(RADIATOR) Re: Simultaneous-Use check item in flat file
Hugh Irvine
hugh at open.com.au
Fri Aug 16 21:07:40 CDT 2002
Hello Gib -
You should reverse the order of your check items:
tester Simultaneous-Use = 2, Auth-Type = password
Please let me know how this works for you.
regards
Hugh
On Saturday, August 17, 2002, at 05:00 AM, Gib Salisbury wrote:
> Hey again everyone,
>
> Thanks for all the tips for my previous emails. I'm having a problem
> with
> Simultaneous-Use checking. The DefaultSimultaneoususe item is set to 1,
> but with users that are supposed to have more than one simultaneous
> login,
> as denoted by the Check item in the user flat file. It always uses the
> DefaultSimultaneoususe of 1, even when I configure the default user in
> the
> flat file for 2 it still uses 1. Is there something wrong with my
> syntax?
> Thanks in advance for the help. All the info in the world you could
> want
> follows.
>
> Gib Salisbury
> Technician
> Quantum Connections, LLC
> 211 Hilltop Ave
> St. Joseph, MI 49085
> http://www.qtm.net
> Phone (616) or (888) 926-4242 x 215
>
>
> Config File :
>
> Radiator Configuration
> Top File: /usr/local/etc/raddb/radius.cfg
> ------------------------------------------------------------------------
> --------
>
> # Radiator configuration file.
> # Produced by /~kenreicj/radconfig.cgi Thu Jun 13 12:54:42 2002
> #REMOTE_USER: , REMOTE_ADDR: 216.163.33.250
>
> DbDir /raddb
> DictionaryFile /raddb/dictionary
> LogDir /raddb
> LogFile %L\radius
> PidFile radius.pid
> SnmpgetProg /usr/local/bin/snmpget
> RewriteUsername s/^([^@]+).*/$1/
> RewriteUsername tr/[A-Z]/[a-z]/
> RewriteUsername s/\s+//g
> Trace 4
> LogStdout
>
> <AuthLog FILE>
> Identifier logfile
> Filename %L/authlog
> LogSuccess 1
> LogFailure 1
> </AuthLog>
>
> <AuthLog SQL>
> Identifier logsql
> DBSource dbi:mysql:radius
> DBUsername radius
> DBAuth XXXXXX
> LogSuccess 1
> LogFailure 1
> </AuthLog>
>
> <AuthBy UNIX>
> DefaultSimultaneousUse 1
> Description unix pw auth
> Filename /etc/master.passwd
> GroupFilename /etc/group
> Identifier password
> </AuthBy>
>
> <AuthBy FILE>
> DefaultSimultaneousUse 1
> Description users std
> Filename %D/users
> Identifier users
> </AuthBy>
>
> <AuthBy FILE>
> DefaultSimultaneousUse 1
> Description tc8 users
> Filename %D/tc8.users
> Identifier tc8users
> </AuthBy>
>
> <AuthBy FILE>
> DefaultSimultaneousUse 1
> Description dsl
> Filename %D/dsl.users
> Identifier dslusers
> </AuthBy>
>
> <AuthBy FILE>
> DefaultSimultaneousUse 1
> Description x2 user auth
> Filename %D/x2.users
> Identifier x2users
> </AuthBy>
>
> <AuthBy FILE>
> DefaultSimultaneousUse 1
> Description wireless
> Filename %D/wireless.users
> Identifier wireless
> </AuthBy>
>
> <AuthBy SQL>
> DBSource dbi:mysql:radius
> DBUsername radius
> DBAuth XXXXX
> AuthSelect
> Identifier sqlacct
> AcctColumnDef USERNAME,User-Name
> AcctColumnDef TIME_STAMP,Timestamp,integer
> AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
> AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
> AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
> AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
> AcctColumnDef ACCTSESSIONID,Acct-Session-Id
> AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
> AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
> AcctColumnDef NASIDENTIFIER,NAS-Identifier
> AcctColumnDef NASPORT,NAS-Port,integer
> AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
> AcctColumnDef CALLINGSTATION,Calling-Station-Id
> AcctColumnDef CALLEDSTATION,Called-Station-Id
> </AuthBy>
>
> <ClientListSQL>
> DBSource dbi:mysql:radius
> DBUsername radius
> DBAuth radiateme
> </ClientListSQL>
>
> <Log SQL>
> DBSource dbi:mysql:radius
> DBUsername radius
> DBAuth radiateme
> </Log>
>
> <StatsLog SQL>
> DBSource dbi:mysql:radius
> DBUsername radius
> DBAuth XXXXX
> Interval 86400
> </StatsLogSQL>
>
> <Handler User-Name=/manager/>
> <AuthBy INTERNAL>
> DefaultResult ACCEPT
> </AuthBy>
> </Handler>
>
> <Handler Realm = realmusers>
> RewriteUsername s/^([^@]+).*/$1/
> AuthByPolicy null
> AuthLog logfile
> AuthLog logsql
> AuthBy sqlacct
> AuthBy users
> PasswordLogFileName %L/pwd.log
> AcctLogFileName %L/details
> SessionDatabase
> </Handler>
>
> <Handler Realm = x2realm>
> RewriteUsername s/^([^@]+).*/$1/
> AuthByPolicy Null
> AuthLog logsql
> AuthLog logfile
> AuthBy sqlacct
> AuthBy x2users
> AcctLogFileName %L/details
> PasswordLogFileName %L/pwd.log
> SessionDatabase
> </Handler>
>
> <Handler Realm = dslrealm>
> RewriteUsername s/^([^@]+).*/$1/
> AuthByPolicy Null
> AuthLog logsql
> AuthLog logfile
> AuthBy sqlacct
> AuthBy dslusers
> AcctLogFileName %L/details
> PasswordLogFileName %L/pwd.log
> SessionDatabase
> </Handler>
>
> <Handler Realm = tc8realm>
> RewriteUsername s/^([^@]+).*/$1/
> AuthByPolicy Null
> AuthLog logsql
> AuthLog logfile
> AuthBy sqlacct
> AuthBy tc8users
> AcctLogFileName %L/details
> PasswordLogFileName %L/pwd.log
> SessionDatabase
> </Handler>
>
> <Handler Realm = wirelessrealm>
> RewriteUsername s/^([^@]+).*/$1/
> AuthByPolicy Null
> AuthBy sqlacct
> AuthBy wireless
> AuthLog logfile
> AcctLogFileName %L/details
> PasswordLogFileName %L/pwd.log
> SessionDatabase
> </Handler>
>
> <SessionDatabase SQL>
> AddQuery insert into RADONLINE (USERNAME, NASIDENTIFIER, NASPORT,
> ACCTSESSIONID, TIME_STAMP, FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE)
> values ('%u', '%N', 0%{NAS-Port}, '%{Acct-Session-Id}', %{Timestamp},
> '%{Framed-IP-Address}', '%{NAS-Port-Type}', '%{Service-Type}')
> ClearNasQuery delete from RADONLINE where NASIDENTIFIER='%N'
> CountNasSessionsQuery select ACCTSESSIONID from RADONLINE where
> NASIDENTIFIER='%N'
> CountQuery select NASIDENTIFIER, NASPORT, ACCTSESSIONID from RADONLINE
> where USERNAME='%u'
> DBAuth XXXXX
> DBSource dbi:mysql:radius
> DBUsername radius
> DeleteQuery delete from RADONLINE where NASIDENTIFIER='%N' and
> NASPORT=0%{NAS-Port}
> Description Current Session database
> Identifier SessionSQL
> </SessionDatabase>
>
> Flat file entry :
>
> tester Auth-Type = password, Simultaneous-Use = 2
>
> Trace 4 debug :
>
>
> *** Received from 216.163.38.2 port 1645 ....
> Code: Access-Request
> Identifier: 140
> Authentic:
> o<196>K<185><132><163><129><196><202><148><162>S<152><195>C<150>
> Attributes:
> User-Name = "tester"
> User-Password =
> "<135>8<166><31><214><184><11><153><159><234><21>]<214>z<229><140>"
> NAS-IP-Address = 216.163.38.2
> NAS-Identifier = "216.163.38.2"
> NAS-Port = 10
> Acct-Session-Id = "589831"
> Service-Type = Framed-User
> Framed-Protocol = PPP
> Calling-Station-Id = "2699266099"
> Called-Station-Id = "9701600"
> NAS-Port-Type = Async
> Fri Aug 16 14:15:46 2002: DEBUG: Rewrote user name to tester
> Fri Aug 16 14:15:46 2002: DEBUG: Rewrote user name to tester
> Fri Aug 16 14:15:46 2002: DEBUG: Rewrote user name to tester
> Fri Aug 16 14:15:46 2002: DEBUG: Handling request with Handler 'Realm =
> realmusers'
> Fri Aug 16 14:15:46 2002: DEBUG: Rewrote user name to tester
> Fri Aug 16 14:15:46 2002: DEBUG: SessionSQL Deleting session for tester,
> 216.163.38.2, 10
> Fri Aug 16 14:15:46 2002: DEBUG: do query is: delete from RADONLINE
> where
> NASIDENTIFIER='216.163.38.2' and NASPORT=010
>
> Fri Aug 16 14:15:46 2002: DEBUG: Handling with Radius::AuthSQL
> Fri Aug 16 14:15:46 2002: DEBUG: Handling with Radius::AuthFILE: users
> Fri Aug 16 14:15:46 2002: DEBUG: Radius::AuthFILE looks for match with
> tester
> Fri Aug 16 14:15:46 2002: DEBUG: Handling with Radius::AuthUNIX:
> password
> Fri Aug 16 14:15:46 2002: DEBUG: Radius::AuthUNIX looks for match with
> tester
> Fri Aug 16 14:15:46 2002: DEBUG: Query is: select NASIDENTIFIER,
> NASPORT,
> ACCTSESSIONID from RADONLINE where USERNAME='tester'
>
> Fri Aug 16 14:15:46 2002: DEBUG: Query is: select NASIDENTIFIER,
> NASPORT,
> ACCTSESSIONID from RADONLINE where USERNAME='tester'
>
> Fri Aug 16 14:15:46 2002: DEBUG: Checking if user is still online:
> Hiper,
> tester, 216.163.38.2, 9, 524295
> Fri Aug 16 14:15:46 2002: DEBUG: Running command
> `/usr/local/bin/snmpget -c
> 'public' 216.163.38.2 .iso.org.dod.internet.private.ent$
> Fri Aug 16 14:15:46 2002: DEBUG: Radius::AuthUNIX REJECT:
> DefaultSimultaneousUse of 1 exceeded
> Fri Aug 16 14:15:46 2002: DEBUG: Radius::AuthFILE REJECT: DefaultSimulta
> neousUse of 1 exceeded
> Fri Aug 16 14:15:46 2002: DEBUG: Radius::AuthFILE looks for match with
> DEFAULT
> Fri Aug 16 14:15:46 2002: DEBUG: Handling with Radius::AuthUNIX:
> password
> Fri Aug 16 14:15:46 2002: DEBUG: Radius::AuthUNIX looks for match with
> tester
> Fri Aug 16 14:15:46 2002: DEBUG: Query is: select NASIDENTIFIER,
> NASPORT,
> ACCTSESSIONID from RADONLINE where USERNAME='tester'
>
> Fri Aug 16 14:15:46 2002: DEBUG: Checking if user is still online:
> Hiper,
> tester, 216.163.38.2, 9, 524295
> Fri Aug 16 14:15:46 2002: DEBUG: Running command
> `/usr/local/bin/snmpget -c
> 'public' 216.163.38.2 .iso.org.dod.internet.private.ent$
> Fri Aug 16 14:15:46 2002: DEBUG: Radius::AuthUNIX REJECT:
> Simultaneous-Use
> of 1 exceeded
> Fri Aug 16 14:15:46 2002: DEBUG: Radius::AuthFILE REJECT:
> Simultaneous-Use
> of 1 exceeded
> Fri Aug 16 14:15:46 2002: INFO: Access rejected for tester:
> Simultaneous-Use of 1 exceeded
> Fri Aug 16 14:15:46 2002: DEBUG: Packet dump:
> *** Sending to 216.163.38.2 port 1645 ....
> Code: Access-Reject
> Identifier: 140
> Authentic:
> o<196>K<185><132><163><129><196><202><148><162>S<152><195>C<150>
> Attributes:
> Reply-Message = "Request Denied"
>
>
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/enriched
Size: 9949 bytes
Desc: not available
URL: <http://www.open.com.au/pipermail/radiator/attachments/20020817/fbc22875/attachment.bin>
More information about the radiator
mailing list