(RADIATOR) MaxSessions issue, still a problem

Dmitry Kopylov dmitry.kopylov at bbned.nl
Fri Jul 13 05:58:04 CDT 2001


Hello,

and the problem here is that NAS generates the Access-Request in form
"username at realm", proxy stripes off the the realmname and my Radiator
receives just "username". Whereas the accounting request approaches the
Radiator in its original form e.g. "username at realm". So the session database
is built up based on the "username at realm" and not on the "username". The
question here is if it's possible to rewrite the User-Name in Accounting
request?  Or maybe there is another solution?

regards,
Dmitry Kopylov

-----Original Message-----
From: Hugh Irvine [mailto:hugh at open.com.au]
Sent: Friday, July 13, 2001 8:43 AM
To: Vangelis Kyriakakis; radiator at open.com.au
Subject: Re: (RADIATOR) MaxSessions issue, still a problem



Hello Vangelis -

Actually, an internal session database is exactly that - a session database 
held entirely in memory. The username in each request is what is used, as 
follows: Access-Request - check current sessions and reject if limit 
exceeded, Accounting Start - add new record, Accounting Start - delete
record.

regards

Hugh


On Thursday 12 July 2001 22:33, Vangelis Kyriakakis wrote:
> I think the problem when you use the Internal session database is that it
> uses the username from the Accounting file to count the number of
sessions.
> When a new user logs in it checks the rewritten username against the
> session database. So it checks with the name uunoc and not with the
> uunoc at bbeyond.nl and sees that it hasn't logged in again. I had the same
> problem with small and capital letters.
>    Maxsession 0 works always since it's no need to check the session
> database...
>
>                    Vangelis
>
> Dmitry Kopylov wrote:
> > Hi,
> >
> > I upgraded to the 18.2.2 but the problem with MaxSession still exists.
> > Here is part of config and trace 4 output:
> >
> > <Handler Realm=bbeyond.nl>
> >         RewriteUsername s/^([^@]+).*/$1/
> >         MaxSessions 1
> >         <AuthBy FILE>
> >         </AuthBy>
> >         AcctLogFileName %L/bbeyond/details
> >         PasswordLogFileName %L/bbeyond/uunet-passwords.log
> > </Handler>
> >
> > If I set MaxSessions 0, it works and rejects all sessions, but when I
set
> > MaxSessions to 1 it allows the second connection with the same username.
> >
> > MaxSessions 0:
> >
> > Thu Jul 12 11:30:06 2001: DEBUG: Reading users file
> > /opt/radiator-2.18/raddb/users
> > Thu Jul 12 11:30:06 2001: DEBUG: Reading users file
> > /opt/radiator-2.18/raddb/users
> > Thu Jul 12 11:30:06 2001: INFO: Server started: Radiator 2.18.2 on
> > bbyrad1.bbeyond.nl
> > Thu Jul 12 11:30:25 2001: DEBUG: Packet dump:
> > *** Received from 62.177.149.2 port 1645 ....
> > Code:       Access-Request
> > Identifier: 102
> > Authentic:  z<211><178><22><170><220><204><200><219>w6<5>;<11>>:
> > Attributes:
> >         User-Name = "uunoc at bbeyond.nl"
> >         User-Password = "_<178><219>A<0><201><238><192>3<130><183>
> > <28>@q<228>"
> >         NAS-IP-Address = 213.116.1.14
> >         NAS-Port = 70
> >         NAS-Port-Type = Sync
> >         Service-Type = Framed-User
> >         Framed-Protocol = PPP
> >         State = ""
> >         Calling-Station-Id = "235652175"
> >         Called-Station-Id = "0107110035"
> >         Acct-Session-Id = "328619273"
> >         Ascend-Data-Rate = 64000
> >         Ascend-Xmit-Rate = 64000
> >         Proxy-State =
> > PX01<0><0><*z<211><178><22><170><220><204><200><219>w6<5>;
> >
<11>>:<0><2><6><149><213>t<1><14><0><0><0><0><0><0><0><0><0><0><0>F<0><2>
> ><7> <20>
> >
> >
><177><144><3><0><0><0><0><0><0><0><0><0><0><5><22><0><224><199><221>h<25
> > >1><
> >
> > 225>
> > <236>&<13>XA<188>NY<153>O
> >
> > Thu Jul 12 11:30:25 2001: DEBUG: Check if Handler Realm=bbeyond.nl
should
> > be use
> > d to handle this request
> > Thu Jul 12 11:30:25 2001: DEBUG: Handling request with Handler
> > 'Realm=bbeyond.nl
> > '
> > Thu Jul 12 11:30:25 2001: DEBUG: Rewrote user name to uunoc
> > Thu Jul 12 11:30:25 2001: DEBUG:  Deleting session for uunoc at bbeyond.nl,
> > 213.116
> > .1.14, 70
> > Thu Jul 12 11:30:25 2001: INFO: Access rejected for uunoc: MaxSessions
> > exceeded
> > Thu Jul 12 11:30:25 2001: DEBUG: Packet dump:
> > *** Sending to 62.177.149.2 port 1645 ....
> > Code:       Access-Reject
> > Identifier: 102
> > Authentic:  z<211><178><22><170><220><204><200><219>w6<5>;<11>>:
> > Attributes:
> >         Reply-Message = "Request Denied"
> >
> > MaxSessions 1:
> >
> > Thu Jul 12 11:31:26 2001: NOTICE: SIGTERM received: stopping
> > Thu Jul 12 11:31:28 2001: DEBUG: Reading users file
> > /opt/radiator-2.18/raddb/users
> > Thu Jul 12 11:31:28 2001: DEBUG: Reading users file
> > /opt/radiator-2.18/raddb/users
> > Thu Jul 12 11:31:29 2001: INFO: Server started: Radiator 2.18.2 on
> > bbyrad1.bbeyond.nl
> > Thu Jul 12 11:31:37 2001: DEBUG: Packet dump:
> > *** Received from 62.177.149.1 port 1645 ....
> > Code:       Access-Request
> > Identifier: 173
> > Authentic:  <242><12> <252>)<203>T<230><252><143>P<201><22>}9Y
> > Attributes:
> >         User-Name = "uunoc at bbeyond.nl"
> >         User-Password = "e<218><137><3>\<17><241><230>gi<150>q <208>cn"
> >         NAS-IP-Address = 213.116.1.30
> >         NAS-Port = 2054
> >         NAS-Port-Type = Sync
> >         Service-Type = Framed-User
> >         Framed-Protocol = PPP
> >         State = ""
> >         Calling-Station-Id = "235652175"
> >         Called-Station-Id = "0107110035"
> >         Acct-Session-Id = "347654980"
> >         Ascend-Data-Rate = 64000
> >         Ascend-Xmit-Rate = 64000
> >         Proxy-State = PX01<0><0><9><254><242><12>
> > <252>)<203>T<230><252><143>P<2
> >
01><22>}9Y<0><2><6><140><213>t<1><30><0><0><0><0><0><0><0><0><0><0><8><6>
> ><0> <2><
> >
7><20>><177><144><3><0><0><0><0><0><0><0><0><0><0><5><22><0>u<151><253>^<
> >30> H<18
> > 5><142><234><10>v\w<187><218>n
> >
> > Thu Jul 12 11:31:37 2001: DEBUG: Check if Handler Realm=bbeyond.nl
should
> > be use
> > d to handle this request
> > Thu Jul 12 11:31:37 2001: DEBUG: Handling request with Handler
> > 'Realm=bbeyond.nl
> > '
> > Thu Jul 12 11:31:37 2001: DEBUG: Rewrote user name to uunoc
> > Thu Jul 12 11:31:37 2001: DEBUG:  Deleting session for uunoc at bbeyond.nl,
> > 213.116
> > .1.30, 2054
> > Thu Jul 12 11:31:37 2001: DEBUG: Handling with Radius::AuthFILE
> > Thu Jul 12 11:31:37 2001: DEBUG: Radius::AuthFILE looks for match with
> > uunoc Thu Jul 12 11:31:37 2001: DEBUG: Radius::AuthFILE ACCEPT:
> > Thu Jul 12 11:31:37 2001: DEBUG: Access accepted for uunoc
> > Thu Jul 12 11:31:37 2001: DEBUG: Packet dump:
> > *** Sending to 62.177.149.1 port 1645 ....
> > Code:       Access-Accept
> > Identifier: 173
> > Authentic:  <242><12> <252>)<203>T<230><252><143>P<201><22>}9Y
> > Attributes:
> >         Proxy-State = PX01<0><0><9><254><242><12>
> > <252>)<203>T<230><252><143>P<2
> >
01><22>}9Y<0><2><6><140><213>t<1><30><0><0><0><0><0><0><0><0><0><0><8><6>
> ><0> <2><
> >
7><20>><177><144><3><0><0><0><0><0><0><0><0><0><0><5><22><0>u<151><253>^<
> >30> H<18
> > 5><142><234><10>v\w<187><218>n
> >         Service-Type = Framed-User
> >         Framed-Protocol = PPP
> > Thu Jul 12 11:32:09 2001: DEBUG: Packet dump:
> > *** Received from 62.177.149.3 port 1645 ....
> > Code:       Access-Request
> > Identifier: 142
> > Authentic:  <169>}<237><131><201><239><13>BCw<255><205><14><128><213>F
> > Attributes:
> >         User-Name = "uunoc at bbeyond.nl"
> >         User-Password =
> > "<229>jVD<174><222><25><10>U<246>o<242><229><3><7>*" NAS-IP-Address =
> > 213.116.1.11
> >         NAS-Port = 3209
> >         NAS-Port-Type = Sync
> >         Service-Type = Framed-User
> >         Framed-Protocol = PPP
> >         State = ""
> >         Calling-Station-Id = "235652175"
> >         Called-Station-Id = "0107110035"
> >         Acct-Session-Id = "328849897"
> >         Ascend-Data-Rate = 64000
> >         Ascend-Xmit-Rate = 64000
> >         Proxy-State =
> > PX01<0><0>]<184><169>}<237><131><201><239><13>BCw<255><205
> >
> >
><14><128><213>F<0><2><6><142><213>t<1><11><0><0><0><0><0><0><0><0><0><0>
> > ><12 <13
> >
> >
7><0><2><7><20>><177><144><3><0><0><0><0><0><0><0><0><0><0><5><22><0><130
> >>s< 205>
> > <<224><149>z<143>gH<147><173>k/<221><239>
> >
> > Thu Jul 12 11:32:09 2001: DEBUG: Check if Handler Realm=bbeyond.nl
should
> > be use
> > d to handle this request
> > Thu Jul 12 11:32:09 2001: DEBUG: Handling request with Handler
> > 'Realm=bbeyond.nl
> > '
> > Thu Jul 12 11:32:09 2001: DEBUG: Rewrote user name to uunoc
> > Thu Jul 12 11:32:09 2001: DEBUG:  Deleting session for uunoc at bbeyond.nl,
> > 213.116
> > .1.11, 3209
> > Thu Jul 12 11:32:09 2001: DEBUG: Handling with Radius::AuthFILE
> > Thu Jul 12 11:32:09 2001: DEBUG: Radius::AuthFILE looks for match with
> > uunoc Thu Jul 12 11:32:09 2001: DEBUG: Radius::AuthFILE ACCEPT:
> > Thu Jul 12 11:32:09 2001: DEBUG: Access accepted for uunoc
> > Thu Jul 12 11:32:09 2001: DEBUG: Packet dump:
> > *** Sending to 62.177.149.3 port 1645 ....
> > Code:       Access-Accept
> > Identifier: 142
> > Authentic:  <169>}<237><131><201><239><13>BCw<255><205><14><128><213>F
> > Attributes:
> >         Proxy-State =
> > PX01<0><0>]<184><169>}<237><131><201><239><13>BCw<255><205
> >
> >
><14><128><213>F<0><2><6><142><213>t<1><11><0><0><0><0><0><0><0><0><0><0>
> > ><12 <13
> >
> >
7><0><2><7><20>><177><144><3><0><0><0><0><0><0><0><0><0><0><5><22><0><130
> >>s< 205>
> > <<224><149>z<143>gH<147><173>k/<221><239>
> >         Service-Type = Framed-User
> >         Framed-Protocol = PPP
> >
> > Regards,
> > Dmitry Kopylov
> >
> > Network Architect ISP/DSL
> > BBned
> > Saturnusstraat 40-44
> > 2132 HB Hoofdorp
> > Phone: +31 23 5659953
> > Fax:     +31 23 5633356
> > Mobile: +31 62 7047960
> > ===
> > Archive at http://www.open.com.au/archives/radiator/
> > Announcements on radiator-announce at open.com.au
> > To unsubscribe, email 'majordomo at open.com.au' with
> > 'unsubscribe radiator' in the body of the message.
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.

-- 
Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list