User Tools

Site Tools


radius

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
radius [2008/07/17 10:12]
kaiab
radius [2011/04/07 18:24] (current)
faltin [Use cases]
Line 1: Line 1:
-This page is a work in progress+====== The Radius Accounting tool ======
  
-====== ​Radius ​======+{{:​tools:​radius.png}} The Radius ​accounting tool is a NAV-tool that collects accounting-data from a [[http://​www.freeradius.org/​|Freeradius-server]] and makes them available to the user through a web-frontend. The goal is to make a more accessible and user-friendly interface to the accounting data instead of having to manually look through logfiles. The frontend is divided into three tabs where you can browse different sets of data from the radius-server.
  
-Radius is a NAV-tool that collects accounting-data from a [[http://​www.freeradius.org/​|Freeradius-server]] and makes them available to the user through a web-frontend. The goal is to make a more accessible and userfriendly interface to the accounting data instead of having to manually look through logfiles. The frontend is divided into three tabs where you can browse different sets of data from the radius-server.+===== Use cases =====
  
 +  * If you have an [[http://​eduroam.org|eduroam]] wireless network all you wireless users will log in based on their radius credentials. The NAV radius accounting tool is useful for searching eduroam users.
 +  * If you use IEEE 802.1X in your wired network and thus requires users to log in to get access, the NAV radius accounting tool can track these users as well.
 ===== Accounting Log ===== ===== Accounting Log =====
  
Line 21: Line 23:
 ===== Error Log ===== ===== Error Log =====
  
-In this tab we can do searches through the messages in the freeradius error-log. You can do searches based on different parts of the error-message, either the username, client, port or the whole message. Client refers to the NAS the user is connecting to, and port is the module and port-number on that device. To further refine your search, you can choose which type of error-message you are interested in, and you can choose a period or timestamp to get more precise results.+In this tab we can do searches through the error-messages in the Freeradius logfile. You can do searches based on different parts of the message, either the username, client, port or the whole message. Client refers to the NAS the user is connecting to, and port is the module and port-number on that device. To further refine your search, you can choose which type of log-message you are interested in, and you can choose a period or timestamp to get more precise results.
  
 The results will show a timestamp of when an error occurred, the type of the error and the error-message itself. By clicking view you can see a more detailed message-summary. The results will show a timestamp of when an error occurred, the type of the error and the error-message itself. By clicking view you can see a more detailed message-summary.
Line 28: Line 30:
  
 After you have finished the installation/​upgrade of NAV, there are a couple of things that must be done manually to make the Radius-module work as intended. See the file ''​INSTALL''​ in the radius-directory for a step by step and updated rundown of the process. After you have finished the installation/​upgrade of NAV, there are a couple of things that must be done manually to make the Radius-module work as intended. See the file ''​INSTALL''​ in the radius-directory for a step by step and updated rundown of the process.
- 
-{{:​radius:​radiusoverview.png|Overview of the radius-module}} 
  
 ===== NAS Configuration ===== ===== NAS Configuration =====
Line 40: Line 40:
  
 ===== Files ===== ===== Files =====
 +
 +{{:​radius:​radiusoverview1.png?​550x700|Overview of the radius-module}}
  
   * ''​radius.py''​ - This is the main script, takes care of the communication between database and frontend.   * ''​radius.py''​ - This is the main script, takes care of the communication between database and frontend.
   * ''​radiuslib.py''​ - Contains assorted helper-functions.   * ''​radiuslib.py''​ - Contains assorted helper-functions.
   * ''​radius_config.py''​ - Just another config-file.   * ''​radius_config.py''​ - Just another config-file.
-  * ''​radiusparser.py''​ - Parses the Freeradius ​error-log and inserts data into the database.+  * ''​radiusparser.py''​ - Parses the Freeradius ​logfile ''​radius.log'' ​and inserts data into the database.
   * Various ''​.tmpl''​ files -  These are Cheetah-template files for the web-frontend,​ they are not very interesting.   * Various ''​.tmpl''​ files -  These are Cheetah-template files for the web-frontend,​ they are not very interesting.
 +  * ''​postgresql.conf''​ and ''​radiusd.conf''​ are config-files for Freeradius.
  
 ===== Files to edit ===== ===== Files to edit =====
Line 58: Line 61:
 === radiusd.conf === === radiusd.conf ===
 This is a configuration file that you will find on your Freeradius-server. For details see the INSTALL document in the radius-directory. This is a configuration file that you will find on your Freeradius-server. For details see the INSTALL document in the radius-directory.
 +
 +You will probably want to change <​code>​$INCLUDE ​ ${confdir}/​sql.conf</​code>​ to <​code>​$INCLUDE ​ ${confdir}/​postgresql.conf</​code>​
 +
 +Add a line that says <​code>​sql</​code>​ last in the ''​accounting{}''​ section.
 +
 +This small script needs to be defined in the ''​main{}''​ section and called from the ''​preacct{}''​ section before the ''​acct_unique''​ script. See examples in the file for where to put it.
 +<​code>​
 +attr_rewrite modify_acctsessionid {
 +            attribute = Acct-Session-Id
 +            searchin = packet
 +            searchfor = "​[0-3][0-9]\/​[0-3][0-9]\/​[0-9]{2}\ [0-2][0-9]\:​[0-5][0-9]\:​[0-5][0-9]"​
 +            replacewith = ""​
 +            append = no
 +    }
 +</​code>​
  
 === postgresql.conf === === postgresql.conf ===
Line 142: Line 160:
  
 </​code>​ </​code>​
 +
 +====== Known Issues ======
 +
 +We've had one report where the Freeradius-server crashes when it loses connection with the postgresql-database and can no longer push accounting-messages to it. The reason for this is currently unknown, but it seems to be connected with the ''​rlm_sql''​ and ''​rlm_sql_postgresql''​ modules for freeradius.
radius.1216289533.txt.gz ยท Last modified: 2008/07/17 10:12 by kaiab