LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 05-20-2009, 09:26 AM   #1
Japie
LQ Newbie
 
Registered: Mar 2009
Posts: 27

Rep: Reputation: 16
Freeradius-mysql (2.04), Cisco 515PIX (6.3) ,VPN accounting problem


Hi guru's

I've set up a pix to do client VPN with Cisco client software.
The radius server is a debian lenny box with freeradius 2 and a mysql backend.

All is well, authentication works like a charm.

Getting accounting to work properly is a bit harder for me.
I'm getting many many records for each VPN connection that has been made.

See some content of my radacct table :

1 0x00210826 jaap 10.32.2.251 0 2009-05-20 13:55:43 2009-05-20 13:56:24 41 28042 41980 0 0

2 0x00210828 jaap 10.32.2.251 0 2009-05-20 13:55:52 2009-05-20 13:56:19 27 20528 55285 0 0

3 0x00210834 jaap 10.32.2.251 0 2009-05-20 13:56:45 2009-05-20 13:57:16 30 5038 10138 0 0

4 0x00210835 jaap 10.32.2.251 0 2009-05-20 13:56:45 2009-05-20 13:57:16 30 1992 3788 0 0

5 0x00210836 jaap 10.32.2.251 0 2009-05-20 13:57:16 2009-05-20 13:57:38 21 31040 49263 0 0

6 0x00210837 jaap 10.32.2.251 0 2009-05-20 13:57:17 2009-05-20 13:57:38 21 6900 12879

See the time/date stamps are very close together ? This is only 1 vpn connection though ! Obviously when using a tool like dialup-admin it doesn't provide me with proper output/graphs.

Also, I've noticed in my radius.log many of these:

Error: rlm_radutmp: Logout for NAS pubflw03 port 0, but no Login record

Is something wrong with the SQL statements of freeradius ? Or is it the NAS (cisco) that is spewing so many records because of misconfiguration, or maybe a bug(due to the IOS being a bit old)

the cisco conf looks like this :

<snip>
aaa-server radius-authport 1812
aaa-server radius-acctport 1813
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server RADIUS (inside) host 10.32.2.6 **(crypt. pass)** timeout 5
aaa-server LOCAL protocol local
aaa-server partnerauth protocol radius
aaa accounting include tcp/0 outside 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 RADIUS
<snip>

Last remark : simultanious use checking doesnt work either, I'm doing that with the (preconfigured) options in dialup.conf.
I've changed the server to log 0000-00-00 00:00:00 instead of NULL and it does write this in radacct->acctstoptime.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Authentication, Authorization & Accounting With FreeRadius & MySQL Backend & We LXer Syndicated Linux News 0 09-10-2008 05:20 PM
LXer: Wifi Authentication/Accounting With FreeRadius On CentOS 5 LXer Syndicated Linux News 0 07-11-2008 02:30 PM
Cisco VPN - access problem exitsfunnel Linux - Networking 6 10-10-2007 02:03 AM
Cisco VPN problem in mandrake 10.1 sriswami Linux - Software 1 03-13-2005 10:57 AM
Connect to Cisco VPN w/o Cisco VPN Client gboutwel Linux - Networking 4 02-07-2003 12:46 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 10:58 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration