Accounting question

David Peterson davidp at wirelessconnections.net
Tue Dec 15 17:13:23 CET 2009 

Forgive my newbieness but where would I put that code?  I tried adding it to the sites-available/default file under accounting but I am guessing that's not right.

David

-----Original Message-----
From: Arran Cudbard-Bell [mailto:A.Cudbard-Bell at sussex.ac.uk] 
Sent: Tuesday, December 15, 2009 10:56 AM
To: David Peterson-WirelessConnections; FreeRadius users mailing list
Subject: Re: Accounting question

David Peterson wrote:
> Here is the accounting packet information I am getting:
> rad_recv: Accounting-Request packet from host 172.16.4.2 port 1813, id=5,
> length=239
>         Acct-Status-Type = Start
>         WiMAX-Beginning-Of-Session = 1
>         WiMAX-IP-Technology = Reserved-0
>         Acct-Session-Id =
> "00-12-cf-c3-fb-8c3\000\000\000\000\000\000\000\000\000\000\000\000\000\000\
> 000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000"
>         Framed-IP-Address = 64.186.195.5
>         User-Name = "{am=1}33AC5579CE57217426E7434FA60E4E65 at test.com"
>         Calling-Station-Id = "00-12-cf-c3-fb-8c"
>         NAS-Identifier = "WC_LAB"
>         NAS-IP-Address = 172.16.4.2
>         WiMAX-BS-Id = 0x000002030209
>         Framed-Pool = "alias"
>         Event-Timestamp = "Dec 15 2009 09:04:15 CST"
>         WiMAX-GMT-Timezone-offset = 21600
>         Acct-Authentic = RADIUS
> 
> What I don't get is why the authentication works with clear text and the
> accounting has the "hex stuff".  Is this pretty much controlled by the NAS?

The "hex stuff" is the NAS appending 31 null chars to the session id.
FreeRADIUS is converting the unprintable characters into escape codes so that they're visible.

The RFC recommendation is that:

"The Acct-Session-Id SHOULD contain UTF-8 encoded 10646 [7] characters."

Which SHOULD limit it to printable chars.

Really this is something your NAS vendor should fix, as it's a bug in their code.

...Though if you really want you can trim off the superfluous nulls with:

if(Acct-Session-ID =~ /(.*)/){
	update request {
		Acct-Session-ID := "%{1}"
	}
}


-Arran


> 
> David
> 
> -----Original Message-----
> From: Alan DeKok [mailto:aland at deployingradius.com] 
> Sent: Tuesday, December 15, 2009 9:44 AM
> To: David Peterson-WirelessConnections; FreeRadius users mailing list
> Subject: Re: Accounting question
> 
> David Peterson wrote:
>> From what I can determine, the username is encrypted even though the
>> authentication is done in clear text during the EAP authentication.
> 
>   It's not "encrypted".  My guess is that you are using WiMAX.
> 
>   As always, run the server in debugging mode to see what's going on.
> 
>   But if the NAS refuses to send a usable User-Name in an accounting
> packet, your only solution is to somehow write the *real* User-Name &&
> the hex stuff into an SQL table.  Then, correlated them later when you
> receive the accounting packet.
> 
>   Alan DeKok.
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list