(RADIATOR) MaxSessions issue, still a problem

Hugh Irvine hugh at open.com.au
Fri Jul 13 02:18:58 CDT 2001


Hello Dmitry -

Here is what I get with this configuration file (copied from your mail):

Foreground
Trace 4
 
<Client DEFAULT>
        Secret mysecret
</Client>
 
<Handler Realm=bbeyond.nl>
  RewriteUsername s/^([^@]+).*/$1/
  MaxSessions 1
  <AuthBy FILE>
        Filename ./bbeyond.users
  </AuthBy>
  AcctLogFileName %L/bbeyond/details
  PasswordLogFileName %L/bbeyond/uunet-passwords.log
</Handler>   


This is the debug:
                     
Fri Jul 13 17:00:42 2001: DEBUG: Reading users file ./bbeyond.users
Fri Jul 13 17:00:42 2001: INFO: Server started: Radiator 2.18.2 on hugo

Fri Jul 13 17:02:35 2001: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 1050 ....
Code:       Access-Request
Identifier: 50
Authentic:  1234567890123456
Attributes:
        User-Name = "uunoc at bbeyond.nl"
        Service-Type = Framed-User
        NAS-IP-Address = 203.63.154.1
        NAS-Port = 1234
        NAS-Port-Type = Async
        User-Password = 
"<141><238>,<217><175>\<4><246><188>8<9><160><216>}x<153>"

Fri Jul 13 17:02:35 2001: DEBUG: Check if Handler Realm=bbeyond.nl should be 
used to handle this request
Fri Jul 13 17:02:35 2001: DEBUG: Handling request with Handler 
'Realm=bbeyond.nl'
Fri Jul 13 17:02:35 2001: DEBUG: Rewrote user name to uunoc
Fri Jul 13 17:02:35 2001: DEBUG:  Deleting session for uunoc at bbeyond.nl, 
203.63.154.1, 1234
Fri Jul 13 17:02:35 2001: DEBUG: Handling with Radius::AuthFILE
Fri Jul 13 17:02:35 2001: DEBUG: Radius::AuthFILE looks for match with uunoc
Fri Jul 13 17:02:35 2001: DEBUG: Radius::AuthFILE ACCEPT:
Fri Jul 13 17:02:35 2001: DEBUG: Access accepted for uunoc
Fri Jul 13 17:02:35 2001: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 1050 ....
Code:       Access-Accept
Identifier: 50
Authentic:  1234567890123456
Attributes:
        Service-Type = Framed-User
        Framed-Protocol = PPP
        Framed-IP-Netmask = 255.255.255.254

Fri Jul 13 17:02:35 2001: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 1050 ....
Code:       Accounting-Request
Identifier: 51
Authentic:  TW<196>5g<15><204>x<217>Y@>?+<189>9
Attributes:
        User-Name = "uunoc at bbeyond.nl"
        Service-Type = Framed-User
        NAS-IP-Address = 203.63.154.1
        NAS-Port = 1234
        NAS-Port-Type = Async
        Acct-Session-Id = "00001234"
        Acct-Status-Type = Start

Fri Jul 13 17:02:35 2001: DEBUG: Check if Handler Realm=bbeyond.nl should be 
used to handle this request
Fri Jul 13 17:02:35 2001: DEBUG: Handling request with Handler 
'Realm=bbeyond.nl'
Fri Jul 13 17:02:35 2001: DEBUG: Rewrote user name to uunoc
Fri Jul 13 17:02:35 2001: DEBUG:  Adding session for uunoc at bbeyond.nl, 
203.63.154.1, 1234
Fri Jul 13 17:02:35 2001: DEBUG: Handling with Radius::AuthFILE
Fri Jul 13 17:02:35 2001: DEBUG: Accounting accepted
Fri Jul 13 17:02:35 2001: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 1050 ....
Code:       Accounting-Response
Identifier: 51
Authentic:  TW<196>5g<15><204>x<217>Y@>?+<189>9
Attributes:

Fri Jul 13 17:03:42 2001: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 1050 ....
Code:       Access-Request
Identifier: 116
Authentic:  1234567890123456
Attributes:
        User-Name = "uunoc at bbeyond.nl"
        Service-Type = Framed-User
        NAS-IP-Address = 213.116.1.14
        NAS-Port = 1234
        NAS-Port-Type = Async
        User-Password = 
"<141><238>,<217><175>\<4><246><188>8<9><160><216>}x<153>"

Fri Jul 13 17:03:42 2001: DEBUG: Check if Handler Realm=bbeyond.nl should be 
used to handle this request
Fri Jul 13 17:03:42 2001: DEBUG: Handling request with Handler 
'Realm=bbeyond.nl'
Fri Jul 13 17:03:42 2001: DEBUG: Rewrote user name to uunoc
Fri Jul 13 17:03:42 2001: DEBUG:  Deleting session for uunoc at bbeyond.nl, 
213.116.1.14, 1234
Fri Jul 13 17:03:42 2001: DEBUG: Checking if user is still online: unknown, 
uunoc at bbeyond.nl, 203.63.154.1, 1234, 00001234
Fri Jul 13 17:03:42 2001: INFO: Access rejected for uunoc: MaxSessions 
exceeded
Fri Jul 13 17:03:42 2001: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 1050 ....
Code:       Access-Reject
Identifier: 116
Authentic:  1234567890123456
Attributes:
        Reply-Message = "Request Denied"

             
I can only think that you have set up the Client clauses differently - 
perhaps with a Nas-Type Ignore, which will not check the session database at 
all.

Have a look at section 6.5.5 in the Radiator 2.18.2 reference manual for a 
discussion of the various Nas-Type options.

regards

Hugh



On Thursday 12 July 2001 19:16, Dmitry Kopylov wrote:
> Hi,
>
> I upgraded to the 18.2.2 but the problem with MaxSession still exists. Here
> is part of config and trace 4 output:
>
> <Handler Realm=bbeyond.nl>
>         RewriteUsername s/^([^@]+).*/$1/
>         MaxSessions 1
>         <AuthBy FILE>
>         </AuthBy>
>         AcctLogFileName %L/bbeyond/details
>         PasswordLogFileName %L/bbeyond/uunet-passwords.log
> </Handler>
>
>
> If I set MaxSessions 0, it works and rejects all sessions, but when I set
> MaxSessions to 1 it allows the second connection with the same username.
>
>
> MaxSessions 0:
>
> Thu Jul 12 11:30:06 2001: DEBUG: Reading users file
> /opt/radiator-2.18/raddb/users
> Thu Jul 12 11:30:06 2001: DEBUG: Reading users file
> /opt/radiator-2.18/raddb/users
> Thu Jul 12 11:30:06 2001: INFO: Server started: Radiator 2.18.2 on
> bbyrad1.bbeyond.nl
> Thu Jul 12 11:30:25 2001: DEBUG: Packet dump:
> *** Received from 62.177.149.2 port 1645 ....
> Code:       Access-Request
> Identifier: 102
> Authentic:  z<211><178><22><170><220><204><200><219>w6<5>;<11>>:
> Attributes:
>         User-Name = "uunoc at bbeyond.nl"
>         User-Password = "_<178><219>A<0><201><238><192>3<130><183>
> <28>@q<228>"
>         NAS-IP-Address = 213.116.1.14
>         NAS-Port = 70
>         NAS-Port-Type = Sync
>         Service-Type = Framed-User
>         Framed-Protocol = PPP
>         State = ""
>         Calling-Station-Id = "235652175"
>         Called-Station-Id = "0107110035"
>         Acct-Session-Id = "328619273"
>         Ascend-Data-Rate = 64000
>         Ascend-Xmit-Rate = 64000
>         Proxy-State =
> PX01<0><0><*z<211><178><22><170><220><204><200><219>w6<5>;
> <11>>:<0><2><6><149><213>t<1><14><0><0><0><0><0><0><0><0><0><0><0>F<0><2><7
>> <20>
>
> ><177><144><3><0><0><0><0><0><0><0><0><0><0><5><22><0><224><199><221>h<251>
> ><
>
> 225>
> <236>&<13>XA<188>NY<153>O
>
> Thu Jul 12 11:30:25 2001: DEBUG: Check if Handler Realm=bbeyond.nl should
> be use
> d to handle this request
> Thu Jul 12 11:30:25 2001: DEBUG: Handling request with Handler
> 'Realm=bbeyond.nl
> '
> Thu Jul 12 11:30:25 2001: DEBUG: Rewrote user name to uunoc
> Thu Jul 12 11:30:25 2001: DEBUG:  Deleting session for uunoc at bbeyond.nl,
> 213.116
> ..1.14, 70
> Thu Jul 12 11:30:25 2001: INFO: Access rejected for uunoc: MaxSessions
> exceeded
> Thu Jul 12 11:30:25 2001: DEBUG: Packet dump:
> *** Sending to 62.177.149.2 port 1645 ....
> Code:       Access-Reject
> Identifier: 102
> Authentic:  z<211><178><22><170><220><204><200><219>w6<5>;<11>>:
> Attributes:
>         Reply-Message = "Request Denied"
>
>
>
> MaxSessions 1:
>
> Thu Jul 12 11:31:26 2001: NOTICE: SIGTERM received: stopping
> Thu Jul 12 11:31:28 2001: DEBUG: Reading users file
> /opt/radiator-2.18/raddb/users
> Thu Jul 12 11:31:28 2001: DEBUG: Reading users file
> /opt/radiator-2.18/raddb/users
> Thu Jul 12 11:31:29 2001: INFO: Server started: Radiator 2.18.2 on
> bbyrad1.bbeyond.nl
> Thu Jul 12 11:31:37 2001: DEBUG: Packet dump:
> *** Received from 62.177.149.1 port 1645 ....
> Code:       Access-Request
> Identifier: 173
> Authentic:  <242><12> <252>)<203>T<230><252><143>P<201><22>}9Y
> Attributes:
>         User-Name = "uunoc at bbeyond.nl"
>         User-Password = "e<218><137><3>\<17><241><230>gi<150>q <208>cn"
>         NAS-IP-Address = 213.116.1.30
>         NAS-Port = 2054
>         NAS-Port-Type = Sync
>         Service-Type = Framed-User
>         Framed-Protocol = PPP
>         State = ""
>         Calling-Station-Id = "235652175"
>         Called-Station-Id = "0107110035"
>         Acct-Session-Id = "347654980"
>         Ascend-Data-Rate = 64000
>         Ascend-Xmit-Rate = 64000
>         Proxy-State = PX01<0><0><9><254><242><12>
> <252>)<203>T<230><252><143>P<2
> 01><22>}9Y<0><2><6><140><213>t<1><30><0><0><0><0><0><0><0><0><0><0><8><6><0
>> <2><
> 7><20>><177><144><3><0><0><0><0><0><0><0><0><0><0><5><22><0>u<151><253>^<30
>> H<18
> 5><142><234><10>v\w<187><218>n
>
> Thu Jul 12 11:31:37 2001: DEBUG: Check if Handler Realm=bbeyond.nl should
> be use
> d to handle this request
> Thu Jul 12 11:31:37 2001: DEBUG: Handling request with Handler
> 'Realm=bbeyond.nl
> '
> Thu Jul 12 11:31:37 2001: DEBUG: Rewrote user name to uunoc
> Thu Jul 12 11:31:37 2001: DEBUG:  Deleting session for uunoc at bbeyond.nl,
> 213.116
> ..1.30, 2054
> Thu Jul 12 11:31:37 2001: DEBUG: Handling with Radius::AuthFILE
> Thu Jul 12 11:31:37 2001: DEBUG: Radius::AuthFILE looks for match with
> uunoc Thu Jul 12 11:31:37 2001: DEBUG: Radius::AuthFILE ACCEPT:
> Thu Jul 12 11:31:37 2001: DEBUG: Access accepted for uunoc
> Thu Jul 12 11:31:37 2001: DEBUG: Packet dump:
> *** Sending to 62.177.149.1 port 1645 ....
> Code:       Access-Accept
> Identifier: 173
> Authentic:  <242><12> <252>)<203>T<230><252><143>P<201><22>}9Y
> Attributes:
>         Proxy-State = PX01<0><0><9><254><242><12>
> <252>)<203>T<230><252><143>P<2
> 01><22>}9Y<0><2><6><140><213>t<1><30><0><0><0><0><0><0><0><0><0><0><8><6><0
>> <2><
> 7><20>><177><144><3><0><0><0><0><0><0><0><0><0><0><5><22><0>u<151><253>^<30
>> H<18
> 5><142><234><10>v\w<187><218>n
>         Service-Type = Framed-User
>         Framed-Protocol = PPP
> Thu Jul 12 11:32:09 2001: DEBUG: Packet dump:
> *** Received from 62.177.149.3 port 1645 ....
> Code:       Access-Request
> Identifier: 142
> Authentic:  <169>}<237><131><201><239><13>BCw<255><205><14><128><213>F
> Attributes:
>         User-Name = "uunoc at bbeyond.nl"
>         User-Password =
> "<229>jVD<174><222><25><10>U<246>o<242><229><3><7>*" NAS-IP-Address =
> 213.116.1.11
>         NAS-Port = 3209
>         NAS-Port-Type = Sync
>         Service-Type = Framed-User
>         Framed-Protocol = PPP
>         State = ""
>         Calling-Station-Id = "235652175"
>         Called-Station-Id = "0107110035"
>         Acct-Session-Id = "328849897"
>         Ascend-Data-Rate = 64000
>         Ascend-Xmit-Rate = 64000
>         Proxy-State =
> PX01<0><0>]<184><169>}<237><131><201><239><13>BCw<255><205
>
> ><14><128><213>F<0><2><6><142><213>t<1><11><0><0><0><0><0><0><0><0><0><0><1
> >2 <13
>
> 7><0><2><7><20>><177><144><3><0><0><0><0><0><0><0><0><0><0><5><22><0><130>s
>< 205>
> <<224><149>z<143>gH<147><173>k/<221><239>
>
> Thu Jul 12 11:32:09 2001: DEBUG: Check if Handler Realm=bbeyond.nl should
> be use
> d to handle this request
> Thu Jul 12 11:32:09 2001: DEBUG: Handling request with Handler
> 'Realm=bbeyond.nl
> '
> Thu Jul 12 11:32:09 2001: DEBUG: Rewrote user name to uunoc
> Thu Jul 12 11:32:09 2001: DEBUG:  Deleting session for uunoc at bbeyond.nl,
> 213.116
> ..1.11, 3209
> Thu Jul 12 11:32:09 2001: DEBUG: Handling with Radius::AuthFILE
> Thu Jul 12 11:32:09 2001: DEBUG: Radius::AuthFILE looks for match with
> uunoc Thu Jul 12 11:32:09 2001: DEBUG: Radius::AuthFILE ACCEPT:
> Thu Jul 12 11:32:09 2001: DEBUG: Access accepted for uunoc
> Thu Jul 12 11:32:09 2001: DEBUG: Packet dump:
> *** Sending to 62.177.149.3 port 1645 ....
> Code:       Access-Accept
> Identifier: 142
> Authentic:  <169>}<237><131><201><239><13>BCw<255><205><14><128><213>F
> Attributes:
>         Proxy-State =
> PX01<0><0>]<184><169>}<237><131><201><239><13>BCw<255><205
>
> ><14><128><213>F<0><2><6><142><213>t<1><11><0><0><0><0><0><0><0><0><0><0><1
> >2 <13
>
> 7><0><2><7><20>><177><144><3><0><0><0><0><0><0><0><0><0><0><5><22><0><130>s
>< 205>
> <<224><149>z<143>gH<147><173>k/<221><239>
>         Service-Type = Framed-User
>         Framed-Protocol = PPP
>
>
>
> Regards,
> Dmitry Kopylov
>
> Network Architect ISP/DSL
> BBned
> Saturnusstraat 40-44
> 2132 HB Hoofdorp
> Phone: +31 23 5659953
> Fax:     +31 23 5633356
> Mobile: +31 62 7047960
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.

-- 
Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list