The Class attributed is missing in some accounting packets sent from the same NAS.

Selahattin Cilek selahattin_cilek at
Tue Feb 7 18:17:39 CET 2017

On 07.02.2017 19:50, Brian Candler wrote:
> On 07/02/2017 16:20, Selahattin Cilek wrote:
>> I have been experimenting with the Class attribute to obtain the user's
>> true identity in order to do accounting and I realised that accounting
>> packets arriving from some users do not have this attribute.
> Did you definitely send the Class attribute in all the Access-Accept 
> packets? Then the NAS is broken.
I have the attribute and the in the 'radreply' table for the user:

However, I can't be sure if it I sen the the Class attribute in all the 
Access-Accept packets, I don't know how to make sure. I sometimes 
receive the attribute for the same user, and sometimes not, by the way.
> Did you not send the Class attribute in some Access-Accept packets? 
> Then your RADIUS config is broken.
There are currently about 100 users logged in and using. Most have the 
attribute in their accounting packets.
> To prove it one way or the other, use tcpdump / wireshark / radsniff. 
> Find an example of an accounting packet which does not have a Class 
> attribute, and then tie it back to the corresponding Access-Accept 
> packet.
> Aside: it's a good idea to add "-s 1500" to the tcpdump command line 
> ("-s 0" on Linux) to capture the whole packet. But in your case I 
> don't think they are truncated.
> Regards,
> Brian.
I have written a function in MySQL to retrieve the true identity of the 
users and edited the mysql/dialup.conf file.
This is the function:
CREATE DEFINER=`root`@`localhost` FUNCTION `hex_to_user_name`(
     in_hex_string  VARCHAR(64)
) RETURNS varchar(64) CHARSET latin5
     IF in_hex_string = ''
         RETURN 'UNKNOWN';
         RETURN UNHEX(RIGHT(in_hex_string, LENGTH(in_hex_string) -2));
     END IF;

This is how I edited the query:
accounting_start_query = " INSERT INTO ${acct_table1} 
VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', 
hex_to_user_name('%{Class}'), '%{Realm}', '%{NAS-IP-Address}', 
'%{NAS-Port}','%{NAS-Port-Type}', '%S', NULL,'0', '%{Acct-Authentic}', 
'%{Connect-Info}','', '0', '0','%{Called-Station-Id}', 
'%{Calling-Station-Id}', '','%{Service-Type}', '%{Framed-Protocol}', 
'%{Framed-IP-Address}','%{%{Acct-Delay-Time}:-0}', '0', 

Can it be that MySQL cannot process the function in time, returning an 
empty string instead?

Regards, SCilek

This email has been checked for viruses by Avast antivirus software.

More information about the Freeradius-Users mailing list