[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Help-gnu-radius] Help with Cisco AVPair Attributes
|
From: |
Mikel Beck |
|
Subject: |
[Help-gnu-radius] Help with Cisco AVPair Attributes |
|
Date: |
Wed, 20 Oct 2004 15:14:31 -0400 |
I've got accounting data coming into my RADIUS from a bunch of Cisco 1200AP
Wireless access points. I'm trying to re-write Cisco-AVPair attributes, but
I can't seem to get it working properly.
First off, I'm using GNU Radius 1.2.95.
I created a /usr/local/etc/raddb/dict/cisco_wlan file, in it is:
ATTRIBUTE Cisco-WLAN-ssid 4000 string
ATTRIBUTE Cisco-WLAN-nas-location 4001 string
ATTRIBUTE Cisco-WLAN-connect-progress 4002 string
ATTRIBUTE Cisco-WLAN-vlan-id 4003 string
ATTRIBUTE Cisco-WLAN-auth-algo-type 4004 string
ATTRIBUTE Cisco-WLAN-disc-cause-ext 4005 string
I added a line to the /usr/local/etc/raddb/dictionary file:
$INCLUDE dict/cisco_wlan # Custom dictionary for Cisco Wireless
I created a /usr/local/share/radius/1.2.95/rewrite/cisco_wlan.rw file:
integer
parse_cisco_avpair()
{
integer i;
while (*%[Cisco-AVPair](i))
{
if (%[Cisco-AVPair](i) =~ "ssid=\(.*\)")
{
%[Cisco-WLAN-ssid] = \1;
}
if (%[Cisco-AVPair](i) =~ "nas-location=\(.*\)")
{
%[Cisco-WLAN-nas-location] = \1;
}
if (%[Cisco-AVPair](i) =~ "connect-progress=\(.*\)")
{
%[Cisco-WLAN-connect-progress] = \1;
}
if (%[Cisco-AVPair](i) =~ "vlan-id=\(.*\)")
{
%[Cisco-WLAN-vlan-id] = \1;
}
if (%[Cisco-AVPair](i) =~ "auth-algo-type=\(.*\)")
{
%[Cisco-WLAN-auth-algo-type] = \1;
}
if (%[Cisco-AVPair](i) =~ "disc-cause-ext=\(.*\)")
{
%[Cisco-WLAN-disc-cause-ext] = \1;
}
i = i + 1;
}
return 0;
}
I added a line to the "rewrite" section in /usr/local/etc/raddb/config:
load "cisco_wlan.rw";
I added a line to /usr/local/etc/raddb/hints:
DEFAULT Rewrite-Function = parse_cisco_avpair NULL
I modified the acct_start_query and acct_stop_query lines in
/usr/local/etc/raddb/sqlserver to use these new attributes:
acct_start_query INSERT INTO calls \
VALUES(%C{Acct-Status-Type},\
'%u',\
'%C{Realm-Name}',\
now(),\
'%C{NAS-IP-Address}',\
%C{NAS-Port-Id},\
'%C{Acct-Session-Id}',\
0,\
0,\
0,\
0,\
'%C{Framed-IP-Address}',\
'%C{Called-Station-Id}',\
'%C{Calling-Station-Id}',\
'%C{Cisco-WLAN-ssid}',\
'%C{Cisco-WLAN-nas-location}',\
'%C{Cisco-WLAN-connect-progress}',\
'%C{Cisco-WLAN-vlan-id}',\
'%C{Cisco-WLAN-auth-algo-type}',\
'%C{Cisco-WLAN-disc-cause-ext}')
acct_stop_query UPDATE calls \
SET status=%C{Acct-Status-Type},\
acct_session_time=%C{Acct-Session-Time},\
acct_input_octets=%C{Acct-Input-Octets},\
acct_output_octets=%C{Acct-Output-Octets},\
connect_term_reason=%C{Acct-Terminate-Cause}, \
Cisco_WLAN_ssid='%C{Cisco-WLAN-ssid}', \
Cisco_WLAN_nas_location='%C{Cisco-WLAN-nas-location}',
\
Cisco_WLAN_connect_progress='%C{Cisco-WLAN-connect-progr
ess}', \
Cisco_WLAN_vlan_id='%C{Cisco-WLAN-vlan-id}', \
Cisco_WLAN_auth_algo_type='%C{Cisco-WLAN-auth-algo-type}
', \
Cisco_WLAN_disc_cause_ext='%C{Cisco-WLAN-disc-cause-ext}
' \
WHERE user_name='%C{User-Name}' \
AND status = 1 \
AND acct_session_id='%C{Acct-Session-Id}'
I see in the /var/log/radacct/xxx.xxx.xxx.xxx/detail file that the
Cisco-AVPair attributes are still there:
Wed Oct 20 14:29:43 2004
Acct-Session-Id = 000000D6
Called-Station-Id = wap-mac-address
Calling-Station-Id = client-mac-address
Cisco-AVPair = ssid=cisco_ssid
Cisco-AVPair = nas-location=unspecified
Cisco-AVPair = connect-progress=Call Up
User-Name = client-mac-address
Acct-Status-Type = Start
NAS-Port-Type = 19
Cisco-PRI-Circuit = 432
NAS-Port-Id = 432
Service-Type = Framed-User
NAS-IP-Address = xxx.xxx.xxx.xxx
Acct-Delay-Time = 0
Timestamp = 1098296983
Request-Authenticator = Verified
Wed Oct 20 14:29:59 2004
Acct-Session-Id = 000000D6
Called-Station-Id = wap-mac-address
Calling-Station-Id = client-mac-address
Cisco-AVPair = ssid=cisco-ssid
Cisco-AVPair = nas-location=unspecified
Cisco-AVPair = vlan-id=398
Cisco-AVPair = auth-algo-type=open
Cisco-AVPair = connect-progress=Call Up
Acct-Session-Time = 16
Acct-Input-Octets = 6841
Acct-Output-Octets = 1261
Acct-Input-Packets = 64
Acct-Output-Packets = 5
Acct-Terminate-Cause = Lost-Carrier
Cisco-AVPair = disc-cause-ext=No Reason
User-Name = client-mac-address
Acct-Status-Type = Stop
NAS-Port-Type = 19
Cisco-PRI-Circuit = 432
NAS-Port-Id = 432
Service-Type = Framed-User
NAS-IP-Address = xxx.xxx.xxx.xxx
Acct-Delay-Time = 0
Timestamp = 1098296999
Request-Authenticator = Verified
I see in the /var/log/radacct/sql.log file that it's trying to write these
new fields to the database:
INSERT INTO calls
VALUES(1,'client-mac-address','',now(),'xxx.xxx.xxx.xxx',432,'000000
D6',0,0,0,0,'0','wap-mac-address','client-mac-address','','','','','','');
UPDATE calls SET
status=2,acct_session_time=16,acct_input_octets=6841,acct_outpu
t_octets=1261,connect_term_reason=2, Cisco_WLAN_ssid='',
Cisco_WLAN_nas_location
='', Cisco_WLAN_connect_progress='', Cisco_WLAN_vlan_id='',
Cisco_WLAN_auth_algo
_type='', Cisco_WLAN_disc_cause_ext='' WHERE user_name='client-mac-address'
AND stat
us = 1 AND acct_session_id='000000D6';
But, as you can see, the new fields are blank.
What am I missing here?
- [Help-gnu-radius] Help with Cisco AVPair Attributes,
Mikel Beck <=