Accounting in MySQL - Password
P K
getpkme at gmail.com
Mon Jan 13 13:25:24 CET 2014
Thanks Alan & Alan. That change seemed to work. I did some testing
today with the accounting on sql. Please could you explain this so
that I can understand the logging better?
My clients use TTLS/PAP and PEAP/MSCHAP.
+----+-----------------------+----------+---------------+---------------------+
| id | username | pass | reply | authdate |
+----+-----------------------+----------+---------------+---------------------+
| 15 | basil | _hidden_ | Access-Reject | 2014-01-13 10:57:20 |
| 18 | basil | _hidden_ | Access-Accept | 2014-01-13 11:13:58 |
| 19 | anonymous | _hidden_ | Access-Accept | 2014-01-13 11:13:58 |
| 20 | basil | _hidden_ | Access-Accept | 2014-01-13 11:15:11 |
| 21 | basil | _hidden_ | Access-Accept | 2014-01-13 11:15:11 |
| 25 | anonymous | _hidden_ | Access-Reject | 2014-01-13 11:22:52 |
| 27 | basil at moo.com | _hidden_ | Access-Reject | 2014-01-13 11:51:03 |
| 28 | basil | _hidden_ | Access-Accept | 2014-01-13 11:55:28 |
| 29 | basil at moo.com| _hidden_ | Access-Accept | 2014-01-13 11:55:28 |
+----+-----------------------+----------+---------------+---------------------+
15 - PEAP/MSCHAP (Invalid credentials)
18/19 - TTLS/PAP (Valid Credentials with privacy on)
20/21 - TTLS/PAP (Valid Credentials with privacy off)
25 - TTLS/PAP (Invalid credentials with privacy on)
27 - TTLS/PAP (Invalid credentials with privacy on and
basil at moo.com as anonymous user)
28/29 - TTLS/PAP (Valid credentials with privacy on and basil at moo.com
as anonymous user and basil as actual user)
Will "accept" always result in two entries? Is there anything I can do
to stop clients from using anonymous or changing anonymous id to
anything else like basil at moo.com in the test above? Is there anything
I can do to log the actual user that was rejected as in the case of
(25)?
Thanks.
On 10 January 2014 19:42, <A.L.M.Buxey at lboro.ac.uk> wrote:
> Hi,
>
>> This may be a simple question but I was not able to find a setting for
>> this. Basically, I'm using freeradius with LDAP for my user base and
>> MySQL for accounting. I've loaded schema on MySQL, configured
>> freeradius and my two tables get populated properly (radacct and
>> radpostauth).
>
> the default config has this in the dialup.conf file (the configuration that
> mysql module uses)
>
> postauth_query = "INSERT INTO ${postauth_table} \
> (username, pass, reply, authdate) \
> VALUES ( \
> '%{User-Name}', \
> '%{%{User-Password}:-%{Chap-Password}}', \
> '%{reply:Packet-Type}', '%S')"
>
> edit that appropriately - eg change it to
>
> postauth_query = "INSERT INTO ${postauth_table} \
> (username, pass, reply, authdate) \
> VALUES ( \
> '%{User-Name}', \
> 'PASSWORD', \
> '%{reply:Packet-Type}', '%S')"
>
> its what I did years ago before putting the service into production....we moved to postgresql
> in the end for production - so made same change for the postgresql config.
>
> alan
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list