(RADIATOR) Re: System Accounting Packets

Hugh Irvine hugh at open.com.au
Thu Jun 10 10:15:42 CDT 2004 

Hello Ilker -

You can do something like this:

<Handler Acct-Status-Type = /Accounting-On|Accounting-Off/>

	AccountingHandled

	AuthByPolicy ContinueAlways

	<AuthBy RADIUS>
		IgnoreAccountingResponse
		.....
	</AuthBy>

	<AuthBy RADIUS>
		IgnoreAccountingResponse
		.....
	</AuthBy>

	<AuthBy RADIUS>
		IgnoreAccountingResponse
		.....
	</AuthBy>

	......

</Handler>


regards

Hugh


On 10 Jun 2004, at 08:32, İlker Aktuna ((Koç.net)) wrote:

> Dear Sirs,
>
> We are using Radiator as a radius proxy between our Cisco As5300 NASs  
> and CiscoSecure Radius servers.
> Cisco AS5300 has feature of sending system accounting packets when a  
> reboot or crash occurs, so that the radius server can delete sessions  
> from that nas.
> Inorder to activate it we are using the following Cisco IOS command:
> "aaa accounting system default start-stop group PROXY"
>
> This command sends the "Accounting-Off" and "Accounting-On" packets to  
> the Radiator proxies. What we want is to make Radiator send this  
> accounting packet to all of our CiscoSecure radius servers.
>
> We observed in the Radiator logfile that this packet is sent to only  
> one of our radius servers (195.87.1.231 as seen in the following log)
> Is there an easy way of sending all "system" type accounting packets  
> to all radius servers behind the proxies ?
>
> Kind Regards,
> ilker Aktuna
> Koc.net
>
> Radiator log for the system accounting packet :
> ---
>
> Thu Jun 10 09:08:04 2004: DEBUG: Packet dump:
> *** Received from 193.243.216.6 port 1646 ....
> Code:       Accounting-Request
> Identifier: 2
> Authentic:  b<210>q@<144><26><140>V<142>z*g<151><181>G<15>
> Attributes:
>         NAS-IP-Address = 193.243.216.6
>         Acct-Status-Type = Accounting-Off
>         Acct-Session-Id = "00000002"
>         Acct-Delay-Time = 0
>
> Thu Jun 10 09:08:04 2004: DEBUG: Handling request with Handler  
> 'Request-Type=Accounting-Request'
> Thu Jun 10 09:08:04 2004: DEBUG:  Deleting all sessions for  
> 193.243.216.6
> Thu Jun 10 09:08:04 2004: DEBUG: Handling with Radius::AuthRADIUS
> Thu Jun 10 09:08:04 2004: DEBUG: Packet dump:
> *** Sending to 195.87.1.231 port 1646 ....
> Code:       Accounting-Request
> Identifier: 131
> Authentic:  <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> Attributes:
>         NAS-IP-Address = 193.243.216.6
>         Acct-Status-Type = Accounting-Off
>         Acct-Session-Id = "00000002"
>         Acct-Delay-Time = 0
>         Timestamp = 1086847684
> _______________________________________________________________________ 
> ______________________________________________________________________
> Bu e-posta mesaji kisiye ozel olup, gizli bilgiler iceriyor olabilir.  
> Eger bu e-posta mesaji size yanlislikla ulasmissa,  icerigini hic bir  
> sekilde kullanmayiniz ve ekli dosyalari acmayiniz. Bu durumda lutfen  
> e-posta mesajini kullaniciya hemen geri gonderiniz  ve  tum  
> kopyalarini mesaj kutunuzdan siliniz. Bu e-posta mesaji, hic bir  
> sekilde, herhangi bir amac icin cogaltilamaz, yayinlanamaz ve para  
> karsiligi satilamaz.  Bu e-posta mesaji viruslere karsi anti-virus  
> sistemleri tarafindan taranmistir. Ancak yollayici, bu e-posta  
> mesajinin - virus koruma sistemleri ile kontrol ediliyor olsa bile -  
> virus icermedigini garanti etmez ve meydana gelebilecek zararlardan  
> dogacak hicbir sorumlulugu kabul etmez.
> This message is intended solely for the use of the individual or  
> entity to whom it is addressed , and may contain confidential   
> information. If you are not the intended recipient of this message or  
> you receive this mail in error, you should refrain from making any use  
> of the contents and from opening any attachment. In that case, please  
> notify the sender immediately and return the message to the sender,  
> then, delete and destroy all copies. This e-mail message, can not be  
> copied, published or sold for any reason. This e-mail message has been  
> swept by anti-virus systems for the presence of computer viruses. In  
> doing so, however,  sender  cannot warrant that virus or other forms  
> of data corruption may not be present and do not take any  
> responsibility in any occurrence.
> _______________________________________________________________________ 
> ______________________________________________________________________
>
>
>
>
>

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list