(RADIATOR) Radiator Logging
Hugh Irvine
hugh at open.com.au
Mon Jun 2 20:08:54 CDT 2008
Hello Charles -
The answer is: "It depends..." - most of the time it depends on what
works.
Sometimes the only answer is to use the MySQL database if the other
options don't work.
You can try using "EAPAnonymous %0" together with returning the
correct User-Name in the access accept in the inner Handler.
If the subsequent accounting requests contain the correct User-Name,
then you can use that solution. If it doesn't you will need the hook
(s) and the database.
As always you need to do some real testing to ascertain what works
(and what doesn't).
regards
Hugh
On 3 Jun 2008, at 09:39, Cottrell, Charles P. wrote:
> Hugh,
>
> Thank you. In your experience, which is better....using the
> eap_anon_hook.pl or the EAPAnonymous %0? Also, would it be correct
> to say that if we used EAPAnonymous %0 then we would not need to
> maintain a mysql database? Will one produce a higher load on the
> radius process over the other? If I can use the EAPAnonymous %0
> without any penalties and decrease the maintenance (by taking mysql
> out of the equation) then it is preferred.
>
> Thanks for the speedy response!
>
> Charles
>
>
>
>
> ________________________________________
> From: Hugh Irvine [hugh at open.com.au]
> Sent: Monday, June 02, 2008 6:51 PM
> To: Cottrell, Charles P.
> Cc: radiator at open.com.au
> Subject: Re: (RADIATOR) Radiator Logging
>
> Hello Charles -
>
> You will need the eap_anon_hook.pl as a PreProcessingHook in your
> accounting Handler:
>
> .....
>
> <Handler Request-Type = Accounting-Request>
> PreProcessingHook file:"%D/scripts/eap_anon_hook.pl"
> AddToRequest Connect-Info=%{Client:Identifier},Ascend-
> Authen-Alias=%h
> StripFromRequest Class
> <AuthBy RADIUS>
> Host radacct.mdc.musc.edu
> Secret nosecret
> AcctPort 1813
> Retries 10
> AcctFailedLogFileName %L/%{Client:Identifier}/%m%d%
> y.log.missed
> </AuthBy>
> AcctLogFileName %L/%{Client:Identifier}/%m%d%y.log
> </Handler>
>
> .....
>
> You can also set "EAPAnonymous %0" in your outer AuthBy FILE:
>
> ......
>
> <AuthBy FILE>
> ......
> EAPAnonymous %0
> </AuthBy>
>
> ......
>
> See section 5.18.24 in the Radiator 4.2 reference manual ("doc/
> ref.pdf").
>
> You can also try adding the User-Name as a reply attribute to the
> access accept - some devices will then use it in the accounting
> requests.
>
> regards
>
> Hugh
>
>
>
> On 3 Jun 2008, at 00:12, Cottrell, Charles P. wrote:
>
>> Greetings folks! I hope all is well.
>>
>> We have recently configured Radiator to run on Windows. All seems
>> to be working nicely with one exception. Without a noticeable
>> pattern our logs will show anonymous users successfully connecting
>> instead of proper user names. Anonymous has appeared in both alive
>> and start records. A user authenticates and the alive records may
>> show anonymous but the start record may show their username, or
>> vice-versa. The controller (Cisco WiSM) also may show the user
>> name or anonymous.
>>
>> Below is a log example. Notice that the workstation is the same,
>> and both are alive records. Config is attached.
>>
>> Thanks in advance. -charles
>>
>> Mon Jun 2 07:41:48 2008
>>
>> User-Name = "username"
>>
>> NAS-Port = 29
>>
>> NAS-IP-Address = 10.24.70.26
>>
>> Framed-IP-Address = 128.23.65.173
>>
>> NAS-Identifier = "c2wism6"
>>
>> Airespace-WLAN-Id = 4
>>
>> Acct-Session-Id = "483fe936/00:12:f0:ea:97:f2/12551"
>>
>> Acct-Authentic = RADIUS
>>
>> Tunnel-Type = 0:VLAN
>>
>> Tunnel-Medium-Type = 0:802
>>
>> Tunnel-Private-Group-ID = 64
>>
>> Acct-Status-Type = Alive
>>
>> Acct-Input-Octets = 1815855
>>
>> Acct-Output-Octets = 298259
>>
>> Acct-Input-Packets = 27572
>>
>> Acct-Output-Packets = 1914
>>
>> Acct-Session-Time = 258782
>>
>> Acct-Delay-Time = 0
>>
>> Calling-Station-Id = "0012.f0ea.97f2"
>>
>> Called-Station-Id = "10.24.70.26"
>>
>> Connect-Info = "airespace"
>>
>> Ascend-Authen-Alias = "RADAUTH3"
>>
>> Timestamp = 1212406908
>>
>> Mon Jun 2 07:42:03 2008
>>
>>
>> User-Name = "anonymous"
>>
>> NAS-Port = 29
>>
>> NAS-IP-Address = 10.24.70.26
>>
>> Framed-IP-Address = 128.23.65.173
>>
>> NAS-Identifier = "c2wism6"
>>
>> Airespace-WLAN-Id = 4
>>
>> Acct-Session-Id = "483fe936/00:12:f0:ea:97:f2/12551"
>>
>> Acct-Authentic = RADIUS
>>
>> Tunnel-Type = 0:VLAN
>>
>> Tunnel-Medium-Type = 0:802
>>
>> Tunnel-Private-Group-ID = 64
>>
>> Acct-Status-Type = Alive
>>
>> Acct-Input-Octets = 1817575
>>
>> Acct-Output-Octets = 302938
>>
>> Acct-Input-Packets = 27596
>>
>> Acct-Output-Packets = 1924
>>
>> Acct-Session-Time = 258798
>>
>> Acct-Delay-Time = 0
>>
>> Calling-Station-Id = "0012.f0ea.97f2"
>>
>> Called-Station-Id = "10.24.70.26"
>>
>> Connect-Info = "airespace"
>>
>> Ascend-Authen-Alias = "RADAUTH3"
>>
>> Timestamp = 1212406923
>>
>>
>>
>>
>>
>> <radius.nosecret.cfg>
>
>
>
> NB:
>
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive (www.open.com.au/archives/
> radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
> Have you checked the RadiusExpert wiki:
> http://www.open.com.au/wiki/index.php/Main_Page
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> Includes support for reliable RADIUS transport (RadSec),
> and DIAMETER translation agent.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list