FreeRadius 2.1.12: configure accounting start, update, stop and confirm that behavior with radclient

I am a newbie to freeradius.

Here is a memo when testing accounting start, update, stop.

# dpkg -l freeradius | tail -1 ii  freeradius                          2.1.12+dfsg-1.2ubuntu5.1         amd64        high-performance and highly configurable RADIUS server

Here is a configuration for accounting

/etc/freeradius/radiusd.conf  ( default )

#  This second "listen" section is for listening on the accounting #  port, too. # listen {        ipaddr = * #       ipv6addr = ::        port = 0        type = acct #       interface = eth0 #       clients = per_socket_clients }

uncomment sradutmp in /etc/freeradius/sites-enabled/default file to use radwho command.

#  Due to packet losses in the network, the data here        #  may be incorrect.  There is little we can do about it.        radutmp        sradutmp

I have used default settings except for uncommenting sradutmp.

start freeradius as debug mode.

# freeradius -X

[ start ]

prepare a file for accounting start.

# cat acct_start_01.txt Packet-Type=4 Packet-Dst-Port=1813 Acct-Session-Id = "1234" Acct-Status-Type = Start Acct-Authentic = RADIUS User-Name = "user01" NAS-Port = 0 Called-Station-Id = "ID01 My Wireless" Calling-Station-Id = "00-00-00-AA-AA-AA" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 1Mbps Service"

send an accounting start request with radclient.

s# radclient 127.0.0.1 auto testing123 -f acct_start_01.txt -x Sending Accounting-Request of id 210 to 127.0.0.1 port 1813 Acct-Session-Id = "1234" Acct-Status-Type = Start Acct-Authentic = RADIUS User-Name = "user01" NAS-Port = 0 Called-Station-Id = "ID01 My Wireless" Calling-Station-Id = "00-00-00-AA-AA-AA" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 1Mbps Service" rad_recv: Accounting-Response packet from host 127.0.0.1 port 1813, id=210, length=20

debug log

rad_recv: Accounting-Request packet from host 127.0.0.1 port 37211, id=143, length=118 Acct-Session-Id = "1234" Acct-Status-Type = Start Acct-Authentic = RADIUS User-Name = "user01" NAS-Port = 0 Called-Station-Id = "ID01 My Wireless" Calling-Station-Id = "00-00-00-AA-AA-AA" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 1Mbps Service" # Executing section preacct from file /etc/freeradius/sites-enabled/default +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 127.0.0.1,NAS-IP-Address = 127.0.0.1,Acct-Session-Id = "1234",User-Name = "user01"' [acct_unique] Acct-Unique-Session-ID = "9ea7985665c93e07". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "user01", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /etc/freeradius/sites-enabled/default +- entering group accounting {...} [detail] expand: %{Packet-Src-IP-Address} -> 127.0.0.1 [detail] expand: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d -> /var/log/freeradius/radacct/127.0.0.1/detail-20140417 [detail] /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d expands to /var/log/freeradius/radacct/127.0.0.1/detail-20140417 [detail] expand: %t -> Thu Apr 17 01:32:26 2014 ++[detail] returns ok ++[unix] returns ok [radutmp] expand: /var/log/freeradius/radutmp -> /var/log/freeradius/radutmp [radutmp] expand: %{User-Name} -> user01 ++[radutmp] returns ok [sradutmp] expand: /var/log/freeradius/sradutmp -> /var/log/freeradius/sradutmp [sradutmp] expand: %{User-Name} -> user01 ++[sradutmp] returns ok ++[exec] returns noop [attr_filter.accounting_response] expand: %{User-Name} -> user01 attr_filter: Matched entry DEFAULT at line 12 ++[attr_filter.accounting_response] returns updated Sending Accounting-Response of id 143 to 127.0.0.1 port 37211 Finished request 1. Cleaning up request 1 ID 143 with timestamp +46 Going to the next request Ready to process requests.

# radwho Login      Name              What  TTY  When      From            Location user01     user01            shell S0   Thu 01:33 127.0.0.1

[ update ]

# cat acct_update_01.txt Packet-Type=4 Packet-Dst-Port=1813 Acct-Session-Id = "1234" Acct-Status-Type = Interim-Update Acct-Authentic = RADIUS User-Name = "user01" NAS-Port = 0 Called-Station-Id = "ID01 My Wireless" Calling-Station-Id = "00-00-00-AA-AA-AA" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 1Mbps Service" Acct-Session-Time = 11 Acct-Input-Packets = 15 Acct-Output-Packets = 3 Acct-Input-Octets = 1407 Acct-Output-Octets = 467

# radclient 127.0.0.1 auto testing123 -f acct_update_01.txt -x Sending Accounting-Request of id 248 to 127.0.0.1 port 1813 Acct-Session-Id = "1234" Acct-Status-Type = Interim-Update Acct-Authentic = RADIUS User-Name = "user01" NAS-Port = 0 Called-Station-Id = "ID01 My Wireless" Calling-Station-Id = "00-00-00-AA-AA-AA" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 1Mbps Service" Acct-Session-Time = 11 Acct-Input-Packets = 15 Acct-Output-Packets = 3 Acct-Input-Octets = 1407 Acct-Output-Octets = 467 rad_recv: Accounting-Response packet from host 127.0.0.1 port 1813, id=248, length=20

debug log

rad_recv: Accounting-Request packet from host 127.0.0.1 port 50014, id=248, length=148 Acct-Session-Id = "1234" Acct-Status-Type = Interim-Update Acct-Authentic = RADIUS User-Name = "user01" NAS-Port = 0 Called-Station-Id = "ID01 My Wireless" Calling-Station-Id = "00-00-00-AA-AA-AA" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 1Mbps Service" Acct-Session-Time = 11 Acct-Input-Packets = 15 Acct-Output-Packets = 3 Acct-Input-Octets = 1407 Acct-Output-Octets = 467 # Executing section preacct from file /etc/freeradius/sites-enabled/default +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 127.0.0.1,NAS-IP-Address = 127.0.0.1,Acct-Session-Id = "1234",User-Name = "user01"' [acct_unique] Acct-Unique-Session-ID = "9ea7985665c93e07". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "user01", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /etc/freeradius/sites-enabled/default +- entering group accounting {...} [detail] expand: %{Packet-Src-IP-Address} -> 127.0.0.1 [detail] expand: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d -> /var/log/freeradius/radacct/127.0.0.1/detail-20140417 [detail] /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d expands to /var/log/freeradius/radacct/127.0.0.1/detail-20140417 [detail] expand: %t -> Thu Apr 17 01:41:10 2014 ++[detail] returns ok ++[unix] returns noop [radutmp] expand: /var/log/freeradius/radutmp -> /var/log/freeradius/radutmp [radutmp] expand: %{User-Name} -> user01 ++[radutmp] returns ok [sradutmp] expand: /var/log/freeradius/sradutmp -> /var/log/freeradius/sradutmp [sradutmp] expand: %{User-Name} -> user01 ++[sradutmp] returns ok ++[exec] returns noop [attr_filter.accounting_response] expand: %{User-Name} -> user01 attr_filter: Matched entry DEFAULT at line 12 ++[attr_filter.accounting_response] returns updated Sending Accounting-Response of id 248 to 127.0.0.1 port 50014 Finished request 4. Cleaning up request 4 ID 248 with timestamp +570 Going to the next request Ready to process requests.

# radwho Login      Name              What  TTY  When      From            Location user01     user01            shell S0   Thu 01:33 127.0.0.1

[ stop ]

# cat acct_stop_01.txt Packet-Type=4 Packet-Dst-Port=1813 Acct-Session-Id = "1234" Acct-Status-Type = Stop Acct-Authentic = RADIUS User-Name = "user01" NAS-Port = 0 Called-Station-Id = "ID01 My Wireless" Calling-Station-Id = "00-00-00-AA-AA-AA" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 1Mbps Service" Acct-Session-Time = 30 Acct-Input-Packets = 25 Acct-Output-Packets = 7 Acct-Input-Octets = 3407 Acct-Output-Octets = 867 Acct-Terminate-Cause = User-Request

# radclient 127.0.0.1 auto testing123 -f acct_stop_01.txt -x Sending Accounting-Request of id 250 to 127.0.0.1 port 1813 Acct-Session-Id = "1234" Acct-Status-Type = Stop Acct-Authentic = RADIUS User-Name = "user01" NAS-Port = 0 Called-Station-Id = "ID01 My Wireless" Calling-Station-Id = "00-00-00-AA-AA-AA" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 1Mbps Service" Acct-Session-Time = 30 Acct-Input-Packets = 25 Acct-Output-Packets = 7 Acct-Input-Octets = 3407 Acct-Output-Octets = 867 Acct-Terminate-Cause = User-Request rad_recv: Accounting-Response packet from host 127.0.0.1 port 1813, id=250, length=20

debug log

rad_recv: Accounting-Request packet from host 127.0.0.1 port 60816, id=250, length=154 Acct-Session-Id = "1234" Acct-Status-Type = Stop Acct-Authentic = RADIUS User-Name = "user01" NAS-Port = 0 Called-Station-Id = "ID01 My Wireless" Calling-Station-Id = "00-00-00-AA-AA-AA" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 1Mbps Service" Acct-Session-Time = 30 Acct-Input-Packets = 25 Acct-Output-Packets = 7 Acct-Input-Octets = 3407 Acct-Output-Octets = 867 Acct-Terminate-Cause = User-Request # Executing section preacct from file /etc/freeradius/sites-enabled/default +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 127.0.0.1,NAS-IP-Address = 127.0.0.1,Acct-Session-Id = "1234",User-Name = "user01"' [acct_unique] Acct-Unique-Session-ID = "9ea7985665c93e07". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "user01", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /etc/freeradius/sites-enabled/default +- entering group accounting {...} [detail] expand: %{Packet-Src-IP-Address} -> 127.0.0.1 [detail] expand: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d -> /var/log/freeradius/radacct/127.0.0.1/detail-20140417 [detail] /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d expands to /var/log/freeradius/radacct/127.0.0.1/detail-20140417 [detail] expand: %t -> Thu Apr 17 01:44:49 2014 ++[detail] returns ok ++[unix] returns ok [radutmp] expand: /var/log/freeradius/radutmp -> /var/log/freeradius/radutmp [radutmp] expand: %{User-Name} -> user01 ++[radutmp] returns ok [sradutmp] expand: /var/log/freeradius/sradutmp -> /var/log/freeradius/sradutmp [sradutmp] expand: %{User-Name} -> user01 ++[sradutmp] returns ok ++[exec] returns noop [attr_filter.accounting_response] expand: %{User-Name} -> user01 attr_filter: Matched entry DEFAULT at line 12 ++[attr_filter.accounting_response] returns updated Sending Accounting-Response of id 250 to 127.0.0.1 port 60816 Finished request 5. Cleaning up request 5 ID 250 with timestamp +789 Going to the next request Ready to process requests.

# radwho Login      Name              What  TTY  When      From            Location #

[ how to terminate orphan sessions ]

# radzap -N 127.0.0.1 127.0.0.1 testing123

rad_recv: Accounting-Request packet from host 127.0.0.1 port 49672, id=84, length=38 Acct-Status-Type = Accounting-Off NAS-IP-Address = 127.0.0.1 Acct-Delay-Time = 0 # Executing section preacct from file /etc/freeradius/sites-enabled/default +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] WARNING: Attribute NAS-Port was not found in request, unique ID MAY be inconsistent [acct_unique] WARNING: Attribute Acct-Session-Id was not found in request, unique ID MAY be inconsistent [acct_unique] WARNING: Attribute User-Name was not found in request, unique ID MAY be inconsistent [acct_unique] Hashing ',Client-IP-Address = 127.0.0.1,NAS-IP-Address = 127.0.0.1,,' [acct_unique] Acct-Unique-Session-ID = "60762dd8d4469af9". ++[acct_unique] returns ok [suffix] Proxy reply, or no User-Name.  Ignoring. ++[suffix] returns ok ++[files] returns noop # Executing section accounting from file /etc/freeradius/sites-enabled/default +- entering group accounting {...} [detail] expand: %{Packet-Src-IP-Address} -> 127.0.0.1 [detail] expand: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d -> /var/log/freeradius/radacct/127.0.0.1/detail-20140417 [detail] /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d expands to /var/log/freeradius/radacct/127.0.0.1/detail-20140417 [detail] expand: %t -> Thu Apr 17 01:47:32 2014 ++[detail] returns ok ++[unix] returns noop [radutmp] expand: /var/log/freeradius/radutmp -> /var/log/freeradius/radutmp rlm_radutmp: NAS localhost rebooted (Accounting-Off packet seen) ++[radutmp] returns ok [sradutmp] expand: /var/log/freeradius/sradutmp -> /var/log/freeradius/sradutmp rlm_radutmp: NAS localhost rebooted (Accounting-Off packet seen) ++[sradutmp] returns ok ++[exec] returns noop [attr_filter.accounting_response] expand: %{User-Name} -> ++[attr_filter.accounting_response] returns noop Sending Accounting-Response of id 84 to 127.0.0.1 port 49672 Finished request 9. Cleaning up request 9 ID 84 with timestamp +952 Going to the next request Ready to process requests.

# radzap --help | grep -N Usage: radzap [options] server[:port] secret       -h Print usage help information.       -d raddb_directory: directory where radiusd.conf is located. grep: 無効なオプション -- 'N' 使用法: grep [OPTION]... PATTERN [FILE]... Try 'grep --help' for more information.       -N nas_ip_address: IP address of the NAS to zap.       -P nas_port: NAS port that the user is logged into.       -u username: Name of user to zap (case insensitive).       -U username: like -u, but case-sensitive.       -x Enable debugging output.