Problem with F5 BigIP accouting : hexadecimal attribute

Suman Dash sumandash at gmail.com
Mon Oct 17 16:02:51 CEST 2011 

NAS-IP-Address = *[IP address unknown, not corresponding to NAS interfaces]

* Did you added your F5 IP address to NAS Table ?

Regards
Suman
*
On Mon, Oct 17, 2011 at 4:56 PM, Vincent, Fabien
<fabien.vincent at coreye.fr>wrote:

> Dear all,****
>
> ** **
>
> I’m using Radius for authenticating admin users on different network
> equipments. “group authorize {...}” works fine with rlm_ldap and group
> management.****
>
> ** **
>
> But I have some problem for accounting on F5 BigIP LTM / GTM.****
>
> ** **
>
> In fact, my radius accounting server is receiving accounting-request like
> this :****
>
> ** **
>
> Accounting-Request packet from host 10.10.10.10 port 36875, id=29,
> length=281****
>
> NAS-IP-Address = *[IP address unknown, not corresponding to NAS
> interfaces]*****
>
>         F5-Attr-14 =  *[Hexa decimal output starting with 0x …]*****
>
> WARNING: Empty section.  Using default return values.****
>
> +- entering group accounting {...}****
>
> [sql]   expand: packet has no accounting status type. [user '%{User-Name}',
> nas '%{NAS-IP-Address}'] -> packet has no accounting status type. [user '',
> nas '*[nas IP unknown]*']****
>
> [sql] packet has no accounting status type. [user '', nas '*[nas IP
> unknown]*']****
>
> ++[sql] returns invalid****
>
> Finished request 37.****
>
> Cleaning up request 37 ID****
>
> ** **
>
> Did someone  here already use accounting with F5 BigIP LTM or GTM ? I’m
> looking to make this working by changing audit_forward TCL script provided
> with F5 (syslog-ng) but I wasn’t able to produce something different …****
>
> ** **
>
> I also tried to edit the dictionnary for F5 in *
> /usr/share/freeradius/dictionary.f5*
>
> *ATTRIBUTE       F5-LTM-User-Info-1              12       string*
>
> *ATTRIBUTE       F5-LTM-User-Info-2              13       string*
>
> *++ ATTRIBUTE       F5-Attr-14                      14       octets*
>
> ** **
>
> Thanks in advance for your help !****
>
> ** **
>
> *Fabien VINCENT*****
>
> fabien.vincent at coreye.fr****
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20111017/46be48a5/attachment.html>

More information about the Freeradius-Users mailing list