FW: how to force NAS-port info in accounting-start, for radutmp to work ok

Radu IONESCU iradu at unitbv.ro
Sat Nov 18 13:20:46 CET 2006


as I had no answers on this thread, I'm just updating it: 
with an arbitrary NAS-port attribute entry in hints, radutmp is ok, radwho
is working and Simultaneous-Use attribute has an effect; however the setup
should be refined by implying checkrad, which does not work for NAS type
'other';
ri 

-----Original Message-----
Sent: 15 noiembrie 2006 16:15
To: 'freeradius-users at lists.freeradius.org'
Subject: how to force NAS-port info in accounting-start, for radutmp to work
ok


I have installed freeradius-1.0.5-1.2 on FC-5, and I intend to use
Freeradius with only one NAS - ZyXEL VSG-1200 - a subscriber gateway for
wire/wireless campus access zone.
The NAS is defined in clients.conf file as "nastype = other".
The VSAs are working ok.
It seems that the NAS, doesn't include the NAS-Port attribute (Integer) in
the accounting packets, so RADIUS accounting process  doesn't write into
radwtm/radutmp files (radwho outputs no data), and Simultaneous-Use check is
not effective:

  rlm_radutmp: No NAS-Port seen.  Cannot do anything.
  rlm_radumtp: WARNING: checkrad will probably not work!

Is there a workaround for this, I mean on the RADIUS host?
Thank you for any help!

ri

Following is a radiusd -X output for a current accounting request:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
rad_recv: Accounting-Request packet from host 192.168.19.226:10661, id=7,
length=136
        User-Name = "pcrist"
        Acct-Status-Type = Alive
        Acct-Delay-Time = 0
        Acct-Session-Id = "0050fce8552031000000"
        NAS-IP-Address = 192.168.19.226
        NAS-Identifier = "vsg"
        Framed-IP-Address = 10.59.1.2
        Calling-Station-Id = "00-50-FC-E8-55-20"
        Called-Station-Id = "00-13-49-6F-EE-C4"
  Processing the preacct section of radiusd.conf
modcall: entering group preacct for request 21
  modcall[preacct]: module "preprocess" returns noop for request 21
rlm_acct_unique: Hashing 'Client-IP-Address = 192.168.19.226,NAS-IP-Address
= 192.168.19.226,Acct-Session-Id =  "0050fce8552031000000",User-Name =
"pcrist"'
rlm_acct_unique: Acct-Unique-Session-ID = "c425325ee3d8e6fc".
  modcall[preacct]: module "acct_unique" returns ok for request 21
  modcall[preacct]: module "files" returns noop for request 21
modcall: group preacct returns ok for request 21
  Processing the accounting section of radiusd.conf
modcall: entering group accounting for request 21
radius_xlat:  '/var/log/radius/radacct/192.168.19.226/detail-20061115'
rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d
expands to  /var/log/radius/radacct/192.168.19.226/detail-20061115
  modcall[accounting]: module "detail" returns ok for request 21
  modcall[accounting]: module "unix" returns noop for request 21
radius_xlat:  '/var/log/radius/radutmp'
radius_xlat:  'pcrist'
  rlm_radutmp: No NAS-Port seen.  Cannot do anything.
  rlm_radumtp: WARNING: checkrad will probably not work!
  modcall[accounting]: module "radutmp" returns noop for request 21
modcall: group accounting returns ok for request 21 Sending
Accounting-Response of id 7 to 192.168.19.226:10661 Finished request 21
Going to the next request ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


and this is a radiusd -X output when I simulate an accounting packet with
NTRadPing, forcing an attribute of NAS-port=1:


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
rad_recv: Accounting-Request packet from host 192.168.19.11:3828, id=4,
length=43
        User-Name = "dani"
        Acct-Status-Type = Start
        Acct-Session-Id = "460"
        NAS-Port = 1
  Processing the preacct section of radiusd.conf
modcall: entering group preacct for request 22
  modcall[preacct]: module "preprocess" returns noop for request 22
rlm_acct_unique: Hashing 'Client-IP-Address = 192.168.19.11,NAS-IP-Address =
192.168.19.11,Acct-Session-Id = "460",User-Name  = "dani"'
rlm_acct_unique: Acct-Unique-Session-ID = "45e816fe4586d71f".
  modcall[preacct]: module "acct_unique" returns ok for request 22
  modcall[preacct]: module "files" returns noop for request 22
modcall: group preacct returns ok for request 22
  Processing the accounting section of radiusd.conf
modcall: entering group accounting for request 22
radius_xlat:  '/var/log/radius/radacct/192.168.19.11/detail-20061115'
rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d
expands to  /var/log/radius/radacct/192.168.19.11/detail-20061115
  modcall[accounting]: module "detail" returns ok for request 22
  modcall[accounting]: module "unix" returns ok for request 22
radius_xlat:  '/var/log/radius/radutmp'
radius_xlat:  'dani'
  modcall[accounting]: module "radutmp" returns ok for request 22
modcall: group accounting returns ok for request 22 Sending
Accounting-Response of id 4 to 192.168.19.11:3828 Finished request 22 Going
to the next request
--- Walking the entire request list ---
Cleaning up request 22 ID 4 with timestamp 455b108c Nothing to do.  Sleeping
until we see a request.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

the above seems ok, as I have now an entry in radutmp:

# radwho
Login      Name              What  TTY  When      From      Location
dani       dani              shell S1   Wed 15:05 193.254.2 

and an authentication packet sent with NTRadPing with the same user-name
'dani' gets an 'Access-Reject' response:

'You are already logged in - access denied'

So, Simultaneous-Use works ok for me if NAS includes NAS-port attribute in
accounting start packet.

I wrote to ZyXEL with no much hope for an answer, so I am looking for a
FreeRADIUS workaround on the host installation.
---


/  Universitatea TRANSILVANIA Brasov  /

-- 
virus checked - cciu unitbv




More information about the Freeradius-Users mailing list