RADIUS Accounting Log and Packet Capture Examples
Output.master Message: (3rd Party SSO Device = 10.12.242.15)
yams.SSOManager FINER :: 2021-11-01 11:43:57:498 :: #64 :: SSOManager.testAdapterPerAgent processing event for agent 10.12.242.15(null) of type
RADIUS
yams.SSOManager FINER :: 2021-11-01 11:43:57:498 :: #64 :: SSOManager.getAccessPolicy for D4:81:D7:90:F6:5E
172.0.13.10 and
user Test_User
TCP Capture:
CentOS:
tcpdump -nni any host <3rd Party SSO Device IP address> and port 1813 -vvv
FortiNAC-OS:
execute enter-shell
tcpdump -nni any host <3rd Party SSO Device IP address> and port 1813 -vvv
>
tcpdump -nni any host 10.12.242.15 and port 1813 -vvv
10.12.242.16.33738 >
10.12.242.15.
1813: [bad udp cksum 0xf8d5 -> 0x6841!] RADIUS, length: 132
Accounting-Request (4), id: 0x00, Authenticator: 19db9d113e72a0cd99d40ccb1f8d7dfe
User-Name Attribute (1), length: 7, Value:
TEST_USER
0x0000: 626c 6169 6e
Service-Type Attribute (6), length: 6, Value: Login
0x0000: 0000 0001
Acct-Status-Type Attribute (40), length: 6, Value: Start
0x0000: 0000 0001
Acct-Session-Id Attribute (44), length: 19,
Value: TEST_USER _172.0.13.10
0x0000: 626c 6169 6e5f 3137 322e 302e 3133 2e31
0x0010: 30
Vendor-Specific Attribute (26), length: 12, Value: Vendor: Unknown (12356)
Vendor Attribute: 2, Length: 4, Value: ....
0x0000: 0000 3044 0206 ac00 0d0a
Framed-IP-Address Attribute (8), length: 6, Value: 172.0.13.10
0x0000: ac00 0d0a
Class Attribute (25), length: 13, Value: NAC-Default
0x0000: 4e41 432d 4465 6661 756c 74
NAS-Port Attribute (5), length: 6, Value: 36123
0x0000: 0000 8d1b
NAS-Identifier Attribute (32), length: 31, Value: atlas.supportlab.fortinac.com
0x0000: 6174 6c61 732e 7375 7070 6f72 746c 6162
0x0010: 2e66 6f72 7469 6e61 632e 636f 6d
NAS-IP-Address Attribute (4), length: 6, Value: 10.12.242.16
0x0000: 0a0c f210