Вопрос. Стоит FreeRadius, все параметры про пользователя при авторизации берет из MySQL. Но в таблицу RADACCT, да и вообще куда-нибудь статистику по траффику не пишет.Таблица вообше девственно чистая. А вроде должен писать.
Где грабли?
Поправка - в каталог /var/log/radacct файлы auth-detail-20040427 и reply-detail-20040427 пишет.
Но это не то.Radiusd.conf
##
## radiusd.conf -- FreeRADIUS server configuration file.
##prefix = /usr/local
exec_prefix = ${prefix}
sysconfdir = ${prefix}/etc
localstatedir = /var
sbindir = ${exec_prefix}/sbin
logdir = /var/log
raddbdir = ${sysconfdir}/raddb
radacctdir = ${logdir}/radacct# Location of config and logfiles.
confdir = ${raddbdir}
run_dir = ${localstatedir}/run/radiusdlog_file = ${logdir}/radius.log
#
# libdir: Where to find the rlm_* modules.
#libdir = ${exec_prefix}/lib
# pidfile: Where to place the PID of the RADIUS server.
#
pidfile = ${run_dir}/radiusd.pid
# user/group: The name (or #number) of the user/group to run radiusd as.
#
user = nobody
group = nobody# max_request_time: The maximum time (in seconds) to handle a request.
#
#
max_request_time = 5# delete_blocked_requests: If the request takes MORE THAN 'max_request_time'
# to be handled, then maybe the server should delete it.
#
delete_blocked_requests = no# cleanup_delay: The time to wait (in seconds) before cleaning up
# a reply which was sent to the NAS.
#
cleanup_delay = 5# max_requests: The maximum number of requests which the server keeps
# track of. This should be 256 multiplied by the number of clients.
# e.g. With 4 clients, this number should be 1024.
#
max_requests = 1024# bind_address: Make the server listen on a particular IP address, and
# send replies out from that address. This directive is most useful
#
bind_address = 192.168.10.77# port: Allows you to bind FreeRADIUS to a specific port.
#
#
port = 1812# hostname_lookups: Log the names of clients or just their IP addresses
# e.g., www.freeradius.org (on) or 206.47.27.232 (off).
#
hostname_lookups = no# Core dumps are a bad thing. This should only be set to 'yes'
#
allow_core_dumps = no# Regular expressions
#
regular_expressions = yes
extended_expressions = yes# Log the full User-Name attribute, as it was found in the request.
#
log_stripped_names = yes# Log authentication requests to the log file.
#
log_auth = yes# Log passwords with the authentication requests.
# log_auth_badpass - logs password if it's rejected
# log_auth_goodpass - logs password if it's correct
#
# allowed values: {no, yes}
#
log_auth_badpass = yes
log_auth_goodpass = no# usercollide: Turn "username collision" code on and off. See the
# "doc/duplicate-users" file
#
usercollide = no# lower_user / lower_pass:
lower_user = yes
lower_pass = no# nospace_user / nospace_pass:
#
nospace_user = yes
nospace_pass = no# The program to execute to do concurrency checks.
checkrad = ${sbindir}/checkrad# SECURITY CONFIGURATION
#
# There may be multiple methods of attacking on the server. This
# section holds the configuration items which minimize the impact
# of those attacks
#
security {
max_attributes = 200
reject_delay = 1
status_server = no
}# PROXY CONFIGURATION
#
proxy_requests = yes
$INCLUDE ${confdir}/proxy.conf
# CLIENTS CONFIGURATION
#
$INCLUDE ${confdir}/clients.conf
# SNMP CONFIGURATION
#
snmp = no
$INCLUDE ${confdir}/snmp.conf
# THREAD POOL CONFIGURATION
#
thread pool {
# Number of servers to start initially --- should be a reasonable
# ballpark figure.
start_servers = 2max_servers = 10
min_spare_servers = 2
max_spare_servers = 10
max_requests_per_server = 0
}# MODULE CONFIGURATION
#
# The names and configuration of each module is located in this section.
#
# After the modules are defined here, they may be referred to by name,
# in other sections of this configuration file.
#
modules {# PAP module to authenticate users based on their stored password
#pap {
# encryption_scheme = crypt
#}# CHAP module
#
# To authenticate requests containing a CHAP-Password attribute.
#
chap {
authtype = CHAP
}# Pluggable Authentication Modules
#pam {
# pam_auth = radiusd
#}# Unix /etc/passwd style authentication
#
unix {
cache = no
cache_reload = 600radwtmp = ${logdir}/radwtmp
}# Extensible Authentication Protocol
#
# For all EAP related authentications
#eap {
# default_eap_type = md5
# timer_expire = 60
# md5 {
# }
# leap {
# }
#tls {
# private_key_password = password
# private_key_file = /path/filename
# certificate_file = /path/filename
# CA_file = /path/filename
# dh_file = /path/filename
# random_file = /path/filename
# fragment_size = 1024
# include_length = yes
#}
#}# Microsoft CHAP authentication
#
# This module supports MS-CHAP and MS-CHAPv2 authentication.
# It also enforces the SMB-Account-Ctrl attribute.
#
mschap {
authtype = MS-CHAP
# use_mppe = no
# require_encryption = yes
# require_strong = yes
}# Lightweight Directory Access Protocol (LDAP)
#ldap {
# server = "ldap.your.domain"
# identity = "cn=admin,o=My Org,c=UA"
# password = mypass
# basedn = "o=My Org,c=UA"
# filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
# start_tls = no
# default_profile = "cn=radprofile,ou=dialup,o=My Org,c=UA"
# profile_attribute = "radiusProfileDn"
# access_attr = "dialupAccess"
# dictionary_mapping = ${raddbdir}/ldap.attrmap
# ldap_connections_number = 5
# password_header = "{clear}"
# password_attribute = userPassword
# groupname_attribute = cn
# groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
# groupmembership_attribute = radiusGroupName
# timeout = 4
# timelimit = 3
# net_timeout = 1
# compare_check_items = yes
# access_attr_used_for_allow = yes
#}# Realm module, for proxying.
realm realmslash {
format = prefix
delimiter = "/"
}# 'username@realm'
#
realm suffix {
format = suffix
delimiter = "@"
}# 'username%realm'
#
realm realmpercent {
format = suffix
delimiter = "%"
}
# Preprocess the incoming RADIUS request, before handing it off
# to other modules.
preprocess {
# huntgroups = ${confdir}/huntgroups
# hints = ${confdir}/hints# with_ascend_hack = no
# ascend_channels_per_line = 23# with_ntdomain_hack = no
with_specialix_jetstream_hack = no
# with_cisco_vsa_hack = no
}# Livingston-style 'users' file
#
files {
usersfile = ${confdir}/users
acctusersfile = ${confdir}/acct_userscompat = no
}# Write a detailed log of all accounting records received.
#
detail {
detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d
detailperm = 0644
}
detail auth_log {
detailfile = ${radacctdir}/%{Client-IP-Address}/auth-detail-%Y%m%d
detailperm = 0600
}detail reply_log {
detailfile = ${radacctdir}/%{Client-IP-Address}/reply-detail-%Y%m%d
detailperm = 0600
}acct_unique {
key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port-Id"
}
$INCLUDE ${confdir}/sql.confradutmp {
filename = ${logdir}/radutmp
username = %{User-Name}
case_sensitive = yes
check_with_nas = yes
perm = 0600
callerid = "yes"
}radutmp sradutmp {
filename = ${logdir}/sradutmp
perm = 0644
callerid = "no"
}attr_filter {
attrsfile = ${confdir}/attrs
}# counter module:
#
counter daily {
filename = ${raddbdir}/db.daily
key = User-Name
count-attribute = Acct-Session-Time
reset = daily
counter-name = Daily-Session-Time
check-name = Max-Daily-Session
allowed-servicetype = Framed-User
cache-size = 5000
}# The "always" module is here for debugging purposes. Each
# instance simply returns the same result, always, without
# doing anything.
always fail {
rcode = fail
}
always reject {
rcode = reject
}
always ok {
rcode = ok
simulcount = 0
mpp = no
}}
# Instantiation
#
instantiate {
expr
}# Authorization.
authorize {
preprocess
auth_log
# chap
# attr_filter
# eap
# digest
# realmslash
suffix
# files
# etc_smbpasswd
mschap
sql
}
# Authentication.
authenticate {
# MSCHAP authentication.
Auth-Type MS-CHAP {
mschap
}
# unix
}
#
# Pre-accounting. Decide which accounting type to use.
#
preacct {
preprocess# realmslash
suffix
# files
}#
# Accounting. Log the accounting data.
#
accounting {
acct_unique
detail
# daily
unix # wtmp file
radutmp
# sradutmp
sql
# main_pool
}# Session database, used for checking Simultaneous-Use. Either the radutmp
# or rlm_sql module can handle this.
# The rlm_sql module is *much* faster
session {
# radutmp
sql
}# Post-Authentication
# Once we KNOW that the user has been authenticated, there are
# additional steps we can take.
post-auth {
# main_pool
reply_log
}#
pre-proxy {
# attr_rewrite
}
#
post-proxy {
#
# attr_rewrite
# attr_filter
# eap
}
<skip>
sql.conf правил?
запускай radiusd -X