[ previous ] [ next ] [ threads ]
 
 From:  eric at ericmagny dot com
 To:  Dinesh Nair <dinesh at alphaque dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Captive Portal Logging
 Date:  Tue, 21 Sep 2004 17:21:32 -0400
Hi Dinesh!

Two other things about the accounting in Captive portal:

- First, in m0n0 web interface, it's possible to change the radius server port 
for authentification, but not the accounting port.. Maybe more functional if 
both port can be change ?!?

- Second, it's a problem I experiemnt when I'm using Radius Server WITH SQL 
database. (FreeRadius + MySql)

The issue is when accounting is turned on, m0n0 send data of starting session, 
Account Session ID, username, starting time.  All these data are stored in the 
SQL database. In fact, FreeRadius create a new record for this entry.

When the user logout (or has been disconected), m0n0 send another time 
Account Session ID, username, starting time, But this time, m0n0 add bytes 
in/out and ending time.   At this time freeRadius is just normally updating 
the record previously created. 

To update this record, FreeRadius is using the AccntSessionId (sent by 
monowall), this data is suposed to be different for each session created  
(recorded by radius accounting).  But monowall is always sending the same 
session ID number.  Right?

My radius server is receiving AcntSessionId in this format:  username-
hostname.domain
(hostname and domain are the one configured in System/General setup  in m0n0 
web interface.

So when free radius want to update the database when it receive the logout 
info. The SQL query is asking to update (with logout time, and bytes in/out) 
record matching 2 criterias:  username and AccntSessionID..  
So as you can Imagine, all accounting data of this user is matching this 
criteria!!

For now I patch this problem by changing (in freeradius Sql.conf config file) 
the SQL query.  First I ask Radius to update previous created record with 
username AND log-in time (not AccntID).   And if no record was previously 
created, I ask FreeRadius to create a new one with only logout informations 
recv'd..

But I think the right way (and more compatible way ;-))  was to update with a 
unique AccntSessionId..


Regards,

eric.
eric at ericmagny dot com




Quoting Dinesh Nair <dinesh at alphaque dot com>:

> On 22/09/2004 00:55 eric at ericmagny dot com said the following:
> > - That would be very nice (and functionnal!) if we can Also log stats
> (traffic 
> > in/out) from Pass-through MAC already configured in m0n0 to Radisu Server,
> 
> > exaclty like the users authorise by portal.
> 
> i guess this could be done, using the MAC address as the Username RADIUS 
> attribute. i'll add a toggle for it in the next beta release.
> 
> -- 
> Regards,                           /\_/\   "All dogs go to heaven."
> dinesh at alphaque dot com                (0 0)    http://www.alphaque.com/
> +==========================----oOO--(_)--OOo----==========================+
> | for a in past present future; do                                        |
> |   for b in clients employers associates relatives neighbours pets; do   |
> |   echo "The opinions here in no way reflect the opinions of my $a $b."  |
> | done; done                                                              |
> +=========================================================================+
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 
> 




-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/