Accounting logs

Sergio Belkin sebelk at gmail.com
Fri Apr 25 17:22:04 CEST 2008


Good Point :D
Port 1813  is filtered, thanks Ivan I'll see if modifying that it works.

2008/4/25, Ivan Kalik <tnt at kalik.net>:
> Is your NAS sending accounting packets?
>
>  Ivan Kalik
>  Kalik Informatika ISP
>
>
>  Dana 25/4/2008, "Sergio Belkin" <sebelk at gmail.com> piše:
>
>
>  >I see any detail-%Y%m%d log files but only auth-detail-%Y%m%d files.
>  >What am I doing wrong?
>  >
>  >My config files:
>  >
>  >radiusd.conf:
>  >
>  >prefix = /usr/local-2.0.2
>  >exec_prefix = ${prefix}
>  >sysconfdir = ${prefix}/etc
>  >localstatedir = ${prefix}/var
>  >sbindir = ${exec_prefix}/sbin
>  >logdir = ${localstatedir}/log/radius
>  >raddbdir = ${sysconfdir}/raddb
>  >radacctdir = ${logdir}/radacct
>  >confdir = ${raddbdir}
>  >run_dir = ${localstatedir}/run/radiusd
>  >db_dir = $(raddbdir)
>  >libdir = ${exec_prefix}/lib
>  >pidfile = ${run_dir}/radiusd.pid
>  >user = radiusd
>  >group = radiusd
>  >max_request_time = 30
>  >cleanup_delay = 5
>  >max_requests = 1024
>  >listen {
>  >       type = auth
>  >       ipaddr = 190.125.213.5
>  >       port = 0
>  >}
>  >listen {
>  >       ipaddr = 190.125.213.5
>  >       port = 0
>  >       type = acct
>  >}
>  >hostname_lookups = no
>  >allow_core_dumps = no
>  >regular_expressions    = yes
>  >extended_expressions   = yes
>  >log {
>  >       destination = files
>  >       file = ${logdir}/radius.log
>  >       syslog_facility = daemon
>  >       stripped_names = yes
>  >       auth = yes
>  >       auth_badpass = no
>  >       auth_goodpass = no
>  >}
>  >checkrad = ${sbindir}/checkrad
>  >security {
>  >       max_attributes = 190
>  >       reject_delay = 1
>  >       status_server = yes
>  >}
>  >proxy_requests  = no
>  >$INCLUDE proxy.conf
>  >$INCLUDE clients.conf
>  >snmp   = no
>  >$INCLUDE snmp.conf
>  >thread pool {
>  >       start_servers = 5
>  >       max_servers = 32
>  >       min_spare_servers = 3
>  >       max_spare_servers = 10
>  >       max_requests_per_server = 0
>  >}
>  >modules {
>  >       pap {
>  >               auto_header = yes
>  >       }
>  >       chap {
>  >               authtype = CHAP
>  >       }
>  >       pam {
>  >               pam_auth = radiusd
>  >       }
>  >       unix {
>  >               radwtmp = ${logdir}/radwtmp
>  >       }
>  >$INCLUDE eap.conf
>  >       mschap {
>  >       }
>  >       ldap {
>  >               server = "ldap.cadorna.biz
>  >               identity = "cn=freeradius,ou=applications,dc=cadorna,dc=biz"
>  >               port = 636
>  >               password = jejeje0essoleplop
>  >               basedn = "ou=people,dc=cadorna,dc=biz"
>  >               filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
>  >               ldap_connections_number = 5
>  >               timeout = 4
>  >               timelimit = 3
>  >               net_timeout = 1
>  >               tls {
>  >                       start_tls = no
>  >                       cacertfile      = /etc/raddb-2.0.2/cacert.pem
>  >                       randfile                = /dev/urandom
>  >                       require_cert    = "allow"
>  >               }
>  >               access_attr = "radiusAllowed"
>  >               dictionary_mapping = ${confdir}/ldap.attrmap
>  >               edir_account_policy_check = no
>  >       }
>  >       realm IPASS {
>  >               format = prefix
>  >               delimiter = "/"
>  >       }
>  >       realm suffix {
>  >               format = suffix
>  >               delimiter = "@"
>  >       }
>  >       realm realmpercent {
>  >               format = suffix
>  >               delimiter = "%"
>  >       }
>  >       realm ntdomain {
>  >               format = prefix
>  >               delimiter = "\\"
>  >       }
>  >       checkval {
>  >               item-name = Calling-Station-Id
>  >               check-name = Calling-Station-Id
>  >               data-type = string
>  >       }
>  >
>  >       preprocess {
>  >               huntgroups = ${confdir}/huntgroups
>  >               hints = ${confdir}/hints
>  >               with_ascend_hack = no
>  >               ascend_channels_per_line = 23
>  >               with_ntdomain_hack = no
>  >               with_specialix_jetstream_hack = no
>  >               with_cisco_vsa_hack = no
>  >       }
>  >       files {
>  >               usersfile = ${confdir}/users
>  >               acctusersfile = ${confdir}/acct_users
>  >               preproxy_usersfile = ${confdir}/preproxy_users
>  >               compat = no
>  >       }
>  >       detail {
>  >               detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d
>  >               detailperm = 0600
>  >               header = "%t"
>  >               suppress {
>  >                        User-Password
>  >               }
>  >       }
>  >        detail auth_log {
>  >                detailfile = ${radacctdir}/%{Client-IP-Address}/auth-detail-%Y%m%d
>  >               suppress {
>  >                        User-Password
>  >               }
>  >        }
>  >       acct_unique {
>  >               key = "User-Name, Acct-Session-Id, NAS-IP-Address,
>  >Client-IP-Address, NAS-Port"
>  >       }
>  >       $INCLUDE sql.conf
>  >
>  >       radutmp {
>  >               filename = ${logdir}/radutmp
>  >               username = %{User-Name}
>  >               case_sensitive = yes
>  >               check_with_nas = yes
>  >               perm = 0600
>  >               callerid = "yes"
>  >       }
>  >       radutmp sradutmp {
>  >               filename = ${logdir}/sradutmp
>  >               perm = 0644
>  >               callerid = "no"
>  >       }
>  >       attr_filter attr_filter.post-proxy {
>  >               attrsfile = ${confdir}/attrs
>  >       }
>  >       attr_filter attr_filter.pre-proxy {
>  >               attrsfile = ${confdir}/attrs.pre-proxy
>  >       }
>  >       attr_filter attr_filter.access_reject {
>  >               key = %{User-Name}
>  >               attrsfile = ${confdir}/attrs.access_reject
>  >       }
>  >       attr_filter attr_filter.accounting_response {
>  >               key = %{User-Name}
>  >               attrsfile = ${confdir}/attrs.accounting_response
>  >       }
>  >       counter daily {
>  >               filename = ${db_dir}/db.daily
>  >               key = User-Name
>  >               count-attribute = Acct-Session-Time
>  >               reset = daily
>  >               counter-name = Daily-Session-Time
>  >               check-name = Max-Daily-Session
>  >               reply-name = Session-Timeout
>  >               allowed-servicetype = Framed-User
>  >               cache-size = 5000
>  >       }
>  >       $INCLUDE sql/mysql/counter.conf
>  >       always fail {
>  >               rcode = fail
>  >       }
>  >       always reject {
>  >               rcode = reject
>  >       }
>  >       always noop {
>  >               rcode = noop
>  >       }
>  >       always handled {
>  >               rcode = handled
>  >       }
>  >       always updated {
>  >               rcode = updated
>  >       }
>  >       always notfound {
>  >               rcode = notfound
>  >       }
>  >       always ok {
>  >               rcode = ok
>  >               simulcount = 0
>  >               mpp = no
>  >       }
>  >       expr {
>  >       }
>  >       digest {
>  >       }
>  >       expiration {
>  >               reply-message = "Password Has Expired\r\n"
>  >       }
>  >       logintime {
>  >               reply-message = "You are calling outside your allowed timespan\r\n"
>  >               minimum-timeout = 60
>  >       }
>  >       exec {
>  >               wait = yes
>  >               input_pairs = request
>  >               shell_escape = yes
>  >               output = none
>  >       }
>  >       exec echo {
>  >               wait = yes
>  >               program = "/bin/echo %{User-Name}"
>  >               input_pairs = request
>  >               output_pairs = reply
>  >               shell_escape = yes
>  >       }
>  >       ippool main_pool {
>  >               range-start = 192.168.1.1
>  >               range-stop = 192.168.3.254
>  >               netmask = 255.255.255.0
>  >               cache-size = 800
>  >               session-db = ${db_dir}/db.ippool
>  >               ip-index = ${db_dir}/db.ipindex
>  >               override = no
>  >               maximum-timeout = 0
>  >       }
>  >       policy {
>  >              filename = ${confdir}/policy.txt
>  >       }
>  >}
>  >instantiate {
>  >       exec
>  >       expr
>  >       expiration
>  >       logintime
>  >}
>  >$INCLUDE policy.conf
>  >$INCLUDE sites-enabled/
>  >
>  >
>  >EOF
>  >
>  >acct_users:
>  >
>  >DEFAULT  Ldap-UserDN = `uid=%{User-Name},ou=people,dc=cadorna,dc=biz`
>  >
>  >EOF
>  >
>  >sites-enabled/default:
>  >
>  >authorize {
>  >       preprocess
>  >       auth_log
>  >       chap
>  >       mschap
>  >       suffix
>  >       eap {
>  >               ok = return
>  >       }
>  >       unix
>  >       files
>  >       ldap
>  >       expiration
>  >       logintime
>  >       pap
>  >}
>  >authenticate {
>  >       Auth-Type PAP {
>  >               pap
>  >       }
>  >       Auth-Type CHAP {
>  >               chap
>  >       }
>  >       Auth-Type MS-CHAP {
>  >               mschap
>  >       }
>  >       unix
>  >       Auth-Type LDAP {
>  >               ldap
>  >       }
>  >       eap
>  >}
>  >preacct {
>  >       preprocess
>  >       acct_unique
>  >       suffix
>  >       files
>  >}
>  >accounting {
>  >       detail
>  >       unix
>  >       radutmp
>  >       attr_filter.accounting_response
>  >}
>  >session {
>  >       radutmp
>  >}
>  >post-auth {
>  >       Post-Auth-Type REJECT {
>  >               attr_filter.access_reject
>  >       }
>  >}
>  >pre-proxy {
>  >}
>  >post-proxy {
>  >       eap
>  >}
>  >
>  >EOF
>  >
>  >thanks in advance!
>  >
>  >
>  >--
>  >--
>  >Open Kairos http://www.openkairos.com
>  >Watch More TV http://sebelk.blogspot.com
>  >Sergio Belkin -
>
> >-
>  >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>  >
>  >
>
>  -
>  List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>


-- 
--
Open Kairos http://www.openkairos.com
Watch More TV http://sebelk.blogspot.com
Sergio Belkin -




More information about the Freeradius-Users mailing list