auth proxied, not acct using users file setting Proxy-To-Realm
Tariq Rashid
tariq.rashid at uk.easynet.net
Fri Aug 5 17:03:00 CEST 2005
I am finding that auth requests are proxied, as expected, but not
accounting.
This appears to affect domain names which are proxied according to wildcard
entries in the users file as follows:
# following is used to map subdomains of *.abc.co.uk
# to be proxied according to the realm abc.co.uk
DEFAULT User-Name =~ "@.*\.abc\.co\.uk$", Proxy-To-Realm :=
"abc.co.uk"
it doesn't affect those domains which are actually fully specified in the
proxy.conf file.
the follign compares the radiusd -X output for an auth only request, and an
acct start/stop.
any ideas? is this a bug? i am using freeradius 1.0.2 on linux debian 3.1.
Tariq
---------- AUTH:
rad_recv: Access-Request packet from host 212.135.9.6:1499, id=15,
length=113
User-Name = "exampleuser at dsl3.ukonline.co.uk"
Service-Type = Framed-User
NAS-IP-Address = 82.108.57.17
NAS-Port = 1234
Called-Station-Id = "123456789"
Calling-Station-Id = "987654321"
NAS-Port-Type = Async
User-Password = "***"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok for request 1
modcall[authorize]: module "chap" returns noop for request 1
modcall[authorize]: module "mschap" returns noop for request 1
rlm_realm: Looking up realm "dsl3.ukonline.co.uk" for User-Name =
"exampleuser at dsl3.ukonline.co.uk"
rlm_realm: No such realm "dsl3.ukonline.co.uk"
modcall[authorize]: module "suffix" returns noop for request 1
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 1
users: Matched entry DEFAULT at line 7
modcall[authorize]: module "files" returns ok for request 1
modcall: group authorize returns ok for request 1
Processing the pre-proxy section of radiusd.conf
modcall: entering group pre-proxy for request 1
radius_xlat:
'/opt/freeradius102/var/log/radius/radacct/212.135.9.6/pre-proxy-detail-2005
0805'
rlm_detail:
/opt/freeradius102/var/log/radius/radacct/%{Client-IP-Address}/pre-proxy-det
ail-%Y%m%d expands to
/opt/freeradius102/var/log/radius/radacct/212.135.9.6/pre-proxy-detail-20050
805
modcall[pre-proxy]: module "pre_proxy_log" returns ok for request 1
modcall: group pre-proxy returns ok for request 1
Sending Access-Request of id 0 to 195.40.1.66:1645
User-Name = "exampleuser at dsl3.ukonline.co.uk"
Service-Type = Framed-User
NAS-IP-Address = 82.108.57.17
NAS-Port = 1234
Called-Station-Id = "123456789"
Calling-Station-Id = "987654321"
NAS-Port-Type = Async
User-Password = "***"
Proxy-State = 0x3135
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Accept packet from host 195.40.1.66:1645, id=0, length=66
Framed-Protocol = PPP
Framed-IP-Address = 87.81.112.13
Framed-IP-Netmask = 255.255.255.255
X-Ascend-Client-Primary-DNS = 212.135.1.36
X-Ascend-Client-Secondary-DNS = 195.40.1.36
X-Ascend-Client-Assign-DNS = 1
Service-Type = Framed-User
Proxy-State = 0x3135
Processing the post-proxy section of radiusd.conf
modcall: entering group post-proxy for request 1
radius_xlat:
'/opt/freeradius102/var/log/radius/radacct/212.135.9.6/post-proxy-detail-200
50805'
rlm_detail:
/opt/freeradius102/var/log/radius/radacct/%{Client-IP-Address}/post-proxy-de
tail-%Y%m%d expands to
/opt/freeradius102/var/log/radius/radacct/212.135.9.6/post-proxy-detail-2005
0805
modcall[post-proxy]: module "post_proxy_log" returns ok for request 1
modcall[post-proxy]: module "eap" returns noop for request 1
modcall: group post-proxy returns ok for request 1
authorize: Skipping authorize in post-proxy stage
rad_check_password: Found Auth-Type
rad_check_password: Auth-Type = Accept, accepting the user
Sending Access-Accept of id 15 to 212.135.9.6:1499
Framed-Protocol = PPP
Framed-IP-Address = 87.81.112.13
Framed-IP-Netmask = 255.255.255.255
X-Ascend-Client-Primary-DNS = 212.135.1.36
X-Ascend-Client-Secondary-DNS = 195.40.1.36
X-Ascend-Client-Assign-DNS = 1
Service-Type = Framed-User
----------------- ACCT:
rad_recv: Accounting-Request packet from host 212.135.9.6:1512, id=29,
length=117
User-Name = "exampleuser at dsl3.ukonline.co.uk"
Service-Type = Framed-User
NAS-IP-Address = 82.108.57.17
NAS-Port = 1234
NAS-Port-Type = Async
Acct-Session-Id = "00001234"
Acct-Status-Type = Start
Called-Station-Id = "123456789"
Calling-Station-Id = "987654321"
Acct-Delay-Time = 0
Processing the preacct section of radiusd.conf
modcall: entering group preacct for request 2
modcall[preacct]: module "preprocess" returns noop for request 2
rlm_acct_unique: Hashing 'NAS-Port = 1234,Client-IP-Address =
212.135.9.6,NAS-IP-Address = 82.108.57.17,Acct-Session-Id =
"00001234",User-Name = "exampleuser at dsl3.ukonline.co.uk"'
rlm_acct_unique: Acct-Unique-Session-ID = "d0c84fbbd11b50cb".
modcall[preacct]: module "acct_unique" returns ok for request 2
rlm_realm: Looking up realm "dsl3.ukonline.co.uk" for User-Name =
"exampleuser at dsl3.ukonline.co.uk"
rlm_realm: No such realm "dsl3.ukonline.co.uk"
modcall[preacct]: module "suffix" returns noop for request 2
modcall[preacct]: module "files" returns noop for request 2
modcall: group preacct returns ok for request 2
Processing the accounting section of radiusd.conf
modcall: entering group accounting for request 2
radius_xlat:
'/opt/freeradius102/var/log/radius/radacct/212.135.9.6/detail-20050805'
rlm_detail:
/opt/freeradius102/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d
expands to
/opt/freeradius102/var/log/radius/radacct/212.135.9.6/detail-20050805
modcall[accounting]: module "detail" returns ok for request 2
modcall[accounting]: module "unix" returns ok for request 2
radius_xlat: '/opt/freeradius102/var/log/radius/radutmp'
radius_xlat: 'exampleuser at dsl3.ukonline.co.uk'
modcall[accounting]: module "radutmp" returns ok for request 2
modcall: group accounting returns ok for request 2
Sending Accounting-Response of id 29 to 212.135.9.6:1512
Finished request 2
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Accounting-Request packet from host 212.135.9.6:1512, id=30,
length=135
User-Name = "exampleuser at dsl3.ukonline.co.uk"
Service-Type = Framed-User
NAS-IP-Address = 82.108.57.17
NAS-Port = 1234
NAS-Port-Type = Async
Acct-Session-Id = "00001234"
Acct-Status-Type = Stop
Called-Station-Id = "123456789"
Calling-Station-Id = "987654321"
Acct-Delay-Time = 0
Acct-Session-Time = 1000
Acct-Input-Octets = 20000
Acct-Output-Octets = 30000
Processing the preacct section of radiusd.conf
modcall: entering group preacct for request 3
modcall[preacct]: module "preprocess" returns noop for request 3
rlm_acct_unique: Hashing 'NAS-Port = 1234,Client-IP-Address =
212.135.9.6,NAS-IP-Address = 82.108.57.17,Acct-Session-Id =
"00001234",User-Name = "exampleuser at dsl3.ukonline.co.uk"'
rlm_acct_unique: Acct-Unique-Session-ID = "d0c84fbbd11b50cb".
modcall[preacct]: module "acct_unique" returns ok for request 3
rlm_realm: Looking up realm "dsl3.ukonline.co.uk" for User-Name =
"exampleuser at dsl3.ukonline.co.uk"
rlm_realm: No such realm "dsl3.ukonline.co.uk"
modcall[preacct]: module "suffix" returns noop for request 3
modcall[preacct]: module "files" returns noop for request 3
modcall: group preacct returns ok for request 3
Processing the accounting section of radiusd.conf
modcall: entering group accounting for request 3
radius_xlat:
'/opt/freeradius102/var/log/radius/radacct/212.135.9.6/detail-20050805'
rlm_detail:
/opt/freeradius102/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d
expands to
/opt/freeradius102/var/log/radius/radacct/212.135.9.6/detail-20050805
modcall[accounting]: module "detail" returns ok for request 3
modcall[accounting]: module "unix" returns ok for request 3
radius_xlat: '/opt/freeradius102/var/log/radius/radutmp'
radius_xlat: 'exampleuser at dsl3.ukonline.co.uk'
modcall[accounting]: module "radutmp" returns ok for request 3
modcall: group accounting returns ok for request 3
Sending Accounting-Response of id 30 to 212.135.9.6:1512
Finished request 3
More information about the Freeradius-Users
mailing list