Re: [Help-gnu-radius] Re: not getting acct info for portmasters

[Scott Lambert]

On Wed, May 11, 2005 at 12:21:57PM +0300, Sergey Poznyakoff wrote:
> Scott Lambert <address@hidden> wrote:
> 
> > Ports in use:
> >  AUTH: 1812
> >  ACCT: 1813
> [...]
> > My auth and acct ports are the old style 1645 and 1646 in /etc/services.
> > Those ports are actively awaiting connections.  1812 and 1813 are
> > closed.
> 
> You can configure your radius to default to using old-style ports by running
> 
>    ./configure --with-auth-port=old
> 
> or
> 
>    ./configure --with-auth-port=1645   

Setting them in services works fine for me.  I am getting radiusd
listening on the ports that all of my equipment is configured to send
to, 1645 and 1646.  I just have not logged any accounting data from the
PM3's.  I am getting auth request from the PM3s and auth and acct data
from the Cisco's, and the Patton 2996.  My network has been using these
ports for many years.  Cistron was recieving accounting data from all
equipment.

I switched to gnu radius for new features, not because I am new to
this stuff. :-) Like I said, I hadn't had a chance to do any debugging
yet.  I just wanted to let Mr. Laflamme know that I was seeing the same
symptoms on gnu radius 1.3 as he was.

address@hidden /var/log/radacct
17:17:38 Wed May 11 # ls -la portmaster1
total 996
drwxr-xr-x   2 root  wheel     512 Apr 14 01:30 .
drwxr-xr-x  21 root  wheel     512 May  9 20:19 ..
-rw-r--r--   1 root  wheel  995902 May 11 17:17 detail.auth

address@hidden /var/log/radacct
17:18:52 Wed May 11 # ls -la cisco1
total 2100
drwxr-xr-x   2 root  wheel      512 May  2 11:25 .
drwxr-xr-x  21 root  wheel      512 May  9 20:19 ..
-rw-r--r--   1 root  wheel   800371 May 11 17:19 detail
-rw-r--r--   1 root  wheel  1299273 May 11 17:19 detail.auth

address@hidden /var/log/radacct
18:39:57 Wed May 11 # ls -la patton1
total 1876
drwxr-xr-x   2 root  wheel      512 May  2 11:24 .
drwxr-xr-x  21 root  wheel      512 May  9 20:19 ..
-rw-r--r--   1 root  wheel  1431411 May 11 18:38 detail
-rw-r--r--   1 root  wheel   437759 May 11 18:38 detail.auth

address@hidden /var/log/radacct
18:40:05 Wed May 11 # ls -la rad01.globalpops.com  # defined as type ascend
total 122
drwxr-xr-x   2 root  wheel     512 Apr 19 11:36 .
drwxr-xr-x  21 root  wheel     512 May  9 20:19 ..
-rw-r--r--   1 root  wheel  117379 Apr 25 19:17 detail
-rw-r--r--   1 root  wheel     878 Apr 25 14:28 detail.auth


I've done some config checking and the portmasters are all defined
as type livingston in naslist.  dictionary is $INCLUDE'ing
dict/livingston.

config auth and acct sections:
auth {
        max-requests 127;
        request-cleanup-delay 2;
        detail yes;
        detail-file-name "=nas_name(request_source_ip()) + \"/detail.auth\"";
        strip-names yes;
        checkrad-assume-logged yes;
};

acct {
        max-requests 127;
        request-cleanup-delay 2;
        system yes;
        detail-file-name "=nas_name(request_source_ip()) + \"/detail\"";
};


> > There were many incompatibilities in the cistron users file.  I think
> > cistron was simply ignoring things that should have been errors.
> 
> Yes, in contrast to Cistron implementation, GNU radius does extensive
> syntax and semantics checking on its startup files before using them. 

And that is a wonderful thing. :-) I also appreciate the --mode c so
that cvs'd configs can be tested before installing the new configs into
the live directory.

-- 
Scott Lambert                    KC5MLE                       Unix SysAdmin
address@hidden