-
Notifications
You must be signed in to change notification settings - Fork 654
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Radius Integration Problem #8730
Comments
Hi @iesreza, next time please open individual tickets if possible.
|
Hi @lucaderi, regarding to above: 2- It was my mistake in explnation, you are right. However in case of a logged in user instead of recieving username inside Interim Update message, we recieve data := map[string]interface{}{
"associations": map[string]interface{}{
lease.MacAddress: map[string]interface{}{
"group": pool,
"connectivity": "pass",
"username": username,
"password": password,
},
},
}
resp, err := curl.Post( settings.NTOPNG.BasePath+"/lua/rest/v2/set/pool/members.lua", curl.BodyJSON(data), curl.BasicAuth{
Username: settings.NTOPNG.Username, Password: settings.NTOPNG.Password,
}) 3- About third request i try to explain the case: Rarely it is possible throgh the dashboard the group of user get changed to captivepass. in this case user will lose connectivity and we have no way to track and sync between radius and ntopng. so one solution could be having accounting or CoA message in case of change in group so we can align both radius and ntopng. However at the moment we achievied same result by priodically prompting host info. |
As of 1. Can you please check if the MAC address corresponding to the host is still in ntopng's memory? |
With the latest version of ntop, we are currently testing the disconnect issue. Since reproducing the problem and completing the test takes some time, we can skip disconnect issue for now. If the issue persists, I will open a separate ticket. Regarding the incorrect username in the interim update, I have attached the request to nedge along with another example of an Interim Update. Assign user to group:
Interim Update Packet:
|
Hi @iesreza it looks like the group and the username are swapped in the interim update. We have just checked the code and we didn't find a swap between the two.
We have made some tests as follows
And data seems to be correct As you are calling members.lua we would like you to double-check from your end if the parameters are correct and the data in redis is written properly as shown above. Can you please do this and report? |
The issue seems fixed as of now. |
Environment:
What happened:
We noticed several issues with NTOPNG integration with RADIUS.
1- NTOPNG disconnects the users and change the group into captivepass after about 30 minutes of inactivity. This behaviour happens when the user is still present on the network but does not do any internet traffic. we already asked to remove auto disconnect in #8728
2- We have introduced a radius proxy to fill the consumption tracking gap regarding to #8706 and during integration we have noticed NTOPNG reports wrong pool (group) for some devices while do Interim Update on radius.
In the provided example the user pool is
gnvcrewstar
while in the packet as provided marked ascaptivepass
.MAC stats API response:
Radius Recieved Packet:
3- Changing the pool (group) from dashboard does not trigger any RADIUS accounting request.
The text was updated successfully, but these errors were encountered: