(RADIATOR) Strangeness...

James M. Luedke james at enabledsites.com
Fri Aug 23 21:14:20 CDT 2002


Well I have traced the proble down a bit further. I may have given a bit
of bad information in the last post. As it turns out I am having this
problem only with Stop packets. here is a trace 4 snip of the packet
coming in.

if you look you can see the first thing that it does in insert into
radonline. It then inserts the accounting packet into the accounting
table. Then it select's from radonline, after we had inserted the user.
Bye going threw the Radiator code I was able to find exactly what was
failing. In Radius/SessSQL::exceeded this function is returning 1, which
is called by Radius/AuthGROUP::handle_request which returns
"DefaultSimultaneousUse of 1 exceeded" or something of that nature..

So I guess the question is how do I configure radiator to either not
check simultaneous use on Accounting packets, or how can I change my
configuration so that it will first check the simultaneous use and then
insert the session into the radonline table??? 

This is going to send me to an early grave...

thanks in advance
-James...

--------- begin
Fri Aug 23 18:14:14 2002: DEBUG: Packet dump:
*** Received from 65.162.79.155 port 32772 ....
Code:       Accounting-Request
Identifier: 126
Authentic:  b<195><244>z<151><241><176> <192><202><163>k<211><150>2<13>
Attributes:
        User-Name = "ez/joeblow at ememberaccess.com"
        Service-Type = Framed-User
        NAS-IP-Address = 65.162.79.155
        NAS-Port = 1234
        NAS-Port-Type = Async
        Acct-Session-Id = "00001259"
        Acct-Status-Type = Start
        Called-Station-Id = "123456789"
        Calling-Station-Id = "987654321"
        Framed-IP-Address = 255.255.255.254

Fri Aug 23 18:14:14 2002: DEBUG: Handling request with Handler 'Realm =
ememberaccess.com'
Fri Aug 23 18:14:14 2002: DEBUG: Rewrote user name to
joeblow at ememberaccess.com
Fri Aug 23 18:14:14 2002: DEBUG:  Adding session for
ez/joeblow at ememberaccess.com, 65.162.79.155, 1234
Fri Aug 23 18:14:14 2002: DEBUG: do query is: DELETE FROM radonline
WHERE nasidentifier='65.162.79.155' AND nasport=1234

Fri Aug 23 18:14:14 2002: DEBUG: do query is: INSERT INTO radonline
(username, time_stamp_pkt, time_stamp_local, nasidentifier, nasport,
acctsessionid, framedipaddress, servicetype, calledstation,
callingstation, acctsessiontime) VALUES ('ez/joeblow at ememberaccess.com',
1030151654, NOW(), '65.162.79.155', 1234, '00001259', '255.255.255.254',
'Framed-User', '123456789', '987654321', '')

Fri Aug 23 18:14:14 2002: DEBUG: Handling with Radius::AuthGROUP
Fri Aug 23 18:14:14 2002: DEBUG: Handling with Radius::AuthSQL
Fri Aug 23 18:14:14 2002: DEBUG: Handling with Radius::AuthSQL
Fri Aug 23 18:14:14 2002: DEBUG: Handling accounting with
Radius::AuthSQL
Fri Aug 23 18:14:14 2002: DEBUG: do query is: UPDATE subscribers SET
timeleft=timeleft-0 WHERE username='joeblow at ememberaccess.com'

Fri Aug 23 18:14:14 2002: DEBUG: do query is: insert into accounting
                (username, time_stamp_pkt, time_stamp_local,
acctstatustype, acctsessionid, nasidentifier, nasport, framedipaddress,
calledstation, callingstation) 
                values 
                ('joeblow at ememberaccess.com', '2002-08-23 18:1414',
NOW(), 'Start', '00001259', '65.162.79.155', 1234, '255.255.255.254',
'123456789', '987654321')

Fri Aug 23 18:14:14 2002: DEBUG: Query is: SELECT nasidentifier,
nasport, acctsessionid, framedipaddress FROM  radonline WHERE
username='ez/joeblow at ememberaccess.com'

Fri Aug 23 18:14:14 2002: DEBUG: Checking if user is still online:
unknown, joeblow at ememberaccess.com, 65.162.79.155, 1234, 00001259
255.255.255.254

--------- end



On Fri, 2002-08-23 at 07:07, James M. Luedke wrote:
> Hello:
>     I am having a problem with upgrading a previous install of Radiator.
> I have searched threw the archive and found that other people have had
> verry simmilar problems, though I was unable to pull much usefull info
> out of the discussions. Over the past few weeks I have goten rather
> confortable useing Radiator. Our services were in major need of an upgrade
> and somehow I got talked into going threw with it bye my boss. I belive
> my upgrade to be rather sucessful, any how here are my two small
> problems.
> 
> - I am sure this should be an easy thing to fix... Yet I couldn't 
>   seem to put my finger on the solution.
> 
> A: Fri Aug 23 06:17:36 2002: WARNING: No Hosts defined for 
>    Radius::AuthSQLRADIUS at 'conf/radius.cfg' line 82
>  
> 
> - I put some comments in the radius.cfg file that describe this a bit more
>   I was actually able to make this problem disapear, yet I am not sure if
>   the way I did it is the most secure, or if it's even logical. (* forgive
>   my basic Radius knowledge *)
> 
This disapeared when I switched my Nas-address to an actual ip.

> B: Fri Aug 23 06:31:57 2002: WARNING:  Could not find a Client for NAS 
>    127.0.0.1 to double-check Simultaneous-Use. Perhaps you do not have 
>    a reverse DNS for that NAS?
> 

I still have this problem... =\
> C: There is one more big problem I am having but I am hoping that by fixing
>    these two the problem will resolve it's self.
> 
> Any help you can give me would be great. I have a deadline aproaching
> I havent slept in 48 hours, and I really need to understand what exactly
> is going on here.
> 
> I am at your mercy O radius gods...
> 
> -James.
> 
> 
> 
> 
> 
> (this is generated when I send an Accounting Start Packet)
> Snipet from the Log: 
> ---------------------------------------------------------------START
> Fri Aug 23 06:31:57 2002: DEBUG: Packet dump:
> *** Received from 65.162.79.155 port 32772 ....
> Code:       Accounting-Request
> Identifier: 52
> Authentic:  <166><158><146><154><179><22>><3><183><201><0><223><156><215>z<8>
> Attributes:
>         User-Name = "ez/joeblow at ememberaccess.com"
>         Service-Type = Framed-User
>         NAS-IP-Address = 127.0.0.1
>         NAS-Port = 1234
>         NAS-Port-Type = Async
>         Acct-Session-Id = "00001235"
>         Acct-Status-Type = Start
>         Called-Station-Id = "123456789"
>         Calling-Station-Id = "987654321"
>         Framed-IP-Address = 255.255.255.254
> 
> Fri Aug 23 06:31:57 2002: DEBUG: Handling request with Handler 'Realm =
> ememberaccess.com'
> Fri Aug 23 06:31:57 2002: DEBUG: Rewrote user name to joeblow at ememberaccess.com
> Fri Aug 23 06:31:57 2002: DEBUG:  Adding session for
> ez/joeblow at ememberaccess.com, 127.0.0.1, 1234
> Fri Aug 23 06:31:57 2002: DEBUG: do query is: DELETE FROM radonline WHERE
> nasidentifier='127.0.0.1' AND nasport=1234
> 
> Fri Aug 23 06:31:57 2002: DEBUG: do query is: INSERT INTO radonline (username,
> time_stamp_pkt, time_stamp_local, nasidentifier, nasport, nasporttype,
> acctsessionid, framedipaddress, servicetype, calledstation, callingstation,
> acctsessiontime) VALUES ('ez/joeblow at ememberaccess.com', 1030109517, NOW(),
> '127.0.0.1', 1234, 'Async', '00001235', '255.255.255.254', 'Framed-User',
> '123456789', '987654321', '')
> 
> Fri Aug 23 06:31:57 2002: DEBUG: Handling with Radius::AuthGROUP
> Fri Aug 23 06:31:57 2002: DEBUG: Handling with Radius::AuthSQL
> Fri Aug 23 06:31:57 2002: DEBUG: Handling with Radius::AuthSQL
> Fri Aug 23 06:31:57 2002: DEBUG: Handling accounting with Radius::AuthSQL
> Fri Aug 23 06:31:57 2002: DEBUG: do query is: UPDATE subscribers SET
> timeleft=timeleft-0 WHERE username='joeblow at ememberaccess.com'
> 
> Fri Aug 23 06:31:57 2002: DEBUG: do query is: insert into accounting
>                 (username, time_stamp_pkt, time_stamp_local, acctstatustype,
> acctsessionid, nasidentifier, nasport, framedipaddress, calledstation,
> callingstation) 
>                 values 
>                 ('joeblow at ememberaccess.com', '2002-08-23 06:3157', NOW(),
> 'Start', '00001235', '127.0.0.1', 1234, '255.255.255.254', '123456789',
> '987654321')
> 
> Fri Aug 23 06:31:57 2002: DEBUG: Query is: SELECT nasidentifier, nasport,
> acctsessionid, framedipaddress FROM  radonline WHERE
> username='ez/joeblow at ememberaccess.com'
> 
> Fri Aug 23 06:31:57 2002: WARNING:  Could not find a Client for NAS 127.0.0.1
> to double-check Simultaneous-Use. Perhaps you do not have a reverse DNS for
> that NAS?
> ---------------------------------------------------------------END
> 
> >>> Notice the nice warning message. It'a a beauty ehh, ;) any how
> >>> that's my major problem because now all of my accounting packets
> >>> are not replying. 
> 
> 
> radius.cfg
> ---------------------------------------------------------------START
> DefineGlobalVar mysqlsource dbi:mysql:radiusd_db
> DefineGlobalVar mysqluser user
> DefineGlobalVar mysqlpass pass
> 
> #Foreground
> #LogStdout
> LogDir		/usr/local/radiator/log/
> LogFile 	/serve/radius/logs/radius.log
> DbDir		/usr/local/radiator/raddb/
> 
> Trace		4
> BindAddress	65.162.79.133
> 
> <ClientListSQL>
> 	DBSource	%{GlobalVar:mysqlsource}
> 	DBUsername	%{GlobalVar:mysqluser}
> 	DBAuth		%{GlobalVar:mysqlpass}
> 
>     GetClientQuery \
>             SELECT nasidentifier, secret, ignoreacctsignature, dupinterval, \
>                     defaultrealm, 'unknown', snmpcommunity, livingstonoffs, \
>                     livingstonhole, framedgroupbaseaddress, \
>                     framedgroupmaxportsperclassc, rewriteusername, \
>                     noignoreduplicates, prehandlerhook \
>              FROM   radclientlist
> 
> 
> </ClientListSQL>
> 
> 
> <SessionDatabase SQL>
> 
> 	DBSource	%{GlobalVar:mysqlsource}
> 	DBUsername	%{GlobalVar:mysqluser}
> 	DBAuth		%{GlobalVar:mysqlpass}
> 
>     # This query is used to insert an enrty to the radiusd_db.radonline
>     # table. This is extreamly important! do not remove this query!
> 
> --------

Ignore this note, i found it to be untrue... sorry. It fails reguradless
> >>> NOTE! what I find interesting is if I remove nasporttype, and
> >>>       '%{NAS-Port-Type}', my accounting packets magicly work 
> >>>       again? I know it is somehow used to check Simultaneous
> >>>       use but I gues I am a bit fuzzy as to how? And Why inserting
> >>>       it into the radonline table has anything to do with it.
> >>>       It just seems weird that this would fix it as I dont belive
> >>>       i even do a select on it?
> --------
>     AddQuery INSERT INTO radonline \
>                  (username, time_stamp_pkt, time_stamp_local, \
>                   nasidentifier, nasport, nasporttype, acctsessionid, \
>                   framedipaddress, servicetype, \
>                   calledstation, callingstation, acctsessiontime) \
>              VALUES \
>                  ('%u', %{Timestamp}, NOW(), '%N', %{NAS-Port}, \
>                  '%{NAS-Port-Type}', '%{Acct-Session-Id}', \
>                  '%{Framed-IP-Address}', \
>                  '%{Service-Type}', '%{Called-Station-Id}', \
>                  '%{Calling-Station-Id}', '%{Acct-Session-Time}')
> 
>     # This query is used to delete users from the radiusd_db.radonline
>     # table. 
>     DeleteQuery DELETE FROM radonline \
>                 WHERE \
>                     nasidentifier='%N' \
>                     AND \
>                     nasport=%{NAS-Port}
> 
> 
>     CountQuery SELECT \
>                    nasidentifier, nasport, acctsessionid, framedipaddress \
>                FROM  \
>                    radonline \
>                WHERE \
>                    username='%u'
> 
>     ClearNasQuery DELETE FROM radonline \
>                   WHERE nasidentifier='%N'
> 
> 
> 
> </SessionDatabase>
> 
> Include %D/includes.cfg
> ---------------------------------------------------------------END
> 
> includes.cfg
> Include %D/realms/ememberaccess.com
> 
> ememberaccess.com
> ---------------------------------------------------------------START
> 
> <Handler Realm = ememberaccess.com>
>     # Remove prefix (if necessary)
>     # WE DON'T MESS WITH PREFIXES ANYMORE
>     RewriteUsername s/^ez\/(.*)/$1/
> 
>     <AuthLog FILE>
>         LogSuccess 1
>         LogFailure 1
>         Filename /usr/local/radiator/log/realms/%R/%R_auth_%m%d%Y.log
>     </AuthLog>
> 
>     # LOCAL RADIUS AND EMAIL
>     # Authby clauses for accounting and auth
> 
>     <AuthBy GROUP>
> 
>         DefaultSimultaneousUse 1
>         AuthByPolicy ContinueWhileIgnore
> 
> 
>         ### LOCAL AuthBy Definitions
>         ### When Handling Locally, We Must Maintain User Timelimits.
>         ### So We Must Seperate Auth as well as Accounting Stop and Start.
> 
>         <AuthBy SQL>
>     
>             DBSource    %{GlobalVar:mysqlsource}
>             DBUsername    %{GlobalVar:mysqluser}
>             DBAuth        %{GlobalVar:mysqlpass}
> 
>             DefaultSimultaneousUse 1
>             NoDefault
> 
>             # We want to ignore the accounting here so that it will continue
>             # forward to the next authby sql segment.
>             IgnoreAccounting
> 
>             # # This is a new feature we do not support yet.
>             # HandleAcctStatusTypes Start,Stop,Alive,Cancel,\
>             #                       Accounting-On,Accounting-Off
> 
> 
>             RejectEmptyPassword
> 
>             # Custom AuthSelect so we can make sure people aren't 
>             # using more time than they bought.
>             AuthSelect SELECT password,checkattr,replyattr, \
>                               LEAST(sestimeout,timeleft) \
>                               FROM subscribers \
>                               WHERE username='%n' and timeleft > 0
> 
>             AuthColumnDef 0,User-Password,check
>             AuthColumnDef 1,GENERIC,check
>             AuthColumnDef 2,GENERIC,reply
>             AuthColumnDef 3,Session-Timeout,reply
> 
> 
>             AddToReply    Service-Type=Framed-User,\
>                           Framed-Protocol=PPP,\
>                           Framed-IP-Address=255.255.255.254,\
>                           Framed-IP-Netmask=255.255.255.255,\
>                           Port-Limit=1,\
>                           Idle-Timeout=1200,\
>                           Ascend-Data-Filter="ip in forward tcp est",\
>                           Ascend-Data-Filter="ip in forward dstip 111.11.1.1",\
>                           Ascend-Data-Filter="ip in drop tcp dstport = 25",\
>                           Ascend-Data-Filter="ip in forward"
> 
>         </AuthBy>
> 
>         <AuthBy SQL>
> 
>             DBSource    %{GlobalVar:mysqlsource}
>             DBUsername    %{GlobalVar:mysqluser}
>             DBAuth        %{GlobalVar:mysqlpass}
> 
>             # Dont look for a defualt handler
>             NoDefault
> 
>             AcctFailedLogFileName /usr/local/radiator/log/realms/%R/%R_acctFAILED_%m%d%Y.log
> 
>             IgnoreAuthentication
>  
>             # Used to ignore non Acounting stop packets.
>             # AccountingStopsOnly
> 
>             # AcctSQLStatement runs an SQL statement of our choice before
>             # the standard accounting SQL query
>             # Adjust timeleft when they logout
> 
>             AcctSQLStatement UPDATE subscribers \
>                              SET timeleft=timeleft-0%{Acct-Session-Time} \
>                              WHERE username='%n'
> 
>             # You may want to tailor these for your ACCOUNTING table
>             # You can add your own columns to store whatever you like
>             AccountingTable    accounting
>             AcctColumnDef      username,%n,formatted
>             AcctColumnDef      time_stamp_pkt,Timestamp,formatted-date,\ 
>                                '%Y-%m-%e %H:%M%S'
>             AcctColumnDef      time_stamp_local,NOW(),literal
>             AcctColumnDef      acctstatustype,Acct-Status-Type
>             AcctColumnDef      acctdelaytime,Acct-Delay-Time,integer
>             AcctColumnDef      acctinputoctets,Acct-Input-Octets,integer
>             AcctColumnDef      acctoutputoctets,Acct-Output-Octets,integer
>             AcctColumnDef      acctsessionid,Acct-Session-Id
>             AcctColumnDef      acctsessiontime,Acct-Session-Time,integer
>             AcctColumnDef      acctterminatecause,Acct-Terminate-Cause
>             AcctColumnDef      nasidentifier,NAS-IP-Address
>             AcctColumnDef      nasport,NAS-Port,integer
>             AcctColumnDef      framedipaddress,Framed-IP-Address
>             AcctColumnDef      calledstation,Called-Station-Id
>             AcctColumnDef      callingstation,Calling-Station-Id
> 
>         </AuthBy>
> 
>     </AuthBy>
> 
> </Handler>
> ---------------------------------------------------------------END
> 
> 
> 
> 


===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list