Accounting logs
Sergio Belkin
sebelk at gmail.com
Fri Apr 25 17:22:04 CEST 2008
Good Point :D
Port 1813 is filtered, thanks Ivan I'll see if modifying that it works.
2008/4/25, Ivan Kalik <tnt at kalik.net>:
> Is your NAS sending accounting packets?
>
> Ivan Kalik
> Kalik Informatika ISP
>
>
> Dana 25/4/2008, "Sergio Belkin" <sebelk at gmail.com> piše:
>
>
> >I see any detail-%Y%m%d log files but only auth-detail-%Y%m%d files.
> >What am I doing wrong?
> >
> >My config files:
> >
> >radiusd.conf:
> >
> >prefix = /usr/local-2.0.2
> >exec_prefix = ${prefix}
> >sysconfdir = ${prefix}/etc
> >localstatedir = ${prefix}/var
> >sbindir = ${exec_prefix}/sbin
> >logdir = ${localstatedir}/log/radius
> >raddbdir = ${sysconfdir}/raddb
> >radacctdir = ${logdir}/radacct
> >confdir = ${raddbdir}
> >run_dir = ${localstatedir}/run/radiusd
> >db_dir = $(raddbdir)
> >libdir = ${exec_prefix}/lib
> >pidfile = ${run_dir}/radiusd.pid
> >user = radiusd
> >group = radiusd
> >max_request_time = 30
> >cleanup_delay = 5
> >max_requests = 1024
> >listen {
> > type = auth
> > ipaddr = 190.125.213.5
> > port = 0
> >}
> >listen {
> > ipaddr = 190.125.213.5
> > port = 0
> > type = acct
> >}
> >hostname_lookups = no
> >allow_core_dumps = no
> >regular_expressions = yes
> >extended_expressions = yes
> >log {
> > destination = files
> > file = ${logdir}/radius.log
> > syslog_facility = daemon
> > stripped_names = yes
> > auth = yes
> > auth_badpass = no
> > auth_goodpass = no
> >}
> >checkrad = ${sbindir}/checkrad
> >security {
> > max_attributes = 190
> > reject_delay = 1
> > status_server = yes
> >}
> >proxy_requests = no
> >$INCLUDE proxy.conf
> >$INCLUDE clients.conf
> >snmp = no
> >$INCLUDE snmp.conf
> >thread pool {
> > start_servers = 5
> > max_servers = 32
> > min_spare_servers = 3
> > max_spare_servers = 10
> > max_requests_per_server = 0
> >}
> >modules {
> > pap {
> > auto_header = yes
> > }
> > chap {
> > authtype = CHAP
> > }
> > pam {
> > pam_auth = radiusd
> > }
> > unix {
> > radwtmp = ${logdir}/radwtmp
> > }
> >$INCLUDE eap.conf
> > mschap {
> > }
> > ldap {
> > server = "ldap.cadorna.biz
> > identity = "cn=freeradius,ou=applications,dc=cadorna,dc=biz"
> > port = 636
> > password = jejeje0essoleplop
> > basedn = "ou=people,dc=cadorna,dc=biz"
> > filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
> > ldap_connections_number = 5
> > timeout = 4
> > timelimit = 3
> > net_timeout = 1
> > tls {
> > start_tls = no
> > cacertfile = /etc/raddb-2.0.2/cacert.pem
> > randfile = /dev/urandom
> > require_cert = "allow"
> > }
> > access_attr = "radiusAllowed"
> > dictionary_mapping = ${confdir}/ldap.attrmap
> > edir_account_policy_check = no
> > }
> > realm IPASS {
> > format = prefix
> > delimiter = "/"
> > }
> > realm suffix {
> > format = suffix
> > delimiter = "@"
> > }
> > realm realmpercent {
> > format = suffix
> > delimiter = "%"
> > }
> > realm ntdomain {
> > format = prefix
> > delimiter = "\\"
> > }
> > checkval {
> > item-name = Calling-Station-Id
> > check-name = Calling-Station-Id
> > data-type = string
> > }
> >
> > preprocess {
> > huntgroups = ${confdir}/huntgroups
> > hints = ${confdir}/hints
> > with_ascend_hack = no
> > ascend_channels_per_line = 23
> > with_ntdomain_hack = no
> > with_specialix_jetstream_hack = no
> > with_cisco_vsa_hack = no
> > }
> > files {
> > usersfile = ${confdir}/users
> > acctusersfile = ${confdir}/acct_users
> > preproxy_usersfile = ${confdir}/preproxy_users
> > compat = no
> > }
> > detail {
> > detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d
> > detailperm = 0600
> > header = "%t"
> > suppress {
> > User-Password
> > }
> > }
> > detail auth_log {
> > detailfile = ${radacctdir}/%{Client-IP-Address}/auth-detail-%Y%m%d
> > suppress {
> > User-Password
> > }
> > }
> > acct_unique {
> > key = "User-Name, Acct-Session-Id, NAS-IP-Address,
> >Client-IP-Address, NAS-Port"
> > }
> > $INCLUDE sql.conf
> >
> > radutmp {
> > filename = ${logdir}/radutmp
> > username = %{User-Name}
> > case_sensitive = yes
> > check_with_nas = yes
> > perm = 0600
> > callerid = "yes"
> > }
> > radutmp sradutmp {
> > filename = ${logdir}/sradutmp
> > perm = 0644
> > callerid = "no"
> > }
> > attr_filter attr_filter.post-proxy {
> > attrsfile = ${confdir}/attrs
> > }
> > attr_filter attr_filter.pre-proxy {
> > attrsfile = ${confdir}/attrs.pre-proxy
> > }
> > attr_filter attr_filter.access_reject {
> > key = %{User-Name}
> > attrsfile = ${confdir}/attrs.access_reject
> > }
> > attr_filter attr_filter.accounting_response {
> > key = %{User-Name}
> > attrsfile = ${confdir}/attrs.accounting_response
> > }
> > counter daily {
> > filename = ${db_dir}/db.daily
> > key = User-Name
> > count-attribute = Acct-Session-Time
> > reset = daily
> > counter-name = Daily-Session-Time
> > check-name = Max-Daily-Session
> > reply-name = Session-Timeout
> > allowed-servicetype = Framed-User
> > cache-size = 5000
> > }
> > $INCLUDE sql/mysql/counter.conf
> > always fail {
> > rcode = fail
> > }
> > always reject {
> > rcode = reject
> > }
> > always noop {
> > rcode = noop
> > }
> > always handled {
> > rcode = handled
> > }
> > always updated {
> > rcode = updated
> > }
> > always notfound {
> > rcode = notfound
> > }
> > always ok {
> > rcode = ok
> > simulcount = 0
> > mpp = no
> > }
> > expr {
> > }
> > digest {
> > }
> > expiration {
> > reply-message = "Password Has Expired\r\n"
> > }
> > logintime {
> > reply-message = "You are calling outside your allowed timespan\r\n"
> > minimum-timeout = 60
> > }
> > exec {
> > wait = yes
> > input_pairs = request
> > shell_escape = yes
> > output = none
> > }
> > exec echo {
> > wait = yes
> > program = "/bin/echo %{User-Name}"
> > input_pairs = request
> > output_pairs = reply
> > shell_escape = yes
> > }
> > ippool main_pool {
> > range-start = 192.168.1.1
> > range-stop = 192.168.3.254
> > netmask = 255.255.255.0
> > cache-size = 800
> > session-db = ${db_dir}/db.ippool
> > ip-index = ${db_dir}/db.ipindex
> > override = no
> > maximum-timeout = 0
> > }
> > policy {
> > filename = ${confdir}/policy.txt
> > }
> >}
> >instantiate {
> > exec
> > expr
> > expiration
> > logintime
> >}
> >$INCLUDE policy.conf
> >$INCLUDE sites-enabled/
> >
> >
> >EOF
> >
> >acct_users:
> >
> >DEFAULT Ldap-UserDN = `uid=%{User-Name},ou=people,dc=cadorna,dc=biz`
> >
> >EOF
> >
> >sites-enabled/default:
> >
> >authorize {
> > preprocess
> > auth_log
> > chap
> > mschap
> > suffix
> > eap {
> > ok = return
> > }
> > unix
> > files
> > ldap
> > expiration
> > logintime
> > pap
> >}
> >authenticate {
> > Auth-Type PAP {
> > pap
> > }
> > Auth-Type CHAP {
> > chap
> > }
> > Auth-Type MS-CHAP {
> > mschap
> > }
> > unix
> > Auth-Type LDAP {
> > ldap
> > }
> > eap
> >}
> >preacct {
> > preprocess
> > acct_unique
> > suffix
> > files
> >}
> >accounting {
> > detail
> > unix
> > radutmp
> > attr_filter.accounting_response
> >}
> >session {
> > radutmp
> >}
> >post-auth {
> > Post-Auth-Type REJECT {
> > attr_filter.access_reject
> > }
> >}
> >pre-proxy {
> >}
> >post-proxy {
> > eap
> >}
> >
> >EOF
> >
> >thanks in advance!
> >
> >
> >--
> >--
> >Open Kairos http://www.openkairos.com
> >Watch More TV http://sebelk.blogspot.com
> >Sergio Belkin -
>
> >-
> >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> >
> >
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
--
--
Open Kairos http://www.openkairos.com
Watch More TV http://sebelk.blogspot.com
Sergio Belkin -
More information about the Freeradius-Users
mailing list