<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML xmlns="http://www.w3.org/TR/REC-html40" xmlns:v =
"urn:schemas-microsoft-com:vml" xmlns:o =
"urn:schemas-microsoft-com:office:office" xmlns:w =
"urn:schemas-microsoft-com:office:word" xmlns:m =
"http://schemas.microsoft.com/office/2004/12/omml"><HEAD>
<META http-equiv=Content-Type content="text/html; charset=windows-1256">
<META content="MSHTML 6.00.2900.3660" name=GENERATOR>
<STYLE>@font-face {
font-family: Cambria Math;
}
@font-face {
font-family: Calibri;
}
@font-face {
font-family: Tahoma;
}
@page Section1 {size: 8.5in 11.0in; margin: 1.0in 1.0in 1.0in 1.0in; }
P.MsoNormal {
FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman","serif"
}
LI.MsoNormal {
FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman","serif"
}
DIV.MsoNormal {
FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman","serif"
}
A:link {
COLOR: blue; TEXT-DECORATION: underline; mso-style-priority: 99
}
SPAN.MsoHyperlink {
COLOR: blue; TEXT-DECORATION: underline; mso-style-priority: 99
}
A:visited {
COLOR: purple; TEXT-DECORATION: underline; mso-style-priority: 99
}
SPAN.MsoHyperlinkFollowed {
COLOR: purple; TEXT-DECORATION: underline; mso-style-priority: 99
}
P.MsoListParagraph {
FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt 0.5in; FONT-FAMILY: "Times New Roman","serif"; mso-style-priority: 34
}
LI.MsoListParagraph {
FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt 0.5in; FONT-FAMILY: "Times New Roman","serif"; mso-style-priority: 34
}
DIV.MsoListParagraph {
FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt 0.5in; FONT-FAMILY: "Times New Roman","serif"; mso-style-priority: 34
}
SPAN.EmailStyle17 {
COLOR: #1f497d; FONT-FAMILY: "Calibri","sans-serif"; mso-style-type: personal-reply
}
.MsoChpDefault {
FONT-SIZE: 10pt; mso-style-type: export-only
}
DIV.Section1 {
page: Section1
}
OL {
MARGIN-BOTTOM: 0in
}
UL {
MARGIN-BOTTOM: 0in
}
</STYLE>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></HEAD>
<BODY lang=EN-US vLink=purple link=blue bgColor=white>
<DIV><FONT face=Arial>Thanks Alan, I will look into the source!</FONT></DIV>
<DIV><FONT face=Arial></FONT> </DIV>
<DIV><FONT face=Arial>Tim, your analysis of ipoque operation is correct. IPOQUE
receives the accounting request as a way to dynamically map a user/IP to a class
(where combination of rules/policy are applied based on protocol and application
user is using). What I am trying to acheive actually is not proxying accounting
from NAS towards IPOQUE, but rather triggering it from radius towards ipoque
upon completion of user authentication and authorization. Ipoque is a Layer-2
bridge where it transparently sits at the gateway of network to control the use
of Internet bandwidth and usage (p2p control, streaming control, and many
categories of traffic). Users do not have to authenticate to ipoque, and users
are actually within the LAN on wired network, where they authenticate to NAS
which then contacts server. This setup I am trying for a university for
controlling users access to Internet, taking advantage of the powerful
capability of ipoque to discover traffic and categorise it with high
precision</FONT></DIV>
<BLOCKQUOTE
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV style="FONT: 10pt arial">----- Original Message ----- </DIV>
<DIV
style="BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: black"><B>From:</B>
<A title=tim.sylvester@networkradius.com
href="mailto:tim.sylvester@networkradius.com">Tim Sylvester</A> </DIV>
<DIV style="FONT: 10pt arial"><B>To:</B> <A
title=freeradius-users@lists.freeradius.org
href="mailto:freeradius-users@lists.freeradius.org">'FreeRadius users mailing
list'</A> </DIV>
<DIV style="FONT: 10pt arial"><B>Sent:</B> Saturday, March 27, 2010 11:03
PM</DIV>
<DIV style="FONT: 10pt arial"><B>Subject:</B> RE: Help with executing
accounting!</DIV>
<DIV><BR></DIV>
<DIV class=Section1>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Tahoma','sans-serif'">Mohamed,<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Tahoma','sans-serif'"><o:p> </o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Tahoma','sans-serif'">Your description
of the IPOQUE device and how it works is very strange. I was not able to find
any usefully documentation on the IPOQUE device but here is what I think it is
trying to do in a service provider network.<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Tahoma','sans-serif'"><o:p> </o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Tahoma','sans-serif'">Assume the service
provider network uses DSL, 3G wireless, 802.11, etc. Users connect to the
network via the NAS which could be a BRAS, GGSN, wireless AP, etc. The NAS
sends an access request to the RADIUS server to authenticate the user. All
user traffic going to the Internet goes through the IPOQUE device. The service
provider wants to the IPOQUE device to manage traffic based on user or groups
of users. Devices on the network are dynamically assigned an IP address. So,
the IPOQUE device needs to map the IP address to the user, group of user and
their bandwidth management “policy”. The NAS is configured to send RADIUS
accounting packets to the RADIUS server. The RADIUS server is configured to
add the IPOQUE attributes to the accounting request and proxy the request to
the IPOQUE device. When the IPOQUE device receives the Accounting Start
packet, it uses the information in the packet to map the IP address
(Framed-IP-Address attribute) to the IPOQUE bandwidth management policy
(ipoque-class attribute). The bandwidth management policy would then be
applied to all traffic from that particular user/IP
address.<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Tahoma','sans-serif'"><o:p> </o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Tahoma','sans-serif'">What type of
network is your customer running (DSL, 3G, 802.11, etc.)? Do they authenticate
user access to the network using a NAS which then contacts the RADIUS server?
Is the IPOQUE device transparent to the user or does the IPOQUE device require
users to authenticate themselves via a web page or some other
mechanism?<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Tahoma','sans-serif'"><o:p> </o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Tahoma','sans-serif'">Tim<o:p></o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Tahoma','sans-serif'"><o:p> </o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Tahoma','sans-serif'"><o:p> </o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Tahoma','sans-serif'"><o:p> </o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Tahoma','sans-serif'"><o:p> </o:p></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-SIZE: 11pt; COLOR: #1f497d; FONT-FAMILY: 'Calibri','sans-serif'"><o:p> </o:p></SPAN></P>
<DIV
style="BORDER-RIGHT: medium none; PADDING-RIGHT: 0in; BORDER-TOP: medium none; PADDING-LEFT: 4pt; PADDING-BOTTOM: 0in; BORDER-LEFT: blue 1.5pt solid; PADDING-TOP: 0in; BORDER-BOTTOM: medium none">
<DIV>
<DIV
style="BORDER-RIGHT: medium none; PADDING-RIGHT: 0in; BORDER-TOP: #b5c4df 1pt solid; PADDING-LEFT: 0in; PADDING-BOTTOM: 0in; BORDER-LEFT: medium none; PADDING-TOP: 3pt; BORDER-BOTTOM: medium none">
<P class=MsoNormal><B><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Tahoma','sans-serif'">From:</SPAN></B><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: 'Tahoma','sans-serif'">
freeradius-users-bounces+tim.sylvester=networkradius.com@lists.freeradius.org
[mailto:freeradius-users-bounces+tim.sylvester=networkradius.com@lists.freeradius.org]
<B>On Behalf Of </B>Mohamed Abdulla<BR><B>Sent:</B> Saturday, March 27, 2010
3:26 AM<BR><B>To:</B> freeradius-users@lists.freeradius.org<BR><B>Subject:</B>
Help with executing accounting!<o:p></o:p></SPAN></P></DIV></DIV>
<P class=MsoNormal><o:p> </o:p></P>
<DIV>
<P class=MsoNormal><SPAN style="FONT-FAMILY: 'Arial','sans-serif'">Hi
All,</SPAN><o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal><SPAN style="FONT-FAMILY: 'Arial','sans-serif'">I am new to
using freeradius. I am in the process of integrating freeradius with "ipoque",
which is a bandwidth control device. IPOQUE expects to see an accounting
request from the radius server with specific attributes embedded, in order to
control the bandwidth of the logged-in user. The scenario I am trying to
realize is as follows:</SPAN><o:p></o:p></P></DIV>
<OL type=1>
<LI class=MsoNormal
style="mso-margin-top-alt: auto; mso-margin-bottom-alt: auto; mso-list: l1 level1 lfo1"><SPAN
style="FONT-FAMILY: 'Arial','sans-serif'">For each user wishing to
authenticate with freeradius, I have added two attributes in "users.conf"
file. The first attribute is "Framed-IP-Address", while the second is a VSA
"ipoque-class".</SPAN><o:p></o:p>
<LI class=MsoNormal
style="mso-margin-top-alt: auto; mso-margin-bottom-alt: auto; mso-list: l1 level1 lfo1"><SPAN
style="FONT-FAMILY: 'Arial','sans-serif'">When the user successfully
authenticate with the freeradius, and after the freeradius sends
Access-Accept, I want the radclient.exe to automatically send
Accounting request to ipoque, including the following: User-Name,
Framed-IP-Address, Accounting-Status-Type= Start and ipoque-class as
configured in users.conf file. This should inform ipoque device about the
user IP and the class of that user in order to apply th proper
bandwidth rules for that user category.</SPAN><o:p></o:p> </LI></OL>
<DIV>
<P class=MsoNormal><SPAN style="FONT-FAMILY: 'Arial','sans-serif'">I have
started by creating a test user in users.conf as
follows:</SPAN><o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal> <o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal><SPAN
style="FONT-FAMILY: 'Arial','sans-serif'">shafzeen Auth-Type
:= Local, User-Password == "1234"<BR> Framed-IP-Address =
"192.168.1.12",<BR> ipoque-class = "raduser"</SPAN><o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal> <o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal><SPAN style="FONT-FAMILY: 'Arial','sans-serif'">then I
created a text file named "ipoquestart.txt" with the following
content:</SPAN><o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal> <o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal><SPAN style="FONT-FAMILY: 'Arial','sans-serif'">User-Name =
"%{User-Name}",<BR>Framed-IP-Address =
"%{reply:Framed-IP-Address}",<BR>Acct-Status-Type = Start,<BR>ipoque-class =
"%{reply:ipoque-class}"</SPAN><o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal> <o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal><SPAN style="FONT-FAMILY: 'Arial','sans-serif'">Then in the
radiusd.conf, in the modules section I have defined the following (The ipoque
device IP is 192.168.0.1, secret "prx"):</SPAN><o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal> <o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal><SPAN style="FONT-FAMILY: 'Arial','sans-serif'">exec Start
{<BR> wait = yes<BR> program = "${bindir}/radclient.exe
-d ${raddbdir} -f ${bindir}/ipoquestart.txt -x -s 192.168.1 acct
prx"<BR> input_pairs = reply<BR> output_pairs
= reply<BR> packet_type =
Access-Accept <BR> }</SPAN><o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal><SPAN style="FONT-FAMILY: 'Arial','sans-serif'">and in the
instantiate section I have added Start. Also, in the post-auth I have put
Start trying to send the radclient acct request towards
ipoque.</SPAN><o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal><SPAN style="FONT-FAMILY: 'Arial','sans-serif'">I have
started freeradius in debug mode, and I noticed that the radclient is sending
Framed-IP-Address as "0.0.0.0", and "ipoque-class"=
"",</SPAN><o:p></o:p></P></DIV>
<DIV>
<P class=MsoNormal><SPAN style="FONT-FAMILY: 'Arial','sans-serif'">and after
that it is sending the reply with the needed values of Framed-IP-Address and
"ipoque-class". I know there is some where something wrong I am doing, but I
need someone to analyse what is happening and tell me how to correct it!
Thanks</SPAN><o:p></o:p></P></DIV></DIV></DIV>
<P>
<HR>
<P></P>-<BR>List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html</BLOCKQUOTE></BODY></HTML>