Accounting logs
Ivan Kalik
tnt at kalik.net
Fri Apr 25 15:45:57 CEST 2008
Is your NAS sending accounting packets?
Ivan Kalik
Kalik Informatika ISP
Dana 25/4/2008, "Sergio Belkin" <sebelk at gmail.com> piše:
>I see any detail-%Y%m%d log files but only auth-detail-%Y%m%d files.
>What am I doing wrong?
>
>My config files:
>
>radiusd.conf:
>
>prefix = /usr/local-2.0.2
>exec_prefix = ${prefix}
>sysconfdir = ${prefix}/etc
>localstatedir = ${prefix}/var
>sbindir = ${exec_prefix}/sbin
>logdir = ${localstatedir}/log/radius
>raddbdir = ${sysconfdir}/raddb
>radacctdir = ${logdir}/radacct
>confdir = ${raddbdir}
>run_dir = ${localstatedir}/run/radiusd
>db_dir = $(raddbdir)
>libdir = ${exec_prefix}/lib
>pidfile = ${run_dir}/radiusd.pid
>user = radiusd
>group = radiusd
>max_request_time = 30
>cleanup_delay = 5
>max_requests = 1024
>listen {
> type = auth
> ipaddr = 190.125.213.5
> port = 0
>}
>listen {
> ipaddr = 190.125.213.5
> port = 0
> type = acct
>}
>hostname_lookups = no
>allow_core_dumps = no
>regular_expressions = yes
>extended_expressions = yes
>log {
> destination = files
> file = ${logdir}/radius.log
> syslog_facility = daemon
> stripped_names = yes
> auth = yes
> auth_badpass = no
> auth_goodpass = no
>}
>checkrad = ${sbindir}/checkrad
>security {
> max_attributes = 190
> reject_delay = 1
> status_server = yes
>}
>proxy_requests = no
>$INCLUDE proxy.conf
>$INCLUDE clients.conf
>snmp = no
>$INCLUDE snmp.conf
>thread pool {
> start_servers = 5
> max_servers = 32
> min_spare_servers = 3
> max_spare_servers = 10
> max_requests_per_server = 0
>}
>modules {
> pap {
> auto_header = yes
> }
> chap {
> authtype = CHAP
> }
> pam {
> pam_auth = radiusd
> }
> unix {
> radwtmp = ${logdir}/radwtmp
> }
>$INCLUDE eap.conf
> mschap {
> }
> ldap {
> server = "ldap.cadorna.biz
> identity = "cn=freeradius,ou=applications,dc=cadorna,dc=biz"
> port = 636
> password = jejeje0essoleplop
> basedn = "ou=people,dc=cadorna,dc=biz"
> filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
> ldap_connections_number = 5
> timeout = 4
> timelimit = 3
> net_timeout = 1
> tls {
> start_tls = no
> cacertfile = /etc/raddb-2.0.2/cacert.pem
> randfile = /dev/urandom
> require_cert = "allow"
> }
> access_attr = "radiusAllowed"
> dictionary_mapping = ${confdir}/ldap.attrmap
> edir_account_policy_check = no
> }
> realm IPASS {
> format = prefix
> delimiter = "/"
> }
> realm suffix {
> format = suffix
> delimiter = "@"
> }
> realm realmpercent {
> format = suffix
> delimiter = "%"
> }
> realm ntdomain {
> format = prefix
> delimiter = "\\"
> }
> checkval {
> item-name = Calling-Station-Id
> check-name = Calling-Station-Id
> data-type = string
> }
>
> preprocess {
> huntgroups = ${confdir}/huntgroups
> hints = ${confdir}/hints
> with_ascend_hack = no
> ascend_channels_per_line = 23
> with_ntdomain_hack = no
> with_specialix_jetstream_hack = no
> with_cisco_vsa_hack = no
> }
> files {
> usersfile = ${confdir}/users
> acctusersfile = ${confdir}/acct_users
> preproxy_usersfile = ${confdir}/preproxy_users
> compat = no
> }
> detail {
> detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d
> detailperm = 0600
> header = "%t"
> suppress {
> User-Password
> }
> }
> detail auth_log {
> detailfile = ${radacctdir}/%{Client-IP-Address}/auth-detail-%Y%m%d
> suppress {
> User-Password
> }
> }
> acct_unique {
> key = "User-Name, Acct-Session-Id, NAS-IP-Address,
>Client-IP-Address, NAS-Port"
> }
> $INCLUDE sql.conf
>
> radutmp {
> filename = ${logdir}/radutmp
> username = %{User-Name}
> case_sensitive = yes
> check_with_nas = yes
> perm = 0600
> callerid = "yes"
> }
> radutmp sradutmp {
> filename = ${logdir}/sradutmp
> perm = 0644
> callerid = "no"
> }
> attr_filter attr_filter.post-proxy {
> attrsfile = ${confdir}/attrs
> }
> attr_filter attr_filter.pre-proxy {
> attrsfile = ${confdir}/attrs.pre-proxy
> }
> attr_filter attr_filter.access_reject {
> key = %{User-Name}
> attrsfile = ${confdir}/attrs.access_reject
> }
> attr_filter attr_filter.accounting_response {
> key = %{User-Name}
> attrsfile = ${confdir}/attrs.accounting_response
> }
> counter daily {
> filename = ${db_dir}/db.daily
> key = User-Name
> count-attribute = Acct-Session-Time
> reset = daily
> counter-name = Daily-Session-Time
> check-name = Max-Daily-Session
> reply-name = Session-Timeout
> allowed-servicetype = Framed-User
> cache-size = 5000
> }
> $INCLUDE sql/mysql/counter.conf
> always fail {
> rcode = fail
> }
> always reject {
> rcode = reject
> }
> always noop {
> rcode = noop
> }
> always handled {
> rcode = handled
> }
> always updated {
> rcode = updated
> }
> always notfound {
> rcode = notfound
> }
> always ok {
> rcode = ok
> simulcount = 0
> mpp = no
> }
> expr {
> }
> digest {
> }
> expiration {
> reply-message = "Password Has Expired\r\n"
> }
> logintime {
> reply-message = "You are calling outside your allowed timespan\r\n"
> minimum-timeout = 60
> }
> exec {
> wait = yes
> input_pairs = request
> shell_escape = yes
> output = none
> }
> exec echo {
> wait = yes
> program = "/bin/echo %{User-Name}"
> input_pairs = request
> output_pairs = reply
> shell_escape = yes
> }
> ippool main_pool {
> range-start = 192.168.1.1
> range-stop = 192.168.3.254
> netmask = 255.255.255.0
> cache-size = 800
> session-db = ${db_dir}/db.ippool
> ip-index = ${db_dir}/db.ipindex
> override = no
> maximum-timeout = 0
> }
> policy {
> filename = ${confdir}/policy.txt
> }
>}
>instantiate {
> exec
> expr
> expiration
> logintime
>}
>$INCLUDE policy.conf
>$INCLUDE sites-enabled/
>
>
>EOF
>
>acct_users:
>
>DEFAULT Ldap-UserDN = `uid=%{User-Name},ou=people,dc=cadorna,dc=biz`
>
>EOF
>
>sites-enabled/default:
>
>authorize {
> preprocess
> auth_log
> chap
> mschap
> suffix
> eap {
> ok = return
> }
> unix
> files
> ldap
> expiration
> logintime
> pap
>}
>authenticate {
> Auth-Type PAP {
> pap
> }
> Auth-Type CHAP {
> chap
> }
> Auth-Type MS-CHAP {
> mschap
> }
> unix
> Auth-Type LDAP {
> ldap
> }
> eap
>}
>preacct {
> preprocess
> acct_unique
> suffix
> files
>}
>accounting {
> detail
> unix
> radutmp
> attr_filter.accounting_response
>}
>session {
> radutmp
>}
>post-auth {
> Post-Auth-Type REJECT {
> attr_filter.access_reject
> }
>}
>pre-proxy {
>}
>post-proxy {
> eap
>}
>
>EOF
>
>thanks in advance!
>
>
>--
>--
>Open Kairos http://www.openkairos.com
>Watch More TV http://sebelk.blogspot.com
>Sergio Belkin -
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
More information about the Freeradius-Users
mailing list