Logging based on port request came in on

Walt Reynolds waltr at umich.edu
Wed Mar 7 12:41:47 CET 2007 

So is there any way to use Packet-Dst-Port attribute in the freeradius 
internal dictionary?

Walt Reynolds wrote:
> 
>> Date: Wed, 28 Feb 2007 19:35:48 +0000
>> From: Phil Mayers <p.mayers at imperial.ac.uk>
>> Subject: Re: Logging based on port request came in on
>> To: FreeRadius users mailing list
>>     <freeradius-users at lists.freeradius.org>
>> Message-ID: <45E5D994.2070801 at imperial.ac.uk>
>> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>>
>> Walt Reynolds wrote:
>>> Hello,
>>>
>>> I have freeradius 1.1.2 set up to listen on both ports 1812/1813 and 
>>> 1645/1646.  This is simply to separate user and admin login.  What I 
>>> would like to do is to add logging based on the port.  I could add  
>>> %{NAS-Port-Type} to the Detail such as:
>>>
>>> detailfile = ${radacctdir}/%{NAS-Port-Type}/auth-detail-%Y%m%d
>>>
>>> The problem with doing this as it uses the string "Wireless-802.11" 
>>> or "Virtual".  I would instead like to use the port the request came 
>>> in on 
>>
>> NAS-Port-Type is, as you've discovered, the port type of the session 
>> being authenticated/accounted
>>
>>> (1812 or 1645) or even modify that string value.  I tried to add the 
>>> string %(request:Packet-Dst-Port) (from the 
>>> dictionary.freeradius.internal) in the detailfile, but comes back blank.
>>
> 
> Since it is in this dictionary, is there something I would have to do
> 
>> You'll need a sufficiently recent version of the server for that to 
>> work, and IIRC the "preprocess" module needs to be run (you should 
>> always run it)
> 
> Well, I am using 1.1..2 version of Freeradius.  I also am preprocessing, 
> though I am not sure that would be needed here.  As this is a variable 
> defined in the dictionary file, I was under the impression that I could 
> use it.
> 
> Either way, here is the section from the config:
> 
>         preprocess {
>                 huntgroups = ${confdir}/huntgroups
>                 hints = ${confdir}/hints
>                 with_cisco_vsa_hack = yes
>         }
> 
> I had added this to the hints files as well, but did not seem do anything:
> 
> 
>>
>>> Am I misreading this in some way.  I assume that internally 
>>> freeradius knows what port the request came in on.
>>
>> What version are you running?
>>
>>
> 
> 1.1.2
> 
> 
> 

-- 
Walt Reynolds
Principle Systems Security Development Engineer
Information Technology Central Services
University of Michigan
(734) 615-9438

More information about the Freeradius-Users mailing list