(RADIATOR) Radiator Log showing "No such user.
Hugh Irvine
hugh at open.com.au
Mon Jan 28 20:49:58 CST 2002
Hello Ronan -
It is a bit difficult to know what to do in this sort of situation, as your
configuration file says to keep trying the successive AuthBy clauses, which
Radiator does. However, in such a case, the result of the last AuthBy will be
the result of the whole sequence - I don't quite see how it could be done
otherwise.
regards
Hugh
On Tue, 29 Jan 2002 12:00, Ronan Eckelberry wrote:
> Below is the snipit from the log:
>
> Mon Jan 28 14:33:18 2002: DEBUG: Packet dump:
> *** Received from 216.54.217.6 port 1026 ....
> Code: Access-Request
> Identifier: 194
> Authentic: #<136><142>4Ty<220>5<171><5>6<165>|~<130>k
> Attributes:
> User-Name = "crystal1"
> User-Password =
> "<27><201><151><243>!g^b<7><246><248><184><161><235><242><224>"
> NAS-IP-Address = 216.54.217.6
> NAS-Port = 30
> NAS-Port-Type = Async
> Service-Type = Framed-User
> Framed-Protocol = PPP
> Connect-Info = "31200 LAPM/V42BIS"
> Called-Station-Id = "5271011"
> Calling-Station-Id = "3524655491"
>
> Mon Jan 28 14:33:18 2002: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Mon Jan 28 14:33:18 2002: DEBUG: Rewrote user name to crystal1
> Mon Jan 28 14:33:18 2002: DEBUG: RADONLINE Deleting session for
> crystal1, 216.54.217.6, 30
> Mon Jan 28 14:33:18 2002: DEBUG: do query is: delete from RADONLINE
> where NASIDENTIFIER='216.54.217.6' and NASPORT=030
>
> Mon Jan 28 14:33:18 2002: DEBUG: Handling with Radius::AuthSQL
> Mon Jan 28 14:33:18 2002: DEBUG: Handling with Radius::AuthSQL:
> SUBSCRIBERS
> Mon Jan 28 14:33:18 2002: DEBUG: Query is: select
> PASSWORD,PORTLIMIT,STATICIP,SIMLOGIN from SUBSCRIBERS where
> USERNAME='crystal1' AND ACTIVE='Y'
>
> Mon Jan 28 14:33:18 2002: DEBUG: Radius::AuthSQL looks for match with
> crystal1
> Mon Jan 28 14:33:18 2002: DEBUG: Query is: select NASIDENTIFIER,
> NASPORT, ACCTSESSIONID from RADONLINE where USERNAME='crystal1'
>
> Mon Jan 28 14:33:18 2002: DEBUG: Checking if user is still online:
> unknown, crystal1, 216.54.217.7, 37, 7B00096D
> Mon Jan 28 14:33:18 2002: DEBUG: Radius::AuthSQL REJECT:
> Simultaneous-Use of 1 exceeded
> Mon Jan 28 14:33:18 2002: DEBUG: Query is: select
> PASSWORD,PORTLIMIT,STATICIP,SIMLOGIN from SUBSCRIBERS where
> USERNAME='DEFAULT' AND ACTIVE='Y'
>
> Mon Jan 28 14:33:18 2002: DEBUG: Handling with Radius::AuthSQL
> Mon Jan 28 14:33:18 2002: DEBUG: Handling with Radius::AuthSQL:
> LIMITED_20HRS
> Mon Jan 28 14:33:18 2002: DEBUG: Query is: select
> PASSWORD,PORTLIMIT,STATICIP,SIMLOGIN,TIMELEFT from LIMITED_20HRS where
> USERNAME='crystal1' AND ACTIVE='Y'
>
> Mon Jan 28 14:33:18 2002: DEBUG: Radius::AuthSQL looks for match with
> crystal1
> Mon Jan 28 14:33:18 2002: DEBUG: Query is: select
> PASSWORD,PORTLIMIT,STATICIP,SIMLOGIN,TIMELEFT from LIMITED_20HRS where
> USERNAME='DEFAULT' AND ACTIVE='Y'
>
> Mon Jan 28 14:33:18 2002: DEBUG: Handling with Radius::AuthSQL
> Mon Jan 28 14:33:18 2002: DEBUG: Handling with Radius::AuthSQL:
> LIMITED_30HRS
> Mon Jan 28 14:33:18 2002: DEBUG: Query is: select
> PASSWORD,PORTLIMIT,STATICIP,SIMLOGIN,TIMELEFT from LIMITED_30HRS where
> USERNAME='crystal1' AND ACTIVE='Y'
>
> Mon Jan 28 14:33:18 2002: DEBUG: Radius::AuthSQL looks for match with
> crystal1
> Mon Jan 28 14:33:18 2002: DEBUG: Query is: select
> PASSWORD,PORTLIMIT,STATICIP,SIMLOGIN,TIMELEFT from LIMITED_30HRS where
> USERNAME='DEFAULT' AND ACTIVE='Y'
>
> Mon Jan 28 14:33:18 2002: INFO: Access rejected for crystal1: No such
> user
> Mon Jan 28 14:33:18 2002: DEBUG: Packet dump:
> *** Sending to 216.54.217.6 port 1026 ....
> Code: Access-Reject
> Identifier: 194
> Authentic: #<136><142>4Ty<220>5<171><5>6<165>|~<130>k
> Attributes:
> Reply-Message = "No such user"
>
> Below is the Config File without secrets:
>
> DbDir /usr/local/Radiator
> DictionaryFile %D/dictionary
> #FingerProg /usr/bin/finger
> #LivingstonHole 2
> #LivingstonOffs 46
> LogDir /usr/log/radius
> LogFile %L/radius.log
> #PmwhoProg /usr/local/sbin/pmwho
> SnmpgetProg /usr/local/bin/snmpget
> Trace 3
> #AuthPort 1812
> #AcctPort 1813
>
> <Client localhost>
> Description Local Test
> DupInterval 0
> Secret mysecret
> </Client>
>
> <Client ras1.webcosolutions.com>
> Description Lucent PM3
> DupInterval 2
> NasType Livingston
> Secret xxxxxx
> </Client>
>
> <Client ras2.webcosolutions.com>
> Description Lucent PM3
> DupInterval 2
> NasType Livingston
> Secret xxxxxx
> </Client>
>
> <Client ras3.webcosolutions.com>
> Description Lucent PM3
> DupInterval 2
> NasType Livingston
> Secret xxxxxx
> </Client>
>
> <Client ras5.webcosolutions.com>
> Description Lucent PM3
> DupInterval 2
> Secret xxxxxx
> </Client>
>
> <Client webco-5300.webcosolutions.com>
> Description Cisco AS5300 Access Server
> DupInterval 2
> NasType Cisco
> Secret xxxxxx
> </Client>
>
> <Realm DEFAULT>
> Description Default Realm for authenticating users
> RejectHasReason
> RewriteUsername s/^([^@]+).*/$1/
> SessionDatabase RADONLINE
> AuthByPolicy ContinueWhileReject
>
> <AuthBy SQL>
> Identifier SUBSCRIBERS
> DBSource dbi:mysql:radius:216.54.217.11
> DBUsername xxxxxx
> DBAuth xxxxxx
> DefaultSimultaneousUse 1
> Description Database to use to authenticate users
> FailureBackoffTime 5
> Timeout 10
> AuthSelect select PASSWORD,PORTLIMIT,STATICIP,SIMLOGIN
> from SUBSCRIBERS where USERNAME='%n' AND ACTIVE='Y'
> # AuthSelect select PASSWORD from SUBSCRIBERS where USERNAME='%n'
> AuthColumnDef 0,User-Password,check
> AuthColumnDef 1,Port-Limit,reply
> AuthColumnDef 2,Framed-IP-Address,reply
> AuthColumnDef 3,Simultaneous-Use,check
> AccountingTable ACCOUNTING
> AcctColumnDef USERNAME,User-Name
> AcctColumnDef TIME_STAMP,Timestamp,integer-date
> AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
> AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
> AcctColumnDef
> ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
> AcctColumnDef ACCTSESSIONID,Acct-Session-Id
> AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
> AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
> AcctColumnDef NASIDENTIFIER,NAS-IP-Address
> AcctColumnDef NASPORT,NAS-Port,integer
> AcctColumnDef NASPORTTYPE,NAS-Port-Type,integer
> AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
> AcctColumnDef SERVICETYPE,Service-Type,integer
> AcctColumnDef CALLINGSTATIONID,Calling-Station-Id
> AcctColumnDef CALLEDSTATIONID,Called-Station-Id
> AddToReply Service-Type="Framed-User", \
> Framed-Protocol="PPP", \
> Framed-IP-Netmask = 255.255.255.255
>
> </AuthBy>
>
> <AuthBy SQL>
> Identifier LIMITED_20HRS
> DBSource dbi:mysql:radius:216.54.217.11
> DBUsername xxxxxx
> DBAuth xxxxxx
> DefaultSimultaneousUse 1
> Description Database to use to authenticate 20 Hour
> users
> FailureBackoffTime 5
> Timeout 10
> AuthSelect select
> PASSWORD,PORTLIMIT,STATICIP,SIMLOGIN,TIMELEFT from LIMITED_20HRS where
> USERNAME='%n' AND ACTIVE='Y'
> AuthColumnDef 0,User-Password,check
> AuthColumnDef 1,Port-Limit,reply
> AuthColumnDef 2,Framed-IP-Address,reply
> AuthColumnDef 3,Simultaneous-Use,check
> AuthColumnDef 4,Session-Timeout,reply
> AcctSQLStatement update LIMITED_20HRS set
> TIMELEFT=TIMELEFT-0%{Acct-Session-Time} where USERNAME='%n'
> AccountingTable ACCOUNTING
> AcctColumnDef USERNAME,User-Name
> AcctColumnDef TIME_STAMP,Timestamp,integer-date
> AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
> AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
> AcctColumnDef
> ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
> AcctColumnDef ACCTSESSIONID,Acct-Session-Id
> AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
> AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
> AcctColumnDef NASIDENTIFIER,NAS-IP-Address
> AcctColumnDef NASPORT,NAS-Port,integer
> AcctColumnDef NASPORTTYPE,NAS-Port-Type,integer
> AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
> AcctColumnDef SERVICETYPE,Service-Type,integer
> AcctColumnDef CALLINGSTATIONID,Calling-Station-Id
> AcctColumnDef CALLEDSTATIONID,Called-Station-Id
> AddToReply Service-Type="Framed-User", \
> Framed-Protocol="PPP", \
> Framed-IP-Netmask = 255.255.255.255
> # PostAuthHook file:"%D/CheckTimeLeft"
>
> </AuthBy>
>
> <AuthBy SQL>
> Identifier LIMITED_30HRS
> DBSource dbi:mysql:radius:216.54.217.11
> DBUsername xxxxxx
> DBAuth xxxxxx
> DefaultSimultaneousUse 1
> Description Database to use to authenticate 30 Hour
> users
> FailureBackoffTime 5
> Timeout 10
> AuthSelect select
> PASSWORD,PORTLIMIT,STATICIP,SIMLOGIN,TIMELEFT from LIMITED_30HRS where
> USERNAME='%n' AND ACTIVE='Y'
> AuthColumnDef 0,User-Password,check
> AuthColumnDef 1,Port-Limit,reply
> AuthColumnDef 2,Framed-IP-Address,reply
> AuthColumnDef 3,Simultaneous-Use,check
> AuthColumnDef 4,Session-Timeout,reply
> AcctSQLStatement update LIMITED_20HRS set
> TIMELEFT=TIMELEFT-0%{Acct-Session-Time} where USERNAME='%n'
> AccountingTable ACCOUNTING
> AcctColumnDef USERNAME,User-Name
> AcctColumnDef TIME_STAMP,Timestamp,integer-date
> AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
> AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
> AcctColumnDef
> ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
> AcctColumnDef ACCTSESSIONID,Acct-Session-Id
> AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
> AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
> AcctColumnDef NASIDENTIFIER,NAS-IP-Address
> AcctColumnDef NASPORT,NAS-Port,integer
> AcctColumnDef NASPORTTYPE,NAS-Port-Type,integer
> AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
> AcctColumnDef SERVICETYPE,Service-Type,integer
> AcctColumnDef CALLINGSTATIONID,Calling-Station-Id
> AcctColumnDef CALLEDSTATIONID,Called-Station-Id
> AddToReply Service-Type="Framed-User", \
> Framed-Protocol="PPP", \
> Framed-IP-Netmask = 255.255.255.255
> # PostAuthHook file:"%D/CheckTimeLeft"
>
> </AuthBy>
>
> <AuthLog FILE>
> Identifier AuthLog
> Filename %L/authlog
> LogSuccess 0
> LogFailure 1
> SuccessFormat %l:%U:%P:OK:%1:%{Calling-Station-Id}
> FailureFormat %l:%U:%P:FAIL:%1:%{Calling-Station-Id}
> </AuthLog>
>
>
> </Realm>
>
> <Realm usb.isp>
> Description Realm for authenticating Alstateweb.net users
> RejectHasReason
> RewriteUsername s/^([^@]+).*/$1/
> SessionDatabase RADONLINE
>
> <AuthBy RADIUS>
> Identifier ALSTATE
> Host 216.54.217.17
> Secret mysecret
> AuthPort 1812
> AcctPort 1813
> Description Database to use to authenticate
> Alstateweb.net users
>
> </AuthBy>
> </Realm>
>
> <Realm isandc.isp>
> Description Realm for authenticating isandc.com users
> RejectHasReason
> RewriteUsername s/^([^@]+).*/$1/
> SessionDatabase RADONLINE
>
> <AuthBy RADIUS>
> Identifier ISANDC
> Host 12.108.46.104
> Secret xxxxxx
> Description Database to use to authenticate isandc.com
> users
>
> </AuthBy>
> </Realm>
>
> <SessionDatabase SQL>
> DateFormat %b %e %Y %H %M
> AddQuery insert into RADONLINE (USERNAME, NASIDENTIFIER, NASPORT,
> ACCTSESSIONID, TIME_STAMP, FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE,
> CALLINGSTATIONID, CALL
> EDSTATIONID) values ('%u', '%N', 0%{NAS-Port}, '%{Acct-Session-Id}',
> '%{Timestamp}', '%{Framed-IP-Address}', '%{NAS-Port-Type}',
> '%{Service-Type}', '%{Calling
> -Station-Id}', '%{Called-Station-Id}')
> ClearNasQuery delete from RADONLINE where NASIDENTIFIER='%N'
> CountNasSessionsQuery select ACCTSESSIONID from RADONLINE where
> NASIDENTIFIER='%N'
> CountQuery select NASIDENTIFIER, NASPORT, ACCTSESSIONID from RADONLINE
> where USERNAME='%u'
> DBSource dbi:mysql:radius:216.54.217.11
> DBUsername xxxxxx
> DBAuth xxxxxx
> DeleteQuery delete from RADONLINE where NASIDENTIFIER='%N' and
> NASPORT=0%{NAS-Port}
> Description Database of currently online sessions (users)
> FailureBackoffTime 5
> Identifier RADONLINE
> </SessionDatabase>
>
> Hope this helps.
>
> -Ronan
>
>
> -----Original Message-----
> From: Hugh Irvine [mailto:hugh at open.com.au]
> Sent: Monday, 28 January, 2002 18:52
> To: Ronan Eckelberry; radiator at open.com.au
> Subject: Re: (RADIATOR) Radiator Log showing "No such user.
>
>
>
> Hello Ronan -
>
> As mentioned in my previous mail, I will need to see a copy of the
> configuration file (no secrets) together with a trace 4 debug from
> Radiator
> showing what is happening.
>
> regards
>
> Hugh
>
> On Tue, 29 Jan 2002 07:00, Ronan Eckelberry wrote:
> > I think I see the problem after looking at the trace. It seems
> > that the user is disconnecting/being disconnected and not being
>
> removed
>
> > from RADONLINE. This doesn't happen all the time, but in the Trace it
> > shows that they are being denied for the "Simultaneous Use", but I am
> > using an <AuthLog FILE> clause to just write the failed logins to a
>
> file
>
> > (Which is what I use to write to a webpage for the technicians to look
> > at) that just gives the reason that the login failed as "No such
>
> user".
>
> > Is there any way to change the AuthLog to display the real reason and
> > not just "No such user"? Below is the AuthLog clause I am using. I
>
> am
>
> > not logging Successful logins right now which is why I have it
>
> disabled.
>
> > <AuthLog FILE>
> > Identifier AuthLog
> > Filename %L/authlog
> > LogSuccess 0
> > LogFailure 1
> > SuccessFormat %l:%U:%P:OK:%1:%{Calling-Station-Id}
> > FailureFormat %l:%U:%P:FAIL:%1:%{Calling-Station-Id}
> > </AuthLog>
> >
> > Any input would be appreciated. Thanks for all the help guys.
> >
> > :)
> >
> > -Ronan
> >
> >
> > -----Original Message-----
> > From: Hugh Irvine [mailto:hugh at open.com.au]
> > Sent: Thursday, 24 January, 2002 22:51
> > To: Ronan Eckelberry; radiator at open.com.au
> > Subject: Re: (RADIATOR) Radiator Log showing "No such user.
> >
> >
> >
> > Hello Ronan -
> >
> > As usual, the only to tell is to look at a trace 4 debug from Radiator
> > in
> > conjunction with the configuration file (no secrets). If you send them
> > to me
> > I will take a look.
> >
> > regards
> >
> > Hugh
> >
> > On Fri, 25 Jan 2002 13:24, Ronan Eckelberry wrote:
> > > For some reason Radiator is denying random customers access at
> > > random times. It is logging the reason as "No such user". It will
> > > usually only do this once, but I have seen it do it a few times.
>
> The
>
> > > user does exist in the database. I will try to log in with the
>
> un/pw
>
> > > and get rejected, only to try again seconds or minutes later and be
> >
> > let
> >
> > > in. The user is not listed in the RADONLINE table, nor are they
> >
> > listed
> >
> > > as inactive. Has anyone else had this happen before? Does anyone
> >
> > have
> >
> > > any suggestions? It seems kind of weird.
> > >
> > > The only thing that I can see in the logs are "Duplicate
> > > Requests" from the NASs sometimes and sometimes Radiator will die,
>
> but
>
> > > INETD restarts it as soon as it receives a request.
> > >
> > > Any suggestions would be more than helpful.
> > >
> > > Thanks all,
> > >
> > > -Ronan
> > >
> > > Ronan Eckelberry
> > > ronan at gowebco.com
> > > Network/Systems Engineer
> > > Webco Solutions, Inc
> > > (352)746-2500
> > > www.webcosolutions.com
> > >
> > > ===
> > > Archive at http://www.open.com.au/archives/radiator/
> > > Announcements on radiator-announce at open.com.au
> > > To unsubscribe, email 'majordomo at open.com.au' with
> > > 'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list