(RADIATOR) RE: System Accounting Packets

İlker Aktuna (Koç.net) ilkera at koc.net
Fri Jun 11 09:58:55 CDT 2004 

Hi Hugh,

We'll try this, thanks.
I thought there could be an easier and extensive way.
Does the clause "Acct-Status-Type = /Accounting-On|Accounting-Off/" include all system accounting requests ?

Thanks,
ilker

-----Original Message-----
From: Hugh Irvine [mailto:hugh at open.com.au] 
Sent: Thursday, June 10, 2004 6:16 PM
To: İlker Aktuna (Koç.net)
Cc: radiator at open.com.au; Doğan Yeşilkaya (Koç.net); Sertan Babacan (Koç.net); Mike McCauley
Subject: Re: System Accounting Packets



Hello Ilker -

You can do something like this:

<Handler Acct-Status-Type = /Accounting-On|Accounting-Off/>

	AccountingHandled

	AuthByPolicy ContinueAlways

	<AuthBy RADIUS>
		IgnoreAccountingResponse
		.....
	</AuthBy>

	<AuthBy RADIUS>
		IgnoreAccountingResponse
		.....
	</AuthBy>

	<AuthBy RADIUS>
		IgnoreAccountingResponse
		.....
	</AuthBy>

	......

</Handler>


regards

Hugh


On 10 Jun 2004, at 08:32, İlker Aktuna ((Koç.net)) wrote:

> Dear Sirs,
>
> We are using Radiator as a radius proxy between our Cisco As5300 NASs
> and CiscoSecure Radius servers.
> Cisco AS5300 has feature of sending system accounting packets when a  
> reboot or crash occurs, so that the radius server can delete sessions  
> from that nas.
> Inorder to activate it we are using the following Cisco IOS command:
> "aaa accounting system default start-stop group PROXY"
>
> This command sends the "Accounting-Off" and "Accounting-On" packets to
> the Radiator proxies. What we want is to make Radiator send this  
> accounting packet to all of our CiscoSecure radius servers.
>
> We observed in the Radiator logfile that this packet is sent to only
> one of our radius servers (195.87.1.231 as seen in the following log)
> Is there an easy way of sending all "system" type accounting packets  
> to all radius servers behind the proxies ?
>
> Kind Regards,
> ilker Aktuna
> Koc.net
>
> Radiator log for the system accounting packet :
> ---
>
> Thu Jun 10 09:08:04 2004: DEBUG: Packet dump:
> *** Received from 193.243.216.6 port 1646 ....
> Code:       Accounting-Request
> Identifier: 2
> Authentic:  b<210>q@<144><26><140>V<142>z*g<151><181>G<15>
> Attributes:
>         NAS-IP-Address = 193.243.216.6
>         Acct-Status-Type = Accounting-Off
>         Acct-Session-Id = "00000002"
>         Acct-Delay-Time = 0
>
> Thu Jun 10 09:08:04 2004: DEBUG: Handling request with Handler
> 'Request-Type=Accounting-Request'
> Thu Jun 10 09:08:04 2004: DEBUG:  Deleting all sessions for  
> 193.243.216.6
> Thu Jun 10 09:08:04 2004: DEBUG: Handling with Radius::AuthRADIUS
> Thu Jun 10 09:08:04 2004: DEBUG: Packet dump:
> *** Sending to 195.87.1.231 port 1646 ....
> Code:       Accounting-Request
> Identifier: 131
> Authentic:  <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> Attributes:
>         NAS-IP-Address = 193.243.216.6
>         Acct-Status-Type = Accounting-Off
>         Acct-Session-Id = "00000002"
>         Acct-Delay-Time = 0
>         Timestamp = 1086847684
> _______________________________________________________________________ 
> ______________________________________________________________________
> Bu e-posta mesaji kisiye ozel olup, gizli bilgiler iceriyor olabilir.  
> Eger bu e-posta mesaji size yanlislikla ulasmissa,  icerigini hic bir  
> sekilde kullanmayiniz ve ekli dosyalari acmayiniz. Bu durumda lutfen  
> e-posta mesajini kullaniciya hemen geri gonderiniz  ve  tum  
> kopyalarini mesaj kutunuzdan siliniz. Bu e-posta mesaji, hic bir  
> sekilde, herhangi bir amac icin cogaltilamaz, yayinlanamaz ve para  
> karsiligi satilamaz.  Bu e-posta mesaji viruslere karsi anti-virus  
> sistemleri tarafindan taranmistir. Ancak yollayici, bu e-posta  
> mesajinin - virus koruma sistemleri ile kontrol ediliyor olsa bile -  
> virus icermedigini garanti etmez ve meydana gelebilecek zararlardan  
> dogacak hicbir sorumlulugu kabul etmez.
> This message is intended solely for the use of the individual or  
> entity to whom it is addressed , and may contain confidential   
> information. If you are not the intended recipient of this message or  
> you receive this mail in error, you should refrain from making any use  
> of the contents and from opening any attachment. In that case, please  
> notify the sender immediately and return the message to the sender,  
> then, delete and destroy all copies. This e-mail message, can not be  
> copied, published or sold for any reason. This e-mail message has been  
> swept by anti-virus systems for the presence of computer viruses. In  
> doing so, however,  sender  cannot warrant that virus or other forms  
> of data corruption may not be present and do not take any  
> responsibility in any occurrence.
> _______________________________________________________________________ 
> ______________________________________________________________________
>
>
>
>
>

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems. 
_____________________________________________________________________________________________________________________________________________ 
Bu e-posta mesaji kisiye ozel olup, gizli bilgiler iceriyor olabilir. Eger bu e-posta mesaji size yanlislikla ulasmissa,  icerigini hic bir sekilde kullanmayiniz ve ekli dosyalari acmayiniz. Bu durumda lutfen e-posta mesajini kullaniciya hemen geri gonderiniz  ve  tum kopyalarini mesaj kutunuzdan siliniz. Bu e-posta mesaji, hic bir sekilde, herhangi bir amac icin cogaltilamaz, yayinlanamaz ve para karsiligi satilamaz.  Bu e-posta mesaji viruslere karsi anti-virus sistemleri tarafindan taranmistir. Ancak yollayici, bu e-posta mesajinin - virus koruma sistemleri ile kontrol ediliyor olsa bile - virus icermedigini garanti etmez ve meydana gelebilecek zararlardan dogacak hicbir sorumlulugu kabul etmez.  
This message is intended solely for the use of the individual or entity to whom it is addressed , and may contain confidential  information. If you are not the intended recipient of this message or you receive this mail in error, you should refrain from making any use of the contents and from opening any attachment. In that case, please notify the sender immediately and return the message to the sender, then, delete and destroy all copies. This e-mail message, can not be copied, published or sold for any reason. This e-mail message has been swept by anti-virus systems for the presence of computer viruses. In doing so, however,  sender  cannot warrant that virus or other forms of data corruption may not be present and do not take any responsibility in any occurrence. 
_____________________________________________________________________________________________________________________________________________ 
 
 
 

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list