Freeradius .. EAP/PEAP ... no accounting

Simone mimmo at ats.it
Wed Nov 9 13:11:26 CET 2005


hi all..

I have installed a freeradius 1.0.5..
For my project i need to use it for authenticate and log (accounting)
the wi-fi customer on an area of my city..
All is done ok.. the Hot-spot is configured for work with Radius using
WPA - EAP using PEAP and radius..
Freeradius is configured with TLS and PEAP and the authentication way
working correctly..
I'm able to use my winXp client with Wi-fi.. connecting to the Hotspot
and get the IP address via DHCP.. all great..

DAMN !!! freeradius don't log the accounting and i don't find what is
the problem.. all the config on radiusd.conf about auth and accounting
seem to be ok..

Some part of radiusd.conf

===============
prefix = /usr/local
exec_prefix = ${prefix}
sysconfdir = ${prefix}/etc
localstatedir = ${prefix}/var
sbindir = ${exec_prefix}/sbin
logdir = ${localstatedir}/log/radius
raddbdir = ${sysconfdir}/raddb
radacctdir = ${logdir}/radacct

#  Location of config and logfiles.
confdir = ${raddbdir}
run_dir = ${localstatedir}/run/radiusd

#
#  The logging messages for the server are appended to the
#  tail of this file.
#
log_file = ${logdir}/radius.log
.......
.......
#  Log the full User-Name attribute, as it was found in the request.
#
# allowed values: {no, yes}
#
log_stripped_names = yes

#  Log authentication requests to the log file.
#
#  allowed values: {no, yes}
#
log_auth = yes

#  Log passwords with the authentication requests.
#  log_auth_badpass  - logs password if it's rejected
#  log_auth_goodpass - logs password if it's correct
#
#  allowed values: {no, yes}
#
log_auth_badpass = yes
log_auth_goodpass = yes
.........
.........
# Write a detailed log of all accounting records received.
        #
        detail {
                #  Note that we do NOT use NAS-IP-Address here, as
                #  that attribute MAY BE from the originating NAS, and
                #  NOT from the proxy which actually sent us the
                #  request.  The Client-IP-Address attribute is ALWAYS
                #  the address of the client which sent us the
                #  request.
                #
                #  The following line creates a new detail file for
                #  every radius client (by IP address or hostname).
                #  In addition, a new detail file is created every
                #  day, so that the detail file doesn't have to go
                #  through a 'log rotation'
                #
                #  If your detail files are large, you may also want
                #  to add a ':%H' (see doc/variables.txt) to the end
                #  of it, to create a new detail file every hour, e.g.:
                #
                #   ..../detail-%Y%m%d:%H
                #
                #  This will create a new detail file for every hour.
                #
                detailfile =
${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d

                #
                #  The Unix-style permissions on the 'detail' file.
                #
                #  The detail file often contains secret or private
                #  information about users.  So by keeping the file
                #  permissions restrictive, we can prevent unwanted
                #  people from seeing that information.
                detailperm = 0600
        }

        #
        #  Many people want to log authentication requests.
        #  Rather than modifying the server core to print out more
        #  messages, we can use a different instance of the 'detail'
        #  module, to log the authentication requests to a file.
        #
        #  You will also need to un-comment the 'auth_log' line
        #  in the 'authorize' section, below.
        #
        detail auth_log {
                detailfile =
${radacctdir}/%{Client-IP-Address}/auth-detail-%Y%m%d

                #
                #  This MUST be 0600, otherwise anyone can read
                #  the users passwords!
                detailperm = 0600
        }


...........
...........

#
#  Accounting.  Log the accounting data.
#
accounting {
        #
        #  Create a 'detail'ed log of the packets.
        #  Note that accounting requests which are proxied
        #  are also logged in the detail file.
        detail
#       daily

        #  Update the wtmp file
        #
        #  If you don't use "radlast", you can delete this line.
        unix

        #
        #  For Simultaneous-Use tracking.
        #
        #  Due to packet losses in the network, the data here
        #  may be incorrect.  There is little we can do about it.
        radutmp
#       sradutmp

        #  Return an address to the IP Pool when we see a stop record.
#       main_pool

        #
        #  Log traffic to an SQL database.
        #
        #  See "Accounting queries" in sql.conf
#       sql


        #  Cisco VoIP specific bulk accounting
#       pgsql-voip

}
=============================

Anyone could tell me .. "stupid here the error" :))

thanks for help..




More information about the Freeradius-Users mailing list