(RADIATOR) MaxSessions issue, still a problem
Hugh Irvine
hugh at open.com.au
Fri Jul 13 02:18:58 CDT 2001
Hello Dmitry -
Here is what I get with this configuration file (copied from your mail):
Foreground
Trace 4
<Client DEFAULT>
Secret mysecret
</Client>
<Handler Realm=bbeyond.nl>
RewriteUsername s/^([^@]+).*/$1/
MaxSessions 1
<AuthBy FILE>
Filename ./bbeyond.users
</AuthBy>
AcctLogFileName %L/bbeyond/details
PasswordLogFileName %L/bbeyond/uunet-passwords.log
</Handler>
This is the debug:
Fri Jul 13 17:00:42 2001: DEBUG: Reading users file ./bbeyond.users
Fri Jul 13 17:00:42 2001: INFO: Server started: Radiator 2.18.2 on hugo
Fri Jul 13 17:02:35 2001: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 1050 ....
Code: Access-Request
Identifier: 50
Authentic: 1234567890123456
Attributes:
User-Name = "uunoc at bbeyond.nl"
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Port = 1234
NAS-Port-Type = Async
User-Password =
"<141><238>,<217><175>\<4><246><188>8<9><160><216>}x<153>"
Fri Jul 13 17:02:35 2001: DEBUG: Check if Handler Realm=bbeyond.nl should be
used to handle this request
Fri Jul 13 17:02:35 2001: DEBUG: Handling request with Handler
'Realm=bbeyond.nl'
Fri Jul 13 17:02:35 2001: DEBUG: Rewrote user name to uunoc
Fri Jul 13 17:02:35 2001: DEBUG: Deleting session for uunoc at bbeyond.nl,
203.63.154.1, 1234
Fri Jul 13 17:02:35 2001: DEBUG: Handling with Radius::AuthFILE
Fri Jul 13 17:02:35 2001: DEBUG: Radius::AuthFILE looks for match with uunoc
Fri Jul 13 17:02:35 2001: DEBUG: Radius::AuthFILE ACCEPT:
Fri Jul 13 17:02:35 2001: DEBUG: Access accepted for uunoc
Fri Jul 13 17:02:35 2001: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 1050 ....
Code: Access-Accept
Identifier: 50
Authentic: 1234567890123456
Attributes:
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Netmask = 255.255.255.254
Fri Jul 13 17:02:35 2001: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 1050 ....
Code: Accounting-Request
Identifier: 51
Authentic: TW<196>5g<15><204>x<217>Y@>?+<189>9
Attributes:
User-Name = "uunoc at bbeyond.nl"
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Port = 1234
NAS-Port-Type = Async
Acct-Session-Id = "00001234"
Acct-Status-Type = Start
Fri Jul 13 17:02:35 2001: DEBUG: Check if Handler Realm=bbeyond.nl should be
used to handle this request
Fri Jul 13 17:02:35 2001: DEBUG: Handling request with Handler
'Realm=bbeyond.nl'
Fri Jul 13 17:02:35 2001: DEBUG: Rewrote user name to uunoc
Fri Jul 13 17:02:35 2001: DEBUG: Adding session for uunoc at bbeyond.nl,
203.63.154.1, 1234
Fri Jul 13 17:02:35 2001: DEBUG: Handling with Radius::AuthFILE
Fri Jul 13 17:02:35 2001: DEBUG: Accounting accepted
Fri Jul 13 17:02:35 2001: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 1050 ....
Code: Accounting-Response
Identifier: 51
Authentic: TW<196>5g<15><204>x<217>Y@>?+<189>9
Attributes:
Fri Jul 13 17:03:42 2001: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 1050 ....
Code: Access-Request
Identifier: 116
Authentic: 1234567890123456
Attributes:
User-Name = "uunoc at bbeyond.nl"
Service-Type = Framed-User
NAS-IP-Address = 213.116.1.14
NAS-Port = 1234
NAS-Port-Type = Async
User-Password =
"<141><238>,<217><175>\<4><246><188>8<9><160><216>}x<153>"
Fri Jul 13 17:03:42 2001: DEBUG: Check if Handler Realm=bbeyond.nl should be
used to handle this request
Fri Jul 13 17:03:42 2001: DEBUG: Handling request with Handler
'Realm=bbeyond.nl'
Fri Jul 13 17:03:42 2001: DEBUG: Rewrote user name to uunoc
Fri Jul 13 17:03:42 2001: DEBUG: Deleting session for uunoc at bbeyond.nl,
213.116.1.14, 1234
Fri Jul 13 17:03:42 2001: DEBUG: Checking if user is still online: unknown,
uunoc at bbeyond.nl, 203.63.154.1, 1234, 00001234
Fri Jul 13 17:03:42 2001: INFO: Access rejected for uunoc: MaxSessions
exceeded
Fri Jul 13 17:03:42 2001: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 1050 ....
Code: Access-Reject
Identifier: 116
Authentic: 1234567890123456
Attributes:
Reply-Message = "Request Denied"
I can only think that you have set up the Client clauses differently -
perhaps with a Nas-Type Ignore, which will not check the session database at
all.
Have a look at section 6.5.5 in the Radiator 2.18.2 reference manual for a
discussion of the various Nas-Type options.
regards
Hugh
On Thursday 12 July 2001 19:16, Dmitry Kopylov wrote:
> Hi,
>
> I upgraded to the 18.2.2 but the problem with MaxSession still exists. Here
> is part of config and trace 4 output:
>
> <Handler Realm=bbeyond.nl>
> RewriteUsername s/^([^@]+).*/$1/
> MaxSessions 1
> <AuthBy FILE>
> </AuthBy>
> AcctLogFileName %L/bbeyond/details
> PasswordLogFileName %L/bbeyond/uunet-passwords.log
> </Handler>
>
>
> If I set MaxSessions 0, it works and rejects all sessions, but when I set
> MaxSessions to 1 it allows the second connection with the same username.
>
>
> MaxSessions 0:
>
> Thu Jul 12 11:30:06 2001: DEBUG: Reading users file
> /opt/radiator-2.18/raddb/users
> Thu Jul 12 11:30:06 2001: DEBUG: Reading users file
> /opt/radiator-2.18/raddb/users
> Thu Jul 12 11:30:06 2001: INFO: Server started: Radiator 2.18.2 on
> bbyrad1.bbeyond.nl
> Thu Jul 12 11:30:25 2001: DEBUG: Packet dump:
> *** Received from 62.177.149.2 port 1645 ....
> Code: Access-Request
> Identifier: 102
> Authentic: z<211><178><22><170><220><204><200><219>w6<5>;<11>>:
> Attributes:
> User-Name = "uunoc at bbeyond.nl"
> User-Password = "_<178><219>A<0><201><238><192>3<130><183>
> <28>@q<228>"
> NAS-IP-Address = 213.116.1.14
> NAS-Port = 70
> NAS-Port-Type = Sync
> Service-Type = Framed-User
> Framed-Protocol = PPP
> State = ""
> Calling-Station-Id = "235652175"
> Called-Station-Id = "0107110035"
> Acct-Session-Id = "328619273"
> Ascend-Data-Rate = 64000
> Ascend-Xmit-Rate = 64000
> Proxy-State =
> PX01<0><0><*z<211><178><22><170><220><204><200><219>w6<5>;
> <11>>:<0><2><6><149><213>t<1><14><0><0><0><0><0><0><0><0><0><0><0>F<0><2><7
>> <20>
>
> ><177><144><3><0><0><0><0><0><0><0><0><0><0><5><22><0><224><199><221>h<251>
> ><
>
> 225>
> <236>&<13>XA<188>NY<153>O
>
> Thu Jul 12 11:30:25 2001: DEBUG: Check if Handler Realm=bbeyond.nl should
> be use
> d to handle this request
> Thu Jul 12 11:30:25 2001: DEBUG: Handling request with Handler
> 'Realm=bbeyond.nl
> '
> Thu Jul 12 11:30:25 2001: DEBUG: Rewrote user name to uunoc
> Thu Jul 12 11:30:25 2001: DEBUG: Deleting session for uunoc at bbeyond.nl,
> 213.116
> ..1.14, 70
> Thu Jul 12 11:30:25 2001: INFO: Access rejected for uunoc: MaxSessions
> exceeded
> Thu Jul 12 11:30:25 2001: DEBUG: Packet dump:
> *** Sending to 62.177.149.2 port 1645 ....
> Code: Access-Reject
> Identifier: 102
> Authentic: z<211><178><22><170><220><204><200><219>w6<5>;<11>>:
> Attributes:
> Reply-Message = "Request Denied"
>
>
>
> MaxSessions 1:
>
> Thu Jul 12 11:31:26 2001: NOTICE: SIGTERM received: stopping
> Thu Jul 12 11:31:28 2001: DEBUG: Reading users file
> /opt/radiator-2.18/raddb/users
> Thu Jul 12 11:31:28 2001: DEBUG: Reading users file
> /opt/radiator-2.18/raddb/users
> Thu Jul 12 11:31:29 2001: INFO: Server started: Radiator 2.18.2 on
> bbyrad1.bbeyond.nl
> Thu Jul 12 11:31:37 2001: DEBUG: Packet dump:
> *** Received from 62.177.149.1 port 1645 ....
> Code: Access-Request
> Identifier: 173
> Authentic: <242><12> <252>)<203>T<230><252><143>P<201><22>}9Y
> Attributes:
> User-Name = "uunoc at bbeyond.nl"
> User-Password = "e<218><137><3>\<17><241><230>gi<150>q <208>cn"
> NAS-IP-Address = 213.116.1.30
> NAS-Port = 2054
> NAS-Port-Type = Sync
> Service-Type = Framed-User
> Framed-Protocol = PPP
> State = ""
> Calling-Station-Id = "235652175"
> Called-Station-Id = "0107110035"
> Acct-Session-Id = "347654980"
> Ascend-Data-Rate = 64000
> Ascend-Xmit-Rate = 64000
> Proxy-State = PX01<0><0><9><254><242><12>
> <252>)<203>T<230><252><143>P<2
> 01><22>}9Y<0><2><6><140><213>t<1><30><0><0><0><0><0><0><0><0><0><0><8><6><0
>> <2><
> 7><20>><177><144><3><0><0><0><0><0><0><0><0><0><0><5><22><0>u<151><253>^<30
>> H<18
> 5><142><234><10>v\w<187><218>n
>
> Thu Jul 12 11:31:37 2001: DEBUG: Check if Handler Realm=bbeyond.nl should
> be use
> d to handle this request
> Thu Jul 12 11:31:37 2001: DEBUG: Handling request with Handler
> 'Realm=bbeyond.nl
> '
> Thu Jul 12 11:31:37 2001: DEBUG: Rewrote user name to uunoc
> Thu Jul 12 11:31:37 2001: DEBUG: Deleting session for uunoc at bbeyond.nl,
> 213.116
> ..1.30, 2054
> Thu Jul 12 11:31:37 2001: DEBUG: Handling with Radius::AuthFILE
> Thu Jul 12 11:31:37 2001: DEBUG: Radius::AuthFILE looks for match with
> uunoc Thu Jul 12 11:31:37 2001: DEBUG: Radius::AuthFILE ACCEPT:
> Thu Jul 12 11:31:37 2001: DEBUG: Access accepted for uunoc
> Thu Jul 12 11:31:37 2001: DEBUG: Packet dump:
> *** Sending to 62.177.149.1 port 1645 ....
> Code: Access-Accept
> Identifier: 173
> Authentic: <242><12> <252>)<203>T<230><252><143>P<201><22>}9Y
> Attributes:
> Proxy-State = PX01<0><0><9><254><242><12>
> <252>)<203>T<230><252><143>P<2
> 01><22>}9Y<0><2><6><140><213>t<1><30><0><0><0><0><0><0><0><0><0><0><8><6><0
>> <2><
> 7><20>><177><144><3><0><0><0><0><0><0><0><0><0><0><5><22><0>u<151><253>^<30
>> H<18
> 5><142><234><10>v\w<187><218>n
> Service-Type = Framed-User
> Framed-Protocol = PPP
> Thu Jul 12 11:32:09 2001: DEBUG: Packet dump:
> *** Received from 62.177.149.3 port 1645 ....
> Code: Access-Request
> Identifier: 142
> Authentic: <169>}<237><131><201><239><13>BCw<255><205><14><128><213>F
> Attributes:
> User-Name = "uunoc at bbeyond.nl"
> User-Password =
> "<229>jVD<174><222><25><10>U<246>o<242><229><3><7>*" NAS-IP-Address =
> 213.116.1.11
> NAS-Port = 3209
> NAS-Port-Type = Sync
> Service-Type = Framed-User
> Framed-Protocol = PPP
> State = ""
> Calling-Station-Id = "235652175"
> Called-Station-Id = "0107110035"
> Acct-Session-Id = "328849897"
> Ascend-Data-Rate = 64000
> Ascend-Xmit-Rate = 64000
> Proxy-State =
> PX01<0><0>]<184><169>}<237><131><201><239><13>BCw<255><205
>
> ><14><128><213>F<0><2><6><142><213>t<1><11><0><0><0><0><0><0><0><0><0><0><1
> >2 <13
>
> 7><0><2><7><20>><177><144><3><0><0><0><0><0><0><0><0><0><0><5><22><0><130>s
>< 205>
> <<224><149>z<143>gH<147><173>k/<221><239>
>
> Thu Jul 12 11:32:09 2001: DEBUG: Check if Handler Realm=bbeyond.nl should
> be use
> d to handle this request
> Thu Jul 12 11:32:09 2001: DEBUG: Handling request with Handler
> 'Realm=bbeyond.nl
> '
> Thu Jul 12 11:32:09 2001: DEBUG: Rewrote user name to uunoc
> Thu Jul 12 11:32:09 2001: DEBUG: Deleting session for uunoc at bbeyond.nl,
> 213.116
> ..1.11, 3209
> Thu Jul 12 11:32:09 2001: DEBUG: Handling with Radius::AuthFILE
> Thu Jul 12 11:32:09 2001: DEBUG: Radius::AuthFILE looks for match with
> uunoc Thu Jul 12 11:32:09 2001: DEBUG: Radius::AuthFILE ACCEPT:
> Thu Jul 12 11:32:09 2001: DEBUG: Access accepted for uunoc
> Thu Jul 12 11:32:09 2001: DEBUG: Packet dump:
> *** Sending to 62.177.149.3 port 1645 ....
> Code: Access-Accept
> Identifier: 142
> Authentic: <169>}<237><131><201><239><13>BCw<255><205><14><128><213>F
> Attributes:
> Proxy-State =
> PX01<0><0>]<184><169>}<237><131><201><239><13>BCw<255><205
>
> ><14><128><213>F<0><2><6><142><213>t<1><11><0><0><0><0><0><0><0><0><0><0><1
> >2 <13
>
> 7><0><2><7><20>><177><144><3><0><0><0><0><0><0><0><0><0><0><5><22><0><130>s
>< 205>
> <<224><149>z<143>gH<147><173>k/<221><239>
> Service-Type = Framed-User
> Framed-Protocol = PPP
>
>
>
> Regards,
> Dmitry Kopylov
>
> Network Architect ISP/DSL
> BBned
> Saturnusstraat 40-44
> 2132 HB Hoofdorp
> Phone: +31 23 5659953
> Fax: +31 23 5633356
> Mobile: +31 62 7047960
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list