(RADIATOR) Ascend SNMP Problems

Hugh Irvine hugh at open.com.au
Tue Aug 28 18:50:08 CDT 2001 

Hello Leon -

You don't show the session database that you are using, but the problem is 
because you are doing a RewriteUsername and the rewritten username is being 
used to check against the NAS (which of course won't work).

The usual way to deal with this problem is to use an SQL session database and 
store both the original username and the rewritten username therein with your 
own queries. That way you can use the rewritten username for simultaneous use 
limit checking, and the original username for checking with the NAS.

regards

Hugh

On Wednesday 29 August 2001 01:18, Leon Oosterwijk wrote:
> Hugh/Mike,
>
> I've got a problem with the DefaulSimultaneousUse. This does not seem to
> work for my realm-based customers.
> Below is a trace level 4 of the different steps for checking the
> simutaneous use. As you can see it checks with the Ascend NAS using
> AscendSNMP. But the USERNAME passed is "lydia". Not "lydia at cora.net". Hence
> there is never match and Radiator thinks that the session has gone away.
> This however is not true. If the AscendSNMP would check agains
> "lydia at cora.net" it would notice that this username and the username in the
> MIB match and deny access.
>
> Mon Aug 27 11:53:11 2001: DEBUG: Checking if user is still online:
> AscendSNMP, lydia, 207.65.70.7, 842, 326199869
> Mon Aug 27 11:53:11 2001: DEBUG: Running command `/usr/bin/snmpget
> 207.65.70.7 community .iso.org.dod.internet.private.enterprises.326199869
> Mon Aug 27 11:53:11 2001: NOTICE: sessiondb Session for lydia at
> 207.65.70.7:842 has gone away
> Mon Aug 27 11:53:11 2001: DEBUG: sessiondb Deleting session for lydia,
> 207.65.70.7, 842
> Mon Aug 27 11:53:11 2001: DEBUG: do query is: delete from RADONLINE where
> USERNAME='lydia at cora.net' and NASIDENTIFIER='207.65.70.7'
>
> I've done a little bit of poking around the code to try and find out where
> the problem lies. However the code is a little bit dense for me. :)
>
> Sincerely,
>
> Leon Oosterwijk
>
>
> The part of the config file that is relevant to cora.net:
>
> ===============
> # NetServices -> cora.net
> #*******************************************************************
> <Handler Realm=cora.net>
> #       MaxSessions 1
>         RewriteUsername      s/^([^@]+).*/$1/
>
>         <AuthBy SQL>
>                 DBSource        dbi:mysql:NETSERVICES:host=216.153.4.28
>                 DBUsername      root
>                 DBAuth          shit
>
>                 AuthSelect select password, ip_address, netmask,
> port_limit, idle_timeout, max_connect_time  from Dialup where user$
>                 AuthColumnDef 0, User-Password, check
>                 AuthColumnDef 1, Framed-IP-Address, reply
>                 AuthColumnDef 2, Framed-IP-Netmask, reply
>                 AuthColumnDef 3, Ascend-Maximum-Channels, reply
>                 AuthColumnDef 4, Ascend-Idle-Limit, reply
>                 AuthColumnDef 5, Ascend-Maximum-Call-Duration, reply
>
>                 DefaultSimultaneousUse  1
>                 PrependToReply Ascend-Assign-IP-Pool = 12
>
> #               PrependToReply Ascend-Idle-Limit = 1800
>
>                 StripFromReply Proxy-State
>                 StripFromReply Filter-Id
>                 StripFromReply Framed-Routing
>                 StripFromReply Ascend-Idle-Limit
>
>                 AddToReply      Ascend-Idle-Limit = 1800
>                 AddToReplyIfNotExist Service-Type = Framed, Framed-Protocol
> = PPP, \
>                                 Ascend-Maximum-Call-Duration = 180,
> Ascend-Maximum-Channels = 2
>
> #                AddToReplyIfNotExist Framed-Routing = None
>
> #                AddToReplyIfNotExist Service-Type = Framed
> #                AddToReplyIfNotExist Framed-Protocol = PPP
> #                AddToReplyIfNotExist Ascend-Idle-Limit = 1800
>
> #                AddToReplyIfNotExist Ascend-Maximum-Call-Duration = 180
> #                AddToReplyIfNotExist Ascend-Maximum-Channels = 2
>
>         </AuthBy>
>
> </Handler>
> ===========================
>
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.

-- 
Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list