[RADIATOR] Assigning IP's directly from the Radius server

Gerard Alcorlo Bofill galcorlo at cesca.cat
Tue Feb 22 10:44:52 CST 2011


Thank you Christian,

finally I decided to do a hook. After receiving an accounting request
the radius asks the AP via SNMP to get the IP address and fullfill a table.
I'm using the table RADLASTAUTH because I'm also using this table to get
the inner authentication (TTLS).

Maybe it's a dirty solution because I have to wait a few seconds before
asking the AP and I did that using a thread.

Now, I must admit my hook has some memory leak and every few hours
radiator is restarted by startWrapper.

Before this script I've just did some really easy things with perl and
I'm sure that I made some big mistake.

Any idea of what is wrong?

PD: I'm also using eap_anon_hook.pl but I'm sure this hook is correctly
written.

--
Gerard

Al 07/02/11 13:22, En/na Gerard Alcorlo Bofill ha escrit:
> Thanks Christian,
> 
> but the IP address is not in my Accounting-request. May be I need to do
> some changes to the AP configuration...
> 
> That's the log I get from the Radius when the AP sends an Start and a
> Stop accounting-requests. If I could get the IP from the
> accounting-request it would one easy and clean solution but I don't know
> how to do it.
> 
> 
> *** Received from 192.168.50.9 port 1646 ....
> Code:       Accounting-Request
> Identifier: 200
> Authentic:  <14><192>d<210><169><24><165><15><242>:3<25>H<189>iW
> Attributes:
> 	Acct-Session-Id = "00003186"
> 	Called-Station-Id = "000e380d04a1"
> 	Calling-Station-Id = "c417fe53f792"
> 	cisco-avpair = "ssid=eduroam"
> 	cisco-avpair = "vlan-id=54"
> 	cisco-avpair = "nas-location=unspecified"
> 	User-Name = "galcorlo at cesca.cat"
> 	cisco-avpair = "connect-progress=Call Up"
> 	Acct-Authentic = RADIUS
> 	Acct-Status-Type = Start
> 	NAS-Port-Type = Wireless-IEEE-802-11
> 	Cisco-NAS-Port = "1127"
> 	NAS-Port = 1127
> 	Service-Type = Framed-User
> 	NAS-IP-Address = 192.168.50.9
> 	Acct-Delay-Time = 0
> 
> 
> 
> 
> *** Received from 192.168.50.9 port 1646 ....
> Code:       Accounting-Request
> Identifier: 207
> Authentic:  J<192>]<142><20><149><196><164><165>P<227><169><218><147>]<171>
> Attributes:
> 	Acct-Session-Id = "00003186"
> 	Called-Station-Id = "000e380d04a1"
> 	Calling-Station-Id = "c417fe53f792"
> 	cisco-avpair = "ssid=eduroam-"
> 	cisco-avpair = "vlan-id=54"
> 	cisco-avpair = "nas-location=unspecified"
> 	cisco-avpair = "auth-algo-type=eap-peap"
> 	User-Name = "galcorlo at cesca.cat"
> 	Acct-Authentic = RADIUS
> 	cisco-avpair = "connect-progress=Call Up"
> 	Acct-Session-Time = 282
> 	Acct-Input-Octets = 95290
> 	Acct-Output-Octets = 1349850
> 	Acct-Input-Packets = 806
> 	Acct-Output-Packets = 962
> 	Acct-Terminate-Cause = Lost-Carrier
> 	cisco-avpair = "disc-cause-ext=No Reason"
> 	Acct-Status-Type = Stop
> 	NAS-Port-Type = Wireless-IEEE-802-11
> 	Cisco-NAS-Port = "1127"
> 	NAS-Port = 1127
> 	Service-Type = Framed-User
> 	NAS-IP-Address = 192.168.50.9
> 	Acct-Delay-Time = 0
> 
> 
> --
> Gerard
> 
> Al 07/02/11 11:39, En/na Christian Kratzer ha escrit:
>> Dear Gerard,
>>
>> On Mon, 7 Feb 2011, Gerard Alcorlo Bofill wrote:
>>
>>> Heikki, you do understood my problem.
>>> And you confirmed me my suspicions, Framed-* attributes are ONLY for
>>> connections such as PPP or PPPoE.
>>>
>>> I wanted to do all this work to have all logs centralized to radius and
>>> to be able tu run radwho.cgi script to see which IP addresses were being
>>> used in real time.
>>>
>>> At this moment radwho.cgi is not showing the assigned IP address because
>>> radius doesn't know the IP assigned by the DHCP server. The problem is
>>> that if I want to trace a connection I need to match the MAC address at
>>> the DHCP server and the Radiator server.
>>>
>>> Do you think trying to pass the IP using SNMP traps from the AP would
>>> be a good option or is there easier solution?
>>
>> The usual way to get the assigned ip would be to process radius
>> accounting. Accounting records would also fill your session database
>> which radwho.cgi could then query.
>>
>> Accounting would get you start, stop and interim records which all
>> included the actual assigned ip.
>>
>> This would also let you have the nas assign the ips which is also much
>> more stable in the long run.
>>
>> Greetings
>> Christian
>>
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
-------------- next part --------------
A non-text attachment was scrubbed...
Name: retrive_ip_client.pl
Type: application/x-perl
Size: 4766 bytes
Desc: not available
Url : http://www.open.com.au/pipermail/radiator/attachments/20110222/8c3d9932/attachment.bin 


More information about the radiator mailing list