(RADIATOR) SNMP problem with PM3..
Michael Bellears
mbellears at staff.datafx.com.au
Mon Jan 7 19:56:54 CST 2002
Hi,
This has been discussed on the list before, but I cannot seem to find a
resolution ;)
One of our clients has Radiator 2.18 with Radmin 1.5 running on Debian
Linux 2.2, using PM3 NAS's.
Denying Simultaneous use has never worked when clients connect with
multilink ISDN connections - I now see that the SNMP query has stopped
for some reason -> (The following user has max simultaneous logins set
to 4)
##############################################################
Tue Jan 8 11:22:59 2002: DEBUG: Packet dump:
*** Received from xxx.xxx.xxx.xxx port 1026 ....
Code: Access-Request
Identifier: 111
Authentic: o<224>a<136><27><30><217>t<162>*<141>V<149><134>Z5
Attributes:
User-Name = "amg"
User-Password =
"<239>5D<253>l<225><240>H<189><14><136><16><222>Q}*"
NAS-IP-Address = xxx.xxx.xxx.xxx
NAS-Port = 21
NAS-Port-Type = ISDN
Service-Type = Framed-User
Framed-Protocol = PPP
Called-Station-Id = "xxxxxxxx"
Calling-Station-Id = "xxxxxxxx"
Tue Jan 8 11:22:59 2002: DEBUG: Handling request with Handler
'Realm=DEFAULT'
Tue Jan 8 11:22:59 2002: DEBUG: Deleting session for amg,
xxx.xxx.xxx.xxx, 21
Tue Jan 8 11:22:59 2002: DEBUG: do query is: delete from RADONLINE
where NASIDENTIFIER='xxx.xxx.xxx.xxx' and NASPORT=021
Tue Jan 8 11:22:59 2002: DEBUG: Handling with Radius::AuthRADMIN
Tue Jan 8 11:22:59 2002: DEBUG: do query is: insert into RADMESSAGES
(TIME_STAMP, TYPE, MESSAGE) values (1010452979, 4, 'Handling with
Radius::AuthRADMIN')
Tue Jan 8 11:22:59 2002: DEBUG: Handling with Radius::AuthRADMIN
Tue Jan 8 11:22:59 2002: DEBUG: do query is: insert into RADMESSAGES
(TIME_STAMP, TYPE, MESSAGE) values (1010452979, 4, 'Handling with
Radius::AuthRADMIN')
Tue Jan 8 11:22:59 2002: DEBUG: Query is: select PASS_WORD,
STATICADDRESS, TIMELEFT, MAXLOGINS from RADUSERS where USERNAME='amg'
and BADLOGINS < 5 and VALIDFROM < 1010452979 and VALIDTO > 1010452979
Tue Jan 8 11:22:59 2002: DEBUG: Radius::AuthRADMIN looks for match with
amg
Tue Jan 8 11:22:59 2002: DEBUG: do query is: insert into RADMESSAGES
(TIME_STAMP, TYPE, MESSAGE) values (1010452979, 4, 'Radius::AuthRADMIN
looks for match with amg')
Tue Jan 8 11:22:59 2002: DEBUG: Query is: select NASIDENTIFIER,
NASPORT, ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where
USERNAME='amg'
Tue Jan 8 11:22:59 2002: DEBUG: Radius::AuthRADMIN ACCEPT:
Tue Jan 8 11:22:59 2002: DEBUG: do query is: insert into RADMESSAGES
(TIME_STAMP, TYPE, MESSAGE) values (1010452979, 4, 'Radius::AuthRADMIN
ACCEPT: ')
Tue Jan 8 11:22:59 2002: DEBUG: do query is: update RADUSERS set
BADLOGINS=0 where USERNAME='amg'
Tue Jan 8 11:22:59 2002: DEBUG: Handling with Radius::AuthDYNADDRESS
Tue Jan 8 11:22:59 2002: DEBUG: Access accepted for amg
Tue Jan 8 11:22:59 2002: DEBUG: Packet dump:
*** Sending to xxx.xxx.xxx.xxx port 1026 ....
Code: Access-Accept
Identifier: 111
Authentic: o<224>a<136><27><30><217>t<162>*<141>V<149><134>Z5
Attributes:
Framed-IP-Address = yyy.yyy.yyy.yyy
Framed-Protocol = PPP
Framed-IP-Netmask = 255.255.255.255
Framed-Routing = None
Framed-MTU = 1500
Framed-Compression = Van-Jacobson-TCP-IP
Tue Jan 8 11:22:59 2002: DEBUG: Packet dump:
*** Received from xxx.xxx.xxx.xxx port 1026 ....
Code: Accounting-Request
Identifier: 112
Authentic: ~^<159><185><179><206>~+<219><21> <5>O<25><234>W
Attributes:
Acct-Session-Id = "7700026E"
User-Name = "amg"
NAS-IP-Address = xxx.xxx.xxx.xxx
NAS-Port = 21
NAS-Port-Type = ISDN
Acct-Status-Type = Start
Acct-Authentic = RADIUS
Called-Station-Id = "xxxxxxxx"
Calling-Station-Id = "xxxxxxxx"
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Address = yyy.yyy.yyy.yyy
Acct-Delay-Time = 0
Tue Jan 8 11:22:59 2002: DEBUG: Handling request with Handler
'Realm=DEFAULT'
Tue Jan 8 11:22:59 2002: DEBUG: Adding session for amg,
xxx.xxx.xxx.xxx, 21
Tue Jan 8 11:22:59 2002: DEBUG: do query is: delete from RADONLINE
where NASIDENTIFIER='xxx.xxx.xxx.xxx' and NASPORT=021
Tue Jan 8 11:22:59 2002: DEBUG: do query is: insert into RADONLINE
(USERNAME, NASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP,
FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE) values ('amg',
'xxx.xxx.xxx.xxx', 021, '7700026E', 1010452979, 'yyy.yyy.yyy.yyy',
'ISDN', 'Framed-User')
Tue Jan 8 11:22:59 2002: DEBUG: Handling with Radius::AuthRADMIN
Tue Jan 8 11:22:59 2002: DEBUG: do query is: insert into RADMESSAGES
(TIME_STAMP, TYPE, MESSAGE) values (1010452979, 4, 'Handling with
Radius::AuthRADMIN')
Tue Jan 8 11:22:59 2002: DEBUG: Handling accounting with
Radius::AuthRADMIN
Tue Jan 8 11:22:59 2002: DEBUG: do query is: insert into RADMESSAGES
(TIME_STAMP, TYPE, MESSAGE) values (1010452979, 4, 'Handling accounting
with Radius::AuthRADMIN')
Tue Jan 8 11:22:59 2002: DEBUG: do query is: update RADUSERS set
TIMELEFT=TIMELEFT-0, OCTETSINLEFT=OCTETSINLEFT-0,
OCTETSOUTLEFT=OCTETSOUTLEFT-0 where USERNAME='amg'
Tue Jan 8 11:22:59 2002: DEBUG: do query is: insert into RADUSAGE
(USERNAME, TIME_STAMP, ACCTSTATUSTYPE, ACCTDELAYTIME,
ACCTSESSIONID, FRAMEDIPADDRESS, NASIDENTIFIER, NASPORT, DNIS,
Client_Phone_Number)
values
('amg', 1010452979, 1, 0, '7700026E', 'yyy.yyy.yyy.yyy',
'xxx.xxx.xxx.xxx', 21, 'xxxxxxxx', 'xxxxxxxx')
Tue Jan 8 11:22:59 2002: DEBUG: Handling with Radius::AuthDYNADDRESS
Tue Jan 8 11:22:59 2002: DEBUG: Accounting accepted
Tue Jan 8 11:22:59 2002: DEBUG: Packet dump:
*** Sending to xxx.xxx.xxx.xxx port 1026 ....
Code: Accounting-Response
Identifier: 112
Authentic: ~^<159><185><179><206>~+<219><21> <5>O<25><234>W
##############################################################
Whereas, during December I was seeing the following ->
##############################################################
Tue Dec 18 20:55:00 2001: DEBUG: Packet dump:
*** Received from xxx.xxx.xxx.xxx port 1026 ....
Code: Access-Request
Identifier: 236
Authentic:
<234><229>Be<128><235><250>B<141><231><163><15><148><175><28><175>
Attributes:
User-Name = "mfskim"
User-Password =
"u<232>I<11>/<156><232>v<229><195>N<177>o<9>#<12>"
NAS-IP-Address = xxx.xxx.xxx.xxx
NAS-Port = 24
NAS-Port-Type = Async
Service-Type = Framed-User
Framed-Protocol = PPP
Connect-Info = "26400 LAPM/V42BIS"
Called-Station-Id = "xxxxxxxx"
Calling-Station-Id = "xxxxxxxx"
Tue Dec 18 20:55:00 2001: DEBUG: Handling request with Handler
'Realm=DEFAULT'
Tue Dec 18 20:55:00 2001: DEBUG: Deleting session for mfskim,
xxx.xxx.xxx.xxx, 24
Tue Dec 18 20:55:00 2001: DEBUG: do query is: delete from RADONLINE
where NASIDENTIFIER='xxx.xxx.xxx.xxx' and NASPORT=024
Tue Dec 18 20:55:00 2001: DEBUG: Handling with Radius::AuthRADMIN
Tue Dec 18 20:55:00 2001: DEBUG: do query is: insert into RADMESSAGES
(TIME_STAMP, TYPE, MESSAGE) values (1008672900, 4, 'Handling w
ith Radius::AuthRADMIN')
Tue Dec 18 20:55:00 2001: DEBUG: Handling with Radius::AuthRADMIN
Tue Dec 18 20:55:00 2001: DEBUG: do query is: insert into RADMESSAGES
(TIME_STAMP, TYPE, MESSAGE) values (1008672900, 4, 'Handling w
ith Radius::AuthRADMIN')
Tue Dec 18 20:55:00 2001: DEBUG: Query is: select PASS_WORD,
STATICADDRESS, TIMELEFT, MAXLOGINS from RADUSERS where USERNAME='mfskim
' and BADLOGINS < 5 and VALIDFROM < 1008672900 and VALIDTO > 1008672900
Tue Dec 18 20:55:00 2001: DEBUG: Radius::AuthRADMIN looks for match with
mfskim
Tue Dec 18 20:55:00 2001: DEBUG: do query is: insert into RADMESSAGES
(TIME_STAMP, TYPE, MESSAGE) values (1008672900, 4, 'Radius::Au
thRADMIN looks for match with mfskim')
Tue Dec 18 20:55:00 2001: DEBUG: Query is: select NASIDENTIFIER,
NASPORT, ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where USERNA
ME='mfskim'
Tue Dec 18 20:55:00 2001: DEBUG: Checking if user is still online:
Livingston, mfskim, xxx.xxx.xxx.xxx, 11, 770000AD 203.149.64.239
Tue Dec 18 20:55:00 2001: DEBUG: Running command `/usr/bin/snmpget
xxx.xxx.xxx.xxx ******* 2.1.1.1.2.5`
Tue Dec 18 20:55:06 2001: DEBUG: Running command `/usr/bin/snmpget
xxx.xxx.xxx.xxx ******* .3.2.1.1.1.5.16`
Tue Dec 18 20:55:12 2001: NOTICE: Session for mfskim at
xxx.xxx.xxx.xxx:11 has gone away
Tue Dec 18 20:55:12 2001: DEBUG: Deleting session for mfskim,
xxx.xxx.xxx.xxx, 11
Tue Dec 18 20:55:12 2001: DEBUG: do query is: delete from RADONLINE
where NASIDENTIFIER='xxx.xxx.xxx.xxx' and NASPORT=011
Tue Dec 18 20:55:12 2001: DEBUG: Radius::AuthRADMIN ACCEPT:
Tue Dec 18 20:55:12 2001: DEBUG: do query is: insert into RADMESSAGES
(TIME_STAMP, TYPE, MESSAGE) values (1008672912, 4, 'Radius::Au
thRADMIN ACCEPT: ')
Tue Dec 18 20:55:12 2001: DEBUG: do query is: update RADUSERS set
BADLOGINS=0 where USERNAME='mfskim'
Tue Dec 18 20:55:12 2001: DEBUG: Handling with Radius::AuthDYNADDRESS
Tue Dec 18 20:55:12 2001: DEBUG: Query is: select TIME_STAMP, YIADDR,
SUBNETMASK, DNSSERVER from RADPOOL
where POOL='pool1' and STATE=0 order by TIME_STAMP
Tue Dec 18 20:55:12 2001: DEBUG: do query is: update RADPOOL set
STATE=1,
TIME_STAMP=1008672912,
EXPIRY=1008839404, USERNAME='mfskim' where YIADDR='yyy.yyy.yyy.yyy' and
TIME_STAMP =1007701140
Tue Dec 18 20:55:12 2001: DEBUG: Access accepted for mfskim
Tue Dec 18 20:55:12 2001: DEBUG: Packet dump:
*** Sending to xxx.xxx.xxx.xxx port 1026 ....
Code: Access-Accept
Identifier: 236
Authentic:
<234><229>Be<128><235><250>B<141><231><163><15><148><175><28><175>
Attributes:
Session-Timeout = 166492
Framed-Protocol = PPP
Framed-IP-Netmask = 255.255.255.255
Framed-Routing = None
Framed-MTU = 1500
Framed-Compression = Van-Jacobson-TCP-IP
Framed-IP-Netmask = 255.255.255.0
Framed-IP-Address = yyy.yyy.yyy.yyy
##############################################################
The config has not changed since October, any suggestions as to why the
snmpget query would stop ?
config file ->
##############################################################
# You should consider this file to be a starting point only
# $Id $
Foreground
LogStdout
LogDir .
DbDir .
#DbDir /root/radiator/Radiator-2.18
#LogDir /var/log/radacct
DictionaryFile /root/Radiator-2.18/dictionary
# AuthPort specifies the port to list on for authentication requests
# Can be a numeric port number or a service name from /etc/services
# Defaults to 1645
#AuthPort 1645
AuthPort 1812
# AcctPort specifies the port to list on for accounting requests
# Can be a numeric port number or a service name from /etc/services
# Defaults to 1646
#AcctPort 1646
AcctPort 1813
BindAddress xxx.xxx.xxx.2
# Dont turn this up too high, since all log messages are logged
# to the RADMESSAGES table in the database. 3 will give you everything
# except debugging messages
Trace 4
# You will probably want to change this to suit your site.
# You should list all the clients you have, and their secrets
# If you are using the Radmin Clients table, you wil probably
# want to disable this.
#<Client DEFAULT>
# Secret mysecret
# DupInterval 0
#</Client>
# You can put additonal (or all) client details in your Radmin
# database table
# and get their details from there with something like this:
# You can then use the Radmin 'Add Radius Client' to add new clients.
<ClientListSQL>
DBSource dbi:mysql:radmin:localhost
DBUsername radmin
DBAuth xxxxxxxxx
</ClientListSQL>
<SNMPAgent>
Community xxxxxxxx
</SNMPAgent>
# You can also set up an address pool for Radiator to manage.
# The standard Radmin tables include a RADPOOL address pool table.
# see the example in addressallocator.cfg
<AddressAllocator SQL>
# This name allows us to refer to it from inside
# an AuthBy DYNADDRESS
Identifier myallocator
# For mysql, use something like this
DBSource dbi:mysql:radmin:localhost
DBUsername radmin
DBAuth xxxxxxxxx
# If SessionTimeout is set by a previous AuthBy
# then that is used as the expiry time. Otherwise
# DefaultLeasePeriod (in seconds) is used.
# Defaults to 1 day
#DefaultLeasePeriod 86400
# How often we check the database for expired leases
# leases can expire if an acounting stop is lost
# or if the session goes longer than the lease
# we originally asked for. Defaults to 1 day.
#LeaseReclaimInterval 86400
# Define the pools that are to be in our database
# defining pools here will make AddressAllocator SQL
# ensure that all the addresses are present in the database
# at startup. You dont have to define pools here. If you dont,
# AddressAllocator SQL will just use whatever addresses
# it finds in the RADPOOL table.
<AddressPool pool1>
Subnetmask 255.255.255.0
Range xxx.xxx.xxx.200 xxx.xxx.xxx.250
DNSServer xxx.xxx.xxx.1
</AddressPool>
# <AddressPool pool2>
# Subnetmask 255.255.255.127
# Range 192.2.2.62 192.2.2.99
# </AddressPool>
</AddressAllocator>
# Handle everyone with RADMIN
<Realm DEFAULT>
AuthByPolicy ContinueWhileAccept
<AuthBy RADMIN>
# Change DBSource, DBUsername, DBAuth for your database
# See the reference manual. You will also have to
# change the one in <SessionDatabse SQL> below
# so its the same
DBSource dbi:mysql:radmin:localhost
DBUsername radmin
DBAuth xxxxxxxxx
# You can add to or change these if you want, but you
# will probably want to change the database schema first
AccountingTable RADUSAGE
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type,integer
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef
ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef
ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef
ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef
ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
AcctColumnDef NASIDENTIFIER,NAS-Identifier
AcctColumnDef NASIDENTIFIER,NAS-IP-Address
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef DNIS,Called-Station-Id
AcctColumnDef Client_Phone_Number,Calling-Station-Id
AcctColumnDef Connect_info,Connect-Info
# This updates the time and octets left
# for this user
AcctSQLStatement update RADUSERS set
TIMELEFT=TIMELEFT-0%{Acct-Session-Time},
OCTETSINLEFT=OCTETSINLEFT-0%{Acct-Input-Octets},
OCTETSOUTLEFT=OCTETSOUTLEFT-0%{Acct-Output-Octets} where USERNAME='%n'
# These are the classic things to add to each users
# reply to allow a PPP dialup session. It may be
# different for your NAS. This will add some
# reply items to everyone's reply
AddToReply Framed-Protocol = PPP,\
Framed-IP-Netmask = 255.255.255.255,\
Framed-Routing = None,\
Framed-MTU = 1500,\
Framed-Compression = Van-Jacobson-TCP-IP
</AuthBy>
# AuthBy DYNADDRESS needs to be the last AuthBy. If
# all the previous ones have succeeded, then an address
# is allocated
<AuthBy DYNADDRESS>
# This refers to the AddressAllocator
# defined below. IT says tyo us that allocator
# to get an address. Insterad ofg this, you can
# put the <AddressAllocator xxx> clause directly
# in here
Allocator myallocator
# This specifies how to form the pool hint, that
# the allocator uses to specifiy which pool
# to allocate an address from. The default
# is %{Reply:PoolHint}, ie a pseudo
# attribute in teh current reply,
# presumably set by an earlier
# AuthBy, but it could be for example
# the NAS IP address or similar, or a hardwired
# string.
#PoolHint %{Reply:PoolHint}
PoolHint pool1
# These parameters tell us how to set reply
# attribtues from the result of the allocation.
# The left hand side of each pair is
# the "name" of the data item. The right hand
# side is the Radius attribute name to use
# in the reply. The valid data item names are:
# yiaddr - The allocated address
# subnetmask - The subnet mask to use
# dnsserver - the IP address of the DNS server
# The defualt mappings are:
#MapAttribute yiaddr, Framed-IP-Address
#MapAttribute subnetmask, Framed-IP-Netmask
# The AuthBy FILE above sets the pseudo reply attribute
# PoolHint as the clue to the address allocator
# need to strip it out at the end of processing
StripFromReply PoolHint
</AuthBy>
<AuthLog FILE>
Identifier myauthlogger
Filename authlog
SuccessFormat
%l:NAS:%N:Calling_Number:%{Calling-Station-Id}:Username:%U:Password:%P:Assigned:%a:Reply:%{Reply:Reply-Message}:Connect_In
fo:%{Connect-Info}:SUCCESS
FailureFormat
%l:NAS:%N:Calling_Number:%{Calling-Station-Id}:Username:%U:Password:%P:Reply:%{Reply:Reply-Message}:FAILURE
LogSuccess 1
LogFailure 1
</AuthLog>
</Realm>
<SessionDatabase SQL>
# This database spec usually should be exactly the same
# as in <AuthBy RADMIN> above
DBSource dbi:mysql:radmin:localhost
DBUsername radmin
DBAuth xxxxxxxxx
#####################################################
Regards,
Michael
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list