(RADIATOR) 802.1x accounting packets

Hugh Irvine hugh at open.com.au
Tue Nov 7 00:07:59 CST 2006 

Hello Fred -

Thanks for your mail.

I will need to see a copy of your configuration file and a more  
complete trace 4 debug showing what is happening.

In the meantime however you should look at "goodies/eap_anon_hook.pl"  
which may be what you need.

regards

Hugh



On 7 Nov 2006, at 09:06, Fred Leeflang wrote:

> Hi,
>
> We have a Radiator setup with which we're recording accounting
> packets into a mysql database through:
>
> <AuthBy SQL>
>     DateFormat %Y-%m-%d %X
>     Identifier SQLAccounting
>     DBSource DBI:mysql:database=usertracking;host=127.0.0.1
>     DBUsername utuser
>     DBAuth resutu
>     AuthSelect
>     AccountingTable RAD_ACCOUNTING
>     HandleAcctStatusTypes Start,Stop
>     AcctColumnDef USERNAME,User-Name
>     AcctColumnDef TIME_STAMP,Timestamp,integer-date
>     AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
>     AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
>     AcctColumnDef ACCTINPUTOCT,Acct-Input-Octets,integer
>     AcctColumnDef ACCTOUTPUTOCT,Acct-Output-Octets,integer
>     AcctColumnDef ACCTSESSIONID,Acct-Session-Id
>     AcctColumnDef ACCTSESSTIME,Acct-Session-Time,integer
>     AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
>     AcctColumnDef NASIDENTIFIER,NAS-Identifier
>     AcctColumnDef NASPORT,NAS-Port,integer
>     AcctColumnDef NASIPADDRESS,NAS-IP-Address
>     AcctColumnDef CALLEDSTATIONID,Called-Station-Id
>     AcctColumnDef CALLINGSTATIONID,Calling-Station-Id
> </Authby>
>
> # ----------------Wireless Accounting ssid=test----------------
> <Handler Request-Type = Accounting-Request, Realm=student.rug.nl>
>         AuthBy SQLAccounting
> </Handler>
>
> It all seems to work quite well except we're seeing accounting  
> packets like these
> coming in:
>
> Code:       Accounting-Request
> Identifier: 67
> Authentic:  Me<181><28>\<28>;<227><11><226>e(f<146>\%
> Attributes:
>         Acct-Session-Id = "0000044A"
>         Called-Station-Id = "000d.29f0.a340"
>         Calling-Station-Id = "0040.9651.77b8"
>         cisco-avpair = "ssid=test"
>         cisco-avpair = "vlan-id=17"
>         cisco-avpair = "nas-location=unspecified"
>         cisco-avpair = "auth-algo-type=eap-ttls"
>         User-Name = "anonymous at student.rug.nl"
>         Acct-Authentic = RADIUS
>         cisco-avpair = "connect-progress=Call Up"
>         Acct-Session-Time = 3516
>         Acct-Input-Octets = 203580
>         Acct-Output-Octets = 1073541
>         Acct-Input-Packets = 1241
>         Acct-Output-Packets = 1006
>         Acct-Terminate-Cause = Lost-Carrier
>         cisco-avpair = "disc-cause-ext=No Reason"
>         Acct-Status-Type = Stop
>         NAS-Port-Type = Wireless-IEEE-802-11
>         Cisco-NAS-Port = "525"
>         NAS-Port = 525
>         Service-Type = Framed-User
>         NAS-IP-Address = 129.125.100.202
>         Acct-Delay-Time = 0
>
> So this looks like it logs the outter user-name instead of the  
> inner username.
> I have a feeling that this is an AP configuration issue and doesn't  
> have anything
> to do with Radiator so I'm not including the whole debug/config at  
> this time to
> keep it light. If I recall, the site this is running on is using  
> Cisco 1200 AP's.
>
> Any quickfix here or do I need to send the whole config to figure  
> this one out?
>
> Thanks a lot!
>
> -- Fred Leeflang 3DN Tel. 06-46182773 / 036-5467838 Almere http:// 
> www.3dn.nl fredl at 3dn.nl
> <fredl.vcf>



NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list