Accounting log issue

Tseveendorj tseveen at tunamal.mn
Tue Jun 28 08:30:14 CEST 2011


On 11.06.28 13:44, Fajar A. Nugraha wrote:
> On Tue, Jun 28, 2011 at 12:27 PM, Tseveendorj<tseveen at tunamal.mn>  wrote:
>> Hello,
>>
>> The accounting information not logged in
>> /var/log/freeradius/radacct/IPADDRESS/detail-xxxxx.log and also in MySQL
>> table radacct. How to solve this ?
> Does your NAS send accounting packets? See your NAS documentation for details.
>
> For example, some wireless AP with 802.1x support can use radius for
> authentication, but don't send any accounting packets at all.
>
> If the NAS DO send accounting packets, and you see the packets when
> running debug mode ("radiusd -X"), then make sure the appropriate
> module (sql or detail) is active on accounting section
> (sites-available/default).
>
Hello,

I have a Cisco Router 3825 that acting NAS role. I just checked 
configuration of my NAS

radius-server attribute nas-port format b
radius-server dead-criteria time 3 tries 10
radius-server host IP ADDRESS auth-port 1812 acct-port 1813
radius-server key 7 0113478550A0B0E2D012D061425474A4F
radius-server vsa send cisco-nas-port
radius-server vsa send accounting
radius-server vsa send authentication

I thought "vsa send accounting" configuration is for accounting.

configuration in sites-enabled/default

authorize {
         ....
         #  See "Authorization Queries" in sql.conf
         sql
         ......
}

accounting {
         detail
         .....
         .....
         #  See "Accounting queries" in sql.conf
         sql
         ......
}

please see the result of command "sudo freeradius -X"

> rad_recv: Access-Request packet from host IP ADDRESS port 1645, id=84, 
> length=129
>         Cisco-AVPair = "client-mac-address=0030.4f74.dc87"
>         Framed-Protocol = PPP
>         User-Name = "dongfeng"
>         User-Password = "345729"
>         NAS-Port-Type = Virtual
>         NAS-Port = 0
>         NAS-Port-Id = "0/0/0/12"
>         Service-Type = Framed-User
>         NAS-IP-Address = IP ADDRESS
> +- entering group authorize {...}
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
> [suffix] No '@' in User-Name = "dongfeng", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> [eap] No EAP-Message, not doing EAP
> ++[eap] returns noop
> ++[unix] returns notfound
> [sql]   expand: %{User-Name} -> dongfeng
> [sql] sql_set_user escaped user --> 'dongfeng'
> rlm_sql (sql): Reserving sql socket id: 3
> [sql]   expand: SELECT id, username, attribute, value, op           
> FROM radcheck           WHERE username = '%{SQL-User-Name}'           
> ORDER BY id -> SELECT id, username, attribute, value, op           
> FROM radcheck           WHERE username = 'dongfeng'           ORDER BY id
> [sql] User found in radcheck table
> [sql]   expand: SELECT id, username, attribute, value, op           
> FROM radreply           WHERE username = '%{SQL-User-Name}'           
> ORDER BY id -> SELECT id, username, attribute, value, op           
> FROM radreply           WHERE username = 'dongfeng'           ORDER BY id
> [sql]   expand: SELECT groupname           FROM radusergroup           
> WHERE username = '%{SQL-User-Name}'           ORDER BY priority -> 
> SELECT groupname           FROM radusergroup           WHERE username 
> = 'dongfeng'           ORDER BY priority
> [sql]   expand: SELECT id, groupname, attribute,           Value, 
> op           FROM radgroupcheck           WHERE groupname = 
> '%{Sql-Group}'           ORDER BY id -> SELECT id, groupname, 
> attribute,           Value, op           FROM radgroupcheck           
> WHERE groupname = '1Mbps'           ORDER BY id
> [sql] User found in group 1Mbps
> [sql]   expand: SELECT id, groupname, attribute,           value, 
> op           FROM radgroupreply           WHERE groupname = 
> '%{Sql-Group}'           ORDER BY id -> SELECT id, groupname, 
> attribute,           value, op           FROM radgroupreply           
> WHERE groupname = '1Mbps'           ORDER BY id
> rlm_sql (sql): Released sql socket id: 3
> ++[sql] returns ok
> ++[expiration] returns noop
> ++[logintime] returns noop
> ++[pap] returns updated
> Found Auth-Type = PAP
> +- entering group PAP {...}
> [pap] login attempt with password "345729"
> [pap] Using clear text password "345729"
> [pap] User authenticated successfully
> ++[pap] returns ok
> +- entering group post-auth {...}
> [sql]   expand: %{User-Name} -> dongfeng
> [sql] sql_set_user escaped user --> 'dongfeng'
> [sql]   expand: %{User-Password} -> 345729
> [sql]   expand: INSERT INTO radpostauth                           
> (username, pass, reply, authdate)                           VALUES 
> (                           '%{User-Name}',                           
> '%{%{User-Password}:-%{Chap-Password}}',                           
> '%{reply:Packet-Type}', '%S') -> INSERT INTO 
> radpostauth                           (username, pass, reply, 
> authdate)                           VALUES (                           
> 'dongfeng',                           
> '345729',                           'Access-Accept', '2011-06-28 
> 14:11:06')
> rlm_sql (sql) in sql_postauth: query is INSERT INTO 
> radpostauth                           (username, pass, reply, 
> authdate)                           VALUES (                           
> 'dongfeng',                           
> '345729',                           'Access-Accept', '2011-06-28 
> 14:11:06')
> rlm_sql (sql): Reserving sql socket id: 2
> rlm_sql (sql): Released sql socket id: 2
> ++[sql] returns ok
> ++[exec] returns noop
> Sending Access-Accept of id 84 to IP ADDRESS port 1645
>         Framed-IP-Address := 103.3.29.109
>         Framed-IP-Netmask := 255.255.255.255
>         Framed-MTU := 1500
>         Framed-Protocol := PPP
>         Service-Type := Framed-User
>         Cisco-AVPair += "ip:sub-policy-In=1Mbps"
>         Cisco-AVPair += "ip:sub-policy-Out=1Mbps"
> Finished request 0.
> Going to the next request
> Waking up in 4.9 seconds.
> Cleaning up request 0 ID 84 with timestamp +157
> Ready to process requests.

  What kind of thing I need to check now ?



More information about the Freeradius-Users mailing list