(RADIATOR) Strangeness...

James M. Luedke james at enabledsites.com
Fri Aug 23 09:07:22 CDT 2002




-------------- next part --------------
Hello:
    I am having a problem with upgrading a previous install of Radiator.
I have searched threw the archive and found that other people have had
verry simmilar problems, though I was unable to pull much usefull info
out of the discussions. Over the past few weeks I have goten rather
confortable useing Radiator. Our services were in major need of an upgrade
and somehow I got talked into going threw with it bye my boss. I belive
my upgrade to be rather sucessful, any how here are my two small
problems.

- I am sure this should be an easy thing to fix... Yet I couldn't 
  seem to put my finger on the solution.

A: Fri Aug 23 06:17:36 2002: WARNING: No Hosts defined for 
   Radius::AuthSQLRADIUS at 'conf/radius.cfg' line 82
 

- I put some comments in the radius.cfg file that describe this a bit more
  I was actually able to make this problem disapear, yet I am not sure if
  the way I did it is the most secure, or if it's even logical. (* forgive
  my basic Radius knowledge *)

B: Fri Aug 23 06:31:57 2002: WARNING:  Could not find a Client for NAS 
   127.0.0.1 to double-check Simultaneous-Use. Perhaps you do not have 
   a reverse DNS for that NAS?

C: There is one more big problem I am having but I am hoping that by fixing
   these two the problem will resolve it's self.

Any help you can give me would be great. I have a deadline aproaching
I havent slept in 48 hours, and I really need to understand what exactly
is going on here.

I am at your mercy O radius gods...

-James.





(this is generated when I send an Accounting Start Packet)
Snipet from the Log: 
---------------------------------------------------------------START
Fri Aug 23 06:31:57 2002: DEBUG: Packet dump:
*** Received from 65.162.79.155 port 32772 ....
Code:       Accounting-Request
Identifier: 52
Authentic:  <166><158><146><154><179><22>><3><183><201><0><223><156><215>z<8>
Attributes:
        User-Name = "ez/joeblow at ememberaccess.com"
        Service-Type = Framed-User
        NAS-IP-Address = 127.0.0.1
        NAS-Port = 1234
        NAS-Port-Type = Async
        Acct-Session-Id = "00001235"
        Acct-Status-Type = Start
        Called-Station-Id = "123456789"
        Calling-Station-Id = "987654321"
        Framed-IP-Address = 255.255.255.254

Fri Aug 23 06:31:57 2002: DEBUG: Handling request with Handler 'Realm =
ememberaccess.com'
Fri Aug 23 06:31:57 2002: DEBUG: Rewrote user name to joeblow at ememberaccess.com
Fri Aug 23 06:31:57 2002: DEBUG:  Adding session for
ez/joeblow at ememberaccess.com, 127.0.0.1, 1234
Fri Aug 23 06:31:57 2002: DEBUG: do query is: DELETE FROM radonline WHERE
nasidentifier='127.0.0.1' AND nasport=1234

Fri Aug 23 06:31:57 2002: DEBUG: do query is: INSERT INTO radonline (username,
time_stamp_pkt, time_stamp_local, nasidentifier, nasport, nasporttype,
acctsessionid, framedipaddress, servicetype, calledstation, callingstation,
acctsessiontime) VALUES ('ez/joeblow at ememberaccess.com', 1030109517, NOW(),
'127.0.0.1', 1234, 'Async', '00001235', '255.255.255.254', 'Framed-User',
'123456789', '987654321', '')

Fri Aug 23 06:31:57 2002: DEBUG: Handling with Radius::AuthGROUP
Fri Aug 23 06:31:57 2002: DEBUG: Handling with Radius::AuthSQL
Fri Aug 23 06:31:57 2002: DEBUG: Handling with Radius::AuthSQL
Fri Aug 23 06:31:57 2002: DEBUG: Handling accounting with Radius::AuthSQL
Fri Aug 23 06:31:57 2002: DEBUG: do query is: UPDATE subscribers SET
timeleft=timeleft-0 WHERE username='joeblow at ememberaccess.com'

Fri Aug 23 06:31:57 2002: DEBUG: do query is: insert into accounting
                (username, time_stamp_pkt, time_stamp_local, acctstatustype,
acctsessionid, nasidentifier, nasport, framedipaddress, calledstation,
callingstation) 
                values 
                ('joeblow at ememberaccess.com', '2002-08-23 06:3157', NOW(),
'Start', '00001235', '127.0.0.1', 1234, '255.255.255.254', '123456789',
'987654321')

Fri Aug 23 06:31:57 2002: DEBUG: Query is: SELECT nasidentifier, nasport,
acctsessionid, framedipaddress FROM  radonline WHERE
username='ez/joeblow at ememberaccess.com'

Fri Aug 23 06:31:57 2002: WARNING:  Could not find a Client for NAS 127.0.0.1
to double-check Simultaneous-Use. Perhaps you do not have a reverse DNS for
that NAS?
---------------------------------------------------------------END

>>> Notice the nice warning message. It'a a beauty ehh, ;) any how
>>> that's my major problem because now all of my accounting packets
>>> are not replying. 


radius.cfg
---------------------------------------------------------------START
DefineGlobalVar mysqlsource dbi:mysql:radiusd_db
DefineGlobalVar mysqluser user
DefineGlobalVar mysqlpass pass

#Foreground
#LogStdout
LogDir		/usr/local/radiator/log/
LogFile 	/serve/radius/logs/radius.log
DbDir		/usr/local/radiator/raddb/

Trace		4
BindAddress	65.162.79.133

<ClientListSQL>
	DBSource	%{GlobalVar:mysqlsource}
	DBUsername	%{GlobalVar:mysqluser}
	DBAuth		%{GlobalVar:mysqlpass}

    GetClientQuery \
            SELECT nasidentifier, secret, ignoreacctsignature, dupinterval, \
                    defaultrealm, 'unknown', snmpcommunity, livingstonoffs, \
                    livingstonhole, framedgroupbaseaddress, \
                    framedgroupmaxportsperclassc, rewriteusername, \
                    noignoreduplicates, prehandlerhook \
             FROM   radclientlist


</ClientListSQL>


<SessionDatabase SQL>

	DBSource	%{GlobalVar:mysqlsource}
	DBUsername	%{GlobalVar:mysqluser}
	DBAuth		%{GlobalVar:mysqlpass}

    # This query is used to insert an enrty to the radiusd_db.radonline
    # table. This is extreamly important! do not remove this query!

--------
>>> NOTE! what I find interesting is if I remove nasporttype, and
>>>       '%{NAS-Port-Type}', my accounting packets magicly work 
>>>       again? I know it is somehow used to check Simultaneous
>>>       use but I gues I am a bit fuzzy as to how? And Why inserting
>>>       it into the radonline table has anything to do with it.
>>>       It just seems weird that this would fix it as I dont belive
>>>       i even do a select on it?
--------
    AddQuery INSERT INTO radonline \
                 (username, time_stamp_pkt, time_stamp_local, \
                  nasidentifier, nasport, nasporttype, acctsessionid, \
                  framedipaddress, servicetype, \
                  calledstation, callingstation, acctsessiontime) \
             VALUES \
                 ('%u', %{Timestamp}, NOW(), '%N', %{NAS-Port}, \
                 '%{NAS-Port-Type}', '%{Acct-Session-Id}', \
                 '%{Framed-IP-Address}', \
                 '%{Service-Type}', '%{Called-Station-Id}', \
                 '%{Calling-Station-Id}', '%{Acct-Session-Time}')

    # This query is used to delete users from the radiusd_db.radonline
    # table. 
    DeleteQuery DELETE FROM radonline \
                WHERE \
                    nasidentifier='%N' \
                    AND \
                    nasport=%{NAS-Port}


    CountQuery SELECT \
                   nasidentifier, nasport, acctsessionid, framedipaddress \
               FROM  \
                   radonline \
               WHERE \
                   username='%u'

    ClearNasQuery DELETE FROM radonline \
                  WHERE nasidentifier='%N'



</SessionDatabase>

Include %D/includes.cfg
---------------------------------------------------------------END

includes.cfg
Include %D/realms/ememberaccess.com

ememberaccess.com
---------------------------------------------------------------START

<Handler Realm = ememberaccess.com>
    # Remove prefix (if necessary)
    # WE DON'T MESS WITH PREFIXES ANYMORE
    RewriteUsername s/^ez\/(.*)/$1/

    <AuthLog FILE>
        LogSuccess 1
        LogFailure 1
        Filename /usr/local/radiator/log/realms/%R/%R_auth_%m%d%Y.log
    </AuthLog>

    # LOCAL RADIUS AND EMAIL
    # Authby clauses for accounting and auth

    <AuthBy GROUP>

        DefaultSimultaneousUse 1
        AuthByPolicy ContinueWhileIgnore


        ### LOCAL AuthBy Definitions
        ### When Handling Locally, We Must Maintain User Timelimits.
        ### So We Must Seperate Auth as well as Accounting Stop and Start.

        <AuthBy SQL>
    
            DBSource    %{GlobalVar:mysqlsource}
            DBUsername    %{GlobalVar:mysqluser}
            DBAuth        %{GlobalVar:mysqlpass}

            DefaultSimultaneousUse 1
            NoDefault

            # We want to ignore the accounting here so that it will continue
            # forward to the next authby sql segment.
            IgnoreAccounting

            # # This is a new feature we do not support yet.
            # HandleAcctStatusTypes Start,Stop,Alive,Cancel,\
            #                       Accounting-On,Accounting-Off


            RejectEmptyPassword

            # Custom AuthSelect so we can make sure people aren't 
            # using more time than they bought.
            AuthSelect SELECT password,checkattr,replyattr, \
                              LEAST(sestimeout,timeleft) \
                              FROM subscribers \
                              WHERE username='%n' and timeleft > 0

            AuthColumnDef 0,User-Password,check
            AuthColumnDef 1,GENERIC,check
            AuthColumnDef 2,GENERIC,reply
            AuthColumnDef 3,Session-Timeout,reply


            AddToReply    Service-Type=Framed-User,\
                          Framed-Protocol=PPP,\
                          Framed-IP-Address=255.255.255.254,\
                          Framed-IP-Netmask=255.255.255.255,\
                          Port-Limit=1,\
                          Idle-Timeout=1200,\
                          Ascend-Data-Filter="ip in forward tcp est",\
                          Ascend-Data-Filter="ip in forward dstip 111.11.1.1",\
                          Ascend-Data-Filter="ip in drop tcp dstport = 25",\
                          Ascend-Data-Filter="ip in forward"

        </AuthBy>

        <AuthBy SQL>

            DBSource    %{GlobalVar:mysqlsource}
            DBUsername    %{GlobalVar:mysqluser}
            DBAuth        %{GlobalVar:mysqlpass}

            # Dont look for a defualt handler
            NoDefault

            AcctFailedLogFileName /usr/local/radiator/log/realms/%R/%R_acctFAILED_%m%d%Y.log

            IgnoreAuthentication
 
            # Used to ignore non Acounting stop packets.
            # AccountingStopsOnly

            # AcctSQLStatement runs an SQL statement of our choice before
            # the standard accounting SQL query
            # Adjust timeleft when they logout

            AcctSQLStatement UPDATE subscribers \
                             SET timeleft=timeleft-0%{Acct-Session-Time} \
                             WHERE username='%n'

            # You may want to tailor these for your ACCOUNTING table
            # You can add your own columns to store whatever you like
            AccountingTable    accounting
            AcctColumnDef      username,%n,formatted
            AcctColumnDef      time_stamp_pkt,Timestamp,formatted-date,\ 
                               '%Y-%m-%e %H:%M%S'
            AcctColumnDef      time_stamp_local,NOW(),literal
            AcctColumnDef      acctstatustype,Acct-Status-Type
            AcctColumnDef      acctdelaytime,Acct-Delay-Time,integer
            AcctColumnDef      acctinputoctets,Acct-Input-Octets,integer
            AcctColumnDef      acctoutputoctets,Acct-Output-Octets,integer
            AcctColumnDef      acctsessionid,Acct-Session-Id
            AcctColumnDef      acctsessiontime,Acct-Session-Time,integer
            AcctColumnDef      acctterminatecause,Acct-Terminate-Cause
            AcctColumnDef      nasidentifier,NAS-IP-Address
            AcctColumnDef      nasport,NAS-Port,integer
            AcctColumnDef      framedipaddress,Framed-IP-Address
            AcctColumnDef      calledstation,Called-Station-Id
            AcctColumnDef      callingstation,Calling-Station-Id

        </AuthBy>

    </AuthBy>

</Handler>
---------------------------------------------------------------END






More information about the radiator mailing list