No subject
Tue Jun 24 01:17:42 CDT 2008
the AuthBy RADIUS clause which is why this is happening. You should add the
following to the configuration:
# define Realm(s)
# AccountingHandled will send an accounting response
# instead of the AuthBy RADIUS
<Realm DEFAULT>
AccountingHandled
.....
</Realm>
See section 6.16.10 in the Radiator 2.18.4 reference manual.
hth
Hugh
>
> I have an L2TP setup using a Cisco 4500 acting as the Tunnel EndPoint,
> and an Ascend TNT as the Tunnel Initiator. There is a Radiator platform
> which is used as the Tunnel Auth Server which proxies the request
> to our production Radius servers and strips out the L2TP setup
> parameters. This all works fine!
>
> Except...
>
> I get 3 copies of each of the acct-start and acct-stop records.
>
> How can I make it stop?
>
> Radius specific CISCO config lines are:
> aaa new-model
> aaa authentication ppp default local
> aaa authentication ppp vpdn group radius
> aaa accounting network default start-stop group radius
> !
> radius-server host x.x.x.x auth-port 1645 acct-port 1646
> radius-server retransmit 3
> radius-server key XXXXXXXXXXX
>
> Radiator config is:
>
> # Set this to the directory where your logfile and details file are to go
> LogDir /var/log/radius
> LogFile %L/radius.%Y%m%d.log
> Trace 3
>
> # Set this to the database directory. It should contain these files:
> # users The user database
> # dictionary The dictionary for your NAS
> DbDir /usr/local/etc/raddb
>
> # we're mulithomed, so we'll hard specify the interface we want.
> BindAddress x.x.x.x
>
> # This clause defines a single client to listen to
> <Client CI.SC.OB.OX>
> Secret XXXXXXXXXXXXXX
> DupInterval 30
> </Client>
>
> # For testing: this allows us to honour requests from radpwtst
> # on the same host.
> <Client localhost>
> Secret mysecret
> DupInterval 0
> </Client>
>
> <Realm DEFAULT>
> <AuthBy RADIUS>
> StripFromReply
> Tunnel-Type,Tunnel-Medium-Type,Tunnel-Server-Endpoint
> Host prod-radius1,prod-radius2,prod-radius3
> Secret XXXXXXXXXXXXX
> AuthPort 1645
> AcctPort 1646
> IgnoreAccounting
> </AuthBy>
> # Log accounting to the detail file in LogDir
> AuthLog %L/proxy-auth.%Y%m%d.log
> AcctLogFileName %L/proxy-detail.%Y%m%d.log
> </Realm>
>
> Excerpt of trace 4 log:
>
>
> ---
> UUNET Asia Pacific, Network Services Ph: +61 2 9434 5172
> Stephen Ollis <Ollis.Stephen at wcom.com.au> Fx: +61 2 9434 5800
> Systems Technical Assistance Centre, Manager Mb: 0410 599462
> Level 3, 203 Pacific Highway, St. Leonards NSW 2065 AUSTRALIA
>
> "Never be afraid to take a risk; amateurs built the Ark,
> professionals built the Titanic.." - unknown
>
> PGP Key available- http://www.ozemail.com.au/~sollis/public-key.asc
>
>
>
> ------_=_NextPart_000_01C14CB5.0F1795C0
> Content-Type: application/octet-stream;
> name="radius.log"
> Content-Disposition: attachment;
> filename="radius.log"
>
> Thu Oct 4 19:08:28 2001
> NAS-IP-Address = CI.SC.OB.OX
> NAS-Port = 1
> NAS-Port-Type = Async
> User-Name = "tunneluser"
> Called-Station-Id = "xxxxxxxxxx"
> Calling-Station-Id = "02xxyyyyyyyy"
> Acct-Status-Type = Stop
> Acct-Authentic = RADIUS
> Service-Type = Framed-User
> Acct-Session-Id = "00000044"
> Framed-Protocol = PPP
> Framed-IP-Address = cis.co.ip.pool
> Acct-Terminate-Cause = User-Request
> Acct-Input-Octets = 14958
> Acct-Output-Octets = 105195
> Acct-Input-Packets = 184
> Acct-Output-Packets = 213
> Acct-Session-Time = 73
> Acct-Delay-Time = 0
> Timestamp = 1002186508
>
> Thu Oct 4 19:08:33 2001
> NAS-IP-Address = CI.SC.OB.OX
> NAS-Port = 1
> NAS-Port-Type = Async
> User-Name = "tunneluser"
> Called-Station-Id = "xxxxxxxxxx"
> Calling-Station-Id = "02xxyyyyyyyy"
> Acct-Status-Type = Stop
> Acct-Authentic = RADIUS
> Service-Type = Framed-User
> Acct-Session-Id = "00000044"
> Framed-Protocol = PPP
> Framed-IP-Address = cis.co.ip.pool
> Acct-Terminate-Cause = User-Request
> Acct-Input-Octets = 14958
> Acct-Output-Octets = 105195
> Acct-Input-Packets = 184
> Acct-Output-Packets = 213
> Acct-Session-Time = 73
> Acct-Delay-Time = 5
> Timestamp = 1002186508
>
> Thu Oct 4 19:08:38 2001
> NAS-IP-Address = CI.SC.OB.OX
> NAS-Port = 1
> NAS-Port-Type = Async
> User-Name = "tunneluser"
> Called-Station-Id = "xxxxxxxxxx"
> Calling-Station-Id = "02xxyyyyyyyy"
> Acct-Status-Type = Stop
> Acct-Authentic = RADIUS
> Service-Type = Framed-User
> Acct-Session-Id = "00000044"
> Framed-Protocol = PPP
> Framed-IP-Address = cis.co.ip.pool
> Acct-Terminate-Cause = User-Request
> Acct-Input-Octets = 14958
> Acct-Output-Octets = 105195
> Acct-Input-Packets = 184
> Acct-Output-Packets = 213
> Acct-Session-Time = 73
> Acct-Delay-Time = 10
> Timestamp = 1002186508
>
> Thu Oct 4 19:08:43 2001
> NAS-IP-Address = CI.SC.OB.OX
> NAS-Port = 1
> NAS-Port-Type = Async
> User-Name = "tunneluser"
> Called-Station-Id = "xxxxxxxxxx"
> Calling-Station-Id = "02xxyyyyyyyy"
> Acct-Status-Type = Stop
> Acct-Authentic = RADIUS
> Service-Type = Framed-User
> Acct-Session-Id = "00000044"
> Framed-Protocol = PPP
> Framed-IP-Address = cis.co.ip.pool
> Acct-Terminate-Cause = User-Request
> Acct-Input-Octets = 14958
> Acct-Output-Octets = 105195
> Acct-Input-Packets = 184
> Acct-Output-Packets = 213
> Acct-Session-Time = 73
> Acct-Delay-Time = 15
> Timestamp = 1002186508
>
> ------_=_NextPart_000_01C14CB5.0F1795C0--
>
> -------------------------------------------------------
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list