(RADIATOR) Cisco router sending 4 RADIUS accts per login

Ricardo D. Albano ralbano at arnet.com.ar
Fri Oct 5 08:52:11 CDT 2001


See the Acct-Delay-Time, this means a miss configuration in the LNS,
possibly the shared secret in the router or in the radiusd.

The router retries "n" times (every 5 seconds) according the
Acct-Delay-Time, tipically because the LNS don't recive the Accounting ACK
or is invalid.

RDA.-


----- Original Message -----
From: "Mike McCauley" <mikem at open.com.au>
To: <radiator at open.com.au>
Sent: Thursday, October 04, 2001 10:18 PM
Subject: Re: (RADIATOR) Cisco router sending 4 RADIUS accts per login


>
>
> ----------  Forwarded Message  ----------
>
> Subject: BOUNCE radiator at open.com.au:    Non-member submission from [Tunde
> <tunde at favour.linkserve.net>]
> Date: Thu, 4 Oct 2001 06:39:25 -0500
> From: owner-radiator at open.com.au
> To: radiator-approval at open.com.au
>
> From mikem at server1.open.com.au Thu Oct  4 06:39:24 2001
> Received: from favour.linkserve.net (IDENT:root@[195.166.232.3])
> by server1.open.com.au (8.11.0/8.11.0) with ESMTP id f94BdL306589;
> Thu, 4 Oct 2001 06:39:22 -0500
> Received: from localhost (tunde at localhost)
> by favour.linkserve.net (8.9.3/8.9.3) with ESMTP id PAA02601;
> Thu, 4 Oct 2001 15:18:52 +0100
> Date: Thu, 4 Oct 2001 15:18:52 +0100 (WAT)
> From: Tunde <tunde at favour.linkserve.net>
> To: Mike McCauley <mikem at open.com.au>
> cc: radiator at open.com.au
> Subject: Re: (RADIATOR) Cisco router sending 4 RADIUS accts per login
> In-Reply-To: <200110040950.f949oU727770 at oscar.open.com.au>
> Message-ID:
<Pine.LNX.4.10.10110041515590.2320-100000 at favour.linkserve.net>
> MIME-Version: 1.0
> Content-Type: TEXT/PLAIN; charset=US-ASCII
>
> I have the following as check items for some of our customers
> (Service-Type = Framed-User, Time = "Al2000 - 0700").  This is used as a
> means of offering service based on time of the day restriction 8pm - 7am.
> I am
> surprised that some of our customers are actually connecting at other time
> outside the range specified.  This is seriously causimg an abuse of our
> network.  Can you pls help?
>
> On Thu, 4 Oct 2001, Mike McCauley wrote:
> > ----------  Forwarded Message  ----------
> >
> > Subject: BOUNCE radiator at open.com.au:    Non-member submission from
> > ["Ollis, Stephen" <Ollis.Stephen at wcom.com.au>]
> > Date: Thu, 4 Oct 2001 02:31:00 -0500
> > From: owner-radiator at open.com.au
> > To: radiator-approval at open.com.au
> >
> > >From mikem at server1.open.com.au Thu Oct  4 02:31:00 2001
> >
> > Received: from cnhon1imr4.i.wcom.com.hk (mailhost3.wcom.com.hk
> >  [202.130.178.68]) by server1.open.com.au (8.11.0/8.11.0) with ESMTP id
> >  f947Ux305579
> > for <radiator at open.com.au>; Thu, 4 Oct 2001 02:30:59 -0500
> > X-Internal-ID: 3BA9ED2F0004C130
> > Received: from cnhon1imr4.i.wcom.com.hk (166.45.172.22) by
> >  cnhon1imr4.i.wcom.com.hk (NPlex 3.0.036) for radiator at open.com.au; Thu,
4
> >  Oct 2001 10:15:14 +0100 Received: from cnhon1gw0.i.wcom.com.hk
> >  (cnhon1gw0.i.wcom.com.hk [166.45.172.46]) by cnhon1imr4.i.wcom.com.hk
with
> >  SMTP (MailShield v2.04 - WIN32 Jul 17 2001 17:12:42); Thu, 04 Oct 2001
> >  10:14:47 +0100 Received: by cnhon1gw0.i.wcom.com.hk with Internet Mail
> >  Service (5.5.2653.19) id <4185SYHG>; Thu, 4 Oct 2001 17:15:36 +0800
> > Message-ID: <C1CFCBF00D83D511871E00508B638F254B6F06 at AUSYD1EX4>
> > From: "Ollis, Stephen" <Ollis.Stephen at wcom.com.au>
> > To: "'radiator at open.com.au'" <radiator at open.com.au>
> > Subject: Cisco router sending 4 RADIUS accts per login
> > Date: Thu, 4 Oct 2001 17:15:06 +0800
> > MIME-Version: 1.0
> > X-Mailer: Internet Mail Service (5.5.2653.19)
> > Content-Type: multipart/mixed;
> > boundary="----_=_NextPart_000_01C14CB5.0F1795C0"
> > X-SMTP-HELO: cnhon1gw0.i.wcom.com.hk
> > X-SMTP-MAIL-FROM: Ollis.Stephen at wcom.com.au
> > X-SMTP-PEER-INFO: cnhon1gw0.i.wcom.com.hk [166.45.172.46]
> >
> > This message is in MIME format. Since your mail reader does not
understand
> > this format, some or all of this message may not be legible.
> >
> > ------_=_NextPart_000_01C14CB5.0F1795C0
> > Content-Type: text/plain;
> > charset="iso-8859-1"
> >
> > I have an L2TP setup using a Cisco 4500 acting as the Tunnel EndPoint,
> > and an Ascend TNT as the Tunnel Initiator. There is a Radiator platform
> > which is used as the Tunnel Auth Server which proxies the request
> > to our production Radius servers and strips out the L2TP setup
> > parameters. This all works fine!
> >
> > Except...
> >
> > I get 3 copies of each of the acct-start and acct-stop records.
> >
> > How can I make it stop?
> >
> > Radius specific CISCO config lines are:
> > aaa new-model
> > aaa authentication ppp default local
> > aaa authentication ppp vpdn group radius
> > aaa accounting network default start-stop group radius
> > !
> > radius-server host x.x.x.x auth-port 1645 acct-port 1646
> > radius-server retransmit 3
> > radius-server key XXXXXXXXXXX
> >
> > Radiator config is:
> >
> > # Set this to the directory where your logfile and details file are to
go
> > LogDir /var/log/radius
> > LogFile %L/radius.%Y%m%d.log
> > Trace 3
> >
> > # Set this to the database directory. It should contain these files:
> > # users           The user database
> > # dictionary      The dictionary for your NAS
> > DbDir /usr/local/etc/raddb
> >
> > # we're mulithomed, so we'll hard specify the interface we want.
> > BindAddress x.x.x.x
> >
> > # This clause defines a single client to listen to
> > <Client CI.SC.OB.OX>
> > Secret XXXXXXXXXXXXXX
> > DupInterval 30
> > </Client>
> >
> > # For testing: this allows us to honour requests from radpwtst
> > # on the same host.
> > <Client localhost>
> > Secret mysecret
> > DupInterval 0
> > </Client>
> >
> > <Realm DEFAULT>
> > <AuthBy RADIUS>
> >                 StripFromReply
> > Tunnel-Type,Tunnel-Medium-Type,Tunnel-Server-Endpoint
> > Host prod-radius1,prod-radius2,prod-radius3
> > Secret XXXXXXXXXXXXX
> > AuthPort 1645
> > AcctPort 1646
> > IgnoreAccounting
> > </AuthBy>
> > # Log accounting to the detail file in LogDir
> > AuthLog %L/proxy-auth.%Y%m%d.log
> > AcctLogFileName %L/proxy-detail.%Y%m%d.log
> > </Realm>
> >
> > Excerpt of trace 4 log:
> >
> >
> > ---
> > UUNET Asia Pacific, Network Services           Ph: +61 2 9434 5172
> > Stephen Ollis <Ollis.Stephen at wcom.com.au>      Fx: +61 2 9434 5800
> > Systems Technical Assistance Centre, Manager   Mb: 0410 599462
> > Level 3, 203 Pacific Highway, St. Leonards NSW 2065  AUSTRALIA
> >
> > "Never be afraid to take a risk; amateurs built the Ark,
> >  professionals built the Titanic.." - unknown
> >
> > PGP Key available- http://www.ozemail.com.au/~sollis/public-key.asc
> >
> >
> >
> > ------_=_NextPart_000_01C14CB5.0F1795C0
> > Content-Type: application/octet-stream;
> > name="radius.log"
> > Content-Disposition: attachment;
> > filename="radius.log"
> >
> > Thu Oct  4 19:08:28 2001
> >         NAS-IP-Address = CI.SC.OB.OX
> >         NAS-Port = 1
> >         NAS-Port-Type = Async
> >         User-Name = "tunneluser"
> >         Called-Station-Id = "xxxxxxxxxx"
> >         Calling-Station-Id = "02xxyyyyyyyy"
> >         Acct-Status-Type = Stop
> >         Acct-Authentic = RADIUS
> >         Service-Type = Framed-User
> >         Acct-Session-Id = "00000044"
> >         Framed-Protocol = PPP
> >         Framed-IP-Address = cis.co.ip.pool
> >         Acct-Terminate-Cause = User-Request
> >         Acct-Input-Octets = 14958
> >         Acct-Output-Octets = 105195
> >         Acct-Input-Packets = 184
> >         Acct-Output-Packets = 213
> >         Acct-Session-Time = 73
> >         Acct-Delay-Time = 0
> >         Timestamp = 1002186508
> >
> > Thu Oct  4 19:08:33 2001
> >         NAS-IP-Address = CI.SC.OB.OX
> >         NAS-Port = 1
> >         NAS-Port-Type = Async
> >         User-Name = "tunneluser"
> >         Called-Station-Id = "xxxxxxxxxx"
> >         Calling-Station-Id = "02xxyyyyyyyy"
> >         Acct-Status-Type = Stop
> >         Acct-Authentic = RADIUS
> >         Service-Type = Framed-User
> >         Acct-Session-Id = "00000044"
> >         Framed-Protocol = PPP
> >         Framed-IP-Address = cis.co.ip.pool
> >         Acct-Terminate-Cause = User-Request
> >         Acct-Input-Octets = 14958
> >         Acct-Output-Octets = 105195
> >         Acct-Input-Packets = 184
> >         Acct-Output-Packets = 213
> >         Acct-Session-Time = 73
> >         Acct-Delay-Time = 5
> >         Timestamp = 1002186508
> >
> > Thu Oct  4 19:08:38 2001
> >         NAS-IP-Address = CI.SC.OB.OX
> >         NAS-Port = 1
> >         NAS-Port-Type = Async
> >         User-Name = "tunneluser"
> >         Called-Station-Id = "xxxxxxxxxx"
> >         Calling-Station-Id = "02xxyyyyyyyy"
> >         Acct-Status-Type = Stop
> >         Acct-Authentic = RADIUS
> >         Service-Type = Framed-User
> >         Acct-Session-Id = "00000044"
> >         Framed-Protocol = PPP
> >         Framed-IP-Address = cis.co.ip.pool
> >         Acct-Terminate-Cause = User-Request
> >         Acct-Input-Octets = 14958
> >         Acct-Output-Octets = 105195
> >         Acct-Input-Packets = 184
> >         Acct-Output-Packets = 213
> >         Acct-Session-Time = 73
> >         Acct-Delay-Time = 10
> >         Timestamp = 1002186508
> >
> > Thu Oct  4 19:08:43 2001
> >         NAS-IP-Address = CI.SC.OB.OX
> >         NAS-Port = 1
> >         NAS-Port-Type = Async
> >         User-Name = "tunneluser"
> >         Called-Station-Id = "xxxxxxxxxx"
> >         Calling-Station-Id = "02xxyyyyyyyy"
> >         Acct-Status-Type = Stop
> >         Acct-Authentic = RADIUS
> >         Service-Type = Framed-User
> >         Acct-Session-Id = "00000044"
> >         Framed-Protocol = PPP
> >         Framed-IP-Address = cis.co.ip.pool
> >         Acct-Terminate-Cause = User-Request
> >         Acct-Input-Octets = 14958
> >         Acct-Output-Octets = 105195
> >         Acct-Input-Packets = 184
> >         Acct-Output-Packets = 213
> >         Acct-Session-Time = 73
> >         Acct-Delay-Time = 15
> >         Timestamp = 1002186508
> >
> > ------_=_NextPart_000_01C14CB5.0F1795C0--
> >
> > -------------------------------------------------------
> > ===
> > Archive at http://www.open.com.au/archives/radiator/
> > Announcements on radiator-announce at open.com.au
> > To unsubscribe, email 'majordomo at open.com.au' with
> > 'unsubscribe radiator' in the body of the message.
>
> -------------------------------------------------------
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list