(RADIATOR) Failed Auth

Hugh Irvine hugh at open.com.au
Sun Dec 30 01:32:46 CST 2001


Hello Rick -

You have both AccountingStartsOnly and AccountingStopsOnly in your AuthBy SQL 
clause, therefore you will never insert any accounting records into the 
database. Furthermore, I do not see any accounting requests in the Radiator 
trace which would tend to suggest that the NAS is not sending them (or there 
is a filter blocking them).

regards

Hugh


On Sun, 30 Dec 2001 04:10, Rick Ross wrote:
> > the only problem I have now is it will not inject any accounting into the
> >
> > > data base This is current
>
> Fri Dec 28 22:23:02 2001: INFO: Server started: Radiator 2.19 on
> nga.nishnanet.com
> Fri Dec 28 22:23:02 2001: DEBUG: Packet dump:
> *** Received from 0000.27 port 44419 ....
> Code:       Access-Request
> Identifier: 222
> Authentic:  <175>^n;<205>lmgs<23>'<184>s`g<178>
> Attributes:
>  User-Name = "j"
>  CHAP-Password = <1><135> J<163>En<2><213><255>a<249>#g<249><W
>  NAS-IP-Address = 0000
>  NAS-Port = 7190
>  Service-Type = Framed-User
>  Framed-Protocol = PPP
>  Cisco-NAS-Port = "Async5/17*Serial7/0:1:22"
>  Acct-Session-Id = "070003A8"
>  NAS-Port-Type = Async
>
> Fri Dec 28 22:23:02 2001: DEBUG: Handling request with Handler 'Realm='
> Fri Dec 28 22:23:02 2001: DEBUG: sql_0 Deleting session for j, 0000, 7190
> Fri Dec 28 22:23:02 2001: DEBUG: do query is: delete from RADONLINE where
> NASIDENTIFIER=00006' and NASPORT=07190
>
> Fri Dec 28 22:23:02 2001: DEBUG: Handling with Radius::AuthSQL
> Fri Dec 28 22:23:02 2001: DEBUG: Handling with Radius::AuthSQL: auth_0
> Fri Dec 28 22:23:02 2001: DEBUG: Query is: select PASSWORD from SUBSCRIBERS
> where USERNAME='j'
>
> Fri Dec 28 22:23:02 2001: DEBUG: Radius::AuthSQL looks for match with j
> Fri Dec 28 22:23:02 2001: DEBUG: Radius::AuthSQL ACCEPT:
> Fri Dec 28 22:23:02 2001: DEBUG: Access accepted for j
> Fri Dec 28 22:23:02 2001: DEBUG: Packet dump:
> *** Sending to 0000.27 port 44419 ....
> Code:       Access-Accept
> Identifier: 222
> Authentic:  <175>^n;<205>lmgs<23>'<184>s`g<178>
> Attributes:
>  Service-Type = Framed-User
>  Framed-Protocol = PPP
>
> Fri Dec 28 22:23:02 2001: DEBUG: Packet dump:
> *** Received from 0000.27 port 44419 ....
> Code:       Access-Request
> Identifier: 222
> Authentic:  <175>^n;<205>lmgs<23>'<184>s`g<178>
> Attributes:
>  User-Name = "jy"
>  CHAP-Password = <1><135> J<163>En<2><213><255>a<249>#g<249><W
>  NAS-IP-Address = 0000
>  NAS-Port = 7190
>  Service-Type = Framed-User
>  Framed-Protocol = PPP
>  Cisco-NAS-Port = "Async5/17*Serial7/0:1:22"
>  Acct-Session-Id = "070003A8"
>  NAS-Port-Type = Async
>
> Fri Dec 28 22:23:02 2001: INFO: Duplicate request id 222 received from
> 209.211.205.27(44419): ignored
> Fri Dec 28 22:23:44 2001: DEBUG: Packet dump:
> *** Received from 0000.27 port 44420 ....
> Code:       Access-Request
> Identifier: 223
> Authentic:  Upk?<130>dk<230>s<23>'<184><198>Fd7
> Attributes:
>  User-Name = "j"
>  CHAP-Password =
> <1><145><158>&<222><170><24><207><237><215>+<20>pt%<219><169>
>  NAS-IP-Address = 63.152.3.66
>  NAS-Port = 7190
>  Service-Type = Framed-User
>  Framed-Protocol = PPP
>  Cisco-NAS-Port = "Async5/18*Serial7/0:1:22"
>  Acct-Session-Id = "070003A9"
>  NAS-Port-Type = Async
>
> Fri Dec 28 22:23:44 2001: DEBUG: Handling request with Handler 'Realm='
> Fri Dec 28 22:23:44 2001: DEBUG: sql_0 Deleting session for j, 0000, 7190
> Fri Dec 28 22:23:44 2001: DEBUG: do query is: delete from RADONLINE where
> NASIDENTIFIER=00000and NASPORT=07190
>
> Fri Dec 28 22:23:44 2001: DEBUG: Handling with Radius::AuthSQL
> Fri Dec 28 22:23:44 2001: DEBUG: Handling with Radius::AuthSQL: auth_0
> Fri Dec 28 22:23:44 2001: DEBUG: Query is: select PASSWORD from SUBSCRIBERS
> where USERNAME='jy'
>
> Fri Dec 28 22:23:44 2001: DEBUG: Radius::AuthSQL looks for match with
> jkenney
> Fri Dec 28 22:23:44 2001: DEBUG: Radius::AuthSQL ACCEPT:
> Fri Dec 28 22:23:44 2001: DEBUG: Access accepted for j
> Fri Dec 28 22:23:44 2001: DEBUG: Packet dump:
> *** Sending to 00000.27 port 44420 ....
> Code:       Access-Accept
> Identifier: 223
> Authentic:  Upk?<130>dk<230>s<23>'<184><198>Fd7
> Attributes:
>  Service-Type = Framed-User
>  Framed-Protocol = PPP
>
> Fri Dec 28 23:16:59 2001: DEBUG: Packet dump:
> *** Received from 0000.27 port 44455 ....
> Code:       Access-Request
> Identifier: 224
> Authentic:  <152><175>t<236>Wy<222><190>s<23>'<184><222><132><206><188>
> Attributes:
>  User-Name = "j"
>  CHAP-Password = <1><198><220>HfDz<139><246><179><235>zCJ<134><146>j
>  NAS-IP-Address = 0000
>  NAS-Port = 7190
>  Service-Type = Framed-User
>  Framed-Protocol = PPP
>  Cisco-NAS-Port = "Async5/21*Serial7/0:1:22"
>  Acct-Session-Id = "070003AB"
>  NAS-Port-Type = Async
>
> Fri Dec 28 23:16:59 2001: DEBUG: Handling request with Handler 'Realm='
> Fri Dec 28 23:16:59 2001: DEBUG: sql_0 Deleting session for j, 0000, 7190
> Fri Dec 28 23:16:59 2001: DEBUG: do query is: delete from RADONLINE where
> NASIDENTIFIER=00000and NASPORT=07190
>
> Fri Dec 28 23:16:59 2001: DEBUG: Handling with Radius::AuthSQL
> Fri Dec 28 23:16:59 2001: DEBUG: Handling with Radius::AuthSQL: auth_0
> Fri Dec 28 23:16:59 2001: DEBUG: Query is: select PASSWORD from SUBSCRIBERS
> where USERNAME='j'
>
> Fri Dec 28 23:16:59 2001: DEBUG: Radius::AuthSQL looks for match with j
> Fri Dec 28 23:16:59 2001: DEBUG: Radius::AuthSQL ACCEPT:
> Fri Dec 28 23:16:59 2001: DEBUG: Access accepted for j
> Fri Dec 28 23:16:59 2001: DEBUG: Packet dump:
> *** Sending to 0000.27 port 44455 ....
> Code:       Access-Accept
> Identifier: 224
> Authentic:  <152><175>t<236>Wy<222><190>s<23>'<184><222><132><206><188>
> Attributes:
>  Service-Type = Framed-User
>  Framed-Protocol = PPP
>
> ########config file#########################
> AcctPort 1646
> AuthPort 1645
> DbDir /usr/local/etc/raddb
> DictionaryFile /usr/local/etc/raddb/dictionary
> Foreground
> LogDir /var/log/radius
> LogFile %L/logfile
> LogStdout
> PidFile /var/run/radiusd.pid
> Trace 4
>
> <AuthBy SQL>
>   AccountingStartsOnly
>   AccountingStopsOnly
>   AccountingTable ACCOUNTING
>   AcctColumnDef USERNAME,User-Name
>   AcctColumnDef TIME_STAMP,Timestamp,integer
>   AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
>   AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
>   AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
>   AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
>   AcctColumnDef ACCTSESSIONID,Acct-Session-Id
>   AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
>   AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
>   AcctColumnDef NASIDENTIFIER,NAS-Identifier
>   AcctColumnDef NASPORT,NAS-Port,integer
>   AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
>   AddToReply Ascend-Data-Filter=ip in forward tcp est,Ascend-Data-Filter=ip
> in forward dstip 192.48.96.0/24,Ascend-Data-Filter=ip in drop tcp dstport
> =25,Ascend-Data-Filter=ip in forward
>   AuthSelect select PASSWORD from SUBSCRIBERS where USERNAME='%n'
>   DBAuth wwww
>   DBSource dbi:mysql:radius
>   DBUsername wwww
>   DefaultReply Service-Type=Framed-User,Framed-Protocol=PPP
>   Description global access
>   Identifier auth_0
> </AuthBy>
>
> <Client radtest01.arl.qwestip.net>
>   Description testing
>   DupInterval 2
>   IdenticalClients
>   IdenticalClients
>   IdenticalClients
>   IdenticalClients
>   IdenticalClients
>   IdenticalClients
>   IdenticalClients
>   IdenticalClients
>   IdenticalClients
>   IdenticalClients
>   IdenticalClients
>   IdenticalClients
>   IdenticalClients
>   NasType unknown
>   Secret hgfdhgfdh
> </Client>
>
> <Realm nishnanet.com>
>   AcctLogFileName /var/log/radius/accounting
>   AuthBy auth_0
>   AuthByPolicy ContinueAlways
>   Description Global Dial
>   RejectHasReason
>   SessionDatabase sql_0
> </Realm>
>
> <Realm >
>   AcctLogFileName /var/log/radius/logfile
>   AuthBy auth_0
>   AuthByPolicy ContinueAlways
>   Description username only
>   RejectHasReason
>   SessionDatabase sql_0
> </Realm>
>
> ----- Original Message -----
> From: "Hugh Irvine" <hugh at open.com.au>
> To: "Rick Ross" <rickross at nishna.net>
> Sent: Saturday, December 29, 2001 2:00 AM
> Subject: Re: (RADIATOR) Failed Auth
>
> > Hello Rick -
> >
> > On Sat, 29 Dec 2001 05:23, Rick Ross wrote:
> > > I restarted the server a few times and it started working
> > > just killing and restarting radiator didnt work
> > >
> > > the only problem I have now is it will not inject any accounting into
>
> the
>
> > > data base
> >
> > I will need to see a copy of the configuration file (no secrets) and a
>
> trace
>
> > 4 debug from Radiator showing what is happening.
> >
> > > would radmin be a good program for us
> > > as we also need to do complete accounting for the users
> > > do you know what attrib i need to add to do the following
> >
> > Radmin is a user management tool - it is not a billing system. There are
> > numerous billing packages listed on the Radiator web site.
> >
> > > Furthermore, SMTP filtering needs to be
> > > applied using attribute 242, but also be
> > > able to move to attribute 11 in the near future.
> >
> > You can use any attributes defined in the dictionary file (and you are
>
> free
>
> > to add any that may be missing).
> >
> > regards
> >
> > Hugh
> >
> >
> > --
> > Radiator: the most portable, flexible and configurable RADIUS server
> > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
> > -
> > Nets: internetwork inventory and management - graphical, extensible,
> > flexible with hardware, software, platform and database independence.

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list