(RADIATOR) SNMP not correctly identifying multiple logins
David Miller
dmiller at newportnet.com
Fri Jan 4 18:16:07 CST 2002
Hi all:
Have been relying on a session database to enforce multiple login limits,
but after our data link provider experienced a temporary routing problem
that left the
session database out of sync with the actual users connected, decided a
little more robust
solution was in order.
Have been attempting to use the snmpget program to verify multiple login
violations
with the Livingston Portmaster NASes (PM25 and PM3). These NASes service
channelized T1
lines. The snmpget program is getting called as shown in the trace below,
but multiple
logins are not getting correctly identified. Logging into the NAS shows
the sessions were still actually active. Have tried various settings for the
LivingstonHole and LivingstonOffs parameters, but to no avail.
Radiator (version 2.18.4) is running on RedHat Linux 7.1, snmpget program
is from
ucd-snmp-4.2.1-4.7.x rpm from sourceforge. I know these are not the most
current versions
of Radiator, and snmp (plan to upgrade as soon as we finish a move to new
facilities).
Running the first snmpget command shown in the trace from the command line
results
in the following output (community string sanitized):
[root at dns2 radiator]# snmpget 204.250.116.14 xxxxxxx
.iso.org.dod.internet.private.enterprises.307.2.1.1.1.2.5
Error in packet
Reason: (noSuchName) There is no such variable name in this MIB.
Failed object: enterprises.307.2.1.1.1.2.5
Please forgive my ignorance of snmp, just starting to get my feet wet.
Please let me know if I can supply any additional information. Any insights
would be appreciated.
Regards,
David Miller
dmiller at newportnet.com
----------------------------
# radius.cfg
#
#=====================
# Global Parameters
#=====================
LogDir /var/log/radius
DbDir /etc/radiator/raddb
AuthPort 1645
AcctPort 1646
# User a low trace level in production systems. Increase
# it to 4 or 5 for debugging, or use the -trace flag to radiusd
# Trace 3
Trace 4
# Log file, in form of logfile.dd_Mmm_yyy
LogFile %L/logfile.%d_%v_%Y
# Username Rewrite Rules. Strip off realm name, change to lowercase, and remove
# any whitespace.
RewriteUsername s/^([^@]+).*/$1/
RewriteUsername tr/A-Z/a-z/
RewriteUsername s/\s+//g
# location of snmpget program
SnmpgetProg /usr/bin/snmpget
# Livingston hole and offs
# LivingstonHole 1
# LivingstonOffs 22
#===========
# Clients
#===========
<Client a.b.c.d>
Secret xxxxxx
DupInterval 2
NasType Livingston
SNMPCommunity xxxxxx
</Client>
<Client a.b.c.e>
Secret xxxxxx
DupInterval 2
NasType Livingston
SNMPCommunity xxxxxx
</Client>
<Client a.b.c.f>
Secret xxxxxx
DupInterval 2
NasType Livingston
SNMPCommunity xxxxxx
</Client>
<Client a.b.c.g>
Secret xxxxxx
DupInterval 2
NasType Livingston
SNMPCommunity xxxxxx
</Client>
<Client a.b.c.h>
Secret xxxxxx
DupInterval 2
NasType Livingston
SNMPCommunity xxxxxx
</Client>
#==================
# Session Database
#==================
<SessionDatabase SQL>
Identifier RadiusDB1
DBSource dbi:DB2:radius2
DBUsername xxxxxxx
DBAuth xxxxxxx
</SessionDatabase SQL>
#==================
# Realms
#==================
<Realm DEFAULT>
# Session Database to use
SessionDatabase RadiusDB1
<AuthBy FILE>
# Make passwords case insensitive
CaseInsensitivePasswords
# Default SimultaneousUse. Can be overridden on a per user basis.
DefaultSimultaneousUse 1
Filename %D/users
# no caching for test purposes
# Nocache
</AuthBy>
# Log accounting to a detail file
# Detail filename in form of detail.dd_Mmm_yyy
AcctLogFileName %L/detail.%d_%v_%Y
</Realm>
----------------------------------------------
debug trace, community strings sanitized
----------------------------------------------
Thu Jan 3 15:15:40 2002: DEBUG: Packet dump:
*** Received from 206.158.98.10 port 1026 ....
Code: Access-Request
Identifier: 204
Authentic: <157><192>x<241><7><224><247>@<241><150><19><253><154><17>>r
Attributes:
User-Name = "kstevens"
User-Password = "<241>+<18><130>j{<147><220><216><232><228><236>h^<149>]"
NAS-IP-Address = 206.158.98.10
NAS-Port = 10
NAS-Port-Type = Async
Service-Type = Framed-User
Framed-Protocol = PPP
Connect-Info = "48000 LAPM/V42BIS"
Thu Jan 3 15:15:40 2002: DEBUG: Rewrote user name to kstevens
Thu Jan 3 15:15:40 2002: DEBUG: Rewrote user name to kstevens
Thu Jan 3 15:15:40 2002: DEBUG: Rewrote user name to kstevens
Thu Jan 3 15:15:40 2002: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Thu Jan 3 15:15:40 2002: DEBUG: RadiusDB1 Deleting session for kstevens,
206.158.98.10, 10
Thu Jan 3 15:15:40 2002: DEBUG: do query is: delete from RADONLINE where
NASIDENTIFIER='206.158.98.10' and NASPORT=010
Thu Jan 3 15:15:40 2002: DEBUG: Handling with Radius::AuthFILE:
Thu Jan 3 15:15:40 2002: DEBUG: Radius::AuthFILE looks for match with kstevens
Thu Jan 3 15:15:40 2002: DEBUG: Query is: select NASIDENTIFIER, NASPORT,
ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where USERNAME='kstevens'
Thu Jan 3 15:15:40 2002: DEBUG: Checking if user is still online:
Livingston, kstevens, 206.158.98.11, 26, 2400184E 206.158.99.81
Thu Jan 3 15:15:40 2002: DEBUG: Running command `/usr/bin/snmpget
206.158.98.11 xxxxxxxx
.iso.org.dod.internet.private.enterprises.307.2.1.1.1.2.5`
Thu Jan 3 15:15:40 2002: DEBUG: Running command `/usr/bin/snmpget
206.158.98.11 xxxxxxxx
.iso.org.dod.internet.private.enterprises.307.3.2.1.1.1.5.30`
Thu Jan 3 15:15:40 2002: NOTICE: RadiusDB1 Session for kstevens at
206.158.98.11:26 has gone away
Thu Jan 3 15:15:40 2002: DEBUG: RadiusDB1 Deleting session for kstevens,
206.158.98.11, 26
Thu Jan 3 15:15:40 2002: DEBUG: do query is: delete from RADONLINE where
NASIDENTIFIER='206.158.98.11' and NASPORT=026
Thu Jan 3 15:15:40 2002: DEBUG: Radius::AuthFILE ACCEPT:
Thu Jan 3 15:15:40 2002: DEBUG: Access accepted for kstevens
Thu Jan 3 15:15:40 2002: DEBUG: Packet dump:
*** Sending to 206.158.98.10 port 1026 ....
Code: Access-Accept
Identifier: 204
Authentic: <157><192>x<241><7><224><247>@<241><150><19><253><154><17>>r
Attributes:
Thu Jan 3 15:15:41 2002: DEBUG: Packet dump:
*** Received from 206.158.98.10 port 1026 ....
Code: Accounting-Request
Identifier: 205
Authentic: <159><11><162><210>w<174><8><215><22><174>n<171>K<182><226>e
Attributes:
Acct-Session-Id = "2F002436"
User-Name = "kstevens"
NAS-IP-Address = 206.158.98.10
NAS-Port = 10
NAS-Port-Type = Async
Acct-Status-Type = Start
Acct-Authentic = RADIUS
Connect-Info = "48000 LAPM/V42BIS"
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Address = 206.158.99.22
Acct-Delay-Time = 0
Thu Jan 3 15:15:41 2002: DEBUG: Rewrote user name to kstevens
Thu Jan 3 15:15:41 2002: DEBUG: Rewrote user name to kstevens
Thu Jan 3 15:15:41 2002: DEBUG: Rewrote user name to kstevens
Thu Jan 3 15:15:41 2002: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Thu Jan 3 15:15:41 2002: DEBUG: RadiusDB1 Adding session for kstevens,
206.158.98.10, 10
Thu Jan 3 15:15:41 2002: DEBUG: do query is: delete from RADONLINE where
NASIDENTIFIER='206.158.98.10' and NASPORT=010
Thu Jan 3 15:15:41 2002: DEBUG: do query is: insert into RADONLINE
(USERNAME, NASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP,
FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE) values ('kstevens',
'206.158.98.10', 010, '2F002436', 1010099741, '206.158.99.22', 'Async',
'Framed-User')
Thu Jan 3 15:15:41 2002: DEBUG: Handling with Radius::AuthFILE:
Thu Jan 3 15:15:41 2002: DEBUG: Accounting accepted
Thu Jan 3 15:15:41 2002: DEBUG: Packet dump:
*** Sending to 206.158.98.10 port 1026 ....
Code: Accounting-Response
Identifier: 205
Authentic: <159><11><162><210>w<174><8><215><22><174>n<171>K<182><226>e
Attributes:
<snip>
Thu Jan 3 15:19:37 2002: DEBUG: Packet dump:
*** Received from 206.158.98.10 port 1026 ....
Code: Access-Request
Identifier: 214
Authentic: <224>oO",<127><181><133><240>X4"<134><252>p<0>
Attributes:
User-Name = "wheelhouse"
User-Password = "(g<182>:<227><198><148>Fs<178><4>o<205><255>0<151>"
NAS-IP-Address = 206.158.98.10
NAS-Port = 17
NAS-Port-Type = Async
Service-Type = Framed-User
Framed-Protocol = PPP
Connect-Info = "28800 LAPM/V42BIS"
Thu Jan 3 15:19:37 2002: DEBUG: Rewrote user name to wheelhouse
Thu Jan 3 15:19:37 2002: DEBUG: Rewrote user name to wheelhouse
Thu Jan 3 15:19:37 2002: DEBUG: Rewrote user name to wheelhouse
Thu Jan 3 15:19:37 2002: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Thu Jan 3 15:19:37 2002: DEBUG: RadiusDB1 Deleting session for wheelhouse,
206.158.98.10, 17
Thu Jan 3 15:19:37 2002: DEBUG: do query is: delete from RADONLINE where
NASIDENTIFIER='206.158.98.10' and NASPORT=017
Thu Jan 3 15:19:37 2002: DEBUG: Handling with Radius::AuthFILE:
Thu Jan 3 15:19:37 2002: DEBUG: Radius::AuthFILE looks for match with
wheelhouse
Thu Jan 3 15:19:37 2002: DEBUG: Query is: select NASIDENTIFIER, NASPORT,
ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where USERNAME='wheelhouse'
Thu Jan 3 15:19:37 2002: DEBUG: Checking if user is still online:
Livingston, wheelhouse, 206.158.98.11, 2, 2400187D 206.158.99.75
Thu Jan 3 15:19:37 2002: DEBUG: Running command `/usr/bin/snmpget
206.158.98.11 xxxxxxxx
.iso.org.dod.internet.private.enterprises.307.2.1.1.1.2.5`
Thu Jan 3 15:19:38 2002: DEBUG: Running command `/usr/bin/snmpget
206.158.98.11 xxxxxxxx
.iso.org.dod.internet.private.enterprises.307.3.2.1.1.1.5.7`
Thu Jan 3 15:19:38 2002: NOTICE: RadiusDB1 Session for wheelhouse at
206.158.98.11:2 has gone away
Thu Jan 3 15:19:38 2002: DEBUG: RadiusDB1 Deleting session for wheelhouse,
206.158.98.11, 2
Thu Jan 3 15:19:38 2002: DEBUG: do query is: delete from RADONLINE where
NASIDENTIFIER='206.158.98.11' and NASPORT=02
Thu Jan 3 15:19:38 2002: DEBUG: Radius::AuthFILE ACCEPT:
Thu Jan 3 15:19:38 2002: DEBUG: Access accepted for wheelhouse
Thu Jan 3 15:19:38 2002: DEBUG: Packet dump:
*** Sending to 206.158.98.10 port 1026 ....
Code: Access-Accept
Identifier: 214
Authentic: <224>oO",<127><181><133><240>X4"<134><252>p<0>
Attributes:
Thu Jan 3 15:19:39 2002: DEBUG: Packet dump:
*** Received from 206.158.98.10 port 1026 ....
Code: Accounting-Request
Identifier: 215
Authentic: <23>V.J<243>X&<16>F<250><199>[=<27><186><6>
Attributes:
Acct-Session-Id = "2F002439"
User-Name = "wheelhouse"
NAS-IP-Address = 206.158.98.10
NAS-Port = 17
NAS-Port-Type = Async
Acct-Status-Type = Start
Acct-Authentic = RADIUS
Connect-Info = "28800 LAPM/V42BIS"
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Address = 206.158.99.56
Acct-Delay-Time = 0
Thu Jan 3 15:19:39 2002: DEBUG: Rewrote user name to wheelhouse
Thu Jan 3 15:19:39 2002: DEBUG: Rewrote user name to wheelhouse
Thu Jan 3 15:19:39 2002: DEBUG: Rewrote user name to wheelhouse
Thu Jan 3 15:19:39 2002: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Thu Jan 3 15:19:39 2002: DEBUG: RadiusDB1 Adding session for wheelhouse,
206.158.98.10, 17
Thu Jan 3 15:19:39 2002: DEBUG: do query is: delete from RADONLINE where
NASIDENTIFIER='206.158.98.10' and NASPORT=017
Thu Jan 3 15:19:39 2002: DEBUG: do query is: insert into RADONLINE
(USERNAME, NASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP,
FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE) values ('wheelhouse',
'206.158.98.10', 017, '2F002439', 1010099979, '206.158.99.56', 'Async',
'Framed-User')
Thu Jan 3 15:19:39 2002: DEBUG: Handling with Radius::AuthFILE:
Thu Jan 3 15:19:39 2002: DEBUG: Accounting accepted
Thu Jan 3 15:19:39 2002: DEBUG: Packet dump:
*** Sending to 206.158.98.10 port 1026 ....
Code: Accounting-Response
Identifier: 215
Authentic: <23>V.J<243>X&<16>F<250><199>[=<27><186><6>
Attributes:
<snip>
Thu Jan 3 15:33:11 2002: DEBUG: Packet dump:
*** Received from 206.158.98.11 port 1026 ....
Code: Access-Request
Identifier: 225
Authentic: <31><230><184><225>5b<171><237>m<247><156><217><139><199>T<157>
Attributes:
User-Name = "bhyde"
User-Password = "U<216><136>K#qD<224><180><163><199><244>pij<234>"
NAS-IP-Address = 206.158.98.11
NAS-Port = 32
NAS-Port-Type = Async
Service-Type = Framed-User
Framed-Protocol = PPP
Connect-Info = "49333 LAPM/V42BIS"
Thu Jan 3 15:33:11 2002: DEBUG: Rewrote user name to bhyde
Thu Jan 3 15:33:11 2002: DEBUG: Rewrote user name to bhyde
Thu Jan 3 15:33:11 2002: DEBUG: Rewrote user name to bhyde
Thu Jan 3 15:33:11 2002: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Thu Jan 3 15:33:11 2002: DEBUG: RadiusDB1 Deleting session for bhyde,
206.158.98.11, 32
Thu Jan 3 15:33:11 2002: DEBUG: do query is: delete from RADONLINE where
NASIDENTIFIER='206.158.98.11' and NASPORT=032
Thu Jan 3 15:33:11 2002: DEBUG: Handling with Radius::AuthFILE:
Thu Jan 3 15:33:11 2002: DEBUG: Radius::AuthFILE looks for match with bhyde
Thu Jan 3 15:33:11 2002: DEBUG: Query is: select NASIDENTIFIER, NASPORT,
ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where USERNAME='bhyde'
Thu Jan 3 15:33:11 2002: DEBUG: Checking if user is still online:
Livingston, bhyde, 206.158.98.10, 34, 2F002440 206.158.99.19
Thu Jan 3 15:33:11 2002: DEBUG: Running command `/usr/bin/snmpget
206.158.98.10 xxxxxxxx
.iso.org.dod.internet.private.enterprises.307.2.1.1.1.2.5`
Thu Jan 3 15:33:11 2002: DEBUG: Running command `/usr/bin/snmpget
206.158.98.10 xxxxxxxx
.iso.org.dod.internet.private.enterprises.307.3.2.1.1.1.5.38`
Thu Jan 3 15:33:11 2002: NOTICE: RadiusDB1 Session for bhyde at
206.158.98.10:34 has gone away
Thu Jan 3 15:33:11 2002: DEBUG: RadiusDB1 Deleting session for bhyde,
206.158.98.10, 34
Thu Jan 3 15:33:11 2002: DEBUG: do query is: delete from RADONLINE where
NASIDENTIFIER='206.158.98.10' and NASPORT=034
Thu Jan 3 15:33:11 2002: DEBUG: Radius::AuthFILE ACCEPT:
Thu Jan 3 15:33:11 2002: DEBUG: Access accepted for bhyde
Thu Jan 3 15:33:11 2002: DEBUG: Packet dump:
*** Sending to 206.158.98.11 port 1026 ....
Code: Access-Accept
Identifier: 225
Authentic: <31><230><184><225>5b<171><237>m<247><156><217><139><199>T<157>
Attributes:
Thu Jan 3 15:33:12 2002: DEBUG: Packet dump:
*** Received from 206.158.98.11 port 1026 ....
Code: Accounting-Request
Identifier: 226
Authentic:
<232><209><248>v<12><182><14><127><142><236><221>F<159><190><171><244>
Attributes:
Acct-Session-Id = "2400188D"
User-Name = "bhyde"
NAS-IP-Address = 206.158.98.11
NAS-Port = 32
NAS-Port-Type = Async
Acct-Status-Type = Start
Acct-Authentic = RADIUS
Connect-Info = "49333 LAPM/V42BIS"
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Address = 206.158.99.95
Acct-Delay-Time = 0
Thu Jan 3 15:33:12 2002: DEBUG: Rewrote user name to bhyde
Thu Jan 3 15:33:12 2002: DEBUG: Rewrote user name to bhyde
Thu Jan 3 15:33:12 2002: DEBUG: Rewrote user name to bhyde
Thu Jan 3 15:33:12 2002: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Thu Jan 3 15:33:12 2002: DEBUG: RadiusDB1 Adding session for bhyde,
206.158.98.11, 32
Thu Jan 3 15:33:12 2002: DEBUG: do query is: delete from RADONLINE where
NASIDENTIFIER='206.158.98.11' and NASPORT=032
Thu Jan 3 15:33:12 2002: DEBUG: do query is: insert into RADONLINE
(USERNAME, NASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP,
FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE) values ('bhyde',
'206.158.98.11', 032, '2400188D', 1010100792, '206.158.99.95', 'Async',
'Framed-User')
Thu Jan 3 15:33:12 2002: DEBUG: Handling with Radius::AuthFILE:
Thu Jan 3 15:33:12 2002: DEBUG: Accounting accepted
Thu Jan 3 15:33:12 2002: DEBUG: Packet dump:
*** Sending to 206.158.98.11 port 1026 ....
Code: Accounting-Response
Identifier: 226
Authentic:
<232><209><248>v<12><182><14><127><142><236><221>F<159><190><171><244>
Attributes:
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list