Mysql, Accounting and DialupAdmin

Erich Titl erich.titl at think.ch
Thu Nov 8 10:27:31 CET 2012


on 08.11.2012 09:01, Fajar A. Nugraha wrote:
...
>>
>> It is a ZyXEL, so basically a black box, even to the local vendor.
> 
> 
> Just to be sure, you HAVE enabled sql in accounting section, right?

I guess the fact that I have entries in the radacct table which
correspond to actual connection attempts should prove that.

mysql> select username,acctstarttime,acctstoptime,acctinputoctets from
radacct;
+----------+---------------------+---------------------+-----------------+
| username | acctstarttime       | acctstoptime        | acctinputoctets |
+----------+---------------------+---------------------+-----------------+
| test     | 2012-11-07 15:09:47 | 2012-11-07 15:15:48 |               0 |
| test     | 2012-11-07 15:15:48 | 2012-11-07 15:25:02 |               0 |
| test     | 2012-11-07 15:25:32 | 2012-11-07 15:41:52 |               0 |
| test     | 2012-11-07 21:20:53 | 2012-11-07 21:24:13 |               0 |
| test     | 2012-11-07 21:41:50 | 2012-11-07 21:42:13 |               0 |
| test     | 2012-11-07 21:42:43 | 2012-11-07 21:47:14 |               0 |
| test     | 2012-11-08 07:52:42 | 2012-11-08 07:55:45 |               0 |
| test     | 2012-11-08 08:35:15 | 2012-11-08 08:50:22 |               0 |
| test     | 2012-11-08 09:56:24 | 2012-11-08 10:02:28 |               0 |
| test     | 2012-11-08 10:06:58 | 2012-11-08 10:07:23 |               0 |
| test     | 2012-11-08 10:11:31 | 2012-11-08 10:12:06 |               0 |
| test     | 2012-11-08 10:12:20 | 2012-11-08 10:12:35 |               0 |
| test     | 2012-11-08 10:12:42 | 2012-11-08 10:13:11 |               0 |
| test     | 2012-11-08 10:13:27 | 2012-11-08 10:14:38 |               0 |
| test     | 2012-11-08 10:14:51 | NULL                |               0 |
+----------+---------------------+---------------------+-----------------+


> 
> If you want to be extra sure, run FR in debug mode, and do a
> login-logout using a client (e.g. notebook) to the NAS (i.e. AP). FR
> should print out what packets it received. If it DOESN'T show any
> accounting packets, then your NAS doesn't send them, or hasn't been
> configured to do so.

I _guess_ it shows some accounting

rad_recv: Accounting-Request packet from host 194.124.158.62 port 47037,
id=165, length=135
        Acct-Session-Id = "509ACAB9-0000000F"
        Acct-Status-Type = Start
        Acct-Authentic = RADIUS
        User-Name = "test"
        NAS-Port = 0
        Called-Station-Id = "50-67-F0-38-A9-E5:ZyXEL"
        Calling-Station-Id = "74-F0-6D-07-9B-91"
        NAS-Port-Type = Wireless-802.11
        Connect-Info = "CONNECT 0Mbps 802.11"
# Executing section preacct from file
/usr/local/etc/raddb/sites-enabled/default
+- entering group preacct {...}
++[preprocess] returns ok
[acct_unique] WARNING: Attribute NAS-Identifier was not found in
request, unique ID MAY be inconsistent
[acct_unique] Hashing 'NAS-Port = 0,,NAS-IP-Address =
194.124.158.62,Acct-Session-Id = "509ACAB9-0000000F",User-Name = "test"'
[acct_unique] Acct-Unique-Session-ID = "de12b16f3f8a6cf8".
++[acct_unique] returns ok
++[files] returns noop
# Executing section accounting from file
/usr/local/etc/raddb/sites-enabled/default
+- entering group accounting {...}
[detail]        expand: %{Packet-Src-IP-Address} -> 194.124.158.62
[detail]        expand:
/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d
-> /usr/local/var/log/radius/radacct/194.124.158.62/detail-20121108
[detail]
/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/194.124.158.62/detail-20121108
[detail]        expand: %t -> Thu Nov  8 10:22:38 2012
++[detail] returns ok
[sql]   expand: %{User-Name} -> test
[sql] sql_set_user escaped user --> 'test'
[sql]   expand: %{Acct-Delay-Time} ->
[sql]   ... expanding second conditional
[sql]   expand:            INSERT INTO radacct
(acctsessionid,    acctuniqueid,     username,              realm,
      nasipaddress,     nasportid,              nasporttype,
acctstarttime,    acctstoptime,              acctsessiontime,
acctauthentic,    connectinfo_start,              connectinfo_stop,
acctinputoctets,  acctoutputoctets,              calledstationid,
callingstationid, acctterminatecause,              servicetype,
framedprotocol,   framedipaddress,              acctstartdelay,
acctstopdelay,    xascendsessionsvrkey)           VALUES
('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',
'%{SQL-User-Name}',              '%{Realm}', '%{NAS-IP-Address}',
'%{NAS-Port}',              '%{NAS-Port-Type}', '%S', NULL,
 '0', '%{Acct-Authentic}', '%{Connect-Info}',              '', '0', '0',
             '%{Called-Station-Id}', '%{Calling-Station-Id}', '',
       '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}',
rlm_sql (sql): Reserving sql socket id: 1
rlm_sql (sql): Released sql socket id: 1
++[sql] returns ok

Erich



-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1877 bytes
Desc: S/MIME Kryptografische Unterschrift
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20121108/6ca636c2/attachment.bin>


More information about the Freeradius-Users mailing list