Freeradius .. EAP/PEAP ... no accounting
Guy Davies
Guy.Davies at telindus.co.uk
Wed Nov 9 13:37:18 CET 2005
Is your AP configured to send accounting information? Many don't do
this by default. You will have to set it and tell it to use the same
RADIUS server for accounting.
Rgds,
Guy
-----Original Message-----
From: freeradius-users-bounces at lists.freeradius.org
[mailto:freeradius-users-bounces at lists.freeradius.org] On Behalf Of
Simone
Sent: 09 November 2005 12:11
To: freeradius-users at lists.freeradius.org
Subject: Freeradius .. EAP/PEAP ... no accounting
hi all..
I have installed a freeradius 1.0.5..
For my project i need to use it for authenticate and log (accounting)
the wi-fi customer on an area of my city..
All is done ok.. the Hot-spot is configured for work with Radius using
WPA - EAP using PEAP and radius..
Freeradius is configured with TLS and PEAP and the authentication way
working correctly..
I'm able to use my winXp client with Wi-fi.. connecting to the Hotspot
and get the IP address via DHCP.. all great..
DAMN !!! freeradius don't log the accounting and i don't find what is
the problem.. all the config on radiusd.conf about auth and accounting
seem to be ok..
Some part of radiusd.conf
===============
prefix = /usr/local
exec_prefix = ${prefix}
sysconfdir = ${prefix}/etc
localstatedir = ${prefix}/var
sbindir = ${exec_prefix}/sbin
logdir = ${localstatedir}/log/radius
raddbdir = ${sysconfdir}/raddb
radacctdir = ${logdir}/radacct
# Location of config and logfiles.
confdir = ${raddbdir}
run_dir = ${localstatedir}/run/radiusd
#
# The logging messages for the server are appended to the # tail of
this file.
#
log_file = ${logdir}/radius.log
.......
.......
# Log the full User-Name attribute, as it was found in the request.
#
# allowed values: {no, yes}
#
log_stripped_names = yes
# Log authentication requests to the log file.
#
# allowed values: {no, yes}
#
log_auth = yes
# Log passwords with the authentication requests.
# log_auth_badpass - logs password if it's rejected #
log_auth_goodpass - logs password if it's correct # # allowed values:
{no, yes} # log_auth_badpass = yes log_auth_goodpass = yes .........
.........
# Write a detailed log of all accounting records received.
#
detail {
# Note that we do NOT use NAS-IP-Address here, as
# that attribute MAY BE from the originating NAS, and
# NOT from the proxy which actually sent us the
# request. The Client-IP-Address attribute is ALWAYS
# the address of the client which sent us the
# request.
#
# The following line creates a new detail file for
# every radius client (by IP address or hostname).
# In addition, a new detail file is created every
# day, so that the detail file doesn't have to go
# through a 'log rotation'
#
# If your detail files are large, you may also want
# to add a ':%H' (see doc/variables.txt) to the end
# of it, to create a new detail file every hour, e.g.:
#
# ..../detail-%Y%m%d:%H
#
# This will create a new detail file for every hour.
#
detailfile =
${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d
#
# The Unix-style permissions on the 'detail' file.
#
# The detail file often contains secret or private
# information about users. So by keeping the file
# permissions restrictive, we can prevent unwanted
# people from seeing that information.
detailperm = 0600
}
#
# Many people want to log authentication requests.
# Rather than modifying the server core to print out more
# messages, we can use a different instance of the 'detail'
# module, to log the authentication requests to a file.
#
# You will also need to un-comment the 'auth_log' line
# in the 'authorize' section, below.
#
detail auth_log {
detailfile =
${radacctdir}/%{Client-IP-Address}/auth-detail-%Y%m%d
#
# This MUST be 0600, otherwise anyone can read
# the users passwords!
detailperm = 0600
}
...........
...........
#
# Accounting. Log the accounting data.
#
accounting {
#
# Create a 'detail'ed log of the packets.
# Note that accounting requests which are proxied
# are also logged in the detail file.
detail
# daily
# Update the wtmp file
#
# If you don't use "radlast", you can delete this line.
unix
#
# For Simultaneous-Use tracking.
#
# Due to packet losses in the network, the data here
# may be incorrect. There is little we can do about it.
radutmp
# sradutmp
# Return an address to the IP Pool when we see a stop record.
# main_pool
#
# Log traffic to an SQL database.
#
# See "Accounting queries" in sql.conf
# sql
# Cisco VoIP specific bulk accounting
# pgsql-voip
}
=============================
Anyone could tell me .. "stupid here the error" :))
thanks for help..
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
This e-mail is private and may be confidential and is for the intended recipient only. If misdirected, please notify us by telephone and confirm that it has been deleted from your system and any copies destroyed. If you are not the intended recipient you are strictly prohibited from using, printing, copying, distributing or disseminating this e-mail or any information contained in it. We use reasonable endeavours to virus scan all e-mails leaving the Company but no warranty is given that this e-mail and any attachments are virus free. You should undertake your own virus checking. The right to monitor e-mail communications through our network is reserved by us.
More information about the Freeradius-Users
mailing list