failed login accounting with dialup admin

kemas k_henry at ramayana.co.id
Fri Feb 2 07:32:46 CET 2007 

update to my fault because not RTFM first.

I add another sql to the sql.conf 

sql sql_failed_reject {
        driver = "rlm_sql_mysql"
        server = "localhost"
        login = "xxx"
        password = "xxx"
        radius_db = "radius"
        postauth_table = "radpostauth"
        authcheck_table = "radcheck"
        authreply_table = "radreply"
        groupcheck_table = "radgroupcheck"
        groupreply_table = "radgroupreply"
        usergroup_table = "usergroup"
        nas_table = "nas"
        safe-characters =
"@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
        acct_table1 = "radacct"
        num_sql_socks = 3
        connect_failure_retry_delay = 60
        postauth_query =  "INSERT into ${acct_table1} (radacctid,
username, nasipaddress, nasportid, acctterminatecause, acctstarttime,
acctstoptime, callingstationid, servicetype, framedprotocol,
framedipaddress,acctauthentic) values ('', '%{User-Name}', '%{NAS-IP-
Address}', '%{NAS-PORT}', '%{reply:Packet-Type}', DATE_SUB('%S',
INTERVAL (%{Acct-Session-Time:-0} + %{Acct-Delay-Time:-0}) SECOND), '%
S', '%{Calling-Station-Id}', '%{Service-Type}', '%{Framed-Protocol}', '%
{Framed-IP-Address}', '%{Acct-Authentic}')"
}

then I put sql_failed_reject to the postauth section in radiusd.conf

post-auth {
        #  Get an address from the IP Pool.
#       main_pool
        reply_log
        sql
#       sql_log
#       ldap
        Post-Auth-Type REJECT {
                #insert-module-name-here
                #sql
                sql_failed_reject
        }
}

modify dialup admin failed login page to check for Access Reject.

that's it, now I can see failed user in dialup admin


thanks for freeradius

===



On Wed, 2007-01-31 at 19:42 +0700, kemas wrote: 
> I have a small accounting problem with freeradius and dialup admin which
> I can't find a way to solve it.
> 
> I've set freeradius to authenticate EAP-TLS, I want to log people who
> failed to authenticate to mysql with rlm_sql, which will show in dialup
> admin failed login page.
> 
> I put in radiusd.con post-auth section the sql module:
> 	Post-Auth-Type REJECT {
>                 #insert-module-name-here
>                 sql
>         }
> 
> the post-auth query in sql.conf:
> 	postauth_query = "INSERT into ${postauth_table} (id, user, pass,
> reply, date) values ('', '%{User-Name}', '%{User-Password:-Chap-
> Password}', '%{reply:Packet-Type}', NOW())"
> 
> 
> the sql query runs well, it put the failed login to the radpostauth
> table but the dialup admin failed login page is searching to the radacct
> table for the failed user which will never find it.
> 
> am I doing the right way to put the sql module inside the post-auth? or
> should I put it in other section?
> 
> I don't want to change the postauth_query but is there any way to add
> another query to put the data to radacct table?
> 
> thanks in advance
> 
> 
> 
> 
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>

More information about the Freeradius-Users mailing list