(RADIATOR) AddQuery in Session Databse SQL

Mariano Absatz lradius at pert.com.ar
Tue May 29 09:37:23 CDT 2001


El 29 May 2001, a las 13:19, julio.prada at bt.es escribió:

> Hello,
> 
> as the manual documentation says I put default addQuery:
> 
> 
> insert into RADONLINE (USERNAME, NASIDENTIFIER, NASPORT, \
> ACCTSESSIONID, TIME_STAMP, FRAMEDADDRESS, PORTTYPE, \
> SERVICETYPE) values ('%n', '%N', %{NAS-Port}, '%{Acct-Session-Id}', \
> %{Timestamp}, '%{Framed-IP-Address}', '%{Port-Type}', '%{Service-Type}')
> 
> A mySQl database is used, and it returns the error in the statement.
> 
> Is this sentence correct?
It's quite possible that some of the values you are trying to insert don't 
exist in the request... maybe from some specific NAS.

You should do a Trace 4 and check the Access-Request packet and it's 
attributes as well as how the "INSERT" sql statement is generated.

I bet you might be using some kind of tunnel terminator that don't use the 
NAS-Port attribute so the actual insert statement might look something like 
this:

> insert into RADONLINE (USERNAME,NASIDENTIFIER, NASPORT, ACCTSESSIONID,
> TIME_STAMP,FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE) values ('user at realm',
> '1.2.3.4',, 'b500ff91', 991145023,'4.3.2.1', '', 'Annex-Framed-Tunnel')

where 1.2.3.4 is the NAS IP identifier, 4.3.2.1 is the Framed-IP assignted to 
the user and b500ff91 is the Session-Id.

You should note the two commas after the '1.2.3.4' and the 'b500ff91'... that 
is the place to put the NAS-Port. Since it's a numeric value, you can add a 
number 0 without quotes just in front of the value to insert. Since it's a 
numeric value, it's value will be identical to the original, or 0 if it 
doesn't exist.

But... if that attribute is allways 0, you will definitively have a problem 
with the default delete query, that uses the NAS-Port as part of the key to 
delete... since every row has a NAS-Port of 0 you will be actually deleting 
all the connections from that NAS :-(

Luckily enough, I did pass this very same problem some months ago and you can 
have the portion of my config file for free :-) see the bottom of the message.

For this to work, your NAS should send the Acct-Session-Id in the Access-
Request packet. Otherwise, you should need the the Framed-IP-Address in the 
Access-Request packet.

The Nortel Shasta I use with this config does send the Acct-Session-Id with 
the Access-Request, but not the Framed-IP-Address.

One more piece of advice... (this is a brand new one :-)... IF you are using 
a NasType statement in the client section of the NAS that will use this 
SessionDatabase... your DeleteQuery will fail miserably when trying to delete 
a stale record in RADONLINE that it detected through the isOnline method of 
that NasType.

The DeleteQuery will try to erase a record not for the Session-Id (or Framed-
IP-Address) just found in the CountQuery, but the one from the CURRENT 
request packet.

I patched SessSQL.pm so it's able to do this and sent it to the list last 
week. If you can't find it, I can send you an updated SessSQL.pm (for version 
2.17.1 or 2.18.1) or the diff so you figure it out.

BTW, IF you were using a Nortel Shasta AND you are using a NasType... how do 
you do it? Do you have a MIB for the Shasta that allows me to query the box 
for a Session-Id and find out if it's still valid or not? (that would be my 
price for the config & patches ;-)

If you have the MIB AND the SNMP NasType doesn't work, I could fiddle with it 
and patch isOnline so it does... that would also be included for the same 
price... with a little luck, Mike would put it in the next release ;-)

I've come to an age where I'm too old to program but not so as not to patch 
:-)

I've been using Ping for some time but if the final user has a personal 
firewall that doesn't reply ICMP, I'm done.



> 
> regards,
> jules
> 

##################################################################
#                     ON LINE USERS SECTION                      #
##################################################################

#Manejo de usuarios actuales y sesiones simultaneas
<SessionDatabase SQL>
    # This database spec usually should be exactly the same
    # as in <AuthBy RADMIN> above
    DBSource    dbi:mysql:radius:localhost
    #DBUsername  xxxxxxx
    DBAuth      yyyyy

    AddQuery        insert into RADONLINE (USERNAME,\
                         NASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP,\
                         FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE, NASCLASS) 
\
                         values ('%n', '%N',\
                         0%{NAS-Port}, '%{Acct-Session-Id}', %{Timestamp},\
                         '%{Framed-IP-Address}', '%{NAS-Port-Type}', \
                         '%{Service-Type}', '%{NASClass}')
   #Como el Shasta no envia Nas-Port, se borran sesiones solo en base
   #al session ID
   DeleteQuery delete from RADONLINE \
               where NASIDENTIFIER='%N' and ACCTSESSIONID='%{Acct-Session-Id}'
    #Agregado por Baby 17/11/2000 porque permite simultaneous use con ip fija
    CountQuery      select NASIDENTIFIER, NASPORT, ACCTSESSIONID, \
                FRAMEDIPADDRESS from RADONLINE where USERNAME = '%n'

</SessionDatabase>


Mariano Absatz
El Baby
----------------------------------------------------------
Suicidal twin kills sister by mistake! 

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list