I am using a RB951Ui-2HnD as a wireless AP using FreeRADIUS with SQL backend for authentication and accounting.
RouterOS is version 6.17, but I've been having the same problem with previous versions.
Authentication works OK but the problem is with accounting. The AP fails to provide the Calling-Station-Id (wifi station's MAC address) property to the radius server in the Accounting-Request packet. So the session record in the accounting table contains an empty field for Calling-Station-Id. I need this field to do stale session cleanup, but I can't figure out how to make the AP provide it with the Accounting-Request to the radius server.
As a matter of fact, the AP does provide Calling-Station-Id in the Access-Request packet, here's the relevant freeradius debug log excerpt:
Code: Select all
rad_recv: Access-Request packet from host 192.168.13.4 port 41720,
id=192, length=219
Service-Type = Framed-User
Framed-MTU = 1400
User-Name = "cleaver"
NAS-Port-Id = "wlan1"
NAS-Port-Type = Wireless-802.11
Acct-Session-Id = "82000027"
Acct-Multi-Session-Id =
"D4-CA-6D-F6-55-C1-CC-FA-00-C6-4A-A6-82-00-00-00-00-00-00-1F"
--->>> Calling-Station-Id = "CC-FA-00-C6-4A-A6" //emphasys mine
Called-Station-Id = "D4-CA-6D-F6-55-C1:datamax"
EAP-Message = 0x0200000c01636c6561766572
Message-Authenticator = 0x434e50ee2a38b4327019b1f023d7006e
NAS-Identifier = "MikroTik"
NAS-IP-Address = 192.168.13.4
But here's the debug output for the Accounting-Request sent to the radius server, where this attribute disappears:
Code: Select all
rad_recv: Accounting-Request packet from host 192.168.13.4 port 51157,
id=205, length=153
Service-Type = Framed-User
NAS-Port-Id = "wlan1"
NAS-Port-Type = Wireless-802.11
User-Name = "cleaver"
Acct-Session-Id = "82000027"
Acct-Multi-Session-Id =
"D4-CA-6D-F6-55-C1-CC-FA-00-C6-4A-A6-82-00-00-00-00-00-00-1F"
Acct-Authentic = RADIUS
Acct-Status-Type = Start
NAS-Identifier = "MikroTik"
Acct-Delay-Time = 0
NAS-IP-Address = 192.168.13.4
This behavior is rather strange because the RouterOS documentation about radius says that:
So the AP is expected to provide the Calling-Station-Id attribute in Accounting-Request too, but it does not. It only provides it in Access-Accept.The accounting request carries the same attributes as Access Request, plus these ones:
......
......
Is there a way to configure my routerboard so that it provides the Calling-Station-Id attribute in the Accounting-Request packet to the radius server? I really need this attribute for accounting, and according to the documentation, it should be there.
Any suggestions?
Thanks!