(RADIATOR) MaxSessions issue, still a problem

Hugh Irvine hugh at open.com.au
Fri Jul 13 01:43:10 CDT 2001


Hello Vangelis -

Actually, an internal session database is exactly that - a session database 
held entirely in memory. The username in each request is what is used, as 
follows: Access-Request - check current sessions and reject if limit 
exceeded, Accounting Start - add new record, Accounting Start - delete record.

regards

Hugh


On Thursday 12 July 2001 22:33, Vangelis Kyriakakis wrote:
> I think the problem when you use the Internal session database is that it
> uses the username from the Accounting file to count the number of sessions.
> When a new user logs in it checks the rewritten username against the
> session database. So it checks with the name uunoc and not with the
> uunoc at bbeyond.nl and sees that it hasn't logged in again. I had the same
> problem with small and capital letters.
>    Maxsession 0 works always since it's no need to check the session
> database...
>
>                    Vangelis
>
> Dmitry Kopylov wrote:
> > Hi,
> >
> > I upgraded to the 18.2.2 but the problem with MaxSession still exists.
> > Here is part of config and trace 4 output:
> >
> > <Handler Realm=bbeyond.nl>
> >         RewriteUsername s/^([^@]+).*/$1/
> >         MaxSessions 1
> >         <AuthBy FILE>
> >         </AuthBy>
> >         AcctLogFileName %L/bbeyond/details
> >         PasswordLogFileName %L/bbeyond/uunet-passwords.log
> > </Handler>
> >
> > If I set MaxSessions 0, it works and rejects all sessions, but when I set
> > MaxSessions to 1 it allows the second connection with the same username.
> >
> > MaxSessions 0:
> >
> > Thu Jul 12 11:30:06 2001: DEBUG: Reading users file
> > /opt/radiator-2.18/raddb/users
> > Thu Jul 12 11:30:06 2001: DEBUG: Reading users file
> > /opt/radiator-2.18/raddb/users
> > Thu Jul 12 11:30:06 2001: INFO: Server started: Radiator 2.18.2 on
> > bbyrad1.bbeyond.nl
> > Thu Jul 12 11:30:25 2001: DEBUG: Packet dump:
> > *** Received from 62.177.149.2 port 1645 ....
> > Code:       Access-Request
> > Identifier: 102
> > Authentic:  z<211><178><22><170><220><204><200><219>w6<5>;<11>>:
> > Attributes:
> >         User-Name = "uunoc at bbeyond.nl"
> >         User-Password = "_<178><219>A<0><201><238><192>3<130><183>
> > <28>@q<228>"
> >         NAS-IP-Address = 213.116.1.14
> >         NAS-Port = 70
> >         NAS-Port-Type = Sync
> >         Service-Type = Framed-User
> >         Framed-Protocol = PPP
> >         State = ""
> >         Calling-Station-Id = "235652175"
> >         Called-Station-Id = "0107110035"
> >         Acct-Session-Id = "328619273"
> >         Ascend-Data-Rate = 64000
> >         Ascend-Xmit-Rate = 64000
> >         Proxy-State =
> > PX01<0><0><*z<211><178><22><170><220><204><200><219>w6<5>;
> > <11>>:<0><2><6><149><213>t<1><14><0><0><0><0><0><0><0><0><0><0><0>F<0><2>
> ><7> <20>
> >
> > ><177><144><3><0><0><0><0><0><0><0><0><0><0><5><22><0><224><199><221>h<25
> > >1><
> >
> > 225>
> > <236>&<13>XA<188>NY<153>O
> >
> > Thu Jul 12 11:30:25 2001: DEBUG: Check if Handler Realm=bbeyond.nl should
> > be use
> > d to handle this request
> > Thu Jul 12 11:30:25 2001: DEBUG: Handling request with Handler
> > 'Realm=bbeyond.nl
> > '
> > Thu Jul 12 11:30:25 2001: DEBUG: Rewrote user name to uunoc
> > Thu Jul 12 11:30:25 2001: DEBUG:  Deleting session for uunoc at bbeyond.nl,
> > 213.116
> > .1.14, 70
> > Thu Jul 12 11:30:25 2001: INFO: Access rejected for uunoc: MaxSessions
> > exceeded
> > Thu Jul 12 11:30:25 2001: DEBUG: Packet dump:
> > *** Sending to 62.177.149.2 port 1645 ....
> > Code:       Access-Reject
> > Identifier: 102
> > Authentic:  z<211><178><22><170><220><204><200><219>w6<5>;<11>>:
> > Attributes:
> >         Reply-Message = "Request Denied"
> >
> > MaxSessions 1:
> >
> > Thu Jul 12 11:31:26 2001: NOTICE: SIGTERM received: stopping
> > Thu Jul 12 11:31:28 2001: DEBUG: Reading users file
> > /opt/radiator-2.18/raddb/users
> > Thu Jul 12 11:31:28 2001: DEBUG: Reading users file
> > /opt/radiator-2.18/raddb/users
> > Thu Jul 12 11:31:29 2001: INFO: Server started: Radiator 2.18.2 on
> > bbyrad1.bbeyond.nl
> > Thu Jul 12 11:31:37 2001: DEBUG: Packet dump:
> > *** Received from 62.177.149.1 port 1645 ....
> > Code:       Access-Request
> > Identifier: 173
> > Authentic:  <242><12> <252>)<203>T<230><252><143>P<201><22>}9Y
> > Attributes:
> >         User-Name = "uunoc at bbeyond.nl"
> >         User-Password = "e<218><137><3>\<17><241><230>gi<150>q <208>cn"
> >         NAS-IP-Address = 213.116.1.30
> >         NAS-Port = 2054
> >         NAS-Port-Type = Sync
> >         Service-Type = Framed-User
> >         Framed-Protocol = PPP
> >         State = ""
> >         Calling-Station-Id = "235652175"
> >         Called-Station-Id = "0107110035"
> >         Acct-Session-Id = "347654980"
> >         Ascend-Data-Rate = 64000
> >         Ascend-Xmit-Rate = 64000
> >         Proxy-State = PX01<0><0><9><254><242><12>
> > <252>)<203>T<230><252><143>P<2
> > 01><22>}9Y<0><2><6><140><213>t<1><30><0><0><0><0><0><0><0><0><0><0><8><6>
> ><0> <2><
> > 7><20>><177><144><3><0><0><0><0><0><0><0><0><0><0><5><22><0>u<151><253>^<
> >30> H<18
> > 5><142><234><10>v\w<187><218>n
> >
> > Thu Jul 12 11:31:37 2001: DEBUG: Check if Handler Realm=bbeyond.nl should
> > be use
> > d to handle this request
> > Thu Jul 12 11:31:37 2001: DEBUG: Handling request with Handler
> > 'Realm=bbeyond.nl
> > '
> > Thu Jul 12 11:31:37 2001: DEBUG: Rewrote user name to uunoc
> > Thu Jul 12 11:31:37 2001: DEBUG:  Deleting session for uunoc at bbeyond.nl,
> > 213.116
> > .1.30, 2054
> > Thu Jul 12 11:31:37 2001: DEBUG: Handling with Radius::AuthFILE
> > Thu Jul 12 11:31:37 2001: DEBUG: Radius::AuthFILE looks for match with
> > uunoc Thu Jul 12 11:31:37 2001: DEBUG: Radius::AuthFILE ACCEPT:
> > Thu Jul 12 11:31:37 2001: DEBUG: Access accepted for uunoc
> > Thu Jul 12 11:31:37 2001: DEBUG: Packet dump:
> > *** Sending to 62.177.149.1 port 1645 ....
> > Code:       Access-Accept
> > Identifier: 173
> > Authentic:  <242><12> <252>)<203>T<230><252><143>P<201><22>}9Y
> > Attributes:
> >         Proxy-State = PX01<0><0><9><254><242><12>
> > <252>)<203>T<230><252><143>P<2
> > 01><22>}9Y<0><2><6><140><213>t<1><30><0><0><0><0><0><0><0><0><0><0><8><6>
> ><0> <2><
> > 7><20>><177><144><3><0><0><0><0><0><0><0><0><0><0><5><22><0>u<151><253>^<
> >30> H<18
> > 5><142><234><10>v\w<187><218>n
> >         Service-Type = Framed-User
> >         Framed-Protocol = PPP
> > Thu Jul 12 11:32:09 2001: DEBUG: Packet dump:
> > *** Received from 62.177.149.3 port 1645 ....
> > Code:       Access-Request
> > Identifier: 142
> > Authentic:  <169>}<237><131><201><239><13>BCw<255><205><14><128><213>F
> > Attributes:
> >         User-Name = "uunoc at bbeyond.nl"
> >         User-Password =
> > "<229>jVD<174><222><25><10>U<246>o<242><229><3><7>*" NAS-IP-Address =
> > 213.116.1.11
> >         NAS-Port = 3209
> >         NAS-Port-Type = Sync
> >         Service-Type = Framed-User
> >         Framed-Protocol = PPP
> >         State = ""
> >         Calling-Station-Id = "235652175"
> >         Called-Station-Id = "0107110035"
> >         Acct-Session-Id = "328849897"
> >         Ascend-Data-Rate = 64000
> >         Ascend-Xmit-Rate = 64000
> >         Proxy-State =
> > PX01<0><0>]<184><169>}<237><131><201><239><13>BCw<255><205
> >
> > ><14><128><213>F<0><2><6><142><213>t<1><11><0><0><0><0><0><0><0><0><0><0>
> > ><12 <13
> >
> > 7><0><2><7><20>><177><144><3><0><0><0><0><0><0><0><0><0><0><5><22><0><130
> >>s< 205>
> > <<224><149>z<143>gH<147><173>k/<221><239>
> >
> > Thu Jul 12 11:32:09 2001: DEBUG: Check if Handler Realm=bbeyond.nl should
> > be use
> > d to handle this request
> > Thu Jul 12 11:32:09 2001: DEBUG: Handling request with Handler
> > 'Realm=bbeyond.nl
> > '
> > Thu Jul 12 11:32:09 2001: DEBUG: Rewrote user name to uunoc
> > Thu Jul 12 11:32:09 2001: DEBUG:  Deleting session for uunoc at bbeyond.nl,
> > 213.116
> > .1.11, 3209
> > Thu Jul 12 11:32:09 2001: DEBUG: Handling with Radius::AuthFILE
> > Thu Jul 12 11:32:09 2001: DEBUG: Radius::AuthFILE looks for match with
> > uunoc Thu Jul 12 11:32:09 2001: DEBUG: Radius::AuthFILE ACCEPT:
> > Thu Jul 12 11:32:09 2001: DEBUG: Access accepted for uunoc
> > Thu Jul 12 11:32:09 2001: DEBUG: Packet dump:
> > *** Sending to 62.177.149.3 port 1645 ....
> > Code:       Access-Accept
> > Identifier: 142
> > Authentic:  <169>}<237><131><201><239><13>BCw<255><205><14><128><213>F
> > Attributes:
> >         Proxy-State =
> > PX01<0><0>]<184><169>}<237><131><201><239><13>BCw<255><205
> >
> > ><14><128><213>F<0><2><6><142><213>t<1><11><0><0><0><0><0><0><0><0><0><0>
> > ><12 <13
> >
> > 7><0><2><7><20>><177><144><3><0><0><0><0><0><0><0><0><0><0><5><22><0><130
> >>s< 205>
> > <<224><149>z<143>gH<147><173>k/<221><239>
> >         Service-Type = Framed-User
> >         Framed-Protocol = PPP
> >
> > Regards,
> > Dmitry Kopylov
> >
> > Network Architect ISP/DSL
> > BBned
> > Saturnusstraat 40-44
> > 2132 HB Hoofdorp
> > Phone: +31 23 5659953
> > Fax:     +31 23 5633356
> > Mobile: +31 62 7047960
> > ===
> > Archive at http://www.open.com.au/archives/radiator/
> > Announcements on radiator-announce at open.com.au
> > To unsubscribe, email 'majordomo at open.com.au' with
> > 'unsubscribe radiator' in the body of the message.
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.

-- 
Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list