Stripping Realms from SQL Accounting Queries

tnt at kalik.net tnt at kalik.net
Mon Nov 23 22:06:20 CET 2009


> Hi,
>
> I'm using FreeRADIUS with LDAP for authentication and mySQL for logging.
> The LDAP queries seem to be stripping the realm name properly, whereas the
> mySQL queries are not.  I'm running FreeRADIUS 2.1.6 on FreeBSD:
>
> FreeRADIUS Version 2.1.6, for host i386-portbld-freebsd7.2, built on Nov
> 10 2009 at 08:34:04
>
> Here's what I've got in my modules/ldap:
>
> ----- modules/ldap -----
> ldap {
>   server = "foo"
>   basedn = "dc=foo"
>   identity = "uid=foo"
>   password = "foo"
>   filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
>   ldap_connections_number = 5
>   timeout = 4
>   timelimit = 3
>   net_timeout = 1
>
>   tls {
>     start_tls = yes
>   }
>
>   access_attr = "uid"
>   dictionary_mapping = ${confdir}/ldap.attrmap
>   password_attribute = sambaNTPassword
>   edir_account_policy_check = no
>
>   groupname_attribute = "cn"
>   groupmembership_attribute = "memberUid"
>   groupmembership_filter =
> "(memberUid=%{Stripped-User-Name:-%{User-Name}})"
> }
> ----- modules/ldap -----
>
> Here's what I've got in my sql/mysql/wpa.conf file:
>
> ----- sql/mysql/wpa.conf -----
> accounting_start_query = "insert into RadiusLog (SessionID, UserName,
> WapIpAddress, UserMacAddress, StartTime) value ('%{Acct-Session-Id}',
> '%{Stripped-User-Name:-%{User-Name}}', '%{NAS-IP-Address}',
> '%{Calling-Station-Id}', '%S')"
>
> accounting_stop_query = "update RadiusLog set EndTime = '%S', BytesIn =
> '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}',
> BytesOut = '%{%{Acct-Output-Gigawords}:-0}' << 32 |
> '%{%{Acct-Output-Octets}:-0}' where SessionID = '%{Acct-Session-Id}' and
> UserName = '%{Stripped-User-Name:-%{User-Name}}' and StartTime >=
> date_sub(now(), interval 30 day)"
>
> accounting_update_query = "update RadiusLog set BytesIn =
> '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}',
> BytesOut = '%{%{Acct-Output-Gigawords}:-0}' << 32 |
> '%{%{Acct-Output-Octets}:-0}' where SessionID = '%{Acct-Session-Id}' and
> UserName = '%{Stripped-User-Name:-%{User-Name}}' and StartTime >=
> date_sub(now(), interval 30 day)"
> ----- sql/mysql/wpa.conf -----
>
> And here are some sample queries from the SQL trace file:
>
> ----- /var/log/radacct/radius.sql -----
> insert into RadiusLog (SessionID, UserName, WapIpAddress, UserMacAddress,
> StartTime) value ('0004F815', 'tjg at foo', '192.168.32.8', '0024.2b58.2f46',
> '2009-11-23 10:52:58');
> update RadiusLog set EndTime = '2009-11-23 10:53:46', BytesIn = '0' << 32
> | '2487', BytesOut = '0' << 32 | '1356' where SessionID = '0004F815' and
> UserName = 'tjg at foo' and StartTime >= date_sub(now(), interval 30 day);
> ----- /var/log/radacct/radius.sql -----
>
> I tried adding a realm definition in proxy.conf, like this:
>
> ----- proxy.conf -----
> realm foo {
>  type  = radius
>  authhost = LOCAL
>  accthost = LOCAL
>  strip
> }
> ----- proxy.conf -----
>
> But that didn't help at all.
>
> I know I must be missing something obvious.  Most of the Google hits on
> this talk about creating realms and stuff, but that hasn't helped me.  Can
> anyone share some wisdom here?

Perhaps do what is suggested wherever you care to look (this list,
documentation, website, ...) - run server in debug mode (radiusd -X). Then
you will see exactly what is happening.

Ivan Kalik




More information about the Freeradius-Users mailing list