Calling-Station-Id Not Getting Updated in radacct table
Cholleti, Hanumantha
Hanumantha.Cholleti at viasat.com
Thu Jun 13 20:37:32 CEST 2013
Hi
We are on version 2.2.1 (github release).
We noticed that Calling-Station-Id is not getting updated in radacct table if the NAS sends the Calling-Station-Id in octet format (ex: "\000\240\274/\370\260").
Based on the documentation below in default conf (sites-enabled/default) file under authorization section
#
# The WiMAX specification says that the Calling-Station-Id
# is 6 octets of the MAC. This definition conflicts with
# RFC 3580, and all common RADIUS practices. Un-commenting
# the "wimax" module here means that it will fix the
# Calling-Station-Id attribute to the normal format as
# specified in RFC 3580 Section 3.21
wimax
By Uncommenting the wimax above, this fixed the issue of Calling-Station-ID not getting updated in cui table, but accounting table (radacct) still show blank value.
In the dialup.conf and cui.conf both use the same attribute %{Calling-Station-Id}.
If NAS pass the Calling-Station-Id in String format (ex: "00-1C-B3-AA-AA-AA") both cui and radacct gets updated with Calling-Station-Id correctly.
Similar to the above wimax configuration for authorize section, do we need to enable any setting for accounting to fix the Calling-Station-Id attribute that will populate the radacct correctly as string?
Here is the debug log when the NAS sends the Calling Station Id in octet format
Calling Station Id being sent by NAS is "\000\240\274/\370\260"
===================== Begin Debug Log =====================
Thread 3 handling request 16, (4 handled so far)
[<thread>] # Executing section authorize from file /opt/freeradius/etc/raddb/sites-enabled/default
[<thread>] +- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand: %{Packet-Src-IP-Address} -> 75.104.249.138
[auth_log] expand: /opt/freeradius/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d -> /opt/freeradius/var/log/radius/radacct/75.104.249.138/auth-detail-20130613
[auth_log] /opt/freeradius/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /opt/freeradius/var/log/radius/radacct/75.104.249.138/auth-detail-20130613
[auth_log] expand: %t -> Thu Jun 13 08:49:13 2013
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
rlm_wimax: Fixing WiMAX binary Calling-Station-Id to 00-a0-bc-2f-f8-b0
*** As you can see based on the uncommenting of wimax in default config of authorize section, the Calling-Station-Id is fixed to string format
++[wimax] returns ok
[suffix] Looking up realm "viasat-oss" for User-Name = "00A0BC2FF8B0 at viasat-oss"
[suffix] Found realm "viasat-oss"
[suffix] Adding Stripped-User-Name = "00A0BC2FF8B0"
[suffix] Adding Realm = "viasat-oss"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 6 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
[sql] expand: %{Stripped-User-Name} -> 00A0BC2FF8B0
[sql] expand: %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} -> 00A0BC2FF8B0
[sql] sql_set_user escaped user --> '00A0BC2FF8B0'
rlm_sql (sql): Reserving sql socket id: 2
[sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = '00A0BC2FF8B0' ORDER BY id
rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '00A0BC2FF8B0' ORDER BY id
[sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' OR (NOT EXISTS (select 1 from radreply where username='%{SQL-User-Name}') AND username='DEFAULT-ISF') ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = '00A0BC2FF8B0' OR (NOT EXISTS (select 1 from radreply where username='00A0BC2FF8B0') AND username='DEFAULT-ISF') ORDER BY priority
rlm_sql_mysql: query: SELECT groupname FROM radusergroup WHERE username = '00A0BC2FF8B0' OR (NOT EXISTS (select 1 from radreply where username='00A0BC2FF8B0') AND username='DEFAULT-ISF') ORDER BY priority
rlm_sql (sql): Released sql socket id: 2
[sql] User 00A0BC2FF8B0 not found
++[sql] returns notfound
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /opt/freeradius/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
[tls] Received TLS ACK
[tls] ACK handshake is finished
[tls] eaptls_verify returned 3
[tls] eaptls_process returned 3
[tls] Adding user data to cached session
[eap] Freeing handler
++[eap] returns ok
# Executing section post-auth from file /opt/freeradius/etc/raddb/sites-enabled/default
+- entering group post-auth {...}
++[exec] returns noop
expand: %{User-Name} -> 00A0BC2FF8B0 at viasat-oss
++[reply] returns noop
[wimax] MIP-RK = 0x30c90a50cc4cfb9581304c0ed41256afe72a7f816ab9f305499a34a1acacadc925765b5ef82f1f7cfbb54de7c1547243c3ed0ac20073f77e76009e775e1f3399
[wimax] MIP-SPI = 716f70c5
[wimax] WARNING: WiMAX-MN-NAI was not found in the request or in the reply.
[wimax] WARNING: We cannot calculate MN-HA keys.
[wimax] WARNING: WiMAX-IP-Technology not found in reply.
[wimax] WARNING: Not calculating MN-HA keys
++[wimax] returns updated
[cui] expand: %{User-Name} -> 00A0BC2FF8B0 at viasat-oss
[cui] sql_set_user escaped user --> '00A0BC2FF8B0 at viasat-oss'
[cui] expand: INSERT IGNORE INTO cui (clientipaddress, callingstationid, username, cui, lastaccounting) VALUES ('%{Client-IP-Address}', '%{Calling-Station-Id}', '%{User-Name}', '%{reply:Chargeable-User-Identity}', NULL) ON DUPLICATE KEY UPDATE lastaccounting='0000-00-00 00:00:00', cui='%{reply:Chargeable-User-Identity}' -> INSERT IGNORE INTO cui (clientipaddress, callingstationid, username, cui, lastaccounting) VALUES ('75.104.249.138', '00-a0-bc-2f-f8-b0', '00A0BC2FF8B0 at viasat-oss', '', NULL) ON DUPLICATE KEY UPDATE lastaccounting='0000-00-00 00:00:00', cui=''
rlm_sql (cui) in sql_postauth: query is INSERT IGNORE INTO cui (clientipaddress, callingstationid, username, cui, lastaccounting) VALUES ('75.104.249.138', '00-a0-bc-2f-f8-b0', '00A0BC2FF8B0 at viasat-oss', '', NULL) ON DUPLICATE KEY UPDATE lastaccounting='0000-00-00 00:00:00', cui=''
*** As seen above, the cui is getting populated with Calling-Station-Id '00-a0-bc-2f-f8-b0' correctly based on the above fix
rlm_sql (cui): Reserving sql socket id: 3
rlm_sql (cui): Released sql socket id: 3
++[cui] returns ok
Finished request 16.
Going to the next request
Thread 3 waiting to be assigned a request
Waking up in 4.0 seconds.
Cleaning up request 16 ID 193 with timestamp +375
Ready to process requests.
Waking up in 0.9 seconds.
Thread 4 got semaphore
Thread 4 handling request 17, (4 handled so far)
[<thread>] # Executing section preacct from file /opt/freeradius/etc/raddb/sites-enabled/default
[<thread>] +- entering group preacct {...}
++[preprocess] returns ok
[acct_unique] WARNING: Attribute NAS-Identifier was not found in request, unique ID MAY be inconsistent
[acct_unique] Hashing 'NAS-Port = 5,,NAS-IP-Address = 75.104.249.138,Acct-Session-Id = "1009A5F",User-Name = "00A0BC2FF8B0 at viasat-oss"'
[acct_unique] Acct-Unique-Session-ID = "3e46e14b569e512c".
++[acct_unique] returns ok
[suffix] Looking up realm "viasat-oss" for User-Name = "00A0BC2FF8B0 at viasat-oss"
[suffix] Found realm "viasat-oss"
[suffix] Adding Stripped-User-Name = "00A0BC2FF8B0"
[suffix] Adding Realm = "viasat-oss"
[suffix] Accounting realm is LOCAL.
++[suffix] returns ok
++[files] returns noop
# Executing section accounting from file /opt/freeradius/etc/raddb/sites-enabled/default
+- entering group accounting {...}
[detail] expand: %{Packet-Src-IP-Address} -> 75.104.249.138
[detail] expand: /opt/freeradius/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d -> /opt/freeradius/var/log/radius/radacct/75.104.249.138/detail-20130613
[detail] /opt/freeradius/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d expands to /opt/freeradius/var/log/radius/radacct/75.104.249.138/detail-20130613
[detail] Acquired filelock, tried 1 time(s)
[detail] expand: %t -> Thu Jun 13 08:49:19 2013
++[detail] returns ok
[sql] expand: %{Stripped-User-Name} -> 00A0BC2FF8B0
[sql] expand: %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} -> 00A0BC2FF8B0
[sql] sql_set_user escaped user --> '00A0BC2FF8B0'
[sql] expand: %{Acct-Delay-Time} ->
[sql] ... expanding second conditional
[sql] expand: INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress, acctstartdelay, acctstopdelay, xascendsessionsvrkey) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S', NULL, '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}',
[sql] expand: /opt/freeradius/var/log/radius/sqltrace.sql -> /opt/freeradius/var/log/radius/sqltrace.sql
rlm_sql (sql): Reserving sql socket id: 1
rlm_sql_mysql: query: INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress, acctstartdelay, acctstopdelay, xascendsessionsvrkey) VALUES ('1009A5F', '3e46e14b569e512c', '00A0BC2FF8B0', 'viasat-oss', '75.104.249.138', '5', 'Wireless-802.16', '2013-06-13 08:49:19', NULL, '0', '', '', '', '0', '0', '', '', '', '', '', '10.78.64.59', '0', '0', '')
rlm_sql (sql): Released sql socket id: 1
*** Above you notice that the Calling-Station-Id in radacct is getting populated with empty '' string.
++[sql] returns ok
[attr_filter.accounting_response] expand: %{User-Name} -> 00A0BC2FF8B0 at viasat-oss
attr_filter: Matched entry DEFAULT at line 12
++[attr_filter.accounting_response] returns updated
Finished request 17.
Going to the next request
===================== End Debug Log =====================
We also did a quick radclient test by sending the following accounting data
Packet-Type=4
Packet-Dst-Port=1813
Acct-Session-Id = "4D2BB8AC-00000098"
Acct-Status-Type = Start
Acct-Authentic = RADIUS
User-Name = "Release2-build11 at viasat-oss"
User-Password = "password"
NAS-Port = 100
Called-Station-Id = "00-02-6F-AA-AA-AA:My Wireless"
Calling-Station-Id = "\000\240\274/\370\260"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 48Mbps 802.11b"
In above case since the Calling-Station-Id is in octet format, radacct calling station id was populated with blank value, but the cui table calling-station got updated correctly.
If we replace the above Calling-Station-Id with String format value ("00-1C-B3-AA-AA-AA") both radacct and cui table were updated with the Calling Station Id correctly.
Please let us know if you need additional information
Thanks
-Hanu
More information about the Freeradius-Users
mailing list