(RADIATOR) Strange Problem
Hugh Irvine
hugh at open.com.au
Thu Sep 6 21:05:01 CDT 2001
Hello Ujwol -
Thanks for sending the configuration file - it looks fine.
When you do get a trace 4 debug, please send it to me so I can have a look.
regards
Hugh
On Thursday 06 September 2001 19:24, Ujwol wrote:
> > Hi Hugh,
> Our minimal configuration file is written below. It's hard to capture
> trace report because it happens all of a sudden. Well it occured even while
> I was writing earlier. During that time, I could see nothing wrong with in
> the server, except for the radiusd. It was taking almost 70% resources.
> Well it's obvious, cause lots of clients were trying to authenticate.
> Surprising thing is it was checking everthing except encrypted password.
>
> As for the hardware/software details
> We're running Radiator 2.18.1 in Red Hat 7.0 on Intel PIII 500MHz with
> Sybase ase 11.0.3. with perl version 5.6.0 and the database is in Win 2000
> Intel PIII 500MHz with MS-Sql 7.0.
>
> Regds
> Ujwol
>
> #radius.cfg
> Foreground
> Trace 3
> PidFile %L/radiusd.pid
> AuthPort 1645
> AcctPort 1646
> LogDir /var/log/Radiator
> DbDir /etc/raddb
> LogFile %L/logfile-%d
> DictionaryFile %D/dictionary
> SnmpgetProg /usr/bin/snmpget
>
> <Client pm.mos.com.np>
> Secret xxxxxxxx
> NasType Livingston
> </Client>
>
> <AuthBy SQL>
> Identifier auth_ktm
> DBSource dbi:Sybase:radius
> DBUsername rad
> DBAuth ********
> AuthSelect select ktm_UserPwd, ktm_SimConnection, ktm_EndDate,
> ktm_Time, ktm_HoursLeft from ktm_D ialUp where ktm_UserName="%U" and
> ktm_Status=1
> AuthColumnDef 0, Encrypted-Password, check
> AuthColumnDef 1, Simultaneous-Use, check
> AuthColumnDef 2, Expiration, check
> AuthColumnDef 3, Time, check
> AuthColumnDef 4, Session-Timeout, reply
> AddToReply Service-Type = Framed-User, \
> Framed-Protocol = PPP, \
> Framed-MTU = 1500, \
> Framed-Compression = Van-Jacobson-TCP-IP, \
> Idle-Timeout = 900
> NoDefault
> FailureBackoffTime 10
> AcctSQLStatement update ktm_DialUp set
> ktm_HoursLeft=ktm_HoursLeft-0%{Acct-Session-Time} where ktm_Use rName='%U'
> </AuthBy>
>
> <Handler>
> AuthBy auth_ktm
> AcctLogFileName /var/adm/radacct/detail
> SessionDatabase SessSQL
> </Handler>
>
> <SessionDatabase NULL>
> Identifier SessNULL
> </SessionDatabase>
>
> <SessionDatabase SQL>
> Identifier SessSQL
> DBSource dbi:Sybase:radius
> DBUsername rad
> DBAuth *****
> FailureBackoffTimFrom owner-radiator at open.com.au Thu Sep 6 19:29:07 2001
Received: (from majordomo at localhost)
by server1.open.com.au (8.11.0/8.11.0) id f870T7h32131
for radiatorzz-list; Thu, 6 Sep 2001 19:29:07 -0500
X-Authentication-Warning: server1.open.com.au: majordomo set sender to owner-radiator at open.com.au using -f
Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8])
by server1.open.com.au (8.11.0/8.11.0) with ESMTP id f870T6332128
for <radiator at open.com.au>; Thu, 6 Sep 2001 19:29:07 -0500
Received: from hugo (acc1-ppp98.mel.dialup.connect.net.au [210.10.128.98])
by entoo.connect.com.au (Postfix) with SMTP
id 04FF5DE69F; Fri, 7 Sep 2001 12:13:01 +1000 (EST)
From: Hugh Irvine <hugh at open.com.au>
Reply-To: hugh at open.com.au
Organization: Open System Consultants
To: "'Tunde Ogedengbe" <tunde at linkserve.net>
Subject: Re: (RADIATOR) Re: IP restriction
Date: Fri, 7 Sep 2001 11:52:42 +1000
X-Mailer: KMail [version 1.1.99]
Content-Type: text/plain;
charset="iso-8859-1"
Cc: <radiator at open.com.au>
References: <001501c135fc$7ef4fce0$0ce1a6c3 at linkserve.net> <01090608221009.00907 at hugo> <001401c136c4$0dd901a0$0ce1a6c3 at linkserve.net>
In-Reply-To: <001401c136c4$0dd901a0$0ce1a6c3 at linkserve.net>
MIME-Version: 1.0
Message-Id: <01090711524214.00907 at hugo>
Content-Transfer-Encoding: 8bit
Sender: owner-radiator at open.com.au
Precedence: bulk
List-Id: <radiator.list-id.open.com.au>
Hello 'Tunde -
You usually do this by specifying a suitable Framed-IP-Netmask in the reply
attributes, but you will have to check with the vendor what is correct for a
Netserver.
Here is what usually works however:
Framed-IP-Netmask = 255.255.255.254
regards
Hugh
On Thursday 06 September 2001 21:07, 'Tunde Ogedengbe wrote:
> Hugh:
>
> We have series of Netservers that assign specific range of IP to connecting
> customers. We want to force compliance from within Radius. This means
> that specifying in RADIUS what IP range the Netserver can assign to the
> customer.
>
> 'Tunde Ogedengbe
> Linkserve Limited
> 22 Akin Adesola Street
> Victoria Island
> Lagos - Nigeria
> Tel: +234 1 2623900
> Fax: +234 1 2623906
> URL: http://www.linkserve.net
> ----- Original Message -----
> From: "Hugh Irvine" <hugh at open.com.au>
> To: "'Tunde Ogedengbe" <tunde at linkserve.net>
> Cc: <radiator at open.com.au>
> Sent: Thursday, September 06, 2001 12:22 AM
> Subject: (RADIATOR) Re: IP restriction
>
> > Hello 'Tunde -
> >
> > On Wednesday 05 September 2001 21:18, 'Tunde Ogedengbe wrote:
> > > I have a set of Netservers. How do I restrict the use of of IP to a
> > > particular Netserver within Radius?
> >
> > I don't understand the question, sorry.
> >
> > Could you explain what you mean?
> >
> > thanks
> >
> > Hugh
> >
> >
> > --
> > Radiator: the most portable, flexible and configurable RADIUS server
> > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
> > -
> > Nets: internetwork inventory and management - graphical, extensible,
> > flexible with hardware, software, platform and database independence.
> > ===
> > Archive at http://www.open.com.au/archives/radiator/
> > Announcements on radiator-announce at open.com.au
> > To unsubscribe, email 'majordomo at open.com.au' with
> > 'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
e 60
> AddQuery insert into RADONLINE (USERNAME, NASIDENTIFIER, NASPORT,
> ACCTSESSIONID, TIME_STAMP, FRAMEDIPADDRESS, CALLERID) values ('%u',
> '%N', 0%{NAS-Port}, '%{Acct-Session-Id}', %{Timestamp},
> '%{Framed-IP-Address}', 0%{Cal ling-Station-Id})
> DeleteQuery delete from RADONLINE where NASIDENTIFIER='%N' and
> NASPORT=0%{NAS-Port} ClearNasQuery delete from RADONLINE where
> NASIDENTIFIER='%N'
> CountQuery select NASIDENTIFIER, NASPORT, ACCTSESSIONID, FRAMEDIPADDRESS
> from RADONLINE where USERNAME='%u' CountNasSessionsQuery select
> ACCTSESSIONID from RADONLINE where NASIDENTIFIER='%N' </SessionDatabase>
>
> <SNMPAgent>
> ROCommunity public
> </SNMPAgent>
>
> ----- Original Message -----
> From: Hugh Irvine
> To: Ujwol Manandhar ; radiator at open.com.au
> Sent: Thursday, September 06, 2001 12:43 PM
> Subject: Re: (RADIATOR) Strange Problem
>
>
>
> Hello Ujwol -
>
> > Hi,
> > We're having strange problem with the Radiator. Since two three
> > weeks, this problem is occuring. We are using Radiator with Auth Sql.
> > Since few days, at times, Radiator behaves strangely. While
> > authentication, it works fine for different parameters as time left,
> > expiry checking, check block time, but the valid uses do not
> > authenticate.In log it says Bad encrypted Password even if the password
> > is correct. It's surprising cause the cpu load and everything is
> > normal.During such situation, Cpu load used by radiusd is obviously
> > high. But when I restart the Radiator, it's fine once again.
> > I'm lost. Anyone has any idea about this?
>
> This is most curious - it is the second report of a problem like this
> today.
>
> In any case, I will need to see a copy of the configuration file (no
> secrets) together with a trace 4 debug from Radiator showing the problem.
>
> I would also like to know what hardware/software platform you are running
> and and what versions of Radiator, Perl and what SQL database you are
> using.
>
> BTW - the latest version of Radiator is 2.18.3.
>
> thanks
>
> Hugh
>
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
----------------------------------------
Content-Type: text/html; charset="iso-8859-1"; name="Attachment: 1"
Content-Transfer-Encoding: quoted-printable
Content-Description:
----------------------------------------
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list