failed to receive Accounting Response

Fri Mar 6 21:54:49 CET 2009

Of course I debuged information from radius server:

netstat -an -p udp:
udp4 0 0 *.1814 *.*
udp4 0 0 *.1813 *.*
udp4 0 0 *.1812 *.*

radiusd.conf:

prefix = /usr/local
exec_prefix = ${prefix}
sysconfdir = ${prefix}/etc
localstatedir = /var
sbindir = ${exec_prefix}/sbin
logdir = /var/log
raddbdir = ${sysconfdir}/raddb
radacctdir = ${logdir}/radacct
name = radiusd
confdir = ${raddbdir}
run_dir = ${localstatedir}/run/radiusd
db_dir = ${raddbdir}
libdir = /usr/local/lib/freeradius-2.1.3
pidfile = ${run_dir}/${name}.pid
user = freeradius
group = freeradius
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
listen {
type = auth
ipaddr = *
port = 0
}
listen {
ipaddr = *
port = 0
type = acct
}
hostname_lookups = no
allow_core_dumps = no
regular_expressions = yes
extended_expressions = yes
log {
destination = files
file = ${logdir}/radius.log
#requests = ${logdir}/radiusd-%{%{Virtual-Server}:-DEFAULT}-%Y%m%d.log
syslog_facility = daemon
stripped_names = yes
auth = yes
auth_badpass = yes
auth_goodpass = yes
}
checkrad = ${sbindir}/checkrad
security {
max_attributes = 200
reject_delay = 1
status_server = yes
}
proxy_requests = yes
$INCLUDE proxy.conf
$INCLUDE clients.conf
thread pool {
start_servers = 5
max_servers = 32
min_spare_servers = 3
max_spare_servers = 10
max_requests_per_server = 0
}
modules {
$INCLUDE ${confdir}/modules/
#$INCLUDE sql/postgresql/counter.conf
#$INCLUDE sqlippool.conf
# $INCLUDE otp.conf
}
instantiate {
exec
expr
expiration
logintime
#redundant redundant_sql {
# sql1
# sql2
#}
}
$INCLUDE policy.conf
$INCLUDE sites-enabled/default
$INCLUDE sites-enabled/inner-tunnel
$INCLUDE sites-available/status

Part what's to happen when freeradius users login to cisco:

rad_recv: Access-Request packet from host 192.168.255.10 port 1812, 
id=160, length=78
NAS-IP-Address = 192.168.255.10
NAS-Port = 1
NAS-Port-Type = Virtual
User-Name = "userA"
Calling-Station-Id = "192.168.255.116"
User-Password = "passwA"
+- entering group authorize {...}
++[preprocess] returns ok
[suffix] No '@' in User-Name = "userA", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[unix] returns notfound
[files] users: Matched entry userA at line 9
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
Found Auth-Type = PAP
+- entering group PAP {...}
[pap] login attempt with password "passwA"
[pap] Using clear text password "passwA"
[pap] User authenticated successfully
++[pap] returns ok
Login OK: [userA/passwA] (from client csp port 1 cli 192.168.255.116)
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 160 to 192.168.255.10 port 1812
Service-Type = Administrative-User
Cisco-AVPair = "shell:priv-lvl=15"
Finished request 4.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Accounting-Request packet from host 192.168.255.10 port 1813, 
id=161, length=94
NAS-IP-Address = 192.168.255.10
NAS-Port = 1
NAS-Port-Type = Virtual
User-Name = "userA"
Calling-Station-Id = "192.168.255.116"
Acct-Status-Type = Start
Acct-Authentic = RADIUS
Service-Type = NAS-Prompt-User
Acct-Session-Id = "0000008D"
Acct-Delay-Time = 0
+- entering group preacct {...}
++[preprocess] returns ok
[acct_unique] Hashing 'NAS-Port = 1,Client-IP-Address = 
192.168.255.10,NAS-IP-Address = 192.168.255.10,Acct-Session-Id = 
"0000008D",User-Name = "userA"'
[acct_unique] Acct-Unique-Session-ID = "e2a4910d828919b0".
++[acct_unique] returns ok
[suffix] No '@' in User-Name = "userA", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[files] returns noop
+- entering group accounting {...}
[detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d -> 
/var/log/radacct/192.168.255.10/detail-20090306
[detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to 
/var/log/radacct/192.168.255.10/detail-20090306
[detail] expand: %t -> Fri Mar 6 11:43:15 2009
++[detail] returns ok
rlm_counter: We only run on Accounting-Stop packets.
++[daily] returns noop
++[unix] returns fail
Finished request 5.
Cleaning up request 5 ID 161 with timestamp +65
Going to the next request
Waking up in 4.9 seconds.

When I type any command on cisco shell:

   - in debug mode on freeradius  NOTHING
   - cisco generate only one time message like this: - 
"%RADIUS-3-NOACCOUNTINGRESPONSE: Accounting message Start for session 
0000008D failed to receive Accounting Response"

When user logoff from cisco:

rad_recv: Accounting-Request packet from host 192.168.255.10 port 1813, 
id=174, length=106
NAS-IP-Address = 192.168.255.10
NAS-Port = 1
NAS-Port-Type = Virtual
User-Name = "userA"
Calling-Station-Id = "192.168.255.116"
Acct-Status-Type = Stop
Acct-Authentic = RADIUS
Service-Type = NAS-Prompt-User
Acct-Session-Id = "0000008E"
Acct-Terminate-Cause = User-Request
Acct-Session-Time = 68
Acct-Delay-Time = 0
+- entering group preacct {...}
++[preprocess] returns ok
[acct_unique] Hashing 'NAS-Port = 1,Client-IP-Address = 
192.168.255.10,NAS-IP-Address = 192.168.255.10,Acct-Session-Id = 
"0000008E",User-Name = "userA"'
[acct_unique] Acct-Unique-Session-ID = "cddf853fb7660ff6".
++[acct_unique] returns ok
[suffix] No '@' in User-Name = "userA", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[files] returns noop
+- entering group accounting {...}
[detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d -> 
/var/log/radacct/192.168.255.10/detail-20090306
[detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to 
/var/log/radacct/192.168.255.10/detail-20090306
[detail] expand: %t -> Fri Mar 6 11:53:05 2009
++[detail] returns ok
rlm_counter: Packet Unique ID = 'cddf853fb7660ff6'
rlm_counter: This Service-Type is not allowed. Returning NOOP.
++[daily] returns noop
++[unix] returns fail
Finished request 9.
Cleaning up request 9 ID 174 with timestamp +135
Going to the next request
Ready to process requests.
...(same message like this repeat yet 3 time in differed number Finished 
request  10,11,12)