>	}
>}
>pre-proxy {
>}
>post-proxy {
>	eap
>}
>
>EOF
>
>thanks in advance!
>
>
>--
>--
>Open Kairos http://www.openkairos.com
>Watch More TV http://sebelk.blogspot.com
>Sergio Belkin -
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>