Accounting question
Arran Cudbard-Bell
A.Cudbard-Bell at sussex.ac.uk
Tue Dec 15 23:32:53 CET 2009
David Peterson wrote:
> Forgive my newbieness but where would I put that code? I tried adding it to the sites-available/default file under accounting but I am guessing that's not right.
That'll stop any potential problems arising from the malformed Acct-Session-ID yes.
Regarding the username, try putting the following in postauth.
update reply {
User-Name := 'testtest'
Class := 'testtest'
}
See if either of those values are included in accounting sessions. If they are then there are ways to work around the User-Name in accounting packets.
-Arran
> David
>
> -----Original Message-----
> From: Arran Cudbard-Bell [mailto:A.Cudbard-Bell at sussex.ac.uk]
> Sent: Tuesday, December 15, 2009 10:56 AM
> To: David Peterson-WirelessConnections; FreeRadius users mailing list
> Subject: Re: Accounting question
>
> David Peterson wrote:
>> Here is the accounting packet information I am getting:
>> rad_recv: Accounting-Request packet from host 172.16.4.2 port 1813, id=5,
>> length=239
>> Acct-Status-Type = Start
>> WiMAX-Beginning-Of-Session = 1
>> WiMAX-IP-Technology = Reserved-0
>> Acct-Session-Id =
>> "00-12-cf-c3-fb-8c3\000\000\000\000\000\000\000\000\000\000\000\000\000\000\
>> 000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000"
>> Framed-IP-Address = 64.186.195.5
>> User-Name = "{am=1}33AC5579CE57217426E7434FA60E4E65 at test.com"
>> Calling-Station-Id = "00-12-cf-c3-fb-8c"
>> NAS-Identifier = "WC_LAB"
>> NAS-IP-Address = 172.16.4.2
>> WiMAX-BS-Id = 0x000002030209
>> Framed-Pool = "alias"
>> Event-Timestamp = "Dec 15 2009 09:04:15 CST"
>> WiMAX-GMT-Timezone-offset = 21600
>> Acct-Authentic = RADIUS
>>
>> What I don't get is why the authentication works with clear text and the
>> accounting has the "hex stuff". Is this pretty much controlled by the NAS?
>
> The "hex stuff" is the NAS appending 31 null chars to the session id.
> FreeRADIUS is converting the unprintable characters into escape codes so that they're visible.
>
> The RFC recommendation is that:
>
> "The Acct-Session-Id SHOULD contain UTF-8 encoded 10646 [7] characters."
>
> Which SHOULD limit it to printable chars.
>
> Really this is something your NAS vendor should fix, as it's a bug in their code.
>
> ...Though if you really want you can trim off the superfluous nulls with:
>
> if(Acct-Session-ID =~ /(.*)/){
> update request {
> Acct-Session-ID := "%{1}"
> }
> }
>
>
> -Arran
>
>
>> David
>>
>> -----Original Message-----
>> From: Alan DeKok [mailto:aland at deployingradius.com]
>> Sent: Tuesday, December 15, 2009 9:44 AM
>> To: David Peterson-WirelessConnections; FreeRadius users mailing list
>> Subject: Re: Accounting question
>>
>> David Peterson wrote:
>>> From what I can determine, the username is encrypted even though the
>>> authentication is done in clear text during the EAP authentication.
>> It's not "encrypted". My guess is that you are using WiMAX.
>>
>> As always, run the server in debugging mode to see what's going on.
>>
>> But if the NAS refuses to send a usable User-Name in an accounting
>> packet, your only solution is to somehow write the *real* User-Name &&
>> the hex stuff into an SQL table. Then, correlated them later when you
>> receive the accounting packet.
>>
>> Alan DeKok.
>>
>> -
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list