(RADIATOR) Address Allocator.
Hugh Irvine
hugh at open.com.au
Tue Nov 13 01:53:11 CST 2001
Hello Jorge -
The usual cause of problems with IP address pools is lost or non-existent
radius accounting stop messages. You don't really show enough in the logfile
below to know what has happened prior to the requests being rejected.
And I'll have to get back to you on the SQL problem.
regards
Hugh
On Tuesday 13 November 2001 04:56, Jorge E. Mendez wrote:
> Hello, we're experiencing some truble with the automatic ip asignment
> during conections. after 12 or 13 succesfully conections it begins to fail
> (showing "No available addresses"), even having a group of 480 ip's
> adresses available to be asigned. Below is the authentication log:
>
> *** Received from 66.128.32.197 port 1812 ....
> Code: Access-Request
> Identifier: 198
> Authentic: <144>|<136>I<128>/<245><20><201>x]c<139>l#f
> Attributes:
> User-Name = "ervin05"
> User-Password =
> "<170><202><147><170><17><245>H<12>~<218><211>e<192><146><170>W"
> NAS-IP-Address = 66.128.32.197
> NAS-Port = 2572
> Acct-Session-Id = "168494823"
> USR-Interface-Index = 3828
> Tunnel-Supports-Tags = 0
> Service-Type = Framed-User
> Framed-Protocol = PPP
> Modem-SlotNo = 11
> USR-Chassis-Call-Span = 1
> Modem-PortNo = 12
> USR-Connect-Speed = NONE
> Calling-Station-Id = "924495821"
> Called-Station-Id = ""
> NAS-Port-Type = Async
>
> Mon Nov 12 08:12:20 2001: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Mon Nov 12 08:12:20 2001: DEBUG: Deleting session for ervin05,
> 66.128.32.197, 2572
> Mon Nov 12 08:12:20 2001: DEBUG: do query is: delete from RADONLINE where
> NASIDENTIFIER='66.128.32.197' and NAS
> PORT=02572
> Mon Nov 12 08:12:20 2001: DEBUG: Handling with Radius::AuthSQL
> Mon Nov 12 08:12:20 2001: DEBUG: Handling with Radius::AuthSQL
> Mon Nov 12 08:12:20 2001: DEBUG: Query is: select a.PASSWORD,
> a.ANI_REST_LIST, a.FRAMED_IP_ADDRESS, a.FRAMED_IP
> _NETMASK, a.FRAMED_ROUTE, a.MAX_CONCURRENT_SESSIONS, a.SESSION_TIMEOUT,
> b.SERVICE_TYPE, b.TIME, b.POOLHINT_CODE
> +c.CODIGO from USERS a, RD_TEMPLATES b, RD_NAS c where a.TEMPLATE_NAME =
> b.NAME and a.USER_NAME= 'ervin05' and
> a.DENY_ACCESS = '0' and c.IP_ARC = '66.128.32.197'
> Mon Nov 12 08:12:20 2001: DEBUG: Radius::AuthSQL looks for match with
> ervin05
> Mon Nov 12 08:12:20 2001: DEBUG: Query is: select NASIDENTIFIER, NASPORT,
> ACCTSESSIONID from RADONLINE where US
> ER_NAME='ervin05'
> Mon Nov 12 08:12:20 2001: DEBUG: Radius::AuthSQL ACCEPT:
> Mon Nov 12 08:12:20 2001: DEBUG: Handling with Radius::AuthDYNADDRESS
> Mon Nov 12 08:12:20 2001: DEBUG: Query is: select TIME_STAMP, YIADDR,
> SUBNETMASK, DNSSERVER from RADPOOL where
> POOL='10601' and STATE=0 order by TIME_STAMP
> Mon Nov 12 08:12:20 2001: INFO: Access rejected for ervin05: No available
> addresses
> Mon Nov 12 08:12:20 2001: DEBUG: do query is: INSERT INTO EVENTS
> (TIME_STAMP,EVENT_DATE_TIME,USER_NAME, PASSWOR
> D,SEVERITY,MESSAGE,NAS_IP_ADDRESS) VALUES ('1005570740',to_date('12 11
> 2001 08:12:20','DD MM YYYY HH24:MI:SS'),
> 'ervin05','fjgjmri ','1','','66.128.32.197')
>
> Mon Nov 12 08:12:20 2001: WARNING: No such attribute PoolHint
> Mon Nov 12 08:12:20 2001: DEBUG: Packet dump:
> *** Sending to 66.128.32.197 port 1812 ....
> Code: Access-Reject
> Identifier: 198
> Authentic: <144>|<136>I<128>/<245><20><201>x]c<139>l#f
> Attributes:
> Service-Type = Framed-User
> PoolHint = 10601
> Reply-Message = "No available addresses"
>
> Mon Nov 12 08:12:20 2001: DEBUG: Reclaiming expired leases
> Mon Nov 12 08:12:20 2001: DEBUG: do query is: update RADPOOL set STATE=0
> where STATE!=0 and EXPIRY < 1005570740
> .....
> *** Received from 66.128.32.197 port 1812 ....
> Code: Access-Request
> Identifier: 199
> Authentic: <20>Xik<202>_<239><206>'<248>4<213>Q<227><128>0
> Attributes:
> User-Name = "dilucu"
> User-Password =
> "<232>b<195><202><209><143><184>#G<166>a<225><<168><248>x"
> NAS-IP-Address = 66.128.32.197
> NAS-Port = 1
> Acct-Session-Id = "1826"
> USR-Interface-Index = 1257
> Tunnel-Supports-Tags = 0
> Service-Type = Framed-User
> Framed-Protocol = PPP
> Modem-SlotNo = 1
> USR-Chassis-Call-Span = 1
> Modem-PortNo = 1
> USR-Connect-Speed = NONE
> Calling-Station-Id = "923332917"
> Called-Station-Id = ""
> NAS-Port-Type = Async
>
> Mon Nov 12 08:12:21 2001: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Mon Nov 12 08:12:21 2001: DEBUG: Deleting session for dilucu,
> 66.128.32.197, 1
> Mon Nov 12 08:12:21 2001: DEBUG: do query is: delete from RADONLINE where
> NASIDENTIFIER='66.128.32.197' and NAS
> PORT=01
> Mon Nov 12 08:12:21 2001: DEBUG: Handling with Radius::AuthSQL
> Mon Nov 12 08:12:21 2001: DEBUG: Handling with Radius::AuthSQL
> Mon Nov 12 08:12:21 2001: DEBUG: Query is: select a.PASSWORD,
> a.ANI_REST_LIST, a.FRAMED_IP_ADDRESS, a.FRAMED_IP
> _NETMASK, a.FRAMED_ROUTE, a.MAX_CONCURRENT_SESSIONS, a.SESSION_TIMEOUT,
> b.SERVICE_TYPE, b.TIME, b.POOLHINT_CODE
> +c.CODIGO from USERS a, RD_TEMPLATES b, RD_NAS c where a.TEMPLATE_NAME =
> b.NAME and a.USER_NAME= 'dilucu' and
> a.DENY_ACCESS = '0' and c.IP_ARC = '66.128.32.197'
> Mon Nov 12 08:12:21 2001: DEBUG: Radius::AuthSQL looks for match with
> dilucu
> Mon Nov 12 08:12:21 2001: DEBUG: Query is: select NASIDENTIFIER, NASPORT,
> ACCTSESSIONID from RADONLINE where US
> ER_NAME='dilucu'
> Mon Nov 12 08:12:21 2001: DEBUG: Radius::AuthSQL ACCEPT:
> Mon Nov 12 08:12:21 2001: DEBUG: Handling with Radius::AuthDYNADDRESS
> Mon Nov 12 08:12:21 2001: DEBUG: Query is: select TIME_STAMP, YIADDR,
> SUBNETMASK, DNSSERVER from RADPOOL where
> POOL='10601' and STATE=0 order by TIME_STAMP
> Mon Nov 12 08:12:21 2001: INFO: Access rejected for dilucu: No available
> addresses
> Mon Nov 12 08:12:21 2001: DEBUG: do query is: INSERT INTO EVENTS
> (TIME_STAMP,EVENT_DATE_TIME,USER_NAME, PASSWOR
> D,SEVERITY,MESSAGE,NAS_IP_ADDRESS) VALUES ('1005570741',to_date('12 11
> 2001 08:12:21','DD MM YYYY HH24:MI:SS'),
> 'dilucu','hjjfgmln','1','','66.128.32.197')
> Mon Nov 12 08:12:21 2001: WARNING: No such attribute PoolHint
> Mon Nov 12 08:12:21 2001: DEBUG: Packet dump:
>
>
>
> The following is the config file:
>
> <AddressAllocator SQL>
> Identifier SQLAllocator
> DBAuth radius
> DBSource dbi:Oracle:radius
> DBUsername radius
>
> DefaultLeasePeriod 86400
> LeaseReclaimInterval 60
>
> FindQuery select TIME_STAMP, YIADDR, SUBNETMASK, \
> DNSSERVER from RADPOOL \
> where POOL='%0' and STATE=0 order by TIME_STAMP
>
> AllocateQuery update RADPOOL set STATE=1,TIME_STAMP=%0,\
> EXPIRY=%1, USER_NAME='%2' where YIADDR='%3' \
> and TIME_STAMP %4
>
> CheckPoolQuery select STATE from RADPOOL where YIADDR='%0'
>
> DeallocateQuery update RADPOOL set STATE=0,TIME_STAMP=%t where
> YIADDR='%0'
>
> ReclaimQuery update RADPOOL set STATE=0 where STATE!=0 and EXPIRY < %0
> <AddressPool 10501>
> Subnetmask 255.255.255.255
> DNSServer 66.128.32.102
> Range 66.128.47.225 66.12
> </AddressPool>
> <AddressPool 10601>
> Subnetmask 255.255.255.255
> DNSServer 66.128.32.102
> Range 66.128.37.1 66.128.37.240
> Range 66.128.38.1 66.128.38.240
> </AddressPool>
> </AddressAllocator>
>
>
> <Realm>
> ........
> AuthSelect select \
> a.PASSWORD, \
> a.ANI_REST_LIST, \
> a.FRAMED_IP_ADDRESS, \
> a.FRAMED_IP_NETMASK, \
> a.FRAMED_ROUTE, \
> a.MAX_CONCURRENT_SESSIONS, \
> a.SESSION_TIMEOUT, \
> b.SERVICE_TYPE, \
> b.TIME, \
> b.POOLHINT_CODE+c.CODIGO \
> from USERS a, RD_TEMPLATES b, RD_NAS c \
> where a.TEMPLATE_NAME = b.NAME \
> and a.USER_NAME= '%n' \
> and a.DENY_ACCESS = '0' \
> and c.IP_ARC = '%N'
>
> #AuthColumnDef 0, User-Password, check
> AuthColumnDef 0, Encrypted-Password, check
> AuthColumnDef 1, Calling-Station-Id, check
> AuthColumnDef 2, Framed-IP-Address, reply
> AuthColumnDef 3, Framed-IP-Netmask, reply
> AuthColumnDef 4, Framed-Route, reply
> AuthColumnDef 5, Simultaneous-Use, check
> AuthColumnDef 6, Session-Timeout, Reply
> AuthColumnDef 7, Service-Type, reply
> AuthColumnDef 8, GENERIC, check
> AuthColumnDef 9, PoolHint, reply
> .....
>
> <AuthBy DYNADDRESS>
> Allocator SQLAllocator
> PoolHint %{Reply:PoolHint}
> StripFromReply PoolHint
> </AuthBy>
> </Realm>
>
> we're also having problems when trying to insert an event log, caused by
> calling from an invalid telephone number:
> Mon Nov 12 09:53:54 2001: ERR: do failed for 'INSERT INTO EVENTS
> (TIME_STAMP,EVENT_DATE_TIME,USER_NAME, PASSWOR
> D,SEVERITY,MESSAGE,NAS_IP_ADDRESS) VALUES ('1005576834',to_date('12 11
> 2001 09:53:54','DD MM YYYY HH24:MI:SS'),
> 'testroaming','kalumax12','1','Check item Calling-Station-Id expression
> '/(\d{2,})99999(\d{2,})/' does not matc
> h '9264405' in request','66.128.32.201')': ORA-00911: invalid character
> (DBD ERROR: OCIStmtExecute)
> Mon Nov 12 09:53:54 2001: ERR: do failed for 'INSERT INTO EVENTS
> (TIME_STAMP,EVENT_DATE_TIME,USER_NAME, PASSWOR
> D,SEVERITY,MESSAGE,NAS_IP_ADDRESS) VALUES ('1005576834',to_date('12 11
> 2001 09:53:54','DD MM YYYY HH24:MI:SS'),
> 'testroaming','kalumax12','1','Check item Calling-Station-Id expression
> '/(\d{2,})99999(\d{2,})/' does not matc
> h '9264405' in request','66.128.32.201')': ORA-00911: invalid character
> (DBD ERROR: OCIStmtExecute)
>
>
> 'Check item Calling-Station-Id expression '/(\d{2,})99999(\d{2,})/' does
> not match '9264405' in request'
>
> The problem is that the message to insert has two pair of ' and Oracle
> doesn't handle it.
>
> This is the insert statement on conf file:
>
> FailureQuery INSERT INTO EVENTS
> (TIME_STAMP,EVENT_DATE_TIME,USER_NAME, \
> PASSWORD,SEVERITY,MESSAGE,NAS_IP_ADDRESS) VALUES \
> #('%t',to_date('%d %m %Y %H:%M:%S','DD MM YYYY
> HH24:MI:SS'),'%n','%P','%0','"%1"','%N')
> ('%t',to_date('%d %m %Y %H:%M:%S','DD MM YYYY
> HH24:MI:SS'),'%n','%P','%0','%{Reply-Message}','%N')
>
>
> thanks in advance for your help,
>
>
>
> regards :
>
> Jorge Eduardo Méndez Herrera
> INternet services manager
> Telesat /Colombianet S.A
> Tel: 57-2-6440415 57-2-6440400 ext. 115.
> Santiago de Cali, Colombia
----------------------------------------
Content-Type: text/html; charset="iso-8859-1"; name="Attachment: 1"
Content-Transfer-Encoding: quoted-printable
Content-Description:
----------------------------------------
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list