Accounting For NAS-Port-Type Wireless-802.11
Pizu
pizpower at gmail.com
Thu Apr 15 18:04:35 CEST 2021
Hi,
Am having an issue with Sending accounting when nas-port-type is
wireless-802.11
If I use Ethernet/Virtual works but when using the wireless-802.11 it
authenticates the user but the accounting is not being sent.
Under authorize I have the below:
if (NAS-Port-Type == "Ethernet") {
update control {
Proxy-To-Realm := "Realm_802Dot1x_Auth"
}
}
elsif (NAS-Port-Type == "Wireless-802.11") {
update control {
Proxy-To-Realm := "Realm_Wireless802Dot1x_Auth"
}
}
elsif (NAS-Port-Type == "Virtual") {
update control {
Proxy-To-Realm := "Realm_CorpadNPS_Auth"
}
}
under accounting I have the below..
update control {
Replicate-To-Realm := "Realm_FG_1500D_Agg_Users_Acct"
Replicate-To-Realm += "Realm_FG_1500D_Datacentre_Acct"
Replicate-To-Realm += "Realm_FG_1500D_Users_Acct"
}
replicate
under post-auth I have..
if (NAS-Port-Type == "Ethernet") {
if (LDAP-Group == "LDAP GroupA") {
update reply {
Tunnel-Type := "VLAN"
Tunnel-Medium-Type := "IEEE-802"
Tunnel-Private-Group-Id := "943"
Class := "CLASS GroupA"
}
}
elsif (LDAP-Group == "LDAP GroupB ") {
update reply {
Tunnel-Type := "VLAN"
Tunnel-Medium-Type := "IEEE-802"
Tunnel-Private-Group-Id := "943"
Class := "CLASS Group B"
}
}
elsif (NAS-Port-Type == "Wireless-802.11") {
if (LDAP-Group == "LDAP GroupA") {
update reply {
Class := " CLASS Group A"
}
}
}
elsif (NAS-Port-Type == "virtual") {
if (LDAP-Group == "LDAP GroupA") {
update reply {
Class := " CLASS Group A"
}
}
Logs at the end:
When connecting wireless device:
(9) sql: SQL query returned: success
(9) sql: 1 record(s) updated
rlm_sql (sql): Released connection (0)
(9) [sql] = ok
(9) [exec] = noop
(9) policy remove_reply_message_if_eap {
(9) if (&reply:EAP-Message && &reply:Reply-Message) {
(9) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
(9) else {
(9) [noop] = noop
(9) } # else = noop
(9) } # policy remove_reply_message_if_eap = noop
(9) } # post-auth = ok
(9) Sent Access-Accept Id 116 from 172.16.193.198:1812 to 10.159.69.13:59535
length 0
(9) MS-MPPE-Recv-Key =
0xb20c21e9c85ce877c24268daad644a7f2745637443dc231a81bced4fd71fa21d
(9) MS-MPPE-Send-Key =
0xf0e9aa957319677320881f76bd12fb4bb8885bb2b61a7dcf1fab9de0763b1890
(9) EAP-Message = 0x030a0004
(9) Message-Authenticator = 0x00000000000000000000000000000000
(9) User-Name = "CORPORATE\\Fake.Local2"
(9) Class := 0x5253534f2d49542d4e6574776f726b696e67
(9) Finished request
When connecting Ethernet:
(12) sql: SQL query returned: success
(12) sql: 1 record(s) updated
rlm_sql (sql): Released connection (2)
(12) [sql] = ok
(12) [exec] = noop
(12) attr_filter.accounting_response: EXPAND %{User-Name}
(12) attr_filter.accounting_response: --> CORPORATE\\Fake.Local2
(12) attr_filter.accounting_response: Matched entry DEFAULT at line 12
(12) [attr_filter.accounting_response] = updated
(12) update control {
(12) Replicate-To-Realm := "Realm_FG_1500D_Agg_Users_Acct"
(12) Replicate-To-Realm += "Realm_FG_1500D_Datacentre_Acct"
(12) Replicate-To-Realm += "Realm_FG_1500D_Users_Acct"
(12) } # update control = noop
(12) replicate: Replicating list 'request' to Realm
'Realm_FG_1500D_Agg_Users_Acct'
(12) replicate: Replicating list 'request' to Realm
'Realm_FG_1500D_Datacentre_Acct'
(12) replicate: Replicating list 'request' to Realm
'Realm_FG_1500D_Users_Acct'
(12) [replicate] = ok
(12) } # accounting = updated
(12) Sent Accounting-Response Id 231 from 172.16.193.198:1813 to
172.16.193.106:1646 length 0
(12) Finished request
Can someone help? I am missing something for sure.. :(
Thanks & Regards,
Pizu
More information about the Freeradius-Users
mailing list