Condition-Based Accounting Proxy

eitarad eitama at entrypoint.co.il
Wed May 4 12:34:54 CEST 2011


Hi Guys, Sorry for double-post.


Hi All. 

I have installed FreeRadius as Accounting Proxy server which forwards the
Accounting request to a proxy server. 

I Would like to achieve the following: 

1. Accounting request packet received by the server 
2. The server checks if the User Name in the request exists in a MySQL
database 
3. if the User Name exists, then the server will forward the request to the
proxy server 
If it does not, the server WONT forward the request. 

I have wrote a bash script that performs the username check in the database
and returns "0" if the user has been found, and "1" if the user is NOT
found. 

I have used the Radius module rlm_exec to integrate the script into the
radius system, so the current status is: 

the server receives the accounting request, initiates the sql_check module
(which is rlm_exec that calls my bash script), and returns the correct
values according to the username check. 


Now, I would like to configure the server that it will forward the
accounting packets ONLY if the sql_check module returns a value of "0" - OK. 

Ive looked and searched EVERYWHERE, asked who ever I know who can help but
no 1 has a clue on how to do it, and I couldnt find anything that can help
me with the solution. 
ANY help will be highly appreciated! 

Debug log of an accounting request: 

rad_recv: Accounting-Request packet from host 172.16.0.61 port 5928, id=141,
length=77 
        Acct-Status-Type = Start 
        Acct-Session-Id = "0" 
        Class =
0x37303732366636363639366336353364343136653734363935363639373237353733 
        Framed-IP-Address = 94.18.167.200 
        User-Name = "test" 
Wed May  4 09:45:41 2011 : Info: +- entering group preacct {...} 
Wed May  4 09:45:41 2011 : Info: ++[preprocess] returns ok 
Wed May  4 09:45:41 2011 : Info: [acct_unique] WARNING: Attribute NAS-Port
was not found in request, unique ID MAY be inconsistent 
Wed May  4 09:45:41 2011 : Info: [acct_unique] Hashing ',Client-IP-Address =
172.16.0.61,NAS-IP-Address = 172.16.0.61,Acct-Session-Id = "0",User-Name =
"test"' 
Wed May  4 09:45:41 2011 : Info: [acct_unique] Acct-Unique-Session-ID =
"63b27f8746199ef7". 
Wed May  4 09:45:41 2011 : Info: ++[acct_unique] returns ok 
Wed May  4 09:45:41 2011 : Info: [suffix] No '@' in User-Name = "test",
looking up realm NULL 
Wed May  4 09:45:41 2011 : Info: [suffix] Found realm "NULL" 
Wed May  4 09:45:41 2011 : Info: [suffix] Adding Stripped-User-Name = "test" 
Wed May  4 09:45:41 2011 : Info: [suffix] Adding Realm = "NULL" 
Wed May  4 09:45:41 2011 : Info: [suffix] Proxying request from user test to
realm NULL 
Wed May  4 09:45:41 2011 : Info: [suffix] Preparing to proxy accounting
request to realm "NULL" 
Wed May  4 09:45:41 2011 : Info: ++[suffix] returns updated 
Wed May  4 09:45:41 2011 : Info: +- entering group accounting {...} 
Wed May  4 09:45:41 2011 : Info: [detail]       expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d ->
/var/log/freeradius/radacct/172.16.0.61/detail-20110504 
Wed May  4 09:45:41 2011 : Info: [detail]
/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to
/var/log/freeradius/radacct/172.16.0.61/detail-20110504 
Wed May  4 09:45:41 2011 : Info: [detail]       expand: %t -> Wed May  4
09:45:41 2011 
Wed May  4 09:45:41 2011 : Info: ++[detail] returns ok 

Wed May  4 09:45:41 2011 : Info: [sql_check]    expand: %{User-Name} -> test 
Wed May  4 09:45:41 2011 : Debug: Exec-Program output: user test is found in
DB 
Wed May  4 09:45:41 2011 : Debug: Exec-Program-Wait: plaintext: user test is
found in DB 
Wed May  4 09:45:41 2011 : Debug: Exec-Program: returned: 0 
Wed May  4 09:45:41 2011 : Info: ++[sql_check] returns ok

Wed May  4 09:45:41 2011 : Info:   WARNING: Empty section.  Using default
return values. 
Sending Accounting-Request of id 188 to 10.100.1.148 port 1813 
        Acct-Status-Type = Start 
        Acct-Session-Id = "0" 
        Class =
0x37303732366636363639366336353364343136653734363935363639373237353733 
        Framed-IP-Address = 94.18.167.200 
        User-Name = "test" 
        NAS-IP-Address = 172.16.0.61 
        Proxy-State = 0x313431 
Wed May  4 09:45:41 2011 : Info: Proxying request 1 to home server
10.100.1.148 port 1813 
Sending Accounting-Request of id 188 to 10.100.1.148 port 1813 
        Acct-Status-Type = Start 
        Acct-Session-Id = "0" 
        Class =
0x37303732366636363639366336353364343136653734363935363639373237353733 
        Framed-IP-Address = 94.18.167.200 
        User-Name = "test" 
        NAS-IP-Address = 172.16.0.61 
        Proxy-State = 0x313431 
Wed May  4 09:45:41 2011 : Debug: Going to the next request 
Wed May  4 09:45:41 2011 : Debug: Waking up in 0.9 seconds. 
rad_recv: Accounting-Response packet from host 10.100.1.148 port 1813,
id=188, length=20 
Wed May  4 09:45:41 2011 : Info: +- entering group post-proxy {...} 
Wed May  4 09:45:41 2011 : Info: [eap] No pre-existing handler found 
Wed May  4 09:45:41 2011 : Info: ++[eap] returns noop 
Sending Accounting-Response of id 141 to 172.16.0.61 port 5928 
Wed May  4 09:45:41 2011 : Info: Finished request 1. 
Wed May  4 09:45:41 2011 : Info: Cleaning up request 1 ID 141 with timestamp
+495 
Wed May  4 09:45:41 2011 : Debug: Going to the next request 
Wed May  4 09:45:41 2011 : Info: Ready to process requests. 


Thanks in advance!!! 

Eitam. 
eitarad at hotmail.com


--
View this message in context: http://freeradius.1045715.n5.nabble.com/Condition-Based-Accounting-Proxy-tp4369464p4369464.html
Sent from the FreeRadius - Dev mailing list archive at Nabble.com.



More information about the Freeradius-Devel mailing list