Accounting Packet not sent

Michael Fischer michael at webfischer.at
Tue Feb 16 14:38:16 CET 2021 

Hi!

My goal is to authenticate WiFi-Users via FreeRadius with an eDirectory
backend. FreeRadius should then send an accounting packet to a
FortiGate firewall where a SSO agent is running.

The authentication part is working find, a user can connect to the
WiFi.

As far as I understood it, I should configure FreeRadius to write a
detail file which is then parsed an an accounting package sent to the
Fortigate firewall.
I configured a realm in proxy.conf:
realm Fortigate {
	accthost = 172.16.1.253
	secret = ***********
}

And I enabled the site "copy-accounting-to-home-server" with the
following configuration:

server copy-acct-to-home-server {
	listen {
		type = detail		
		filename = ${radacctdir}/detail-*
		load_factor = 10
	}

	preacct {
		preprocess
		suffix
		files
		update control {
			Proxy-To-Realm := 'Fortigate'
		}
	}

	accounting {
		   ok
	}

	pre-proxy {
	}

	post-proxy {
	}
}

Reading the detail file seems to work fine, but no accounting package
is sent to the FortiGate firewall (I even checked using Wireshark). See
a part of the debug-log here:
(9) Login OK: [fimi] (from client private-network-1 port 0 cli F4-60-
E2-B3-96-5C)
(9) Sent Access-Accept Id 107 from 172.16.1.104:1812 to
192.168.251.51:39578 length 0
(9)   Class := 0x54657374
(9)   MS-MPPE-Recv-Key =
0x28765691676b5035b99c8aa3b2b5bb8c1e9b4b3e32a457239e11df0cdac127ea
(9)   MS-MPPE-Send-Key =
0x1120b9224c29ff96b3ed507b19eabd80bb1c7728772cbe8305a876cede81c224
(9)   EAP-Message = 0x03d10004
(9)   Message-Authenticator = 0x00000000000000000000000000000000
(9)   User-Name += "fimi"
(9) Finished request
Waking up in 4.8 seconds.
detail (/var/log/radius/radacct/detail-*): Polling for detail file
detail (/var/log/radius/radacct/detail-*): Renaming
/var/log/radius/radacct/detail-192.168.251.51-20210216 ->
/var/log/radius/radacct/detail.work
detail (/var/log/radius/radacct/detail-*): Read packet from
/var/log/radius/radacct/detail.work
	Packet-Type = Access-Accept
	Class = 0x54657374
	User-Name = "fimi"
	MS-MPPE-Recv-Key =
0x28765691676b5035b99c8aa3b2b5bb8c1e9b4b3e32a457239e11df0cdac127ea
	MS-MPPE-Send-Key =
0x1120b9224c29ff96b3ed507b19eabd80bb1c7728772cbe8305a876cede81c224
	EAP-MSK =
0x28765691676b5035b99c8aa3b2b5bb8c1e9b4b3e32a457239e11df0cdac127ea1120b
9224c29ff96b3ed507b19eabd80bb1c7728772cbe8305a876cede81c224
	EAP-EMSK =
0xd3a64e1f290603568302a9f6c13c3ae00eaea0f45caeff1503b5609e2faf9b06be114
12f1243564b0a08b8df5d58cc33235989699b860f0171b9b73a29bb0e36
	EAP-Session-Id =
0x19c2bce2a85918a3ba9ea0068fd39acacb8173753f6c2a19ac67249b606157c82923f
2dacd82dc178f0df970ea5031e0e57b82ad5100de437f43b4f8303af37cae
	EAP-Message = 0x03d10004
	Message-Authenticator = 0x00000000000000000000000000000000
	Packet-Original-Timestamp = "Feb 16 2021 14:22:24 CET"
	Packet-Transmit-Counter = 1
Waking up in 4.6 seconds.

See full debug-log attached.

I would really appreciate your help!

Thanks, Mike

More information about the Freeradius-Users mailing list