Koozali.org: home of the SME Server
Obsolete Releases => SME Server 8.x => Topic started by: Jáder on September 04, 2014, 06:39:42 PM
-
I'd like to list username of all users connected from VPN.
I can do a netstat but no usernames.
I could use smbstatus but then those users should be using smb protocol.
I'd like to use this to monitor who connects to access just a webservice/daemon.
Any tips ?
Thanks
Jáder
-
Jader,
a bit more info on "VPN" please. Which VPN mechnaism, build-in PPTP or a contrib?
If build-in PPTP then the DHCP log could tell you a bit more, for all PPTP users will get an ddress from the top of the DHCP range down. A script with 'grep' or other utilities could help.
Just a thought.
guest
-
I agree with RequestedDeletion and I'd addirittura that if vpn=pptp then radius' logo will tell you many interesting things
-
Sorry not be cristal clear: VPN == PPTP (we're in SME8 forum, not in SME8contribs ;)
I'll look for that info on radius log because DHCP knows nothing about logon usernames.
I'll update thread as soon as I get any news.
Regards
Jáder
-
It looks like you can assign a specific IP to each remote user -- then you could see who is connected by looking for their IP:
http://wiki.contribs.org/VPN_practical_tips#Mapping_Ip_addresses
I can't establish a successful VPN connection to my server at the moment -- but the username for each attempt is logged in /var/log/messages, looking like this:
Sep 6 09:05:18 office pppd[3758]: Peer mmccarn failed CHAP authentication
You might use this to see login info:grep pppd.*Peer /var/log/messages
A successful connection might create a useful entry in /var/log/pptpd/current.
-
http://uk-corp.org/Books/OReilly%20Books/radius/html/radius-chp-7-sect-3.html
http://pgregg.com/projects/radiusreport/
let us know.. and, if it works, woould you be so kind to write a page in the wiki? TIA :-)
-
If build-in PPTP then the DHCP log could tell you a bit more, for all PPTP users will get an ddress from the top of the DHCP range down.
They get an address from the DHCP range, but it's not allocated via DHCP, so won't appear in the DHCP logs. I think the output of 'last' will show the PPTP logged-in users.
-
http://uk-corp.org/Books/OReilly%20Books/radius/html/radius-chp-7-sect-3.html
http://pgregg.com/projects/radiusreport/
let us know.. and, if it works, woould you be so kind to write a page in the wiki? TIA :-)
Thanks for pointing to pgregg page.
I download the tool but was unable to use it to create any report.
After change PERL path on header o radiusrepot (removind LOCAL) I run:
[root@rinoceronte radiusreport-0.3b6]# ./radiusreport -r -f ./origem.txt
Complete summary of All users last logged in times
Username Real Name Last time on.
===============================================================
But there are data on that file as you can see:
[root@rinoceronte radiusreport-0.3b6]# head origem.txt
Sun Jan 8 12:00:01 2012
Acct-Session-Id = "4F09A1613E9E00"
User-Name = "jader"
Acct-Status-Type = Start
Service-Type = Framed-User
Framed-Protocol = PPP
Calling-Station-Id = "pptpd"
Acct-Authentic = RADIUS
NAS-Port-Type = Async
Framed-IP-Address = 192.168.47.90
(...)
If anyone wish to test, I can upload that origem.txt file somewhere.
EDIT: Fix formatation typo.
-
(...)
I think the output of 'last' will show the PPTP logged-in users.
No, there are no info available over there. I can find info about FTP logging in users... but not about PPTP. This is part of file, with IP changed
reboot system boot 2.6.18-348.12.1. Fri Sep 20 02:36 (12+03:48)
root pts/1 pc-00090.antinse Thu Sep 19 18:55 - 19:46 (00:50)
root pts/2 000.158.224.94 Thu Sep 19 11:21 - 11:59 (00:38)
root pts/0 pc-00090.antinse Thu Sep 19 11:08 - 13:34 (02:25)
root pts/0 000.158.224.94 Wed Sep 18 22:47 - 07:20 (08:32)
root pts/0 000.158.224.94 Wed Sep 18 18:53 - 19:04 (00:10)
public ftpd8457 000.215.138.222 Wed Sep 18 11:21 - 11:21 (00:00)
root pts/2 000.158.224.94 Wed Sep 18 09:32 - 09:54 (00:22)
-
I got significative forward steps on this! URRA!
Now I'm able to see reports.
So let's document my steps for now... later I'll wiki them and maybe create a contrib.
You must update radiusreport as shown by diff below:
root@rinoceronte radius-report]# diff -u radiusreport-0.3b6/radiusreport radiusreport
--- radiusreport-0.3b6/radiusreport 1998-04-12 08:35:23.000000000 -0300
+++ radiusreport 2014-09-09 06:21:41.000000000 -0300
@@ -1,4 +1,4 @@
-#!/usr/local/bin/perl
+#!/usr/bin/perl
#
# radiusreport - Extract information from Radius 2.0 detail log
#
@@ -526,7 +526,7 @@
print " -> $_" if ($DEBUG ge 3);
chomp;
$AcctSessionId = $_ if s/Acct-Session-Id = //;
- $UserName = $_ if s/User-Name = //;
+ $UserName = $_ if s/Stripped-User-Name = //;
$NasPort = $_ if s/NAS-Port = //;
$NasPortType = $_ if s/NAS-Port-Type = //;
$NasIPAddress = $_ if s/NAS-IP-Address = //;
[root@rinoceronte radius-report]#
and try it using:
./radiusreport -l jader -f /var/log/radius/accounting.log
to obtain a report for all users replace "-l jader" with "-l all"
Here you can see other parameters: http://uk-corp.org/Books/OReilly%20Books/radius/html/radius-chp-7-sect-3.html
-
Good work Jader.
A wiki page would be great, a contrib even better - you could open a bug as a NFR and document your work there.
B. Rgds
John