(RADIATOR) DefaultSimultaneousUse = 1

Hugh Irvine hugh at open.com.au
Mon Aug 5 22:02:27 CDT 2002


Hello Andreas -

The first thing to note is that it is *always* the NAS that sends the 
accounting records (starts, stops, alives, etc...), not the client 
device. It is usually the NAS that crashes, or the NAS that has software 
bugs or that you are losing lots of packets on saturated links.

In any case, you need to use the proper flags with radpwtst to do what 
you want.

If you want to send an accounting stop only, you would do this:

	radpwtst -noauth -nostart -user .... -nas_ip_address ..... 
-nas_port ......

Note also that Radiator does a delete on both the access request and 
also on the accounting stop. In both cases, the delete is done using the 
NAS-IP-Address and NAS-Port, not the username. This is because Radiator 
attempts to be self-healing in the face of lost stop packets, as an 
access request will only ever be received for a free port, by definition.
Also be aware that radpwtst will use default values for both 
NAS-IP-Address and NAS-Port if they are not supplied on the command line 
(203.63.154.1 and 1234).

You can see exactly what is going on by looking at a trace 4 debug from 
Radiator while testing.

Here is the help from radpwtst:

./radpwtst -h
usage: ./radpwtst [-h] [-time] [-iterations n]
           [-trace [level]] [-s server] [-secret secret]
           [-noauth] [-noacct][-nostart] [-nostop] [-status] [-chap] 
[-mschap]
           [-accton] [-acctoff] [-framed_ip_address address]
           [-auth_port port] [-acct_port port] [-identifier n]
           [-user username] [-password password] [-nas_ip_address address]
           [-nas_port port] [-nas_port_type type] [-service_type service]
           [-calling_station_id string] [-called_station_id string]
           [-session_id string] [-interactive]
           [-delay_time n] [-session_time n] [-input_octets n]
           [-output_octets n] [-timeout n] [-dictionary file]
           [-gui] [-class string] [-useoldascendpasswords]
           [-code requestcode] [-raw data] [-rawfile filename]
           [attribute=value]...

Have a look at section 8 in the Radiator 3.1 reference manual.
("doc/ref.html").

BTW - if you use an SQL session database, you can supply your own 
queries to do whatever you wish.

regards

Hugh


On Tuesday, August 6, 2002, at 10:13 AM, Andreas Stollar wrote:

> Hello,
>
> I have DefaultSimultaneousUse set up and it works just fine. The problem
> is when a use gets disconnected because their machine crashes, or some
> other strange reason, and accounting STOP record is never sent, and they
> are then unable to authenticate until I restart Radiator. I am using the
> internal Radiator db to store sessions, and no I can't use finger or 
> snmp
> to query the NAS devices since they are behind a firewall, and it took
> enough to get the hole put in the firewall.
>
> I figure I could just use radpwtst to send a stop record, without a 
> start
> record to clear the session db, but it doesn't seem to work. Using this
> logic, using radpwtst to send a start record, but no stop record, should
> let me authenticate one time before getting DefaultSimultaneousUse 
> errors,
> but no go there either. Might I be using improper syntax? Here's a few
> examples:
>
> User dialed in, session died, can't log in. So I try to send a stop
> record.
>
> [root at opal radius]# radpwtst  -user mtwatson at speakeasy.net -password
> 'xxxxx' -auth_port 1812 -acct_port 1813
> sending Access-Request...
> Rejected: DefaultSimultaneousUse of 1 exceeded
> sending Accounting-Request Start...
> OK
> sending Accounting-Request Stop...
> OK
>
> So, try to send a stop record.
>
> [root at opal radius]# radpwtst  -user mtwatson at speakeasy.net -nostart
> -password 'xxxxx' -auth_port 1812 -acct_port 1813
> sending Access-Request...
> Rejected: DefaultSimultaneousUse of 1 exceeded
> sending Accounting-Request Stop...
> OK
>
> then try to authenticate again.
>
> [root at opal radius]# radpwtst  -user mtwatson at speakeasy.net -password
> 'xxxxx' -auth_port 1812 -acct_port 1813
> sending Access-Request...
> Rejected: DefaultSimultaneousUse of 1 exceeded
> sending Accounting-Request Start...
> OK
> sending Accounting-Request Stop...
> OK
>
>
> Then I tried to just use radpwtst to send a start with no stop, but it
> seems to let me keep logging in, which it should not do.
>
> [root at opal cgi-bin]# radpwtst  -user andreas at speakeasy.net -accton 
> -nostop
> -password 'xxxxxx' -auth_port 1812 -acct_port 1813
> sending Access-Request...
> OK
> sending Accounting-Request Start...
> OK
> sending Accounting-Request Accounting-On...
> OK
> [root at opal cgi-bin]# radpwtst  -user andreas at speakeasy.net -accton 
> -nostop
> -password 'xxxxx' -auth_port 1812 -acct_port 1813
> sending Access-Request...
> OK
> sending Accounting-Request Start...
> OK
> sending Accounting-Request Accounting-On...
> OK
> [root at opal cgi-bin]# radpwtst  -user andreas at speakeasy.net -accton 
> -nostop
> -password 'xxxxx' -auth_port 1812 -acct_port 1813
> sending Access-Request...
> OK
> sending Accounting-Request Start...
> OK
> sending Accounting-Request Accounting-On...
> OK
>
>
>
>
>
> Andreas
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list