Active Directory with Radius Accounting

McSparin, Joe jmcsparin at hillcountrymemorial.org
Wed Jan 4 00:17:16 CET 2012


I believe so this is what radiusd -X gives me

        Connect-Info = "CONNECT 65Mbps 802.11bgn"
        State = 0x6fd1eb6166daf2ab2cc99f2d96a12ef7
        EAP-Message =
0x020b002b19001703010020494bbeb5128850193bb913fc2ebde8f217dc417b16a86d8f
b4c069fadeb273a9
        Message-Authenticator = 0xd0ed28ddf1e93ec30aec44eb77fe19b2
# Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "jmcsparin", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 11 length 43
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state send tlv success
[peap] Received EAP-TLV response.
[peap] Success
[eap] Freeing handler
++[eap] returns ok
# Executing section post-auth from file
/usr/local/etc/raddb/sites-enabled/default
+- entering group post-auth {...}
[sql]   expand: %{Stripped-User-Name} ->
[sql] sql_set_user escaped user --> ''
[sql]   expand: %{User-Password} ->
[sql]   ... expanding second conditional
[sql]   expand: %{Chap-Password} ->
[sql]   expand: INSERT INTO radpostauth
(username, pass, reply, authdate)                           VALUES (
'%{User-Name}',
'%{%{User-Password}:-%{Chap-Password}}',
'%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth
(username, pass, reply, authdate)                           VALUES (
'jmcsparin',                           '',
'Access-Accept', '2012-01-03 23:15:13')
rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth
(username, pass, reply, authdate)                           VALUES (
'jmcsparin',                           '',
'Access-Accept', '2012-01-03 23:15:13')
rlm_sql (sql): Reserving sql socket id: 1
rlm_sql (sql): Released sql socket id: 1
++[sql] returns ok
++[exec] returns noop
Sending Access-Accept of id 220 to 10.1.1.50 port 48413
        MS-MPPE-Recv-Key =
0xd612e2541f86229b505d7bc7cc0a1423f13cc4207e38118f6028ad675ae8aaa9
        MS-MPPE-Send-Key =
0x4acf4ecf8ae8cbb6dae26b5804298d0caba90a92fa977420352fcd97bc885c64
        EAP-Message = 0x030b0004
        Message-Authenticator = 0x00000000000000000000000000000000
        User-Name = "jmcsparin"
Finished request 10.
Going to the next request
Waking up in 2.6 seconds.
rad_recv: Accounting-Request packet from host 10.1.1.50 port 51199,
id=22, length=214
        User-Name = "jmcsparin"
        Acct-Status-Type = Start
        Acct-Session-Id = "0B085386-485D60B0DA91-0000000021"
        Calling-Station-Id = "48-5D-60-B0-DA-91"
        Called-Station-Id = "5C-0E-8B-07-6F-F0:HCMHMobile"
        NAS-Port = 1
        NAS-Port-Type = Wireless-802.11
        Framed-IP-Address = 10.1.1.202
        NAS-Identifier = "ap6511-085386"
        NAS-Port-Id = "5C-0E-8B-08-53-86-2.4GHz-wlan"
        Event-Timestamp = "Dec 31 2009 21:21:30 CST"
        Tunnel-Type:0 = VLAN
        Tunnel-Medium-Type:0 = IEEE-802
        Tunnel-Private-Group-Id:0 = "1001"
        Acct-Authentic = RADIUS
# Executing section preacct from file
/usr/local/etc/raddb/sites-enabled/default
+- entering group preacct {...}
++[preprocess] returns ok
[acct_unique] Hashing 'NAS-Port = 1,Client-IP-Address =
10.1.1.50,NAS-IP-Address = 10.1.1.50,Acct-Session-Id =
"0B085386-485D60B0DA91-0000000021",User-Name = "jmcsparin"'
[acct_unique] Acct-Unique-Session-ID = "e8a1f6abbcf7c891".
++[acct_unique] returns ok
[suffix] No '@' in User-Name = "jmcsparin", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[files] returns noop
# Executing section accounting from file
/usr/local/etc/raddb/sites-enabled/default
+- entering group accounting {...}
[detail]        expand: %{Packet-Src-IP-Address} -> 10.1.1.50
[detail]        expand:
/var/log/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}
/detail-%Y%m%d -> /var/log/radacct/10.1.1.50/detail-20120103
[detail]
/var/log/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}
/detail-%Y%m%d expands to /var/log/radacct/10.1.1.50/detail-20120103
[detail]        expand: %t -> Tue Jan  3 23:15:13 2012
++[detail] returns ok
[radutmp]       expand: /var/log/radutmp -> /var/log/radutmp
[radutmp]       expand: %{User-Name} -> jmcsparin
rlm_radutmp: Error accessing file /var/log/radutmp: Permission denied
++[radutmp] returns fail
Finished request 11.
Cleaning up request 11 ID 22 with timestamp +27
Going to the next request
Waking up in 2.5 seconds.
Cleaning up request 0 ID 210 with timestamp +25
Cleaning up request 1 ID 211 with timestamp +25
Cleaning up request 2 ID 212 with timestamp +25
Cleaning up request 3 ID 213 with timestamp +25
Cleaning up request 4 ID 214 with timestamp +25
Cleaning up request 5 ID 215 with timestamp +25
Cleaning up request 6 ID 216 with timestamp +25
Cleaning up request 7 ID 217 with timestamp +25
Waking up in 2.2 seconds.
Cleaning up request 8 ID 218 with timestamp +25
Cleaning up request 9 ID 219 with timestamp +27
Cleaning up request 10 ID 220 with timestamp +27
Ready to process requests.
rad_recv: Accounting-Request packet from host 10.1.1.50 port 51199,
id=22, length=214
        User-Name = "jmcsparin"
        Acct-Status-Type = Start
        Acct-Session-Id = "0B085386-485D60B0DA91-0000000021"
        Calling-Station-Id = "48-5D-60-B0-DA-91"
        Called-Station-Id = "5C-0E-8B-07-6F-F0:HCMHMobile"
        NAS-Port = 1
        NAS-Port-Type = Wireless-802.11
        Framed-IP-Address = 10.1.1.202
        NAS-Identifier = "ap6511-085386"
        NAS-Port-Id = "5C-0E-8B-08-53-86-2.4GHz-wlan"
        Event-Timestamp = "Dec 31 2009 21:21:35 CST"
        Tunnel-Type:0 = VLAN
        Tunnel-Medium-Type:0 = IEEE-802
        Tunnel-Private-Group-Id:0 = "1001"
        Acct-Authentic = RADIUS
# Executing section preacct from file
/usr/local/etc/raddb/sites-enabled/default
+- entering group preacct {...}
++[preprocess] returns ok
[acct_unique] Hashing 'NAS-Port = 1,Client-IP-Address =
10.1.1.50,NAS-IP-Address = 10.1.1.50,Acct-Session-Id =
"0B085386-485D60B0DA91-0000000021",User-Name = "jmcsparin"'
[acct_unique] Acct-Unique-Session-ID = "e8a1f6abbcf7c891".
++[acct_unique] returns ok
[suffix] No '@' in User-Name = "jmcsparin", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[files] returns noop
# Executing section accounting from file
/usr/local/etc/raddb/sites-enabled/default
+- entering group accounting {...}
[detail]        expand: %{Packet-Src-IP-Address} -> 10.1.1.50
[detail]        expand:
/var/log/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}
/detail-%Y%m%d -> /var/log/radacct/10.1.1.50/detail-20120103
[detail]
/var/log/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}
/detail-%Y%m%d expands to /var/log/radacct/10.1.1.50/detail-20120103
[detail]        expand: %t -> Tue Jan  3 23:15:18 2012
++[detail] returns ok
[radutmp]       expand: /var/log/radutmp -> /var/log/radutmp
[radutmp]       expand: %{User-Name} -> jmcsparin
rlm_radutmp: Error accessing file /var/log/radutmp: Permission denied
++[radutmp] returns fail
Finished request 12.
Cleaning up request 12 ID 22 with timestamp +32
Going to the next request
Ready to process requests.
rad_recv: Accounting-Request packet from host 10.1.1.50 port 51199,
id=22, length=214
        User-Name = "jmcsparin"
        Acct-Status-Type = Start
        Acct-Session-Id = "0B085386-485D60B0DA91-0000000021"
        Calling-Station-Id = "48-5D-60-B0-DA-91"
        Called-Station-Id = "5C-0E-8B-07-6F-F0:HCMHMobile"
        NAS-Port = 1
        NAS-Port-Type = Wireless-802.11
        Framed-IP-Address = 10.1.1.202
        NAS-Identifier = "ap6511-085386"
        NAS-Port-Id = "5C-0E-8B-08-53-86-2.4GHz-wlan"
        Event-Timestamp = "Dec 31 2009 21:21:40 CST"
        Tunnel-Type:0 = VLAN
        Tunnel-Medium-Type:0 = IEEE-802
        Tunnel-Private-Group-Id:0 = "1001"
        Acct-Authentic = RADIUS
# Executing section preacct from file
/usr/local/etc/raddb/sites-enabled/default
+- entering group preacct {...}
++[preprocess] returns ok
[acct_unique] Hashing 'NAS-Port = 1,Client-IP-Address =
10.1.1.50,NAS-IP-Address = 10.1.1.50,Acct-Session-Id =
"0B085386-485D60B0DA91-0000000021",User-Name = "jmcsparin"'
[acct_unique] Acct-Unique-Session-ID = "e8a1f6abbcf7c891".
++[acct_unique] returns ok
[suffix] No '@' in User-Name = "jmcsparin", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[files] returns noop
# Executing section accounting from file
/usr/local/etc/raddb/sites-enabled/default
+- entering group accounting {...}
[detail]        expand: %{Packet-Src-IP-Address} -> 10.1.1.50
[detail]        expand:
/var/log/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}
/detail-%Y%m%d -> /var/log/radacct/10.1.1.50/detail-20120103
[detail]
/var/log/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}
/detail-%Y%m%d expands to /var/log/radacct/10.1.1.50/detail-20120103
[detail]        expand: %t -> Tue Jan  3 23:15:23 2012
++[detail] returns ok
[radutmp]       expand: /var/log/radutmp -> /var/log/radutmp
[radutmp]       expand: %{User-Name} -> jmcsparin
rlm_radutmp: Error accessing file /var/log/radutmp: Permission denied
++[radutmp] returns fail
Finished request 13.
Cleaning up request 13 ID 22 with timestamp +37
Going to the next request
Ready to process requests. 


Joseph R. McSparin
Network Administrator
Hill Country Memorial Hospital
830 990 6638 phone
830 990 6623 fax
jmcsparin at hillcountrymemorial.org

-----Original Message-----
From:
freeradius-users-bounces+jmcsparin=hillcountrymemorial.org at lists.freerad
ius.org
[mailto:freeradius-users-bounces+jmcsparin=hillcountrymemorial.org at lists
.freeradius.org] On Behalf Of Alan DeKok
Sent: Tuesday, January 03, 2012 5:00 PM
To: FreeRadius users mailing list
Subject: Re: Active Directory with Radius Accounting

McSparin, Joe wrote:
> My access point is pointing the radius server for accounting. 
> Would it be the acme of foolishness on my part to assume that is all I
> need to do for my radius server to start logging the information from
my
> connecting clients?

  Is the NAS sending accounting packets?

  As always, see "radiusd -X"

  Or, raddebug.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

-- 
This email message and any attachments are for the sole use of the intended recipient(s) and contain confidential and/or privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message and any attachments.






More information about the Freeradius-Users mailing list