(RADIATOR) Platypus LoginLimit Checking problems

James Laszko jamesl at tfbnet.com
Mon Jan 20 22:23:49 CST 2003


We are having a problem setting up Simultaneous-Use restriction on our Radiator 3.2/Platypus 3/MS SQL 7 setup.  It appears that we can't get Radiator to stop if it finds the LoginLimit exceeding the DefaultSimultaneousUse value.  Am I just completely missing something or am I completely missing something?  :)
 
Config file and trace file are listed below.  The user is in the session database on the SQL server when we try and attempt a second login.
 
 
 
 
 
 
 
Config file
=======================================
# SessionDatabase method to dump all session information to SQL database
<SessionDatabase SQL>
 Identifier LogSession
 DBSource dbi:ODBC:Radius
 DBUsername username
 DBAuth  password
 
 AddQuery insert into RADONLINE 
 
(USERNAME,NASIDENTIFIER,NASPORT,ACCTSESSIONID,TIME_STAMP,FRAMEDIPADDRESS,NASPORTTYPE,SERVICETYPE,CALLEDSTATIONID,CAL
 
LINGSTATIONID) values 
 
('%{User-Name}','%{NAS-IP-Address}',%{NAS-Port},'%{Acct-Session-Id}',%{Timestamp},'%{Framed-IP-Address}','%{NAS-Port
 
-Type}','%{Service-Type}','%{Called-Station-Id}','%{Calling-Station-Id}')
 
 CountQuery select NASIDENTIFIER,NASPORT,ACCTSESSIONID,FRAMEDIPADDRESS from RADONLINE Where 
 
USERNAME='%{User-Name}'
 
</SessionDatabase>
 

# AuthBy method to check Platypus and also dump accounting information
<AuthBy EMERALD>
 # Set all users to default to 1 simultaneous login
 DefaultSimultaneousUse 1
 
 Identifier CheckEMERALD
 
 DBSource dbi:ODBC:platypus
 DBUsername username
 DBAuth  password
 
 AccountingTable Calls
 AcctColumnDef UserName,User-Name
 AcctColumnDef CallDate,Timestamp,integer-date
 AcctColumnDef AcctStatusType,Acct-Status-Type,integer
 AcctColumnDef AcctDelayTime,Acct-Delay-Time,integer
 AcctColumnDef AcctInputOctets,Acct-Input-Octets,integer
 AcctColumnDef AcctOutputOctets,Acct-Output-Octets,integer
 AcctColumnDef AcctSessionId,Acct-Session-Id
 AcctColumnDef AcctSessionTime,Acct-Session-Time,integer
 AcctColumnDef AcctTerminateCause,Acct-Terminate-Cause,integer
 AcctColumnDef NASIdentifier,NAS-IP-Address
 AcctColumnDef NASPort,NAS-Port,integer
 
 AcctColumnDef data_in,Acct-Input-Octets,integer
 AcctColumnDef data_out,Acct-Output-Octets,integer
 AcctColumnDef ipaddress,Framed-IP-Address
 
 AcctColumnDef ConnectInfo,Connect-Info
 
 AcctColumnDef CalledStationId,Called-Station-Id
 AcctColumnDef CallingStationId,Calling-Station-Id
 
 AuthSelect ,sa.LoginLimit
 AuthColumnDef 0,Simultaneous-Use,check
 

</AuthBy>
 

<Handler>
 
 AuthByPolicy ContinueUntilAccept
 SessionDatabase NoLogSession
 RejectHasReason
 
 # Check to see if username authenticates
 AuthBy CheckEMERALD
 
</Handler>
 
 
 
 
 
TRACE 4 DUMP
=======================================
Mon Jan 20 20:15:12 2003: DEBUG: Packet dump:
*** Received from 209.68.228.179 port 1026 ....
Code:       Access-Request
Identifier: 171
Authentic:  **********
Attributes:
 User-Name = "jeyerman"
 User-Password = "*******"
 NAS-IP-Address = 209.68.228.179
 NAS-Port = 4
 NAS-Port-Type = Async
 Connect-Info = "45333 LAPM/V42BIS"
 Calling-Station-Id = "909303xxxx"
 
Mon Jan 20 20:15:12 2003: DEBUG: Entering PreAuthHook-clearrealm
Mon Jan 20 20:15:12 2003: WARNING: Passed back request username (jeyerman).
Mon Jan 20 20:15:12 2003: DEBUG: Exiting PreAuthHook-clearrealm
Mon Jan 20 20:15:12 2003: DEBUG: Handling request with Handler ''
Mon Jan 20 20:15:12 2003: DEBUG: Handling with Radius::AuthEMERALD
Mon Jan 20 20:15:12 2003: DEBUG: Handling with Radius::AuthEMERALD: CheckEMERALD
Mon Jan 20 20:15:12 2003: DEBUG: Query is: select DateAdd(Day, ma.extension+ma.overdue, maExpireDate),
DateAdd(Day, sa.extension, saExpireDate), sa.AccountID, sa.AccountType,
sa.password, sa.login, sa.shell, sa.TimeLeft ,sa.LoginLimit
from masteraccounts ma, subaccounts sa 
where (sa.login = 'jeyerman' or sa.shell = 'jeyerman') 
and ma.customerid = sa.customerid 
and sa.active <> 0 and ma.active <> 0
 
Mon Jan 20 20:15:12 2003: DEBUG: Select results: 2004-01-20 20:15:12.713, 2004-01-20 20:15:12.713, 1565, PPP, xxx, jeyerman,  , , 1
Mon Jan 20 20:15:12 2003: DEBUG: Query is: select ra.RadAttributeID, ra.RadVendorID, 
ra.RadVendorType, 
Data, Value, Type, RadCheck 
from RadConfigs rc, RadAttributes ra
where ra.RadAttributeID = rc.RadAttributeID 
and ra.RadVendorID = rc.RadVendorID
and ra.RadVendorType = rc.RadVendorType
and rc.AccountID=1565
 
Mon Jan 20 20:15:12 2003: DEBUG: Query is: select ra.RadAttributeID, ra.RadVendorID, 
ra.RadVendorType, 
Data, Value, Type, RadCheck 
from RadATConfigs rc, RadAttributes ra
where ra.RadAttributeID = rc.RadAttributeID 
and ra.RadVendorID = rc.RadVendorID
and ra.RadVendorType = rc.RadVendorType
and rc.AccountType='PPP'
 
Mon Jan 20 20:15:12 2003: DEBUG: Radius::AuthEMERALD looks for match with jeyerman
Mon Jan 20 20:15:12 2003: DEBUG: Expiration date converted to: 1074585600
Mon Jan 20 20:15:12 2003: DEBUG: Expiration date converted to: 1074585600
Mon Jan 20 20:15:12 2003: DEBUG: Radius::AuthEMERALD ACCEPT: 
Mon Jan 20 20:15:12 2003: DEBUG: Access accepted for jeyerman
Mon Jan 20 20:15:12 2003: DEBUG: Packet dump:
*** Sending to 209.68.228.179 port 1026 ....
Code:       Access-Accept
Identifier: 171
Authentic:  xxxxx
Attributes:
 Framed-IP-Address = 255.255.255.254
 Service-Type = 2
 Framed-Protocol = 1
 Idle-Timeout = 1200
 

=======================================
 
 
 
 
 
Thanks!
 
 
 
James Laszko
TFBNET
james at tfb.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.open.com.au/pipermail/radiator/attachments/20030120/a259e34d/attachment.html>


More information about the radiator mailing list