(RADIATOR) Problems checking Simultaneous-Use with TC NAS & Manager problems

Hugh Irvine hugh at open.com.au
Thu Aug 1 19:42:07 CDT 2002


Hello Gib -

Thanks for sending the trace file and the configuration.

It would appear from the trace that there is a problem with the Client 
defintions, and it also shows there is a timeout when executing the 
snmpget. What do you see when you run the snmpget by hand? You should 
get that working first, because until you do, Radiator will not work 
either.

It also appears from the trace that you have a problem in the AuthBy 
FILE clause(s):

	Unix-PW

is being used as a check item, which should probably be

	User-Password

regards

Hugh


On Friday, August 2, 2002, at 06:14 AM, Gib Salisbury wrote:

> Hey all,
>
> I'm trying to get a new radiator configuration working on my FreeBSD 4.4
> Machine that is using Radiator 3.1 and Perl 5.6.1.  The problem that I 
> am
> having is when Radiator tries to check if an existing session is still
> active with snmpget it times out every time without repsonse.  I am 
> using
> snmpget 5.0.1 that was compiled locally.  Also, the TotalControls are
> running various ComOS versions 5.0-5.3.  I have made sure that the SNMP
> community was configured in the TC and that it had the proper host
> authority.  If you could provide any pointers as to what I could be 
> doing
> wrong it would be much appreciated.  I have attached my config file and
> also the trace level 4 output.
>
> Secondly, I am having a problem with the TC putting accounting entries 
> in
> for Manager every minute.  It increases the session id by one each time 
> it
> does it.  Does anyone know if this is a setting inside ComOS?  Thanks in
> advance.
>
> Sincerely,
>
> Gib Salisbury
> Technician
> Quantum Connections, LLC
> Phone (616) 926-4242  x215
> http://www.qtm.net/
>
> *** Received from 127.0.0.1 port 3713 ....
> Code:       Access-Request
> Identifier: 82
> Authentic:  1234567890123456
> Attributes:
>         User-Name = "gsalisbu"
>         Service-Type = Framed-User
>         NAS-IP-Address = 216.163.41.10
>         NAS-Port = 1234
>         Called-Station-Id = "123456789"
>         Calling-Station-Id = "987654321"
>         NAS-Port-Type = Async
>         User-Password = "*removed but correct*"
>
> Thu Aug  1 15:47:07 2002: DEBUG: Rewrote user name to gsalisbu
> Thu Aug  1 15:47:07 2002: DEBUG: Rewrote user name to gsalisbu
> Thu Aug  1 15:47:07 2002: DEBUG: Rewrote user name to gsalisbu
> Thu Aug  1 15:47:07 2002: DEBUG: Handling request with Handler
> 'Realm=x2realm'
> Thu Aug  1 15:47:07 2002: DEBUG: Rewrote user name to gsalisbu
> Thu Aug  1 15:47:07 2002: DEBUG: SessionSQL Deleting session for 
> gsalisbu,
> 216.163.41.10, 1234
> Thu Aug  1 15:47:07 2002: DEBUG: do query is: delete from RADONLINE 
> where
> NASIDENTIFIER='216.163.41.10' and NASPORT=01234
>
> Thu Aug  1 15:47:07 2002: DEBUG: Handling with Radius::AuthSQL
> Thu Aug  1 15:47:07 2002: DEBUG: Handling with Radius::AuthFILE: x2users
> Thu Aug  1 15:47:07 2002: DEBUG: Radius::AuthFILE looks for match with
> gsalisbu
> Thu Aug  1 15:47:07 2002: DEBUG: Handling with Radius::AuthUNIX: 
> password
> Thu Aug  1 15:47:07 2002: DEBUG: Radius::AuthUNIX looks for match with
> gsalisbu
> Thu Aug  1 15:47:07 2002: DEBUG: Query is: select NASIDENTIFIER, 
> NASPORT,
> ACCTSESSIONID from RADONLINE where USERNAME='gsalisbu'
>
> Thu Aug  1 15:47:07 2002: WARNING: SessionSQL Could not find a Client 
> for
> NAS 203.63.154.1 to double-check Simultaneous-Use. Perhaps you do not 
> have
> a reverse DNS for that NAS?
> Thu Aug  1 15:47:07 2002: WARNING: SessionSQL Could not find a Client 
> for
> NAS 216.163.32.138 to double-check Simultaneous-Use. Perhaps you do not
> have a reverse DNS for that NAS?
> Thu Aug  1 15:47:07 2002: DEBUG: Checking if user is still online: 
> Hiper,
> gsalisbu, 216.163.62.138, 4577, 00001234
> Thu Aug  1 15:47:07 2002: DEBUG: Running command 
> `/usr/local/bin/snmpget -c
> 'public' 216.163.62.138
> .iso.org.dod.internet.private.enterprises.429.4.10.1.1.18.5833`
> Timeout: No Response from 216.163.62.138.
> Thu Aug  1 15:47:13 2002: NOTICE: SessionSQL Session for gsalisbu at
> 216.163.62.138:4577 has gone away
> Thu Aug  1 15:47:13 2002: DEBUG: SessionSQL Deleting session for 
> gsalisbu,
> 216.163.62.138, 4577
> Thu Aug  1 15:47:13 2002: DEBUG: do query is: delete from RADONLINE 
> where
> NASIDENTIFIER='216.163.41.10' and NASPORT=01234
>
> Thu Aug  1 15:47:13 2002: DEBUG: Checking if user is still online:
> TotalControlSNMP, gsalisbu, 216.163.41.10, 4577, 00001234
> Thu Aug  1 15:47:13 2002: DEBUG: Running command 
> `/usr/local/bin/snmpget -c
> 'public' 216.163.41.10
> .iso.org.dod.internet.private.enterprises.429.4.2.1.140.1.2.8.48.48.48.4
> 8.49.50.51.52`
> Timeout: No Response from 216.163.41.10.
> Thu Aug  1 15:47:19 2002: NOTICE: SessionSQL Session for gsalisbu at
> 216.163.41.10:4577 has gone away
> Thu Aug  1 15:47:19 2002: DEBUG: SessionSQL Deleting session for 
> gsalisbu,
> 216.163.41.10, 4577
> Thu Aug  1 15:47:19 2002: DEBUG: do query is: delete from RADONLINE 
> where
> NASIDENTIFIER='216.163.41.10' and NASPORT=01234
>
> Thu Aug  1 15:47:19 2002: DEBUG: Query is: select NASIDENTIFIER, 
> NASPORT,
> ACCTSESSIONID from RADONLINE where USERNAME='gsalisbu'
>
> Thu Aug  1 15:47:19 2002: WARNING: SessionSQL Could not find a Client 
> for
> NAS 203.63.154.1 to double-check Simultaneous-Use. Perhaps you do not 
> have
> a reverse DNS for that NAS?
> Thu Aug  1 15:47:19 2002: WARNING: SessionSQL Could not find a Client 
> for
> NAS 216.163.32.138 to double-check Simultaneous-Use. Perhaps you do not
> have a reverse DNS for that NAS?
> Thu Aug  1 15:47:19 2002: DEBUG: Checking if user is still online: 
> Hiper,
> gsalisbu, 216.163.62.138, 4577, 00001234
> Thu Aug  1 15:47:19 2002: DEBUG: Running command 
> `/usr/local/bin/snmpget -c
> 'public' 216.163.62.138
> .iso.org.dod.internet.private.enterprises.429.4.10.1.1.18.5833`
> Timeout: No Response from 216.163.62.138.
> Thu Aug  1 15:47:25 2002: NOTICE: SessionSQL Session for gsalisbu at
> 216.163.62.138:4577 has gone away
> Thu Aug  1 15:47:25 2002: DEBUG: SessionSQL Deleting session for 
> gsalisbu,
> 216.163.62.138, 4577
> Thu Aug  1 15:47:26 2002: DEBUG: do query is: delete from RADONLINE 
> where
> NASIDENTIFIER='216.163.41.10' and NASPORT=01234
>
> Thu Aug  1 15:47:26 2002: DEBUG: Checking if user is still online:
> TotalControlSNMP, gsalisbu, 216.163.41.10, 4577, 00001234
> Thu Aug  1 15:47:26 2002: DEBUG: Running command 
> `/usr/local/bin/snmpget -c
> 'public' 216.163.41.10
> .iso.org.dod.internet.private.enterprises.429.4.2.1.140.1.2.8.48.48.48.4
> 8.49.50.51.52`
> Timeout: No Response from 216.163.41.10.
> Thu Aug  1 15:47:32 2002: NOTICE: SessionSQL Session for gsalisbu at
> 216.163.41.10:4577 has gone away
> Thu Aug  1 15:47:32 2002: DEBUG: SessionSQL Deleting session for 
> gsalisbu,
> 216.163.41.10, 4577
> Thu Aug  1 15:47:32 2002: DEBUG: do query is: delete from RADONLINE 
> where
>  NASIDENTIFIER='216.163.41.10' and NASPORT=01234
>
> Thu Aug  1 15:47:32 2002: DEBUG: Radius::AuthUNIX REJECT:
> DefaultSimultaneousUse of 1 exceeded
> Thu Aug  1 15:47:32 2002: DEBUG: Radius::AuthFILE REJECT:
> DefaultSimultaneousUse of 1 exceeded
> Thu Aug  1 15:47:32 2002: DEBUG: Radius::AuthFILE looks for match with
> DEFAULT
> Thu Aug  1 15:47:32 2002: DEBUG: Radius::AuthFILE REJECT: Check item
> Authentication-type expression 'Unix-PW' does not match '' in request
> Thu Aug  1 15:47:32 2002: INFO: Access rejected for gsalisbu: Check item
> Authentication-type expression 'Unix-PW' does not match '' in request
> Thu Aug  1 15:47:32 2002: DEBUG: Packet dump:
> *** Sending to 127.0.0.1 port 3713 ....
> Code:       Access-Reject
> Identifier: 82
> Authentic:  1234567890123456
> Attributes:
>         Reply-Message = "Request Denied"
>
> DbDir /raddb
> DictionaryFile /raddb/dictionary
> LogDir /raddb
> LogFile %L\radius
> PidFile radius.pid
> SnmpgetProg /usr/local/bin/snmpget
> RewriteUsername s/^([^@]+).*/$1/
> RewriteUsername tr/[A-Z]/[a-z]/
> RewriteUsername s/\s+//g
> Trace 4
> LogStdout
>
> <AuthBy UNIX>
>   DefaultSimultaneousUse 1
>   Description unix pw auth
>   Filename /etc/master.passwd
>   GroupFilename /etc/group
>   Identifier password
> </AuthBy>
>
> <AuthBy FILE>
>   DefaultSimultaneousUse 1
>   Description users std
>   Filename %D/users
>   Identifier users
> </AuthBy>
>
> <AuthBy FILE>
>   DefaultSimultaneousUse 1
>   Description tc8 users
>   Filename %D/tc8.users
>   Identifier tc8users
> </AuthBy>
>
> <AuthBy FILE>
>   DefaultSimultaneousUse 1
>   Description dsl
>   Filename %D/dsl.users
>   Identifier dslusers
> </AuthBy>
>
> <AuthBy FILE>
>   DefaultSimultaneousUse 1
>   Description x2 user auth
>   Filename %D/x2.users
>   Identifier x2users	
> </AuthBy>
>
> <AuthBy SQL>
>   DBSource dbi:mysql:radius
>   DBUsername radius
>   DBAuth XXXX
>   AuthSelect
>   Identifier sqlacct
>         AcctColumnDef   USERNAME,User-Name
>         AcctColumnDef   TIME_STAMP,Timestamp,integer
>         AcctColumnDef   ACCTSTATUSTYPE,Acct-Status-Type
>         AcctColumnDef   ACCTDELAYTIME,Acct-Delay-Time,integer
>         AcctColumnDef   ACCTINPUTOCTETS,Acct-Input-Octets,integer
>         AcctColumnDef   ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
>         AcctColumnDef   ACCTSESSIONID,Acct-Session-Id
>         AcctColumnDef   ACCTSESSIONTIME,Acct-Session-Time,integer
>         AcctColumnDef   ACCTTERMINATECAUSE,Acct-Terminate-Cause
>         AcctColumnDef   NASIDENTIFIER,NAS-Identifier
>         AcctColumnDef   NASPORT,NAS-Port,integer
> 	  AcctColumnDef   FRAMEDIPADDRESS,Framed-IP-Address
>         AcctColumnDef   CALLINGSTATION,Calling-Station-Id,integer
> </AuthBy>
>
> <ClientListSQL>
>   DBSource  dbi:mysql:radius
>   DBUsername radius
>   DBAuth XXXX
> </ClientListSQL>
>
> <Log SQL>
>   DBSource dbi:mysql:radius
>   DBUsername radius
>   DBAuth XXXX
> </Log>
>
> <StatsLog SQL>
>   DBSource	dbi:mysql:radius
>   DBUsername	radius
>   DBAuth	XXXX
>   Interval 86400
> </StatsLogSQL>
>
> <Realm realmusers>
>   RewriteUsername s/^([^@]+).*/$1/
>   AuthByPolicy null
>   AuthBy sqlacct
>   AuthBy users
>   PasswordLogFileName pwd.log
>   SessionDatabase
> </Realm>
>
> <Realm x2realm>
>   RewriteUsername s/^([^@]+).*/$1/
>   AuthByPolicy Null
>   AuthBy sqlacct
>   AuthBy x2users
>   PasswordLogFileName pwd.log
>   SessionDatabase
> </Realm>
>
> <Realm dslrealm>
>   RewriteUsername s/^([^@]+).*/$1/
>   AuthByPolicy Null
>   AuthBy sqlacct
>   AuthBy dslusers
>   PasswordLogFileName pwd.log
>   SessionDatabase
> </Realm>
>
> <Realm tc8realm>
>   RewriteUsername s/^([^@]+).*/$1/
>   AuthByPolicy Null
>   AuthBy sqlacct
>   AuthBy tc8users
>   PasswordLogFileName pwd.log
>   SessionDatabase
> </Realm>
>
> <SessionDatabase SQL>
>   AddQuery insert into RADONLINE (USERNAME, NASIDENTIFIER, NASPORT,
> ACCTSESSIONID, TIME_STAMP, FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE)
> values ('%u', '%N', 0%{NAS-Port}, '%{Acct-Session-Id}', %{Timestamp},
> '%{Framed-IP-Address}', '%{NAS-Port-Type}', '%{Service-Type}')
>   ClearNasQuery delete from RADONLINE where NASIDENTIFIER='%N'
>   CountNasSessionsQuery select ACCTSESSIONID from RADONLINE where
> NASIDENTIFIER='%N'
>   CountQuery select NASIDENTIFIER, NASPORT, ACCTSESSIONID from RADONLINE
> where USERNAME='%u'
>   DBAuth XXXX
>   DBSource dbi:mysql:radius
>   DBUsername radius
>   DeleteQuery delete from RADONLINE where NASIDENTIFIER='%N' and
> NASPORT=0%{NAS-Port}
>   Description Current Session database
>   Identifier SessionSQL
> </SessionDatabase>
>
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/enriched
Size: 11730 bytes
Desc: not available
URL: <http://www.open.com.au/pipermail/radiator/attachments/20020802/a94bc03a/attachment.bin>


More information about the radiator mailing list