(RADIATOR) Radiator Log showing "No such user.
Ronan Eckelberry
radiator at gowebco.com
Mon Jan 28 19:00:56 CST 2002
Below is the snipit from the log:
Mon Jan 28 14:33:18 2002: DEBUG: Packet dump:
*** Received from 216.54.217.6 port 1026 ....
Code: Access-Request
Identifier: 194
Authentic: #<136><142>4Ty<220>5<171><5>6<165>|~<130>k
Attributes:
User-Name = "crystal1"
User-Password =
"<27><201><151><243>!g^b<7><246><248><184><161><235><242><224>"
NAS-IP-Address = 216.54.217.6
NAS-Port = 30
NAS-Port-Type = Async
Service-Type = Framed-User
Framed-Protocol = PPP
Connect-Info = "31200 LAPM/V42BIS"
Called-Station-Id = "5271011"
Calling-Station-Id = "3524655491"
Mon Jan 28 14:33:18 2002: DEBUG: Handling request with Handler
'Realm=DEFAULT'
Mon Jan 28 14:33:18 2002: DEBUG: Rewrote user name to crystal1
Mon Jan 28 14:33:18 2002: DEBUG: RADONLINE Deleting session for
crystal1, 216.54.217.6, 30
Mon Jan 28 14:33:18 2002: DEBUG: do query is: delete from RADONLINE
where NASIDENTIFIER='216.54.217.6' and NASPORT=030
Mon Jan 28 14:33:18 2002: DEBUG: Handling with Radius::AuthSQL
Mon Jan 28 14:33:18 2002: DEBUG: Handling with Radius::AuthSQL:
SUBSCRIBERS
Mon Jan 28 14:33:18 2002: DEBUG: Query is: select
PASSWORD,PORTLIMIT,STATICIP,SIMLOGIN from SUBSCRIBERS where
USERNAME='crystal1' AND ACTIVE='Y'
Mon Jan 28 14:33:18 2002: DEBUG: Radius::AuthSQL looks for match with
crystal1
Mon Jan 28 14:33:18 2002: DEBUG: Query is: select NASIDENTIFIER,
NASPORT, ACCTSESSIONID from RADONLINE where USERNAME='crystal1'
Mon Jan 28 14:33:18 2002: DEBUG: Checking if user is still online:
unknown, crystal1, 216.54.217.7, 37, 7B00096D
Mon Jan 28 14:33:18 2002: DEBUG: Radius::AuthSQL REJECT:
Simultaneous-Use of 1 exceeded
Mon Jan 28 14:33:18 2002: DEBUG: Query is: select
PASSWORD,PORTLIMIT,STATICIP,SIMLOGIN from SUBSCRIBERS where
USERNAME='DEFAULT' AND ACTIVE='Y'
Mon Jan 28 14:33:18 2002: DEBUG: Handling with Radius::AuthSQL
Mon Jan 28 14:33:18 2002: DEBUG: Handling with Radius::AuthSQL:
LIMITED_20HRS
Mon Jan 28 14:33:18 2002: DEBUG: Query is: select
PASSWORD,PORTLIMIT,STATICIP,SIMLOGIN,TIMELEFT from LIMITED_20HRS where
USERNAME='crystal1' AND ACTIVE='Y'
Mon Jan 28 14:33:18 2002: DEBUG: Radius::AuthSQL looks for match with
crystal1
Mon Jan 28 14:33:18 2002: DEBUG: Query is: select
PASSWORD,PORTLIMIT,STATICIP,SIMLOGIN,TIMELEFT from LIMITED_20HRS where
USERNAME='DEFAULT' AND ACTIVE='Y'
Mon Jan 28 14:33:18 2002: DEBUG: Handling with Radius::AuthSQL
Mon Jan 28 14:33:18 2002: DEBUG: Handling with Radius::AuthSQL:
LIMITED_30HRS
Mon Jan 28 14:33:18 2002: DEBUG: Query is: select
PASSWORD,PORTLIMIT,STATICIP,SIMLOGIN,TIMELEFT from LIMITED_30HRS where
USERNAME='crystal1' AND ACTIVE='Y'
Mon Jan 28 14:33:18 2002: DEBUG: Radius::AuthSQL looks for match with
crystal1
Mon Jan 28 14:33:18 2002: DEBUG: Query is: select
PASSWORD,PORTLIMIT,STATICIP,SIMLOGIN,TIMELEFT from LIMITED_30HRS where
USERNAME='DEFAULT' AND ACTIVE='Y'
Mon Jan 28 14:33:18 2002: INFO: Access rejected for crystal1: No such
user
Mon Jan 28 14:33:18 2002: DEBUG: Packet dump:
*** Sending to 216.54.217.6 port 1026 ....
Code: Access-Reject
Identifier: 194
Authentic: #<136><142>4Ty<220>5<171><5>6<165>|~<130>k
Attributes:
Reply-Message = "No such user"
Below is the Config File without secrets:
DbDir /usr/local/Radiator
DictionaryFile %D/dictionary
#FingerProg /usr/bin/finger
#LivingstonHole 2
#LivingstonOffs 46
LogDir /usr/log/radius
LogFile %L/radius.log
#PmwhoProg /usr/local/sbin/pmwho
SnmpgetProg /usr/local/bin/snmpget
Trace 3
#AuthPort 1812
#AcctPort 1813
<Client localhost>
Description Local Test
DupInterval 0
Secret mysecret
</Client>
<Client ras1.webcosolutions.com>
Description Lucent PM3
DupInterval 2
NasType Livingston
Secret xxxxxx
</Client>
<Client ras2.webcosolutions.com>
Description Lucent PM3
DupInterval 2
NasType Livingston
Secret xxxxxx
</Client>
<Client ras3.webcosolutions.com>
Description Lucent PM3
DupInterval 2
NasType Livingston
Secret xxxxxx
</Client>
<Client ras5.webcosolutions.com>
Description Lucent PM3
DupInterval 2
Secret xxxxxx
</Client>
<Client webco-5300.webcosolutions.com>
Description Cisco AS5300 Access Server
DupInterval 2
NasType Cisco
Secret xxxxxx
</Client>
<Realm DEFAULT>
Description Default Realm for authenticating users
RejectHasReason
RewriteUsername s/^([^@]+).*/$1/
SessionDatabase RADONLINE
AuthByPolicy ContinueWhileReject
<AuthBy SQL>
Identifier SUBSCRIBERS
DBSource dbi:mysql:radius:216.54.217.11
DBUsername xxxxxx
DBAuth xxxxxx
DefaultSimultaneousUse 1
Description Database to use to authenticate users
FailureBackoffTime 5
Timeout 10
AuthSelect select PASSWORD,PORTLIMIT,STATICIP,SIMLOGIN
from SUBSCRIBERS where USERNAME='%n' AND ACTIVE='Y'
# AuthSelect select PASSWORD from SUBSCRIBERS where USERNAME='%n'
AuthColumnDef 0,User-Password,check
AuthColumnDef 1,Port-Limit,reply
AuthColumnDef 2,Framed-IP-Address,reply
AuthColumnDef 3,Simultaneous-Use,check
AccountingTable ACCOUNTING
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer-date
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef
ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
AcctColumnDef NASIDENTIFIER,NAS-IP-Address
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef NASPORTTYPE,NAS-Port-Type,integer
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
AcctColumnDef SERVICETYPE,Service-Type,integer
AcctColumnDef CALLINGSTATIONID,Calling-Station-Id
AcctColumnDef CALLEDSTATIONID,Called-Station-Id
AddToReply Service-Type="Framed-User", \
Framed-Protocol="PPP", \
Framed-IP-Netmask = 255.255.255.255
</AuthBy>
<AuthBy SQL>
Identifier LIMITED_20HRS
DBSource dbi:mysql:radius:216.54.217.11
DBUsername xxxxxx
DBAuth xxxxxx
DefaultSimultaneousUse 1
Description Database to use to authenticate 20 Hour
users
FailureBackoffTime 5
Timeout 10
AuthSelect select
PASSWORD,PORTLIMIT,STATICIP,SIMLOGIN,TIMELEFT from LIMITED_20HRS where
USERNAME='%n' AND ACTIVE='Y'
AuthColumnDef 0,User-Password,check
AuthColumnDef 1,Port-Limit,reply
AuthColumnDef 2,Framed-IP-Address,reply
AuthColumnDef 3,Simultaneous-Use,check
AuthColumnDef 4,Session-Timeout,reply
AcctSQLStatement update LIMITED_20HRS set
TIMELEFT=TIMELEFT-0%{Acct-Session-Time} where USERNAME='%n'
AccountingTable ACCOUNTING
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer-date
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef
ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
AcctColumnDef NASIDENTIFIER,NAS-IP-Address
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef NASPORTTYPE,NAS-Port-Type,integer
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
AcctColumnDef SERVICETYPE,Service-Type,integer
AcctColumnDef CALLINGSTATIONID,Calling-Station-Id
AcctColumnDef CALLEDSTATIONID,Called-Station-Id
AddToReply Service-Type="Framed-User", \
Framed-Protocol="PPP", \
Framed-IP-Netmask = 255.255.255.255
# PostAuthHook file:"%D/CheckTimeLeft"
</AuthBy>
<AuthBy SQL>
Identifier LIMITED_30HRS
DBSource dbi:mysql:radius:216.54.217.11
DBUsername xxxxxx
DBAuth xxxxxx
DefaultSimultaneousUse 1
Description Database to use to authenticate 30 Hour
users
FailureBackoffTime 5
Timeout 10
AuthSelect select
PASSWORD,PORTLIMIT,STATICIP,SIMLOGIN,TIMELEFT from LIMITED_30HRS where
USERNAME='%n' AND ACTIVE='Y'
AuthColumnDef 0,User-Password,check
AuthColumnDef 1,Port-Limit,reply
AuthColumnDef 2,Framed-IP-Address,reply
AuthColumnDef 3,Simultaneous-Use,check
AuthColumnDef 4,Session-Timeout,reply
AcctSQLStatement update LIMITED_20HRS set
TIMELEFT=TIMELEFT-0%{Acct-Session-Time} where USERNAME='%n'
AccountingTable ACCOUNTING
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer-date
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef
ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
AcctColumnDef NASIDENTIFIER,NAS-IP-Address
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef NASPORTTYPE,NAS-Port-Type,integer
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
AcctColumnDef SERVICETYPE,Service-Type,integer
AcctColumnDef CALLINGSTATIONID,Calling-Station-Id
AcctColumnDef CALLEDSTATIONID,Called-Station-Id
AddToReply Service-Type="Framed-User", \
Framed-Protocol="PPP", \
Framed-IP-Netmask = 255.255.255.255
# PostAuthHook file:"%D/CheckTimeLeft"
</AuthBy>
<AuthLog FILE>
Identifier AuthLog
Filename %L/authlog
LogSuccess 0
LogFailure 1
SuccessFormat %l:%U:%P:OK:%1:%{Calling-Station-Id}
FailureFormat %l:%U:%P:FAIL:%1:%{Calling-Station-Id}
</AuthLog>
</Realm>
<Realm usb.isp>
Description Realm for authenticating Alstateweb.net users
RejectHasReason
RewriteUsername s/^([^@]+).*/$1/
SessionDatabase RADONLINE
<AuthBy RADIUS>
Identifier ALSTATE
Host 216.54.217.17
Secret mysecret
AuthPort 1812
AcctPort 1813
Description Database to use to authenticate
Alstateweb.net users
</AuthBy>
</Realm>
<Realm isandc.isp>
Description Realm for authenticating isandc.com users
RejectHasReason
RewriteUsername s/^([^@]+).*/$1/
SessionDatabase RADONLINE
<AuthBy RADIUS>
Identifier ISANDC
Host 12.108.46.104
Secret xxxxxx
Description Database to use to authenticate isandc.com
users
</AuthBy>
</Realm>
<SessionDatabase SQL>
DateFormat %b %e %Y %H %M
AddQuery insert into RADONLINE (USERNAME, NASIDENTIFIER, NASPORT,
ACCTSESSIONID, TIME_STAMP, FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE,
CALLINGSTATIONID, CALL
EDSTATIONID) values ('%u', '%N', 0%{NAS-Port}, '%{Acct-Session-Id}',
'%{Timestamp}', '%{Framed-IP-Address}', '%{NAS-Port-Type}',
'%{Service-Type}', '%{Calling
-Station-Id}', '%{Called-Station-Id}')
ClearNasQuery delete from RADONLINE where NASIDENTIFIER='%N'
CountNasSessionsQuery select ACCTSESSIONID from RADONLINE where
NASIDENTIFIER='%N'
CountQuery select NASIDENTIFIER, NASPORT, ACCTSESSIONID from RADONLINE
where USERNAME='%u'
DBSource dbi:mysql:radius:216.54.217.11
DBUsername xxxxxx
DBAuth xxxxxx
DeleteQuery delete from RADONLINE where NASIDENTIFIER='%N' and
NASPORT=0%{NAS-Port}
Description Database of currently online sessions (users)
FailureBackoffTime 5
Identifier RADONLINE
</SessionDatabase>
Hope this helps.
-Ronan
-----Original Message-----
From: Hugh Irvine [mailto:hugh at open.com.au]
Sent: Monday, 28 January, 2002 18:52
To: Ronan Eckelberry; radiator at open.com.au
Subject: Re: (RADIATOR) Radiator Log showing "No such user.
Hello Ronan -
As mentioned in my previous mail, I will need to see a copy of the
configuration file (no secrets) together with a trace 4 debug from
Radiator
showing what is happening.
regards
Hugh
On Tue, 29 Jan 2002 07:00, Ronan Eckelberry wrote:
> I think I see the problem after looking at the trace. It seems
> that the user is disconnecting/being disconnected and not being
removed
> from RADONLINE. This doesn't happen all the time, but in the Trace it
> shows that they are being denied for the "Simultaneous Use", but I am
> using an <AuthLog FILE> clause to just write the failed logins to a
file
> (Which is what I use to write to a webpage for the technicians to look
> at) that just gives the reason that the login failed as "No such
user".
> Is there any way to change the AuthLog to display the real reason and
> not just "No such user"? Below is the AuthLog clause I am using. I
am
> not logging Successful logins right now which is why I have it
disabled.
>
> <AuthLog FILE>
> Identifier AuthLog
> Filename %L/authlog
> LogSuccess 0
> LogFailure 1
> SuccessFormat %l:%U:%P:OK:%1:%{Calling-Station-Id}
> FailureFormat %l:%U:%P:FAIL:%1:%{Calling-Station-Id}
> </AuthLog>
>
> Any input would be appreciated. Thanks for all the help guys.
>
> :)
>
> -Ronan
>
>
> -----Original Message-----
> From: Hugh Irvine [mailto:hugh at open.com.au]
> Sent: Thursday, 24 January, 2002 22:51
> To: Ronan Eckelberry; radiator at open.com.au
> Subject: Re: (RADIATOR) Radiator Log showing "No such user.
>
>
>
> Hello Ronan -
>
> As usual, the only to tell is to look at a trace 4 debug from Radiator
> in
> conjunction with the configuration file (no secrets). If you send them
> to me
> I will take a look.
>
> regards
>
> Hugh
>
> On Fri, 25 Jan 2002 13:24, Ronan Eckelberry wrote:
> > For some reason Radiator is denying random customers access at
> > random times. It is logging the reason as "No such user". It will
> > usually only do this once, but I have seen it do it a few times.
The
> > user does exist in the database. I will try to log in with the
un/pw
> > and get rejected, only to try again seconds or minutes later and be
>
> let
>
> > in. The user is not listed in the RADONLINE table, nor are they
>
> listed
>
> > as inactive. Has anyone else had this happen before? Does anyone
>
> have
>
> > any suggestions? It seems kind of weird.
> >
> > The only thing that I can see in the logs are "Duplicate
> > Requests" from the NASs sometimes and sometimes Radiator will die,
but
> > INETD restarts it as soon as it receives a request.
> >
> > Any suggestions would be more than helpful.
> >
> > Thanks all,
> >
> > -Ronan
> >
> > Ronan Eckelberry
> > ronan at gowebco.com
> > Network/Systems Engineer
> > Webco Solutions, Inc
> > (352)746-2500
> > www.webcosolutions.com
> >
> > ===
> > Archive at http://www.open.com.au/archives/radiator/
> > Announcements on radiator-announce at open.com.au
> > To unsubscribe, email 'majordomo at open.com.au' with
> > 'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list