(RADIATOR) MAX 4000 to Radiator - ACCT problems
Hugh Irvine
hugh at open.com.au
Thu Dec 22 00:50:24 CST 2005
Hello Stuart -
The Ascends have separate configurations for authentication and
accounting via radius.
You will need to modify the accounting configuration to point to the
new machine in the same fashion you did for authentication.
BTW - the accounting requests will still be going to the old dead
machine.
regards
Hugh
On 22 Dec 2005, at 14:40, Stuart Mullins wrote:
> All
>
>
>
> We have a MAX4000 (for DU) and a CISCO (for DSL) running into
> Radiator as the Radius. The systems are communicating on Ethernet.
>
>
>
> This configuration has been running smoothly for some years until
> recently when our original Linux radiator fell over. We
> subsequently reinstalled the Perl / Windows version and it seemed
> to be fine for the most part.
>
>
>
> Nothing has changed at either the MAX or the CISCO end.
>
>
>
> Currently we get access authentication for both the MAX and CISCO.
> This runs fine and our clients can log on and log off without a
> problem.
>
>
>
> Unfortunately we only get accounting records for the Cisco clients.
> Absolutely without exclusion, we get NO accounting type records of
> any type from the MAX.
>
>
>
> We can run radpwtst and the output tests fine at the Radiator end
> including the creation of the appropriate accounting record entries
> in our log, however the live system does not.
>
>
>
> Is there something simple you could think of that we have
> overlooked ???
>
>
>
> Stuart
>
> DIALUP Trace
>
>
>
> Trace records as follows:
>
> Thu Dec 22 13:04:09 2005: DEBUG: Packet dump:
>
> *** Received from YYY.YYY.YYY.YYY port 1025 ....
>
> Code: Access-Request
>
> Identifier: 246
>
> Authentic: <180>
> {<178><151><231><172><237><204><14><23><186><136><140><237><3>D
>
> Attributes:
>
> User-Name = "stuart"
>
> CHAP-Password =
> <1><200>B<244>v<204>0<253><145>T<242>wU<235><7>')
>
> NAS-IP-Address = YYY.YYY.YYY.YYY (This is correct
> address for MAX4000)
>
> NAS-Port = 20105
>
> NAS-Port-Type = Async
>
> Service-Type = Framed-User
>
> Framed-Protocol = PPP
>
> State =
>
> Calling-Station-Id = "XXXXXXXX"
>
> Called-Station-Id = "XXXXXXXX" (These are correct numbers)
>
> Acct-Session-Id = "182fe9a2"
>
>
>
> Thu Dec 22 13:04:09 2005: DEBUG: Handling request with Handler
> 'Realm=*******’ (is correct realm for config)
>
> Thu Dec 22 13:04:09 2005: DEBUG: Rewrote user name to stuart
>
> Thu Dec 22 13:04:09 2005: DEBUG: Deleting session for stuart,
> 203.34.157.6, 20105
>
> Thu Dec 22 13:04:09 2005: DEBUG: Handling with Radius::AuthRODOPI
>
> Thu Dec 22 13:04:09 2005: DEBUG: Handling with Radius::AuthRODOPI:
>
> Thu Dec 22 13:04:09 2005: DEBUG: Query is: 'exec
> Interface_VircomUsers 'stuart'':
>
> Thu Dec 22 13:04:09 2005: DEBUG: Radius::AuthRODOPI looks for match
> with stuart
>
> Thu Dec 22 13:04:09 2005: DEBUG: Radius::AuthRODOPI ACCEPT:
>
> Thu Dec 22 13:04:09 2005: DEBUG: AuthBy RODOPI result: ACCEPT,
>
> Thu Dec 22 13:04:09 2005: DEBUG: Access accepted for stuart
>
> Thu Dec 22 13:04:09 2005: DEBUG: Packet dump:
>
> *** Sending to YYY.YYY.YYY.YYY port 1025 (Is correct IP address
> of MAX 4000)....
>
> Code: Access-Accept
>
> Identifier: 246
>
> Authentic: <180>
> {<178><151><231><172><237><204><14><23><186><136><140><237><3>D
>
> Attributes:
>
> Ascend-Idle-Limit = 0
>
> Ascend-Maximum-Channels = 1
>
> Ascend-Maximum-Time = 0
>
> Ascend-Require-Auth = Require-Auth
>
> Framed-Netmask = 255.255.255.255
>
> Framed-Protocol = PPP
>
> Framed-Routing = None
>
>
>
>
>
>
>
> DSL Trace
>
>
>
> Thu Dec 22 13:03:13 2005: DEBUG: Packet dump:
>
> *** Received from ZZZ.ZZZ.ZZZ.ZZZ port 21684 ....
>
> Code: Accounting-Request
>
> Identifier: 100
>
> Authentic: ]<255><135>)
> <2><247><11>qx<211><176><219><234><149><153><155>
>
> Attributes:
>
> Acct-Session-Id = "000008BD"
>
> Tunnel-Server-Endpoint = **********
>
> Tunnel-Client-Endpoint = **********
>
> Tunnel-Assignment-ID = Qld2
>
> Tunnel-Type = 0:L2TP
>
> Tunnel-ID = 2280802230
>
> Tunnel-Client-Auth-ID = for-cor5
>
> Tunnel-Server-Auth-ID = *********************
>
> Framed-Protocol = PPP
>
> Framed-IP-Address = *****************
>
> cisco-avpair = "connect-progress=LAN Ses Up"
>
> Acct-Session-Time = 421340
>
> Acct-Input-Octets = 36975616
>
> Acct-Output-Octets = 153722776
>
> Acct-Input-Packets = 414781
>
> Acct-Output-Packets = 574275
>
> Acct-Authentic = RADIUS
>
> User-Name = "stuartm@****************"
>
> Acct-Status-Type = Alive
>
> NAS-Port-Type = Virtual
>
> Cisco-NAS-Port = "Uniq-Sess-ID517"
>
> NAS-Port = 517
>
> Calling-Station-Id = "qcy012000200263"
>
> Service-Type = Framed-User
>
> NAS-IP-Address = ZZZ.ZZZ.ZZZ.ZZZ
>
> Acct-Delay-Time = 0
>
>
>
> Thu Dec 22 13:03:13 2005: DEBUG: Handling request with Handler
> 'Realm=*************'
>
> Thu Dec 22 13:03:13 2005: DEBUG: Rewrote user name to stuartm
>
> Thu Dec 22 13:03:13 2005: DEBUG: Adding session for
> stuartm@***************, ZZZ.ZZZ.ZZZ.ZZZ, 517
>
> Thu Dec 22 13:03:13 2005: DEBUG: do query is: 'exec
> Interface_VircomDetails
>
> '000008BD', 'Dec 22, 2005 13:03', 'stuartm', 'ZZZ.ZZZ.ZZZ.ZZZ, 517,
> 'Framed-User', 'PPP', 'WWW.WWW.WWW.WWW', 'qcy012000200263', NULL,
>
> 'Alive', 0, 3697****, 153722776, 421340, 414781, 574275, NULL,
> 'Virtual', '0',
>
> NULL':
>
> Thu Dec 22 13:03:13 2005: DEBUG: AuthBy RODOPI result: ACCEPT,
>
> Thu Dec 22 13:03:13 2005: DEBUG: Accounting accepted
>
> Thu Dec 22 13:03:13 2005: DEBUG: Packet dump:
>
> *** Sending to 203.34.156.5 port 21684 ....
>
> Code: Accounting-Response
>
> Identifier: 100
>
> Authentic: ]<255><135>)
> <2><247><11>qx<211><176><219><234><149><153><155>
>
> Attributes:
>
>
>
>
>
> RADIUS CONFIG
>
>
>
> Foreground
>
> Trace 4
>
> PidFile C:\program files\Radiator\radiusd.pid
>
> AuthPort 1645
>
> AcctPort 1646
>
> LogDir C:\program files\Radiator\logs
>
> DbDir C:\program files\Radiator
>
> LogFile %L/logfile
>
> DictionaryFile %D/dictionary,%D/dictionary.ascend
>
> FingerProg C:\WINDOWS\system32\finger.exe
>
> SnmpgetProg C:\usr\bin\snmpget.exe
>
> LogStdout
>
>
>
> <Client ZZZZZ.com.au>
>
> # Ascend MAX
>
> Secret ****************
>
> NasType AscendSNMP
>
> DefaultRealm ZZZZZ.com.au
>
> DupInterval 0
>
> </Client>
>
>
>
> <Client dsl.YYYYY.com.au>
>
> # Cisco 3675
>
> Secret *************
>
> NasType CiscoVPDN
>
> DefaultRealm dsl.YYYYY.com.au
>
> DupInterval 0
>
> </Client>
>
>
>
> <Client DEFAULT>
>
> Secret ************
>
> NasType AscendSNMP
>
> DupInterval 0
>
> </Client>
>
>
>
>
>
> <Realm ZZZZZ.com.au>
>
> <AuthBy RODOPI>
>
> DBSource dbi:ODBC:*********
>
> DBUsername ********
>
> DBAuth *****************
>
> </AuthBy>
>
> AcctLogFileName %L/rodopimaxdetail
>
> RewriteUsername s/^([^@]+).*/$1/
>
> MaxSessions 1
>
> RejectHasReason
>
> </Realm>
>
>
>
> <Realm dsl.YYYYY.com.au>
>
> <AuthBy RODOPI>
>
> DBSource dbi:ODBC:*********
>
> DBUsername ********
>
> DBAuth *****************
>
> </AuthBy>
>
> AcctLogFileName %L/rodopidsldetail
>
> RewriteUsername s/^([^@]+).*/$1/
>
> MaxSessions 1
>
> RejectHasReason
>
> </Realm>
>
>
>
> <Realm DEFAULT>
>
> <AuthBy RODOPI>
>
> DBSource dbi:ODBC:*********
>
> DBUsername ********
>
> DBAuth *****************
>
> </AuthBy>
>
> AcctLogFileName %L/rodopimax1detail
>
> RewriteUsername s/^([^@]+).*/$1/
>
> MaxSessions 1
>
> RejectHasReason
>
> </Realm>
>
>
>
>
>
>
>
>
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list