Freeradius 3 Log user calling IP in table

classic Classic list List threaded Threaded
6 messages Options
| Threaded
Open this post in threaded view
|

Freeradius 3 Log user calling IP in table

aacable
Scenario:


We are using Freeradius 3.0.19 & Mikrotik Routerboard as NAS.

When any user connects , FR inserts his entry in radacct table with relevant data. We want to additionally log userend calling IP (maybe its called Packet-Src-IP-Address , IP which he gets from the DHCP) in the radacct or in any other table.

is it doable ? would appreciate if some tips can be given




Regards,
Jz
<http:///>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Freeradius 3 Log user calling IP in table

Alan DeKok-2
On Nov 20, 2019, at 5:45 AM, JAHANZAIB SYED <[hidden email]> wrote:
>
> When any user connects , FR inserts his entry in radacct table with relevant data. We want to additionally log userend calling IP (maybe its called Packet-Src-IP-Address , IP which he gets from the DHCP) in the radacct or in any other table.

  The Packet-Src-IP-Address is the IP address of the RADIUS client.  It's not the users IP address.

  If it's available, the users IP address in in the Framed-IP-Address attribute.

> is it doable ? would appreciate if some tips can be given

  Yes.  The default *is* to log Framed-IP-Address in the radacct table.  You don't need to do anything.

  If it's not being logged there, then the NAS isn't sending it.

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Freeradius 3 Log user calling IP in table

aacable
Let me give more details.

When end user connects with the network , he gets IP from the NAS DHCP like 10.0.0.20
When he connects with the NAS using PPPoE Dialer, he then gets IP from the NAS pool like 221.112.112.1 [public IP], this is Framed-Ip-Address which is logged in radacct table by default.

What we want is to log the end user dhcp IP like 10.0.0.20 into the table (either separate table or additional column named userdhcpip in radacct table

is there any thing we can get this dhcp ip into the table?




Regards,
Jz
________________________________
From: Freeradius-Users <freeradius-users-bounces+aacable79=[hidden email]> on behalf of Alan DeKok <[hidden email]>
Sent: Wednesday, November 20, 2019 5:21 PM
To: FreeRadius users mailing list <[hidden email]>
Subject: Re: Freeradius 3 Log user calling IP in table

On Nov 20, 2019, at 5:45 AM, JAHANZAIB SYED <[hidden email]> wrote:
>
> When any user connects , FR inserts his entry in radacct table with relevant data. We want to additionally log userend calling IP (maybe its called Packet-Src-IP-Address , IP which he gets from the DHCP) in the radacct or in any other table.

  The Packet-Src-IP-Address is the IP address of the RADIUS client.  It's not the users IP address.

  If it's available, the users IP address in in the Framed-IP-Address attribute.

> is it doable ? would appreciate if some tips can be given

  Yes.  The default *is* to log Framed-IP-Address in the radacct table.  You don't need to do anything.

  If it's not being logged there, then the NAS isn't sending it.

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Freeradius 3 Log user calling IP in table

Vijay S
Hi Jz,
You can analyze access-request, accounting-start and interim-update packets
to see if desired ip coming from mikrotik with any attribute , if you see
the value associated with any of the attribute then it's easy to use unlang
to add the value to radacct.
Hope this helps.


Regards
Vijay A.



On Thu, Nov 21, 2019, 08:58 JAHANZAIB SYED <[hidden email]> wrote:

> Let me give more details.
>
> When end user connects with the network , he gets IP from the NAS DHCP
> like 10.0.0.20
> When he connects with the NAS using PPPoE Dialer, he then gets IP from the
> NAS pool like 221.112.112.1 [public IP], this is Framed-Ip-Address which is
> logged in radacct table by default.
>
> What we want is to log the end user dhcp IP like 10.0.0.20 into the table
> (either separate table or additional column named userdhcpip in radacct
> table
>
> is there any thing we can get this dhcp ip into the table?
>
>
>
>
> Regards,
> Jz
> ________________________________
> From: Freeradius-Users <freeradius-users-bounces+aacable79=
> [hidden email]> on behalf of Alan DeKok <
> [hidden email]>
> Sent: Wednesday, November 20, 2019 5:21 PM
> To: FreeRadius users mailing list <[hidden email]>
> Subject: Re: Freeradius 3 Log user calling IP in table
>
> On Nov 20, 2019, at 5:45 AM, JAHANZAIB SYED <[hidden email]> wrote:
> >
> > When any user connects , FR inserts his entry in radacct table with
> relevant data. We want to additionally log userend calling IP (maybe its
> called Packet-Src-IP-Address , IP which he gets from the DHCP) in the
> radacct or in any other table.
>
>   The Packet-Src-IP-Address is the IP address of the RADIUS client.  It's
> not the users IP address.
>
>   If it's available, the users IP address in in the Framed-IP-Address
> attribute.
>
> > is it doable ? would appreciate if some tips can be given
>
>   Yes.  The default *is* to log Framed-IP-Address in the radacct table.
> You don't need to do anything.
>
>   If it's not being logged there, then the NAS isn't sending it.
>
>   Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Freeradius 3 Log user calling IP in table

Alan DeKok-2
In reply to this post by aacable
On Nov 20, 2019, at 10:28 PM, JAHANZAIB SYED <[hidden email]> wrote:
>
> Let me give more details.
>
> When end user connects with the network , he gets IP from the NAS DHCP like 10.0.0.20
> When he connects with the NAS using PPPoE Dialer, he then gets IP from the NAS pool like 221.112.112.1 [public IP], this is Framed-Ip-Address which is logged in radacct table by default.
>
> What we want is to log the end user dhcp IP like 10.0.0.20 into the table (either separate table or additional column named userdhcpip in radacct table
>
> is there any thing we can get this dhcp ip into the table?

  Does that attribute show up in a packet?  Read the debug output to see.

a) yes - update the SQL and queries to log it

b) no - fix the NAS so that the NAS sends it in a packet.  No amount of poking the RADIUS server will help.

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Freeradius 3 Log user calling IP in table

Vijay S
Pretty much what I suggested.

As mentioned you are using mikrotik as NAS. Its DHCP server can use radius
to authorize clients for DHCP address allocation. And sends updates
regarding the same to FR.
you can use the common AVP to map the data.

Regards
Vijay A.

On Thu, Nov 21, 2019, 17:45 Alan DeKok <[hidden email]> wrote:

> On Nov 20, 2019, at 10:28 PM, JAHANZAIB SYED <[hidden email]> wrote:
> >
> > Let me give more details.
> >
> > When end user connects with the network , he gets IP from the NAS DHCP
> like 10.0.0.20
> > When he connects with the NAS using PPPoE Dialer, he then gets IP from
> the NAS pool like 221.112.112.1 [public IP], this is Framed-Ip-Address
> which is logged in radacct table by default.
> >
> > What we want is to log the end user dhcp IP like 10.0.0.20 into the
> table (either separate table or additional column named userdhcpip in
> radacct table
> >
> > is there any thing we can get this dhcp ip into the table?
>
>   Does that attribute show up in a packet?  Read the debug output to see.
>
> a) yes - update the SQL and queries to log it
>
> b) no - fix the NAS so that the NAS sends it in a packet.  No amount of
> poking the RADIUS server will help.
>
>   Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html