simple accounting proxy setup.
Fajar A. Nugraha
list at fajar.net
Tue Oct 2 02:36:26 CEST 2012
On Tue, Oct 2, 2012 at 7:14 AM, Bill Schoolfield <bill at billmax.com> wrote:
> Looking for help in setting up simple (single) accounting relay
> (forward). Its been awhile since I last used freeradius and I'm use
> to the old radrelay program. I see that has been replaced with
> internal based methods.
>
> I've read what documents and comments I could find, but haven't been
> able to see the entire picture. I've set things up but so far no
> luck at getting the accounting packets forwarded.
>
> In keeping with recommended practice, I have modified very little. I
> edited the proxy.conf file and enabled the copy-acct-to-home-server
There are more than one way to do that. If you don't care whether the
packets actually reach the destination or not (highly recommended when
the destination is flakey, and you don't have control over it), IMHO
it's better to just use rlm_replicate. See raddb/modules/replicate for
details.
> server. What else do I need to do? Could someone provide a working
> example configuration? I'm a little shaky on the realm processing.
> Perhaps that's the issue.
>
> The sever log appears to show just a normal (local) receipt of the
> accounting record:
>
> Ready to process requests.
> rad_recv: Accounting-Request packet from host 127.0.0.1 port 44057,
> id=153, length=102
> Acct-Session-Id = "6000006B"
> User-Name = "Fnord"
> NAS-IP-Address = 192.168.3.5
> NAS-Port-Id = "32"
> NAS-Port-Type = Async
> Acct-Status-Type = Start
> Connect-Info = "46000 LAPM/V42BIS"
> Service-Type = Framed-User
> Framed-Protocol = PPP
> Framed-IP-Address = 192.168.5.66
> Acct-Delay-Time = 0
> # Executing section preacct from file /etc/raddb/sites-enabled/default
> +- entering group preacct {...}
> ++[preprocess] returns ok
> [acct_unique] WARNING: Attribute NAS-Port was not found in request,
> unique ID MAY be inconsistent
> [acct_unique] Hashing ',Client-IP-Address = 127.0.0.1,NAS-IP-Address
> = 192.168.3.5,Acct-Session-Id = "6000006B",User-Name = "Fnord"'
> [acct_unique] Acct-Unique-Session-ID = "cce9407c7efa55eb".
> ++[acct_unique] returns ok
> [suffix] No '@' in User-Name = "Fnord", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> ++[files] returns noop
> # Executing section accounting from file
> /etc/raddb/sites-enabled/default
> +- entering group accounting {...}
> [detail] expand:
> /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d ->
> /var/log/radius/radacct/127.0.0.1/detail-20121001
> [detail] /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d
> expands to /var/log/radius/radacct/127.0.0.1/detail-20121001
> [detail] expand: %t -> Mon Oct 1 20:00:15 2012
> ++[detail] returns ok
so the packet goes to detail file. Good.
> ++[unix] returns noop
You don't need this. Just remove/comment-out all references to "unix".
> [radutmp] expand: /var/log/radius/radutmp ->
> /var/log/radius/radutmp
> [radutmp] expand: %{User-Name} -> Fnord
> rlm_radutmp: No NAS-Port seen. Cannot do anything.
> rlm_radumtp: WARNING: checkrad will probably not work!
> ++[radutmp] returns noop
same for those two
> [sql] expand: %{User-Name} -> Fnord
> [sql] sql_set_user escaped user --> 'Fnord'
> [sql] expand: %{Acct-Delay-Time} -> 0
> [sql] expand: INSERT INTO radacct
> (acctsessionid, acctuniqueid, username, realm,
> nasipaddress, na sportid,
> nasporttype, acctstarttime, acctstoptime,
> acctsessiontime, acctauthentic, connectinfo_start,
> conn ectinfo_stop,
> acctinputoctets, acctoutputoctets, calledstationid,
> callingstationid, acctterminatecause, servicetype,
> framedp rotocol, framedipaddress,
> acctstartdelay, acctstopdelay, xascendsessionsvrkey)
> VALUES ('%{Acct-Session-Id}', '%{Acc
> t-Unique-Session-Id}',
> '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}',
> '%{NAS-Port}', '%{NAS-Port-Type}', '%S', N
> ULL, '0', '%{Acct-Authentic}',
> '%{Connect-Info}', '', '0', '0',
> '%{Called-Station-Id}', '%{Calling-Station-Id}', '',
> '%{Service-Type}', '%{Framed-Protocol}',
> '%{Framed-IP-Address}',
> rlm_sql (sql): Reserving sql socket id: 3
> rlm_sql (sql): Released sql socket id: 3
> ++[sql] returns ok
do you really need sql? If not, comment it out.
> ++[exec] returns noop
this as well
> [attr_filter.accounting_response] expand: %{User-Name} -> Fnord
> attr_filter: Matched entry DEFAULT at line 12
> ++[attr_filter.accounting_response] returns updated
> Sending Accounting-Response of id 153 to 127.0.0.1 port 44057
> Finished request 0.
> Cleaning up request 0 ID 153 with timestamp +178
> Going to the next request
> Ready to process requests.
copy-acct-to-home-server doesn't run. Either:
- you forgot to create the symlink in sites-enabled, OR
- the server reads the wrong location. Read the comments on the file
again, starting with this comment
"
# On most systems, this should support file globbing
# e.g. "${radacctdir}/detail-*:*"
"
--
Fajar
More information about the Freeradius-Users
mailing list