我无法在radacct表中插入“ Called-Station-Id”参数。
在“访问请求”中连接到Unifi(AP AC LITE)后,得到参数Called-Station-Id。
但是,“ Access-Request”后跟“ Accounting-Request”,其中“ Called-Station-Id”参数为空。 radacct表中的Called-Staion-Id字段为空。
有人可以告诉我为什么会发生这种情况,如何将Called-Station-Id参数插入radacct表中?
我也使用microTik接入点,它们将Called-Station-Id参数插入radacct表中
下面我粘贴了显示“访问请求”(1)和“会计请求”(2)的半径日志:
(1) Received Access-Request Id 30 from 185.13.190.143:60381 to 148.252.41.12:1812 length 213
(1) Called-Station-Id = "B4-FB-E4-10-52-47:Hotspot Test"
(1) Calling-Station-Id = "C4-B3-01-5B-E3-79"
(1) Acct-Session-Id = "3dr3mfty1bltwpg4"
(1) NAS-Identifier = "32296af2-4c7c-4492-a02c-9dff3298503d"
(1) NAS-IP-Address = 10.255.0.104
(1) Framed-IP-Address = 178.37.87.66
(1) User-Name = "c4:b3:01:5b:e3:79"
(1) CHAP-Challenge = 0xfe51d128a7fa49f20a684cb62b33d2cf
(1) CHAP-Password = 0x26b5e87d6e3ae20e0c9f9b7ec1f3ba1050
(1) Message-Authenticator = 0x7b2188c4c44c830131d8c6a4d606c36e
(1) # Executing section authorize from file /etc/raddb/sites-enabled/default
(1) authorize {
(1) policy filter_username {
(1) if (&User-Name) {
(1) if (&User-Name) -> TRUE
(1) if (&User-Name) {
(1) if (&User-Name =~ / /) {
(1) if (&User-Name =~ / /) -> FALSE
(1) if (&User-Name =~ /@[^@]*@/ ) {
(1) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(1) if (&User-Name =~ /\.\./ ) {
(1) if (&User-Name =~ /\.\./ ) -> FALSE
(1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
(1) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
(1) if (&User-Name =~ /\.$/) {
(1) if (&User-Name =~ /\.$/) -> FALSE
(1) if (&User-Name =~ /@\./) {
(1) if (&User-Name =~ /@\./) -> FALSE
(1) } # if (&User-Name) = notfound
(1) } # policy filter_username = notfound
(1) [preprocess] = ok
(1) policy rewrite_called_station_id {
(1) if (&Called-Station-Id && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})([^0-9a-f](.+))?$/i)) {
(1) if (&Called-Station-Id && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})([^0-9a-f](.+))?$/i)) -> TRUE
(1) if (&Called-Station-Id && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})([^0-9a-f](.+))?$/i)) {
(1) update request {
(1) EXPAND %{toupper:%{1}:%{2}:%{3}:%{4}:%{5}:%{6}}
(1) --> B4:FB:E4:10:52:47
(1) &Called-Station-Id := B4:FB:E4:10:52:47
(1) } # update request = noop
(1) if ("%{8}") {
(1) EXPAND %{8}
(1) --> Hotspot Test
(1) if ("%{8}") -> TRUE
(1) if ("%{8}") {
(1) update request {
(1) EXPAND %{8}
(1) --> Hotspot Test
(1) &Called-Station-SSID := Hotspot Test
(1) } # update request = noop
(1) } # if ("%{8}") = noop
(1) [updated] = updated
(1) } # if (&Called-Station-Id && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})([^0-9a-f](.+))?$/i)) = updated
(1) ... skipping else: Preceding "if" was taken
(1) } # policy rewrite_called_station_id = updated
(1) policy rewrite_calling_station_id {
(1) if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) {
(1) if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) -> TRUE
(1) if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) {
(1) update request {
(1) EXPAND %{toupper:%{1}:%{2}:%{3}:%{4}:%{5}:%{6}}
(1) --> C4:B3:01:5B:E3:79
(1) &Calling-Station-Id := C4:B3:01:5B:E3:79
(1) } # update request = noop
(1) [updated] = updated
(1) } # if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) = updated
(1) ... skipping else: Preceding "if" was taken
(1) } # policy rewrite_calling_station_id = updated
(1) chap: &control:Auth-Type := CHAP
(1) [chap] = ok
(1) [mschap] = noop
(1) [digest] = noop
(1) suffix: Checking for suffix after "@"
(1) suffix: No '@' in User-Name = "c4:b3:01:5b:e3:79", looking up realm NULL
(1) suffix: No such realm "NULL"
(1) [suffix] = noop
(1) eap: No EAP-Message, not doing EAP
(1) [eap] = noop
(1) [files] = noop
(1) sql: EXPAND %{User-Name}
(1) sql: --> c4:b3:01:5b:e3:79
(1) sql: SQL-User-Name set to 'c4:b3:01:5b:e3:79'
rlm_sql (sql): Reserved connection (6)
(1) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id
(1) sql: --> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'c4:b3:01:5b:e3:79' ORDER BY id(1) sql: Executing select query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'c4:b3:01:5b:e3:79' ORDER BY id
(1) sql: User found in radcheck table
(1) sql: Conditional check items matched, merging assignment check items
(1) sql: Cleartext-Password := "c4:b3:01:5b:e3:79"
(1) sql: EXPAND SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id
(1) sql: --> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'c4:b3:01:5b:e3:79' ORDER BY id(1) sql: Executing select query: SELECT id, username, attribute, value, op FROM radreply WHERE username = 'c4:b3:01:5b:e3:79' ORDER BY id
(1) sql: EXPAND SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority
(1) sql: --> SELECT groupname FROM radusergroup WHERE username = 'c4:b3:01:5b:e3:79' ORDER BY priority
(1) sql: Executing select query: SELECT groupname FROM radusergroup WHERE username = 'c4:b3:01:5b:e3:79' ORDER BY priority
(1) sql: User not found in any groups
rlm_sql (sql): Released connection (6)
Need 1 more connections to reach min connections (3)
rlm_sql (sql): Opening additional connection (7), 1 of 30 pending slots used
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 5.7.22, protocol version 10
(1) [sql] = ok
(1) [expiration] = noop
(1) [logintime] = noop
(1) pap: WARNING: Auth-Type already set. Not setting to PAP
(1) [pap] = noop
(1) } # authorize = updated
(1) Found Auth-Type = CHAP
(1) # Executing group from file /etc/raddb/sites-enabled/default
(1) Auth-Type CHAP {
(1) chap: Comparing with "known good" Cleartext-Password
(1) chap: CHAP user "c4:b3:01:5b:e3:79" authenticated successfully
(1) [chap] = ok
(1) } # Auth-Type CHAP = ok
(1) # Executing section post-auth from file /etc/raddb/sites-enabled/default
(1) post-auth {
(1) update {
(1) No attributes updated
(1) } # update = noop
(1) sql: EXPAND .query
(1) sql: --> .query
(1) sql: Using query template 'query'
rlm_sql (sql): Reserved connection (5)
(1) sql: EXPAND %{User-Name}
(1) sql: --> c4:b3:01:5b:e3:79
(1) sql: SQL-User-Name set to 'c4:b3:01:5b:e3:79'
(1) sql: EXPAND INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S')
(1) sql: --> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'c4:b3:01:5b:e3:79', '0x26b5e87d6e3ae20e0c9f9b7ec1f3ba1050', 'Access-Accept', '2019-12-12 09:51:11.859278')
(1) sql: Executing query: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'c4:b3:01:5b:e3:79', '0x26b5e87d6e3ae20e0c9f9b7ec1f3ba1050', 'Access-Accept', '2019-12-12 09:51:11.859278')
(1) sql: SQL query returned: success
(1) sql: 1 record(s) updated
rlm_sql (sql): Released connection (5)
(1) [sql] = ok
(1) [exec] = noop
(1) policy remove_reply_message_if_eap {
(1) if (&reply:EAP-Message && &reply:Reply-Message) {
(1) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
(1) else {
(1) [noop] = noop
(1) } # else = noop
(1) } # policy remove_reply_message_if_eap = noop
(1) } # post-auth = ok
(1) Sent Access-Accept Id 30 from 148.252.41.12:1812 to 185.13.190.143:60381 length 0
(1) Finished request
Waking up in 0.7 seconds.
(2) Received Accounting-Request Id 112 from 185.13.190.143:47776 to 148.252.41.12:1813 length 69
(2) User-Name = "c4:b3:01:5b:e3:79"
(2) Acct-Session-Id = "3dr3mfty1bltwpg4"
(2) Acct-Status-Type = Start
(2) Event-Timestamp = "Dec 12 2019 09:51:12 EST"
(2) # Executing section preacct from file /etc/raddb/sites-enabled/default
(2) preacct {
(2) [preprocess] = ok
(2) policy rewrite_called_station_id {
(2) if (&Called-Station-Id && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})([^0-9a-f](.+))?$/i)) {
(2) if (&Called-Station-Id && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})([^0-9a-f](.+))?$/i)) -> FALSE
(2) else {
(2) [noop] = noop
(2) } # else = noop
(2) } # policy rewrite_called_station_id = noop
(2) policy rewrite_calling_station_id {
(2) if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) {
(2) if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) -> FALSE
(2) else {
(2) [noop] = noop
(2) } # else = noop
(2) } # policy rewrite_calling_station_id = noop
(2) policy acct_unique {
(2) update request {
(2) &Tmp-String-9 := "ai:"
(2) } # update request = noop
(2) if (("%{hex:&Class}" =~ /^%{hex:&Tmp-String-9}/) && ("%{string:&Class}" =~ /^ai:([0-9a-f]{32})/i)) {
(2) EXPAND %{hex:&Class}
(2) -->
(2) EXPAND ^%{hex:&Tmp-String-9}
(2) --> ^61693a
(2) if (("%{hex:&Class}" =~ /^%{hex:&Tmp-String-9}/) && ("%{string:&Class}" =~ /^ai:([0-9a-f]{32})/i)) -> FALSE
(2) else {
(2) update request {
(2) EXPAND %{md5:%{User-Name},%{Acct-Session-ID},%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}}
(2) --> 7db92fee37429b54c2a5c4d942df0351
(2) &Acct-Unique-Session-Id := 7db92fee37429b54c2a5c4d942df0351
(2) } # update request = noop
(2) } # else = noop
(2) } # policy acct_unique = noop
(2) suffix: Checking for suffix after "@"
(2) suffix: No '@' in User-Name = "c4:b3:01:5b:e3:79", looking up realm NULL
(2) suffix: No such realm "NULL"
(2) [suffix] = noop
(2) [files] = noop
(2) } # preacct = ok
(2) # Executing section accounting from file /etc/raddb/sites-enabled/default
(2) accounting {
(2) detail: EXPAND /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d
(2) detail: --> /var/log/radius/radacct/185.13.190.143/detail-20191212
(2) detail: /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d expands to /var/log/radius/radacct/185.13.190.143/detail-20191212
(2) detail: EXPAND %t
(2) detail: --> Thu Dec 12 09:51:11 2019
(2) [detail] = ok
(2) [unix] = ok
(2) sql: EXPAND %{tolower:type.%{Acct-Status-Type}.query}
(2) sql: --> type.start.query
(2) sql: Using query template 'query'
rlm_sql (sql): Reserved connection (6)
(2) sql: EXPAND %{User-Name}
(2) sql: --> c4:b3:01:5b:e3:79
(2) sql: SQL-User-Name set to 'c4:b3:01:5b:e3:79'
(2) sql: EXPAND INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm,
nasipaddress, nasportid, nasporttype, acctstarttime, acctupdatetime, acctstoptime,
acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{%{NAS-Port-ID}:-%{NAS-Port}}', '%{NAS-Port-Type}', FROM_UNIXTIME(%{integer:Event-Timestamp}), FROM_UNIXTIME(%{integer:Event-Timestamp}), NULL, '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-ID}', '%{Calling-Station-ID}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}')
(2) sql: --> INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm,
nasipaddress, nasportid, nasporttype, acctstarttime, acctupdatetime, acctstoptime,
acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress) VALUES ('3dr3mfty1bltwpg4', '7db92fee37429b54c2a5c4d942df0351', 'c4:b3:01:5b:e3:79', '', '185.13.190.143', '', '', FROM_UNIXTIME(1576162272), FROM_UNIXTIME(1576162272), NULL, '0', '', '', '', '0', '0', '', '', '', '', '', '')
(2) sql: Executing query: INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm,
nasipaddress, nasportid, nasporttype, acctstarttime, acctupdatetime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress) VALUES ('3dr3mfty1bltwpg4', '7db92fee37429b54c2a5c4d942df0351', 'c4:b3:01:5b:e3:79', '', '185.13.190.143', '', '', FROM_UNIXTIME(1576162272), FROM_UNIXTIME(1576162272), NULL, '0', '', '', '', '0', '0', '', '', '', '', '', '')
(2) sql: SQL query returned: success
(2) sql: 1 record(s) updated
rlm_sql (sql): Released connection (6)
(2) [sql] = ok
(2) [exec] = noop
(2) attr_filter.accounting_response: EXPAND %{User-Name}
(2) attr_filter.accounting_response: --> c4:b3:01:5b:e3:79
(2) attr_filter.accounting_response: Matched entry DEFAULT at line 12
(2) [attr_filter.accounting_response] = updated
(2) } # accounting = updated
(2) Sent Accounting-Response Id 112 from 148.252.41.12:1813 to 185.13.190.143:47776 length 0
(2) Finished request
(2) Cleaning up request packet ID 112 with timestamp +67
Waking up in 0.7 seconds.
除了让Ubiquiti解决此问题外,您唯一可以尝试的方法是在Class属性中返回Called-Station-ID值。 NAS打算在下一个Accounting-Request中返回此值,但并非所有返回。
post-auth {
update reply {
Class := "%{Called-Station-ID}"
}
}
preacct {
if (!&Called-Station-ID && &Class) {
update request {
Called-Station-ID := "%{string:Class}"
}
}
}