[RADIATOR] Accounting attribute 25
Helmuth Kisting
hkisting at africaonline.na
Thu May 23 15:01:25 UTC 2019
Hi List,
We are implementing a new Service Gateway on our Broadband Wireless
infrastructure. It depends on RADIUS-Accounting to populate the product
types configured on it with individual subs and as a result, we are feeding
it the Accounting data directly from the NAS (Cisco 3750).
I have recently been tasked to assist in implementing the product into our
network and have the Billing Software provider integrate with the Service
Gateway, however I am not familiar with RADIUS or Radiator since I inherited
this server and project. It's a very old Radiator version (3.14) running on
recent hardware (PowerEdge R210).
Our Service Gateway vendor requires attribute 25 ("class") to contain the
Service Plan of the subscriber ( ie: "something-something-business-20" ),
however looking at the Accounting data received by the vendor's device,
attribute 25 is being used to specify one of either two account states -
"capped" or "uncapped". This obviously means the NAS receives this
information at successful authentication and by implication, the Billing
Software reads and writes to the value attribute on the RADIUS backend.
I'd like to know:
- How does RADIUS feed the initial accounting data for each
successful auth to the NAS and where I can change this.
- I need to "switch" attributes somewhere and have the NAS send
both the Service Plan and Account Status in its Accounting updates, with the
"class" attribute(25) containing the Service Plan and some other attribute
containing the Account Status. How would I achieve this?
- If I were to implement Radiator as the RADIUS proxy, sending
Accounting data to both the Billing Software and the Service Gateway- what
configuration would I use to achieve this? Would someone be able to provide
me with an example?
Below is an excerpt from the accounting logs received on the Service Gateway
and following that- an excerpt from the RADIUS config file(with the client
sections and secrets removed):
--------------------------->
Apr 10 08:25:43.238: RADIUS/ENCODE(00001799):Orig. component type = PPPoE
Apr 10 08:25:43.238: RADIUS(00001799): Config NAS IP: x.x.x.238
Apr 10 08:25:43.238: RADIUS(00001799): Config NAS IP: x.x.x.238
Apr 10 08:25:43.238: RADIUS(00001799): sending
Apr 10 08:25:43.238: RADIUS/ENCODE(00001799):Orig. component type = PPPoE
Apr 10 08:25:43.238: RADIUS(00001799): Config NAS IP: x.x.x.238
Apr 10 08:25:43.238: RADIUS(00001799): Config NAS IP: x.x.x.238
Apr 10 08:25:43.238: RADIUS(00001799): sending
Apr 10 08:25:43.238: RADIUS(00001799): Send Accounting-Request to
x.x.x.178:1813 id 1646/212, len 172
Apr 10 08:25:43.238: RADIUS: authenticator EE EA C7 E5 DC FE B2 99 - FF 4C
39 85 59 3E 77 A1
Apr 10 08:25:43.238: RADIUS: Acct-Session-Id [44] 10 "000020A2"
Apr 10 08:25:43.238: RADIUS: Framed-Protocol [7] 6 PPP
[1]
Apr 10 08:25:43.238: RADIUS: Framed-IP-Address [8] 6 41.x.x.x
Apr 10 08:25:43.238: RADIUS: User-Name [1] 8 "atnjet"
Apr 10 08:25:43.238: RADIUS: Acct-Session-Time [46] 6 223843
Apr 10 08:25:43.238: RADIUS: Acct-Input-Giga-Word[52] 6 0
Apr 10 08:25:43.238: RADIUS: Acct-Output-Giga-Wor[53] 6 1
Apr 10 08:25:43.238: RADIUS: Acct-Input-Octets [42] 6 1112929927
Apr 10 08:25:43.238: RADIUS: Acct-Output-Octets [43] 6 3609300709
Apr 10 08:25:43.238: RADIUS: Acct-Input-Packets [47] 6 4179640
Apr 10 08:25:43.238: RADIUS: Acct-Output-Packets [48] 6 6086299
Apr 10 08:25:43.238: RADIUS: Acct-Authentic [45] 6 RADIUS
[1]
Apr 10 08:25:43.238: RADIUS: Acct-Status-Type [40] 6 Watchdog
[3]
Apr 10 08:25:43.238: RADIUS: NAS-Port-Type [61] 6 Virtual
[5]
Apr 10 08:25:43.238: RADIUS: NAS-Port [5] 6 0
Apr 10 08:25:43.238: RADIUS: NAS-Port-Id [87] 11 "0/0/2/524"
Apr 10 08:25:43.238: RADIUS: Class [25] 10
Apr 10 08:25:43.238: RADIUS: 75 6E 63 61 70 70 65 64
[uncapped]
Apr 10 08:25:43.238: RADIUS: Service-Type [6] 6 Framed
[2]
Apr 10 08:25:43.238: RADIUS: NAS-IP-Address [4] 6 x.x.x.238
Apr 10 08:25:43.238: RADIUS: Unsupported [151] 10
Apr 10 08:25:43.238: RADIUS: 43 33 33 38 31 35 44 33
[C33815D3]
Apr 10 08:25:43.238: RADIUS: Nas-Identifier [32] 7 "WIMAX"
Apr 10 08:25:43.238: RADIUS: Acct-Delay-Time [41] 6 0
<-----------------------------------------------------------------------
RADIUS config file:
----------------------------------------------------------------------->
.
<AuthLog FILE>
Identifier authfailures
Filename %L/failures.%d-%m-%Y.log
LogFailure 1
FailureFormat %U,%u,%l,%N,%{NAS-Port},%{NAS-Port-Type}, \
%{RadiusAuthenticationNumber},%0,%1,%{Called-Station-Id},%{Calling-Station-I
d}
</AuthLog>
<AuthLog SQL>
Identifier authfailures
DBSource dbi:mysql:<REMOVED>:localhost:3306
DBUsername radiator
DBAuth <REMOVED>
Timeout 0
FailureQuery insert into WIMAX_AUTHFAILURES \
(USERNAME,REALM,TIME_STAMP,NASIDENTIFIER,NASPORT,NASPORTTYPE,\
SEVERITY,ERRORMESSAGE) values \
('%{User-Name}','%W','%t','%{NAS-IP-Address}','%{NAS-Port}','%{NAS
-Port-Type}',\
'%0',%1)
</AuthLog>
<SessionDatabase SQL>
DBSource dbi:mysql: <REMOVED>:localhost:3306
DBUsername radiator
DBAuth <REMOVED>
CountQuery select NASIDENTIFIER, NASPORT, ACCTSESSIONID,
FRAMEDIPADDRESS \
from WIMAX_RADONLINE where USERNAME='%U' and
NASIDENTIFIER='%{NAS-IP-Address}'
AddQuery insert into WIMAX_RADONLINE (USERNAME, NASIDENTIFIER,
NASPORT, \
ACCTSESSIONID, TIME_STAMP, FRAMEDIPADDRESS, NASPORTTYPE, \
REALM) values ('%U','%{NAS-IP-Address}', \
'%{NAS-Port}','%{Acct-Session-Id}','%{Timestamp}', \
'%{Framed-IP-Address}', '%{GlobalVar:saixadsl}','%W')
#DeleteQuery delete from WIMAX_RADONLINE where USERNAME='%U'
# #and NASIDENTIFIER='%{NAS-IP-Address}'
DeleteQuery delete from WIMAX_RADONLINE where USERNAME='%U'
#and ACCTSESSIONID=%3
#and NASIDENTIFIER='%{NAS-IP-Address}'
Timeout 0
</SessionDatabase>
<Handler NAS-Identifier = "WIMAX",Acct-Status-Type=Alive|Start>
PreProcessingHook file:"/etc/radiator/gigawords-hook2.pl"
PostAuthHook file:"/etc/radiator/WimaxSessionHook.pl"
MaxSessions 1
RewriteUsername s/^([^@]+).*/$1/
RewriteUsername tr/A-Z/a-z/
<AuthBy INTERNAL>
DefaultResult ACCEPT
</AuthBy>
RejectHasReason
</Handler>
<Handler NAS-Identifier = "WIMAX",Request-Type=Accounting-Request>
PreProcessingHook file:"/etc/radiator/gigawords-hook2.pl"
PostAuthHook file:"/etc/radiator/WimaxSessionHook.pl"
MaxSessions 1
PasswordLogFileName %L/logins
RewriteUsername s/^([^@]+).*/$1/
RewriteUsername tr/A-Z/a-z/
<AuthBy SQL>
NoDefault
DBSource dbi:mysql:<REMOVED>:localhost:3306
DBUsername radiator
DBAuth <REMOVED>
Timeout 0
AuthSelect select password,checkattr, replyattr,service, capstatus \
from WIMAX_SUBSCRIBERS where USERNAME='%n' \
AND status ='enabled'
AuthColumnDef 0, User-Password, check
AuthColumnDef 1, GENERIC, check
AuthColumnDef 2, GENERIC, reply
AuthColumnDef 3, Service, reply
AuthColumnDef 4, CapStatus, reply
AuthColumnDef 5, Static, reply
AccountingTable WIMAX_ACCOUNTING
AcctInsertQuery insert into %0 (%1) values (%2)
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
AcctColumnDef NASIDENTIFIER,NAS-IP-Address
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
AcctColumnDef ACCTINPUTPACKETS,Acct-Input-Packets
AcctColumnDef ACCTOUTPUTPACKETS,Acct-Output-Packets
AcctColumnDef FRAMEDPROTOCOL,Framed-Protocol
AcctColumnDef USERSERVICETYPE,User-Service-Type
AcctColumnDef ACCTAUTHENTIC,Acct-Authentic
AcctColumnDef CALLINGSTATIONID,Calling-Station-Id
AcctColumnDef NASPORTTYPE,Nas-Port-Type
AcctColumnDef CLIENTID,Client-Id
AcctColumnDef CONNECTINFO,Ascend-Data-Rate
AcctColumnDef CLASS,Class
AcctColumnDef REALM,%W,formatted
AcctColumnDef
SESSIONSTARTTIMESTAMP,%b-0%{Acct-Session-Time},literal
DefaultSimultaneousUse 1
AddToReplyIfNotExist cisco-avpair = "multilink:max-links=1"
</AuthBy>
RejectHasReason
</Handler>
###
<Handler NAS-Identifier = "WIMAX">
PreProcessingHook file:"/etc/radiator/gigawords-hook2.pl"
PostAuthHook file:"/etc/radiator/WimaxPostAuthHook.pl"
MaxSessions 1
PasswordLogFileName %L/logins
RewriteUsername s/^([^@]+).*/$1/
RewriteUsername tr/A-Z/a-z/
<AuthBy SQL>
AddToReplyIfNotExist Service-Type = Framed-User
NoDefault
Identifier <REMOVED>
DBSource dbi:mysql: <REMOVED>:localhost:3306
DBUsername radiator
DBAuth <REMOVED>
Timeout 0
AuthSelect select password,checkattr, replyattr,service, capstatus \
from WIMAX_SUBSCRIBERS where USERNAME='%n' \
AND status ='enabled'
AuthColumnDef 0, User-Password, check
AuthColumnDef 1, GENERIC, check
AuthColumnDef 2, GENERIC, reply
AuthColumnDef 3, Service, reply
AuthColumnDef 4, CapStatus, reply
AccountingTable WIMAX_ACCOUNTING
AcctInsertQuery insert into %0 (%1) values (%2)
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
AcctColumnDef NASIDENTIFIER,NAS-IP-Address
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
AcctColumnDef ACCTINPUTPACKETS,Acct-Input-Packets
AcctColumnDef ACCTOUTPUTPACKETS,Acct-Output-Packets
AcctColumnDef FRAMEDPROTOCOL,Framed-Protocol
AcctColumnDef USERSERVICETYPE,User-Service-Type
AcctColumnDef ACCTAUTHENTIC,Acct-Authentic
AcctColumnDef CALLINGSTATIONID,Calling-Station-Id
AcctColumnDef NASPORTTYPE,Nas-Port-Type
AcctColumnDef CLIENTID,Client-Id
AcctColumnDef CONNECTINFO,Ascend-Data-Rate
AcctColumnDef CLASS,Class
AcctColumnDef REALM,%W,formatted
AcctColumnDef
SESSIONSTARTTIMESTAMP,%b-0%{Acct-Session-Time},literal
DefaultSimultaneousUse 1
AddToReplyIfNotExist cisco-avpair = "multilink:max-links=1"
</AuthBy>
RejectHasReason
AuthLog authfailures
</Handler>
<---------------------------------------------------------------------------
-------------------
Thank you very much!
Helmuth Kisting
System Administrator
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.open.com.au/pipermail/radiator/attachments/20190523/db643e64/attachment-0001.html>
More information about the radiator
mailing list