Problem with F5 BigIP accouting : hexadecimal attribute

Vincent, Fabien fabien.vincent at coreye.fr
Mon Oct 17 16:27:07 CEST 2011 

 

NAS-IP-Address = [IP address unknown, not corresponding to NAS interfaces]

* Did you added your F5 IP address to NAS Table ?



Yes I have added the F5 IP address, authorize works fine using the SQL NAS
Table, but the IP returned by the F5 Accounting packet isn't a valid Self
IPs of the corresponding F5.

I think it's return by the F5 in hexa (as the F5-Attr-14), that's why I
request help about this strange behavior .

 


Regards
Suman

On Mon, Oct 17, 2011 at 4:56 PM, Vincent, Fabien <fabien.vincent at coreye.fr>
wrote:

Dear all,

 

I'm using Radius for authenticating admin users on different network
equipments. "group authorize {...}" works fine with rlm_ldap and group
management.

 

But I have some problem for accounting on F5 BigIP LTM / GTM.

 

In fact, my radius accounting server is receiving accounting-request like
this :

 

Accounting-Request packet from host 10.10.10.10 port 36875, id=29,
length=281

NAS-IP-Address = [IP address unknown, not corresponding to NAS interfaces]

        F5-Attr-14 =  [Hexa decimal output starting with 0x .]

WARNING: Empty section.  Using default return values.

+- entering group accounting {...}

[sql]   expand: packet has no accounting status type. [user '%{User-Name}',
nas '%{NAS-IP-Address}'] -> packet has no accounting status type. [user '',
nas '[nas IP unknown]']

[sql] packet has no accounting status type. [user '', nas '[nas IP
unknown]']

++[sql] returns invalid

Finished request 37.

Cleaning up request 37 ID

 

Did someone  here already use accounting with F5 BigIP LTM or GTM ? I'm
looking to make this working by changing audit_forward TCL script provided
with F5 (syslog-ng) but I wasn't able to produce something different .

 

I also tried to edit the dictionnary for F5 in
/usr/share/freeradius/dictionary.f5

ATTRIBUTE       F5-LTM-User-Info-1              12       string

ATTRIBUTE       F5-LTM-User-Info-2              13       string

++ ATTRIBUTE       F5-Attr-14                      14       octets

 

Thanks in advance for your help !

 

Fabien VINCENT

 <mailto:fabien.vincent at coreye.fr> fabien.vincent at coreye.fr


-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html



-- 
Ce message a ete verifie par MailScanner. 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20111017/02916649/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3746 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20111017/02916649/attachment.bin>

More information about the Freeradius-Users mailing list