(RADIATOR) Calling and Called-Station-Id accounting?
Hugh Irvine
hugh at open.com.au
Wed Oct 15 17:48:56 CDT 2003
Hello Terry -
There are some useful tricks that you can employ in this situation.
# define Client clause
<Client ....>
Secret .....
AddToRequest %{Class}
.....
</Client>
# define AuthBy clause
<AuthBy ...>
Identifier MyAuthBy
.....
AddToReply Class = Calling-Station-Id = %{Calling-Station-Id}, \
Called-Station-Id = %{Called-Station-Id}
</AuthBy>
# define Realm of Handler
<Handler ...>
AuthBy MyAuthBy
.....
</Handler>
regards
Hugh
On Wednesday, Oct 15, 2003, at 18:42 Australia/Melbourne, Terry Simons
wrote:
> I need to account for the Calling and Called-Station-Id fields in an
> authentication, but my NAS device doesn't account this information.
>
> I've troubleshot this particular problem to knowing that my Proxim
> AP-2000s are not sending back a Calling-Station-Id in either their
> start or stop records.
>
> I have been trying to determine how to do this on my own, but I'm a
> little bit lost.
>
> Here's a trace 4 debug showing that we're getting Calling-Station-Id
> on requests:
>
> Code: Access-Request
> Identifier: 40
> Authentic: <137>g<0><0><234>Y<0><0>C<1><0><0>gw<0><0>
> Attributes:
> User-Name = "USERNAME"
> NAS-IP-Address = 1.2.3.4
> Called-Station-Id = "00-02-2d-48-5f-40"
> Calling-Station-Id = "00-02-2d-7d-85-8e"
> NAS-Identifier = "NASNAME"
> Framed-MTU = 1400
> NAS-Port-Type = Wireless-IEEE-802-11
> EAP-Message = <2><9><0><13><1>USERNAME
> Message-Authenticator =
> q<2><136>!<221><181><26><180><155>c<170><12>+<238><179>c
>
> And here's a start record, showing that no Calling-Station-Id is
> available:
>
> Code: Accounting-Request
> Identifier: 39
> Authentic: c<154><145>8<4>$Or<200><232><143>w<200>T<25><127>
> Attributes:
> User-Name = "USERNAME"
> Acct-Session-Id = "00-02-2d-7d-85-8e"
> NAS-Identifier = "NASNAME"
> NAS-IP-Address = 1.2.3.4
> NAS-Port = 9
> NAS-Port-Type = Wireless-IEEE-802-11
> Acct-Authentic = RADIUS
> Acct-Status-Type = Start
>
> It makes sense that I can't do %{Calling-Station-Id}, because that
> particular attribute doesn't exist in my accounting packet, but it
> does show up in the authentication request packets.
>
> Also, it looks like the AP is erroneously using the Acct-Session-Id
> field to account the MAC address of the authenticated client. *groan*
> ;-)
>
> What are my options to account the Calling-Station-Id data?
>
> It looks like I can use a PostAuthHook... I think. Is this what I
> want?
>
> I'm not quite sure, even after reading the documentation, what needs
> to happen.
>
> I'll keep digging...
>
> In the mean time, any advice is appreciated.
>
> Terry
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>
NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list