Problem with F5 BigIP accouting : hexadecimal attribute

Vincent, Fabien fabien.vincent at coreye.fr
Mon Oct 17 13:26:02 CEST 2011 

Dear all,

 

I'm using Radius for authenticating admin users on different network
equipments. "group authorize {...}" works fine with rlm_ldap and group
management.

 

But I have some problem for accounting on F5 BigIP LTM / GTM.

 

In fact, my radius accounting server is receiving accounting-request like
this :

 

Accounting-Request packet from host 10.10.10.10 port 36875, id=29,
length=281

NAS-IP-Address = [IP address unknown, not corresponding to NAS interfaces]

        F5-Attr-14 =  [Hexa decimal output starting with 0x .]

WARNING: Empty section.  Using default return values.

+- entering group accounting {...}

[sql]   expand: packet has no accounting status type. [user '%{User-Name}',
nas '%{NAS-IP-Address}'] -> packet has no accounting status type. [user '',
nas '[nas IP unknown]']

[sql] packet has no accounting status type. [user '', nas '[nas IP
unknown]']

++[sql] returns invalid

Finished request 37.

Cleaning up request 37 ID

 

Did someone  here already use accounting with F5 BigIP LTM or GTM ? I'm
looking to make this working by changing audit_forward TCL script provided
with F5 (syslog-ng) but I wasn't able to produce something different .

 

I also tried to edit the dictionnary for F5 in
/usr/share/freeradius/dictionary.f5

ATTRIBUTE       F5-LTM-User-Info-1              12       string

ATTRIBUTE       F5-LTM-User-Info-2              13       string

++ ATTRIBUTE       F5-Attr-14                      14       octets

 

Thanks in advance for your help !

 

Fabien VINCENT

 <mailto:fabien.vincent at coreye.fr> fabien.vincent at coreye.fr

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20111017/d0384297/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3746 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20111017/d0384297/attachment.bin>

More information about the Freeradius-Users mailing list