Monitoring Tool for Freeradius
Julian Stöver
julian_st at gmx.de
Mon Feb 4 17:50:58 CET 2008
Hm no, I don't use Mac Authentication.
Accounting request:
> rad_recv: Accounting-Request packet from host 172.17.255.3:1646,
> id=29, length=330
> Acct-Session-Id = "0000003E"
> Called-Station-Id = "0016.9cbb.ab30"
> Calling-Station-Id = "001e.5280.15c6"
> Cisco-AVPair = "ssid=GFS-Funknetz v2"
> Cisco-AVPair = "vlan-id=0"
> Cisco-AVPair = "nas-location=unspecified"
> Cisco-AVPair = "auth-algo-type=unknown"
> User-Name = "001e528015c6"
> Cisco-AVPair = "connect-progress=Call Up"
> Acct-Session-Time = 120
> Acct-Input-Octets = 113832
> Acct-Output-Octets = 61997
> Acct-Input-Packets = 966
> Acct-Output-Packets = 355
> Acct-Terminate-Cause = Lost-Carrier
> Cisco-AVPair = "disc-cause-ext=No Reason"
> Acct-Status-Type = Stop
> NAS-Port-Type = Wireless-802.11
> Cisco-NAS-Port = "309"
> NAS-Port = 309
> Service-Type = Framed-User
> NAS-IP-Address = 172.17.255.3
> Acct-Delay-Time = 0
> rad_lowerpair: User-Name now '001e528015c6'
> Processing the preacct section of radiusd.conf
> modcall: entering group preacct for request 0
> modcall[preacct]: module "preprocess" returns noop for request 0
> rlm_acct_unique: Hashing 'NAS-Port = 309,Client-IP-Address =
> 172.17.255.3,NAS-IP-Address = 172.17.255.3,Acct-Session-Id =
> "0000003E",User-Name = "001e528015c6"'
> rlm_acct_unique: Acct-Unique-Session-ID = "f0f4e2cd9d1af173".
> modcall[preacct]: module "acct_unique" returns ok for request 0
> rlm_realm: No '@' in User-Name = "001e528015c6", looking up
> realm NULL
> rlm_realm: No such realm "NULL"
> modcall[preacct]: module "suffix" returns noop for request 0
> modcall[preacct]: module "files" returns noop for request 0
> modcall: leaving group preacct (returns ok) for request 0
> Processing the accounting section of radiusd.conf
> modcall: entering group accounting for request 0
> radius_xlat: '/var/log/freeradius/radacct/172.17.255.3/
> detail-20080204'
> rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/detail-
> %Y%m%d expands to /var/log/freeradius/radacct/172.17.255.3/
> detail-20080204
> modcall[accounting]: module "detail" returns ok for request 0
> radius_xlat: '001e528015c6'
> rlm_sql (sql): sql_set_user escaped user --> '001e528015c6'
> radius_xlat: 'UPDATE radacct SET AcctStopTime = '2008-02-04
> 16:39:11', AcctSessionTime = '120', AcctInputOctets = '113832',
> AcctOutputOctets = '61997', AcctTerminat
> rlm_sql (sql): Reserving sql socket id: 3
> rlm_sql (sql): Released sql socket id: 3
> modcall[accounting]: module "sql" returns ok for request 0
> modcall[accounting]: module "unix" returns ok for request 0
> radius_xlat: '/var/log/freeradius/radutmp'
> radius_xlat: '001e528015c6'
> modcall[accounting]: module "radutmp" returns ok for request 0
> modcall: leaving group accounting (returns ok) for request 0
> Sending Accounting-Response of id 29 to 172.17.255.3 port 1646
> Finished request 0
> Going to the next request
> --- Walking the entire request list ---
bye
Julian
Am 04.02.2008 um 17:35 schrieb Arran Cudbard-Bell:
> Julian Stöver wrote:
>> Hi,
>> oh yes, it's my mac ^^ I didn't recognized that.. So I have to
>> change my question to "Why is the mac adress saved in the 'radacct'
>> table?"
>>
> If your not doing mac-based authentication then I have no idea.
> Could be a cisco thing, i've only got experience with HP ProCurve
> access points.
>
> One thing it's not is a problem with is FreeRadius, unless you've
> been messing with the SQL queries. Or if you were sending the Mac-
> Address back as the User-Name attribute in the Access Accept
> packets... But thats not the default.
>
> Mac OSX 10.4 / 10.5 sends the same inner/outer identity by default,
> unless you've altered the config to send the mac-address as the
> outer identity.
>
> Could you post an Accounting Request packet ?
>
> Thanks,
> Arran
>> And you're right, I'm using an Apple airport client, but my access
>> points are Ciscos
>>
>>
>> bye
>> julian
>>
>> Am 04.02.2008 um 17:12 schrieb Arran Cudbard-Bell:
>>
>>> Julian Stöver wrote:
>>>> Hi!
>>>> I worked my radacct problem today. I fixed the most problems, so
>>>> now I get all informations stored in my 'radacct'-table. But the
>>>> username is saved encrypted in the database, something like
>>>> '001e528015c6' for username 'julian'.
>>> Hmmm you know that username looks an awful lot like a mac address.
>>> Are you by any chance using either an apple airport as a base
>>> station or an apple client ?
>>>> In the radius debug log i can read the name in cleartext. I'm
>>>> sorry, but I currently don't have the log, maybe you can help me
>>>> without the log, otherwise i'll send it to you tomorrow. I asked
>>>> google and the faq for this problem with no result...
>>>>
>>>> bye
>>>> julian
>>>>
>>>>
>>>> Am 01.02.2008 um 17:20 schrieb Alan DeKok:
>>>>>
>>>>> You need rather a lot more than that in an accounting request.
>>>>> And
>>>>> you don't need a password in an accounting request.
>>>>>
>>>>> Alan DeKok.
>>>>> -
>>>>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>>>>
>>>> -
>>>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>>>
>>>
>>> --
>>> Arran Cudbard-Bell (A.Cudbard-Bell at sussex.ac.uk)
>>> Authentication, Authorisation and Accounting Officer
>>> Infrastructure Services | ENG1 E1-1-08 University Of Sussex,
>>> Brighton
>>> EXT:01273 873900 | INT: 3900
>>>
>>> -
>>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>>
>>
>> -
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
> --
> Arran Cudbard-Bell (A.Cudbard-Bell at sussex.ac.uk)
> Authentication, Authorisation and Accounting Officer
> Infrastructure Services | ENG1 E1-1-08 University Of Sussex, Brighton
> EXT:01273 873900 | INT: 3900
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list