(RADIATOR) Calling and Called-Station-Id accounting?

Terry Simons galimore at mac.com
Wed Oct 15 22:16:26 CDT 2003 

Hugh,

This doesn't seem to be working for me.

Can you take a look at my debugging output and configuration?

Here's what I'm seeing:

Wed Oct 15 21:09:35 2003: DEBUG: Handling request with Handler ''
Wed Oct 15 21:09:35 2003: DEBUG:  Deleting session for terry, 10.0.0.20,
Wed Oct 15 21:09:35 2003: DEBUG: Handling with Radius::AuthSQL
Wed Oct 15 21:09:35 2003: DEBUG: Handling with Radius::AuthFILE:  
FILE_AUTH
Wed Oct 15 21:09:35 2003: DEBUG: Radius::AuthFILE looks for match with  
terry
Wed Oct 15 21:09:35 2003: DEBUG: Radius::AuthFILE ACCEPT:
Wed Oct 15 21:09:35 2003: DEBUG: Access accepted for terry
Wed Oct 15 21:09:35 2003: DEBUG: EAP result: 0, EAP TTLS inner  
authentication redespatched to a Handler
Wed Oct 15 21:09:35 2003: DEBUG: Access accepted for terry
Wed Oct 15 21:09:35 2003: DEBUG: Packet dump:
*** Sending to 10.0.0.20 port 1258 ....
Code:       Access-Accept
Identifier: 122
Authentic:  <237>w<243><11>F<152>a<20><195><6><208><155><244><162>K<168>
Attributes:
         Class = "Calling-Station-Id = "
         Class = "Calling-Station-Id = 00-30-65-1D-9E-A6"
         MS-MPPE-Send-Key =  
"<147><171><198>U<139>4<30><251><127><154><194>F><182><137><0><193><177> 
<152>g<8><8><182><148>y<130><203>fp<30>z<191><249>K<129><247>B<132><185> 
d<167><203><251><28><188><197><189><244>Eo"
         MS-MPPE-Recv-Key =  
"<181>R<190>Z{<246><210>9<136>2ij<204>1<240><207><169><200>lo<226><31><2 
55><139>T<9><132>'.<174><152>e"<151><153><177><221><190><184>ZCw<227><20 
6><160> J<252><199><130>"
         EAP-Message = <3><6><0><4>
         Message-Authenticator =  
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>

Wed Oct 15 21:09:36 2003: DEBUG: Packet dump:
*** Received from 10.0.0.20 port 1259 ....
Code:       Accounting-Request
Identifier: 123
Authentic:  <234><221><248>Lp<152><2><174><7><165>u<20>F<143>`r
Attributes:
         Acct-Status-Type = Start
         User-Name = "terry"
         Acct-Session-Id = "000080480043"
         NAS-IP-Address = 10.0.0.20
         NAS-Port = 0
         Acct-Authentic = RADIUS
         NAS-Identifier = "WardriveMe"
         Acct-Delay-Time = 0

Wed Oct 15 21:09:36 2003: DEBUG: Handling request with Handler ''
Wed Oct 15 21:09:36 2003: DEBUG:  Adding session for terry, 10.0.0.20, 0
Wed Oct 15 21:09:36 2003: DEBUG: Handling with Radius::AuthSQL
Wed Oct 15 21:09:36 2003: DEBUG: Handling accounting with  
Radius::AuthSQL
Wed Oct 15 21:09:36 2003: DEBUG: do query is: 'insert into  
dot1xAccountingDB (Class) values('')':

Wed Oct 15 21:09:36 2003: DEBUG: Handling with Radius::AuthFILE:  
FILE_AUTH
Wed Oct 15 21:09:36 2003: DEBUG: Accounting accepted
Wed Oct 15 21:09:36 2003: DEBUG: Packet dump:
*** Sending to 10.0.0.20 port 1259 ....
Code:       Accounting-Response
Identifier: 123
Authentic:  <234><221><248>Lp<152><2><174><7><165>u<20>F<143>`r
Attributes:


If you look closely, you'll notice that the "Class" variable is printed  
twice.  Once with a value, once without... this alone seems somewhat  
odd.  Why is it getting displayed twice?

Also, this information still isn't available to me for accounting,  
which is also apparent above.  My attempt to account for '%{Class}' is  
turning up a NULL value.

Am I doing something wrong, or is this just being goofy?

It seems to be almost what I want, but not quite.

Here is my test configuration:

Foreground
LogStdout

LogDir          /usr/local/var/log/radius.log
LogFile         %L/logfile
DbDir           /usr/local/etc
Trace           4

AuthPort 1812
AcctPort 1813

<Client DEFAULT>
         NoIgnoreDuplicates Access-Challenge
         NoIgnoreDuplicates Access-Request
         DupInterval 0
         AddToRequest %{Class}
</Client>

<AuthBy SQL>
         Identifier      ACCT_ONLY

         DBSource         
dbi:CSV:f_dir=/usr/local/var/log/radius.log/accounting/
         DBUsername      NOT_NEEDED
         DBAuth          NOT_NEEDED

         AcctSQLStatement insert into dot1xAccountingDB \
         (\
         Class\
         ) \
         values\
         (\
         '%{Class}'\
         )

        AuthSelect
</AuthBy>

<AuthBy FILE>
        Identifier FILE_AUTH
        Filename                        /usr/local/etc/users
        EAPType                         TTLS TLS MD5-Challenge MSCHAP-V2
        EAPTLS_MaxFragmentSize          1024
        EAPTLS_CAFile                   /etc/radiator/CA.pem
        EAPTLS_CertificateType          PEM
        EAPTLS_CertificateFile          /etc/radiator/Server.pem
        EAPTLS_PrivateKeyFile           /etc/radiator/Server.pem
        EAPTLS_PrivateKeyPassword       NOTMYPASSWORD

        EAPTLS_SessionResumption 0
        AutoMPPEKeys
        AddToReply Class = Calling-Station-Id = %{Calling-Station-Id}
</AuthBy>

<Handler TunneledByTTLS=1>
     AuthBy         FILE_AUTH
</Handler>

<Handler>
     AuthByPolicy    ContinueAlways

     AuthBy         ACCT_ONLY

     AuthBy         FILE_AUTH
</Handler>


On Oct 15, 2003, at 4:48 PM, Hugh Irvine wrote:

>
> Hello Terry -
>
> There are some useful tricks that you can employ in this situation.
>
> # define Client clause
>
> <Client ....>
> 	Secret .....
> 	AddToRequest %{Class}
> 	.....
> </Client>
>
> # define AuthBy clause
>
> <AuthBy ...>
> 	Identifier MyAuthBy
> 	.....
> 	AddToReply Class = Calling-Station-Id = %{Calling-Station-Id}, \
> 					Called-Station-Id = %{Called-Station-Id}
> </AuthBy>
>
> # define Realm of Handler
>
> <Handler ...>
> 	AuthBy MyAuthBy
> 	.....
> </Handler>
>
>
> regards
>
> Hugh

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list