FW: how to force NAS-port info in accounting-start, for radutmp to work ok
Radu IONESCU
iradu at unitbv.ro
Sat Nov 18 13:20:46 CET 2006
as I had no answers on this thread, I'm just updating it:
with an arbitrary NAS-port attribute entry in hints, radutmp is ok, radwho
is working and Simultaneous-Use attribute has an effect; however the setup
should be refined by implying checkrad, which does not work for NAS type
'other';
ri
-----Original Message-----
Sent: 15 noiembrie 2006 16:15
To: 'freeradius-users at lists.freeradius.org'
Subject: how to force NAS-port info in accounting-start, for radutmp to work
ok
I have installed freeradius-1.0.5-1.2 on FC-5, and I intend to use
Freeradius with only one NAS - ZyXEL VSG-1200 - a subscriber gateway for
wire/wireless campus access zone.
The NAS is defined in clients.conf file as "nastype = other".
The VSAs are working ok.
It seems that the NAS, doesn't include the NAS-Port attribute (Integer) in
the accounting packets, so RADIUS accounting process doesn't write into
radwtm/radutmp files (radwho outputs no data), and Simultaneous-Use check is
not effective:
rlm_radutmp: No NAS-Port seen. Cannot do anything.
rlm_radumtp: WARNING: checkrad will probably not work!
Is there a workaround for this, I mean on the RADIUS host?
Thank you for any help!
ri
Following is a radiusd -X output for a current accounting request:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
rad_recv: Accounting-Request packet from host 192.168.19.226:10661, id=7,
length=136
User-Name = "pcrist"
Acct-Status-Type = Alive
Acct-Delay-Time = 0
Acct-Session-Id = "0050fce8552031000000"
NAS-IP-Address = 192.168.19.226
NAS-Identifier = "vsg"
Framed-IP-Address = 10.59.1.2
Calling-Station-Id = "00-50-FC-E8-55-20"
Called-Station-Id = "00-13-49-6F-EE-C4"
Processing the preacct section of radiusd.conf
modcall: entering group preacct for request 21
modcall[preacct]: module "preprocess" returns noop for request 21
rlm_acct_unique: Hashing 'Client-IP-Address = 192.168.19.226,NAS-IP-Address
= 192.168.19.226,Acct-Session-Id = "0050fce8552031000000",User-Name =
"pcrist"'
rlm_acct_unique: Acct-Unique-Session-ID = "c425325ee3d8e6fc".
modcall[preacct]: module "acct_unique" returns ok for request 21
modcall[preacct]: module "files" returns noop for request 21
modcall: group preacct returns ok for request 21
Processing the accounting section of radiusd.conf
modcall: entering group accounting for request 21
radius_xlat: '/var/log/radius/radacct/192.168.19.226/detail-20061115'
rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d
expands to /var/log/radius/radacct/192.168.19.226/detail-20061115
modcall[accounting]: module "detail" returns ok for request 21
modcall[accounting]: module "unix" returns noop for request 21
radius_xlat: '/var/log/radius/radutmp'
radius_xlat: 'pcrist'
rlm_radutmp: No NAS-Port seen. Cannot do anything.
rlm_radumtp: WARNING: checkrad will probably not work!
modcall[accounting]: module "radutmp" returns noop for request 21
modcall: group accounting returns ok for request 21 Sending
Accounting-Response of id 7 to 192.168.19.226:10661 Finished request 21
Going to the next request ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
and this is a radiusd -X output when I simulate an accounting packet with
NTRadPing, forcing an attribute of NAS-port=1:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
rad_recv: Accounting-Request packet from host 192.168.19.11:3828, id=4,
length=43
User-Name = "dani"
Acct-Status-Type = Start
Acct-Session-Id = "460"
NAS-Port = 1
Processing the preacct section of radiusd.conf
modcall: entering group preacct for request 22
modcall[preacct]: module "preprocess" returns noop for request 22
rlm_acct_unique: Hashing 'Client-IP-Address = 192.168.19.11,NAS-IP-Address =
192.168.19.11,Acct-Session-Id = "460",User-Name = "dani"'
rlm_acct_unique: Acct-Unique-Session-ID = "45e816fe4586d71f".
modcall[preacct]: module "acct_unique" returns ok for request 22
modcall[preacct]: module "files" returns noop for request 22
modcall: group preacct returns ok for request 22
Processing the accounting section of radiusd.conf
modcall: entering group accounting for request 22
radius_xlat: '/var/log/radius/radacct/192.168.19.11/detail-20061115'
rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d
expands to /var/log/radius/radacct/192.168.19.11/detail-20061115
modcall[accounting]: module "detail" returns ok for request 22
modcall[accounting]: module "unix" returns ok for request 22
radius_xlat: '/var/log/radius/radutmp'
radius_xlat: 'dani'
modcall[accounting]: module "radutmp" returns ok for request 22
modcall: group accounting returns ok for request 22 Sending
Accounting-Response of id 4 to 192.168.19.11:3828 Finished request 22 Going
to the next request
--- Walking the entire request list ---
Cleaning up request 22 ID 4 with timestamp 455b108c Nothing to do. Sleeping
until we see a request.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
the above seems ok, as I have now an entry in radutmp:
# radwho
Login Name What TTY When From Location
dani dani shell S1 Wed 15:05 193.254.2
and an authentication packet sent with NTRadPing with the same user-name
'dani' gets an 'Access-Reject' response:
'You are already logged in - access denied'
So, Simultaneous-Use works ok for me if NAS includes NAS-port attribute in
accounting start packet.
I wrote to ZyXEL with no much hope for an answer, so I am looking for a
FreeRADIUS workaround on the host installation.
---
/ Universitatea TRANSILVANIA Brasov /
--
virus checked - cciu unitbv
More information about the Freeradius-Users
mailing list