(RADIATOR) Re: System Accounting Packets

Hugh Irvine hugh at open.com.au
Fri Jun 11 13:57:15 CDT 2004


Hello Ilker -

It will match Accounting-On and Accounting-Off - I don't know if this  
is "all system accounting requests".

You will need to do some experiments to verify what requests the router  
sends.

regards

Hugh


On 11 Jun 2004, at 16:58, İlker Aktuna ((Koç.net)) wrote:

> Hi Hugh,
>
> We'll try this, thanks.
> I thought there could be an easier and extensive way.
> Does the clause "Acct-Status-Type = /Accounting-On|Accounting-Off/"  
> include all system accounting requests ?
>
> Thanks,
> ilker
>
> -----Original Message-----
> From: Hugh Irvine [mailto:hugh at open.com.au]
> Sent: Thursday, June 10, 2004 6:16 PM
> To: İlker Aktuna (Koç.net)
> Cc: radiator at open.com.au; Doğan Yeşilkaya (Koç.net); Sertan Babacan  
> (Koç.net); Mike McCauley
> Subject: Re: System Accounting Packets
>
>
>
> Hello Ilker -
>
> You can do something like this:
>
> <Handler Acct-Status-Type = /Accounting-On|Accounting-Off/>
>
> 	AccountingHandled
>
> 	AuthByPolicy ContinueAlways
>
> 	<AuthBy RADIUS>
> 		IgnoreAccountingResponse
> 		.....
> 	</AuthBy>
>
> 	<AuthBy RADIUS>
> 		IgnoreAccountingResponse
> 		.....
> 	</AuthBy>
>
> 	<AuthBy RADIUS>
> 		IgnoreAccountingResponse
> 		.....
> 	</AuthBy>
>
> 	......
>
> </Handler>
>
>
> regards
>
> Hugh
>
>
> On 10 Jun 2004, at 08:32, İlker Aktuna ((Koç.net)) wrote:
>
>> Dear Sirs,
>>
>> We are using Radiator as a radius proxy between our Cisco As5300 NASs
>> and CiscoSecure Radius servers.
>> Cisco AS5300 has feature of sending system accounting packets when a
>> reboot or crash occurs, so that the radius server can delete sessions
>> from that nas.
>> Inorder to activate it we are using the following Cisco IOS command:
>> "aaa accounting system default start-stop group PROXY"
>>
>> This command sends the "Accounting-Off" and "Accounting-On" packets to
>> the Radiator proxies. What we want is to make Radiator send this
>> accounting packet to all of our CiscoSecure radius servers.
>>
>> We observed in the Radiator logfile that this packet is sent to only
>> one of our radius servers (195.87.1.231 as seen in the following log)
>> Is there an easy way of sending all "system" type accounting packets
>> to all radius servers behind the proxies ?
>>
>> Kind Regards,
>> ilker Aktuna
>> Koc.net
>>
>> Radiator log for the system accounting packet :
>> ---
>>
>> Thu Jun 10 09:08:04 2004: DEBUG: Packet dump:
>> *** Received from 193.243.216.6 port 1646 ....
>> Code:       Accounting-Request
>> Identifier: 2
>> Authentic:  b<210>q@<144><26><140>V<142>z*g<151><181>G<15>
>> Attributes:
>>         NAS-IP-Address = 193.243.216.6
>>         Acct-Status-Type = Accounting-Off
>>         Acct-Session-Id = "00000002"
>>         Acct-Delay-Time = 0
>>
>> Thu Jun 10 09:08:04 2004: DEBUG: Handling request with Handler
>> 'Request-Type=Accounting-Request'
>> Thu Jun 10 09:08:04 2004: DEBUG:  Deleting all sessions for
>> 193.243.216.6
>> Thu Jun 10 09:08:04 2004: DEBUG: Handling with Radius::AuthRADIUS
>> Thu Jun 10 09:08:04 2004: DEBUG: Packet dump:
>> *** Sending to 195.87.1.231 port 1646 ....
>> Code:       Accounting-Request
>> Identifier: 131
>> Authentic:  <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
>> Attributes:
>>         NAS-IP-Address = 193.243.216.6
>>         Acct-Status-Type = Accounting-Off
>>         Acct-Session-Id = "00000002"
>>         Acct-Delay-Time = 0
>>         Timestamp = 1086847684
>> ______________________________________________________________________ 
>> _
>> ______________________________________________________________________
>> Bu e-posta mesaji kisiye ozel olup, gizli bilgiler iceriyor olabilir.
>> Eger bu e-posta mesaji size yanlislikla ulasmissa,  icerigini hic bir
>> sekilde kullanmayiniz ve ekli dosyalari acmayiniz. Bu durumda lutfen
>> e-posta mesajini kullaniciya hemen geri gonderiniz  ve  tum
>> kopyalarini mesaj kutunuzdan siliniz. Bu e-posta mesaji, hic bir
>> sekilde, herhangi bir amac icin cogaltilamaz, yayinlanamaz ve para
>> karsiligi satilamaz.  Bu e-posta mesaji viruslere karsi anti-virus
>> sistemleri tarafindan taranmistir. Ancak yollayici, bu e-posta
>> mesajinin - virus koruma sistemleri ile kontrol ediliyor olsa bile -
>> virus icermedigini garanti etmez ve meydana gelebilecek zararlardan
>> dogacak hicbir sorumlulugu kabul etmez.
>> This message is intended solely for the use of the individual or
>> entity to whom it is addressed , and may contain confidential
>> information. If you are not the intended recipient of this message or
>> you receive this mail in error, you should refrain from making any use
>> of the contents and from opening any attachment. In that case, please
>> notify the sender immediately and return the message to the sender,
>> then, delete and destroy all copies. This e-mail message, can not be
>> copied, published or sold for any reason. This e-mail message has been
>> swept by anti-virus systems for the presence of computer viruses. In
>> doing so, however,  sender  cannot warrant that virus or other forms
>> of data corruption may not be present and do not take any
>> responsibility in any occurrence.
>> ______________________________________________________________________ 
>> _
>> ______________________________________________________________________
>>
>>
>>
>>
>>
>
> NB: have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
>
> -- 
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
> _______________________________________________________________________ 
> ______________________________________________________________________
> Bu e-posta mesaji kisiye ozel olup, gizli bilgiler iceriyor olabilir.  
> Eger bu e-posta mesaji size yanlislikla ulasmissa,  icerigini hic bir  
> sekilde kullanmayiniz ve ekli dosyalari acmayiniz. Bu durumda lutfen  
> e-posta mesajini kullaniciya hemen geri gonderiniz  ve  tum  
> kopyalarini mesaj kutunuzdan siliniz. Bu e-posta mesaji, hic bir  
> sekilde, herhangi bir amac icin cogaltilamaz, yayinlanamaz ve para  
> karsiligi satilamaz.  Bu e-posta mesaji viruslere karsi anti-virus  
> sistemleri tarafindan taranmistir. Ancak yollayici, bu e-posta  
> mesajinin - virus koruma sistemleri ile kontrol ediliyor olsa bile -  
> virus icermedigini garanti etmez ve meydana gelebilecek zararlardan  
> dogacak hicbir sorumlulugu kabul etmez.
> This message is intended solely for the use of the individual or  
> entity to whom it is addressed , and may contain confidential   
> information. If you are not the intended recipient of this message or  
> you receive this mail in error, you should refrain from making any use  
> of the contents and from opening any attachment. In that case, please  
> notify the sender immediately and return the message to the sender,  
> then, delete and destroy all copies. This e-mail message, can not be  
> copied, published or sold for any reason. This e-mail message has been  
> swept by anti-virus systems for the presence of computer viruses. In  
> doing so, however,  sender  cannot warrant that virus or other forms  
> of data corruption may not be present and do not take any  
> responsibility in any occurrence.
> _______________________________________________________________________ 
> ______________________________________________________________________
>
>
>
>
>

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list