Accounting table in MS-CHAP session
Hi. I'm trying to configuring accounting in MS-Chap session. I can see in logs (attached) that accounting is written in /var/log/radius/radacct directory, but not in radacct table, as PAP, CHAP and other types of authentication. Can you explain me where I have to setup it? Arrigo Here are the logs: +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop [sql] expand: %{User-Name} -> wifi [sql] sql_set_user escaped user --> 'wifi' rlm_sql (sql): Reserving sql socket id: 4 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'wifi' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'wifi' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'wifi' ORDER BY priority rlm_sql (sql): Released sql socket id: 4 ++[sql] returns ok [mschap] Found MS-CHAP attributes. Setting 'Auth-Type = mschap' ++[mschap] returns ok [suffix] No '@' in User-Name = "wifi", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = MSCHAP +- entering group MS-CHAP {...} [mschap] Told to do MS-CHAPv2 for wifi with NT-Password [mschap] adding MS-CHAPv2 MPPE keys ++[mschap] returns ok Login OK: [wifi/<via Auth-Type = mschap>] (from client WLController port 1535 cli 00-16-EA-87-5D-46) +- entering group post-auth {...} [reply_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d -> /var/log/radius/radacct/10.0.4.223/reply-detail-20080929 [reply_log] /var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d expands to /var/log/radius/radacct/10.0.4.223/reply-detail-20080929 [reply_log] expand: %t -> Mon Sep 29 17:54:34 2008 ++[reply_log] returns ok [sql] expand: %{User-Name} -> wifi [sql] sql_set_user escaped user --> 'wifi' [sql] expand: %{User-Password} -> [sql] expand: %{Chap-Password} -> [sql] expand: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'wifi', '', 'Access-Accept', '2008-09-29 17:54:34') rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'wifi', '', 'Access-Accept', '2008-09-29 17:54:34') rlm_sql (sql): Reserving sql socket id: 3 rlm_sql (sql): Released sql socket id: 3 ++[sql] returns ok Finished request 18.
Is your NAS sending accounting packets? It isn't shown in the debug. This is access not accounting request. Ivan Kalik Kalik Informatika ISP Dana 29/9/2008, "Arrigo Savio" <a.savio@bascom.it> piše:
Hi. I'm trying to configuring accounting in MS-Chap session. I can see in logs (attached) that accounting is written in /var/log/radius/radacct directory, but not in radacct table, as PAP, CHAP and other types of authentication. Can you explain me where I have to setup it? Arrigo
Here are the logs:
+- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop [sql] expand: %{User-Name} -> wifi [sql] sql_set_user escaped user --> 'wifi' rlm_sql (sql): Reserving sql socket id: 4 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'wifi' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'wifi' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'wifi' ORDER BY priority rlm_sql (sql): Released sql socket id: 4 ++[sql] returns ok [mschap] Found MS-CHAP attributes. Setting 'Auth-Type = mschap' ++[mschap] returns ok [suffix] No '@' in User-Name = "wifi", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = MSCHAP +- entering group MS-CHAP {...} [mschap] Told to do MS-CHAPv2 for wifi with NT-Password [mschap] adding MS-CHAPv2 MPPE keys ++[mschap] returns ok Login OK: [wifi/<via Auth-Type = mschap>] (from client WLController port 1535 cli 00-16-EA-87-5D-46) +- entering group post-auth {...} [reply_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d -> /var/log/radius/radacct/10.0.4.223/reply-detail-20080929 [reply_log] /var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d expands to /var/log/radius/radacct/10.0.4.223/reply-detail-20080929 [reply_log] expand: %t -> Mon Sep 29 17:54:34 2008 ++[reply_log] returns ok [sql] expand: %{User-Name} -> wifi [sql] sql_set_user escaped user --> 'wifi' [sql] expand: %{User-Password} -> [sql] expand: %{Chap-Password} -> [sql] expand: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'wifi', '', 'Access-Accept', '2008-09-29 17:54:34') rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'wifi', '', 'Access-Accept', '2008-09-29 17:54:34') rlm_sql (sql): Reserving sql socket id: 3 rlm_sql (sql): Released sql socket id: 3 ++[sql] returns ok Finished request 18.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
participants (2)
-
Arrigo Savio -
tnt@kalik.net