(RADIATOR) Strangeness...
James M. Luedke
james at enabledsites.com
Fri Aug 23 09:07:22 CDT 2002
-------------- next part --------------
Hello:
I am having a problem with upgrading a previous install of Radiator.
I have searched threw the archive and found that other people have had
verry simmilar problems, though I was unable to pull much usefull info
out of the discussions. Over the past few weeks I have goten rather
confortable useing Radiator. Our services were in major need of an upgrade
and somehow I got talked into going threw with it bye my boss. I belive
my upgrade to be rather sucessful, any how here are my two small
problems.
- I am sure this should be an easy thing to fix... Yet I couldn't
seem to put my finger on the solution.
A: Fri Aug 23 06:17:36 2002: WARNING: No Hosts defined for
Radius::AuthSQLRADIUS at 'conf/radius.cfg' line 82
- I put some comments in the radius.cfg file that describe this a bit more
I was actually able to make this problem disapear, yet I am not sure if
the way I did it is the most secure, or if it's even logical. (* forgive
my basic Radius knowledge *)
B: Fri Aug 23 06:31:57 2002: WARNING: Could not find a Client for NAS
127.0.0.1 to double-check Simultaneous-Use. Perhaps you do not have
a reverse DNS for that NAS?
C: There is one more big problem I am having but I am hoping that by fixing
these two the problem will resolve it's self.
Any help you can give me would be great. I have a deadline aproaching
I havent slept in 48 hours, and I really need to understand what exactly
is going on here.
I am at your mercy O radius gods...
-James.
(this is generated when I send an Accounting Start Packet)
Snipet from the Log:
---------------------------------------------------------------START
Fri Aug 23 06:31:57 2002: DEBUG: Packet dump:
*** Received from 65.162.79.155 port 32772 ....
Code: Accounting-Request
Identifier: 52
Authentic: <166><158><146><154><179><22>><3><183><201><0><223><156><215>z<8>
Attributes:
User-Name = "ez/joeblow at ememberaccess.com"
Service-Type = Framed-User
NAS-IP-Address = 127.0.0.1
NAS-Port = 1234
NAS-Port-Type = Async
Acct-Session-Id = "00001235"
Acct-Status-Type = Start
Called-Station-Id = "123456789"
Calling-Station-Id = "987654321"
Framed-IP-Address = 255.255.255.254
Fri Aug 23 06:31:57 2002: DEBUG: Handling request with Handler 'Realm =
ememberaccess.com'
Fri Aug 23 06:31:57 2002: DEBUG: Rewrote user name to joeblow at ememberaccess.com
Fri Aug 23 06:31:57 2002: DEBUG: Adding session for
ez/joeblow at ememberaccess.com, 127.0.0.1, 1234
Fri Aug 23 06:31:57 2002: DEBUG: do query is: DELETE FROM radonline WHERE
nasidentifier='127.0.0.1' AND nasport=1234
Fri Aug 23 06:31:57 2002: DEBUG: do query is: INSERT INTO radonline (username,
time_stamp_pkt, time_stamp_local, nasidentifier, nasport, nasporttype,
acctsessionid, framedipaddress, servicetype, calledstation, callingstation,
acctsessiontime) VALUES ('ez/joeblow at ememberaccess.com', 1030109517, NOW(),
'127.0.0.1', 1234, 'Async', '00001235', '255.255.255.254', 'Framed-User',
'123456789', '987654321', '')
Fri Aug 23 06:31:57 2002: DEBUG: Handling with Radius::AuthGROUP
Fri Aug 23 06:31:57 2002: DEBUG: Handling with Radius::AuthSQL
Fri Aug 23 06:31:57 2002: DEBUG: Handling with Radius::AuthSQL
Fri Aug 23 06:31:57 2002: DEBUG: Handling accounting with Radius::AuthSQL
Fri Aug 23 06:31:57 2002: DEBUG: do query is: UPDATE subscribers SET
timeleft=timeleft-0 WHERE username='joeblow at ememberaccess.com'
Fri Aug 23 06:31:57 2002: DEBUG: do query is: insert into accounting
(username, time_stamp_pkt, time_stamp_local, acctstatustype,
acctsessionid, nasidentifier, nasport, framedipaddress, calledstation,
callingstation)
values
('joeblow at ememberaccess.com', '2002-08-23 06:3157', NOW(),
'Start', '00001235', '127.0.0.1', 1234, '255.255.255.254', '123456789',
'987654321')
Fri Aug 23 06:31:57 2002: DEBUG: Query is: SELECT nasidentifier, nasport,
acctsessionid, framedipaddress FROM radonline WHERE
username='ez/joeblow at ememberaccess.com'
Fri Aug 23 06:31:57 2002: WARNING: Could not find a Client for NAS 127.0.0.1
to double-check Simultaneous-Use. Perhaps you do not have a reverse DNS for
that NAS?
---------------------------------------------------------------END
>>> Notice the nice warning message. It'a a beauty ehh, ;) any how
>>> that's my major problem because now all of my accounting packets
>>> are not replying.
radius.cfg
---------------------------------------------------------------START
DefineGlobalVar mysqlsource dbi:mysql:radiusd_db
DefineGlobalVar mysqluser user
DefineGlobalVar mysqlpass pass
#Foreground
#LogStdout
LogDir /usr/local/radiator/log/
LogFile /serve/radius/logs/radius.log
DbDir /usr/local/radiator/raddb/
Trace 4
BindAddress 65.162.79.133
<ClientListSQL>
DBSource %{GlobalVar:mysqlsource}
DBUsername %{GlobalVar:mysqluser}
DBAuth %{GlobalVar:mysqlpass}
GetClientQuery \
SELECT nasidentifier, secret, ignoreacctsignature, dupinterval, \
defaultrealm, 'unknown', snmpcommunity, livingstonoffs, \
livingstonhole, framedgroupbaseaddress, \
framedgroupmaxportsperclassc, rewriteusername, \
noignoreduplicates, prehandlerhook \
FROM radclientlist
</ClientListSQL>
<SessionDatabase SQL>
DBSource %{GlobalVar:mysqlsource}
DBUsername %{GlobalVar:mysqluser}
DBAuth %{GlobalVar:mysqlpass}
# This query is used to insert an enrty to the radiusd_db.radonline
# table. This is extreamly important! do not remove this query!
--------
>>> NOTE! what I find interesting is if I remove nasporttype, and
>>> '%{NAS-Port-Type}', my accounting packets magicly work
>>> again? I know it is somehow used to check Simultaneous
>>> use but I gues I am a bit fuzzy as to how? And Why inserting
>>> it into the radonline table has anything to do with it.
>>> It just seems weird that this would fix it as I dont belive
>>> i even do a select on it?
--------
AddQuery INSERT INTO radonline \
(username, time_stamp_pkt, time_stamp_local, \
nasidentifier, nasport, nasporttype, acctsessionid, \
framedipaddress, servicetype, \
calledstation, callingstation, acctsessiontime) \
VALUES \
('%u', %{Timestamp}, NOW(), '%N', %{NAS-Port}, \
'%{NAS-Port-Type}', '%{Acct-Session-Id}', \
'%{Framed-IP-Address}', \
'%{Service-Type}', '%{Called-Station-Id}', \
'%{Calling-Station-Id}', '%{Acct-Session-Time}')
# This query is used to delete users from the radiusd_db.radonline
# table.
DeleteQuery DELETE FROM radonline \
WHERE \
nasidentifier='%N' \
AND \
nasport=%{NAS-Port}
CountQuery SELECT \
nasidentifier, nasport, acctsessionid, framedipaddress \
FROM \
radonline \
WHERE \
username='%u'
ClearNasQuery DELETE FROM radonline \
WHERE nasidentifier='%N'
</SessionDatabase>
Include %D/includes.cfg
---------------------------------------------------------------END
includes.cfg
Include %D/realms/ememberaccess.com
ememberaccess.com
---------------------------------------------------------------START
<Handler Realm = ememberaccess.com>
# Remove prefix (if necessary)
# WE DON'T MESS WITH PREFIXES ANYMORE
RewriteUsername s/^ez\/(.*)/$1/
<AuthLog FILE>
LogSuccess 1
LogFailure 1
Filename /usr/local/radiator/log/realms/%R/%R_auth_%m%d%Y.log
</AuthLog>
# LOCAL RADIUS AND EMAIL
# Authby clauses for accounting and auth
<AuthBy GROUP>
DefaultSimultaneousUse 1
AuthByPolicy ContinueWhileIgnore
### LOCAL AuthBy Definitions
### When Handling Locally, We Must Maintain User Timelimits.
### So We Must Seperate Auth as well as Accounting Stop and Start.
<AuthBy SQL>
DBSource %{GlobalVar:mysqlsource}
DBUsername %{GlobalVar:mysqluser}
DBAuth %{GlobalVar:mysqlpass}
DefaultSimultaneousUse 1
NoDefault
# We want to ignore the accounting here so that it will continue
# forward to the next authby sql segment.
IgnoreAccounting
# # This is a new feature we do not support yet.
# HandleAcctStatusTypes Start,Stop,Alive,Cancel,\
# Accounting-On,Accounting-Off
RejectEmptyPassword
# Custom AuthSelect so we can make sure people aren't
# using more time than they bought.
AuthSelect SELECT password,checkattr,replyattr, \
LEAST(sestimeout,timeleft) \
FROM subscribers \
WHERE username='%n' and timeleft > 0
AuthColumnDef 0,User-Password,check
AuthColumnDef 1,GENERIC,check
AuthColumnDef 2,GENERIC,reply
AuthColumnDef 3,Session-Timeout,reply
AddToReply Service-Type=Framed-User,\
Framed-Protocol=PPP,\
Framed-IP-Address=255.255.255.254,\
Framed-IP-Netmask=255.255.255.255,\
Port-Limit=1,\
Idle-Timeout=1200,\
Ascend-Data-Filter="ip in forward tcp est",\
Ascend-Data-Filter="ip in forward dstip 111.11.1.1",\
Ascend-Data-Filter="ip in drop tcp dstport = 25",\
Ascend-Data-Filter="ip in forward"
</AuthBy>
<AuthBy SQL>
DBSource %{GlobalVar:mysqlsource}
DBUsername %{GlobalVar:mysqluser}
DBAuth %{GlobalVar:mysqlpass}
# Dont look for a defualt handler
NoDefault
AcctFailedLogFileName /usr/local/radiator/log/realms/%R/%R_acctFAILED_%m%d%Y.log
IgnoreAuthentication
# Used to ignore non Acounting stop packets.
# AccountingStopsOnly
# AcctSQLStatement runs an SQL statement of our choice before
# the standard accounting SQL query
# Adjust timeleft when they logout
AcctSQLStatement UPDATE subscribers \
SET timeleft=timeleft-0%{Acct-Session-Time} \
WHERE username='%n'
# You may want to tailor these for your ACCOUNTING table
# You can add your own columns to store whatever you like
AccountingTable accounting
AcctColumnDef username,%n,formatted
AcctColumnDef time_stamp_pkt,Timestamp,formatted-date,\
'%Y-%m-%e %H:%M%S'
AcctColumnDef time_stamp_local,NOW(),literal
AcctColumnDef acctstatustype,Acct-Status-Type
AcctColumnDef acctdelaytime,Acct-Delay-Time,integer
AcctColumnDef acctinputoctets,Acct-Input-Octets,integer
AcctColumnDef acctoutputoctets,Acct-Output-Octets,integer
AcctColumnDef acctsessionid,Acct-Session-Id
AcctColumnDef acctsessiontime,Acct-Session-Time,integer
AcctColumnDef acctterminatecause,Acct-Terminate-Cause
AcctColumnDef nasidentifier,NAS-IP-Address
AcctColumnDef nasport,NAS-Port,integer
AcctColumnDef framedipaddress,Framed-IP-Address
AcctColumnDef calledstation,Called-Station-Id
AcctColumnDef callingstation,Calling-Station-Id
</AuthBy>
</AuthBy>
</Handler>
---------------------------------------------------------------END
More information about the radiator
mailing list