(RADIATOR) Forking for accounting

Matthew Trout MatthewTrout at businessserve.co.uk
Thu May 1 03:40:52 CDT 2003


We've already done this; this is the configuration that I am currently
running live.

However, I'm asking primarily out of interest in the behaviour of radiator
in these situations; we may at some stage need the extra speed increase from
forking, and I'd like to know under what circumstances I can and can't rely
on radiator's behaviour. The process deadlock I saw suggests an issue with
the forking code, but I am unsure where; fork/exec programming in perl isn't
my forte since I tend to use POE for such tasks.

-----Original Message-----
From: Hugh Irvine [mailto:hugh at open.com.au] 
Sent: 01 May 2003 01:57
To: Matthew Trout
Cc: 'radiator at open.com.au'; 'Mikem at open.com.au'
Subject: Re: (RADIATOR) Forking for accounting



Hello Matthew -

Rather than trying to use Fork like this, I would suggest you run two  
instances of Radiator - one for authentication and the other for  
accounting. You can accomplish this very easily with the same  
configuration file by doing this:

For authentication

	perl radiusd -auth_port 1645 -acct_port "" -config_file .....

for accounting

	perl radiusd -auth_port "" -acct_port 1646 -config_file ....

This approach will also perform better, as authentication is usually  
much faster than accounting, and there are also twice as many  
accounting requests (at least) than authentication requests.

Of course you can use whatever port numbers you need to - not just  
1645/1646.

I generally do not recommend using Fork.

regards

Hugh


On Thursday, May 1, 2003, at 01:22 Australia/Melbourne, Matthew Trout  
wrote:

> Radiator as provided does not honour the Fork clause in AuthBySQL when 
> dealing with accounting packets; in order to achieve this without
> producing
> unexpected effects on configs that expect this (mis?)-behaviour, I  
> added a
> ForkOnAccounting configuration directive with a patch to AuthSQL.pm.
>
> Running radiator with this patch (and a minor one to Util.pm to add a 
> %{ZeroUnless:} syntax to ensure my accounting queries are valid SQL) I
> got a
> marked performance increase (LDAP auth, MySQL logging with slightly  
> tweaked
> versions of the provided examples to do a single INSERT on Stop  
> packets for
> speed); however when the server came under heavy load I noticed a  
> number of
> odd behaviours.
>
> 1) Radiator repeatedly reported the error 'Lost connection to MySQL
> server'
> when running queries, although these queries all seemed to have run
> successfully - this got steadily worse as the load increased
> 2) When the load reached a certain point, I started getting
> LDAP_OPERATIONS_ERROR occasionally, which I traced (with the aid of  
> google)
> to being a result of an error calling asn_read in Convert::ASN1::IO -  
> i.e.
> the connection had been lost here also
> 3) Radiator would occasionally lock entirely and cease replying (the
> frequency of this also increases with server load); it appears that the
> master and one of its child processes were locked waiting for each  
> other -
> i.e.
> # ps -ef | grep radius
>     root 21305 15003  0 12:51:14 ?        0:00 /usr/local/bin/perl
> /usr/local/bin/radiusd
>     root 15003     1  0 10:49:06 ?        9:41 /usr/local/bin/perl
> /usr/local/bin/radiusd
>     root 21325 14940  0 13:17:13 pts/2    0:00 grep radius
> # truss -p 15003
> read(4, 0x00A03758, 4)          (sleeping...)
> signotifywait()                 (sleeping...)
> lwp_cond_wait(0xFF0F5548, 0xFF0F5558, 0xFF0EEDB0) (sleeping...)
> # truss -p 21305
> read(4, 0x00A03758, 8192)       (sleeping...)
> signotifywait()                 (sleeping...)
> lwp_sema_wait(0xFE30DE30)       (sleeping...)
> # truss -p 15003
> read(4, 0x00A03758, 4)          (sleeping...)
> signotifywait()                 (sleeping...)
> lwp_cond_wait(0xFF0F5548, 0xFF0F5558, 0xFF0EEDB0) (sleeping...)
>
> Has anybody experienced similar issues with the normal Fork directive?
>
> Hugh, Mike, can you enlighten me as to whether this is an issue with
> the way
> my patch calls the Radiator forking code (I've attempted to keep it as  
> close
> to the way the handlerFork method is normally called as possible) or an
> issue with the forking code itself? I've had -ahem- fun (FSVO) with  
> Solaris'
> parent/child process handling and Perl before, so this may be
> platform-specific.
>
> My Radiator config (sans secrets) is -
>
> <SessionDatabase SQL>
>         Identifier      DSL-SessDB
>         DBSource         
> DBI:mysql:database=radius_session_dsl;host=10.7.6.15
>         DBUsername      automan
>         DBAuth          6o1ahadoto
>         AddQuery        insert into RADONLINE\
>                         (USERNAME, NASIDENTIFIER, NASPORT,
> ACCTSESSIONID,\
>                         TIME_STAMP, FRAMEDIPADDRESS, NASPORTTYPE,
> SERVICETYPE,\
>                         CALLFROM, CALLTO)\
>                         values ('%u', '%1', %2, %3, %{Timestamp},\
>                         '%{Framed-IP-Address}', '%{NAS-Port-Type}',
> '%{Service-Type}',\
>                         '%{Calling-Station-Id}',  
> '%{Called-Station-Id}')
> </SessionDatabase SQL>
>
> <SessionDatabase SQL>
>         Identifier      FRIACO-SessDB
>         DBSource 
> DBI:mysql:database=radius_session_friaco;host=10.7.6.15
>         DBUsername      automan
>         DBAuth          6o1ahadoto
>         AddQuery        insert into RADONLINE\
>                         (USERNAME, NASIDENTIFIER, NASPORT,
> ACCTSESSIONID,\
>                         TIME_STAMP, FRAMEDIPADDRESS, NASPORTTYPE,
> SERVICETYPE,\
>                         CALLFROM, CALLTO)\
>                         values ('%u', '%1', %2, %3, %{Timestamp},\
>                         '%{Framed-IP-Address}', '%{NAS-Port-Type}',
> '%{Service-Type}',\
>                         '%{Calling-Station-Id}',  
> '%{Called-Station-Id}')
> </SessionDatabase SQL>
>
> <SessionDatabase SQL>
>         Identifier      Dial-SessDB
>         DBSource DBI:mysql:database=radius_session_dial;host=10.7.6.15
>         DBUsername      automan
>         DBAuth          6o1ahadoto
>         AddQuery        insert into RADONLINE\
>                         (USERNAME, NASIDENTIFIER, NASPORT,  
> ACCTSESSIONID,\
>                         TIME_STAMP, FRAMEDIPADDRESS, NASPORTTYPE,
> SERVICETYPE,\
>                         CALLFROM, CALLTO)\
>                         values ('%u', '%1', %2, %3, %{Timestamp},\
>                         '%{Framed-IP-Address}', '%{NAS-Port-Type}',
> '%{Service-Type}',\
>                         '%{Calling-Station-Id}',  
> '%{Called-Station-Id}')
> </SessionDatabase SQL>
>
> <AddressAllocator SQL>
>         Identifier      DialAllocator
>         DBSource DBI:mysql:database=radius_session_dial;host=10.7.6.15
>         DBUsername      automan
>         DBAuth          6o1ahadoto
>         DefaultLeasePeriod      86400
>         LeaseReclaimInterval    3600
>         AllocateQuery   update RADPOOL set STATE=1,TIME_STAMP=%0,
> NASIP='%N', NASPORT=%{NAS-Port}, \
>                         EXPIRY=%1, USERNAME=%2 where YIADDR='%3' and
> TIME_STAMP %4
>         DeallocateQuery update RADPOOL set STATE=0,TIME_STAMP=%t where
> NASIP='%N' and NASPORT=%{NAS-Port}
>         <AddressPool YC-Radius>
>                 Subnetmask 255.255.255.255
>                 Range 212.248.147.1 212.248.147.255
>                 Range 212.248.148.1 212.248.148.255
>                 Range 212.248.149.1 212.248.149.255
>         </AddressPool>
> </AddressAllocator>
>
> <AddressAllocator SQL>
>         Identifier      ADSLAllocator
>         DBSource         
> DBI:mysql:database=radius_session_dsl;host=10.7.6.15
>         DBUsername      automan
>         DBAuth          6o1ahadoto
>         DefaultLeasePeriod      7776000
>         LeaseReclaimInterval    3600
>         AllocateQuery   update RADPOOL set STATE=1,TIME_STAMP=%0,
> NASIP='%N', NASPORT=%{NAS-Port}, \
>                         EXPIRY=%1, USERNAME=%2 where YIADDR='%3' and 
> TIME_STAMP %4
>         DeallocateQuery update RADPOOL set STATE=0,TIME_STAMP=%t where 
> NASIP='%N' and NASPORT=%{NAS-Port}
>         <AddressPool BT-ADSL-Radius>
>                 Subnetmask 255.255.255.255
>                 Range 62.69.97.0 62.69.97.255
>                 Range 62.69.98.0 62.69.98.255
>         </AddressPool>
> </AddressAllocator>
>
> #<Handler Client-Identifier = BT-ADSL-Radius,Acct-Status-Type=/.+/>
> #       SessionDatabase DSL-SessDB
> #       AcctLogFileName %L/adsl-acct-detail
> #       <AuthBy TEST>
> #               # Return a Packet
> #       </AuthBy>
> #</Handler>
>
> <Handler Client-Identifier = BT-ADSL-Radius,Acct-Status-Type=/.+/>
>         SessionDatabase DSL-SessDB
> #       AcctLogFileName %L/adsl-acct-detail
>         AuthByPolicy DoAllAuths
>         <AuthBy SQL>
>                 ForkOnAccounting
>                 Identifier      AcctSTOP
>                 AuthSelect
>                 DBSource 
> DBI:mysql:database=radius_session_dsl;host=10.7.6.15
>                 DBUsername      automan
>                 DBAuth          6o1ahadoto
>                 HandleAcctStatusTypes Stop
>                 AcctSQLStatement insert into usertime \
>                 ( \
>                 server,id,name,\
>                 time_on,port,port_type,service_type,protocol,\
>                 ip,call_to,call_from,InBytes,OutBytes,\
>                 term_cause,auth,\
>                 start_time,stop_time,\
>                 connect_info\
>                 ) \
>                 values \
>                 (\
>                 inet_aton('%{NAS-IP-Address}'),\
>                 '%{ZeroUnless:Acct-Session-Id}',\
>                 '%{User-Name}',\
>                 \
>                 %{ZeroUnless:Acct-Session-Time},\
>                 %{ZeroUnless:NAS-Port},\
>                 '%{NAS-Port-Type}',\
>                 '%{Service-Type}',\
>                 '%{Framed-Protocol}',\
>                 \
>                 '%{Framed-IP-Address}',\
>                 '%{Called-Station-Id}',\
>                 '%{Calling-Station-Id}',\
>                 %{ZeroUnless:Acct-Input-Octets},\
>                 %{ZeroUnless:Acct-Output-Octets},\
>                 \
>                 '%{Acct-Terminate-Cause}',\
>                 %{ZeroUnless:Auth-Type},\
>                 From_unixtime(%{ZeroUnless:Timestamp} - 
> %{ZeroUnless:Acct-Session-Time}),\
>                 From_unixtime(%{ZeroUnless:Timestamp}),\
>                 '%{Connect-Info}'\
>                 )
>         </AuthBy>
>         <AuthBy DYNADDRESS>
>                 AddressAllocator        ADSLAllocator
>                 PoolHint                %{Client:Identifier}
>         </AuthBy>
>         <AuthBy TEST>
>                 # Return a Packet
>         </AuthBy>
> </Handler>
>
> <Handler Client-Identifier = BT-FRIACO-Radius,Acct-Status-Type=/.+/>
>         SessionDatabase FRIACO-SessDB
> #       AcctLogFileName %L/friaco-acct-detail
>         AuthByPolicy DoAllAuths
>         <AuthBy SQL>
>                 ForkOnAccounting
>                 Identifier      AcctSTOP
>                 AuthSelect
>                 DBSource 
> DBI:mysql:database=radius_session_friaco;host=10.7.6.15
>                 DBUsername      automan
>                 DBAuth          6o1ahadoto
>                 HandleAcctStatusTypes Stop
>                 AcctSQLStatement insert into usertime \
>                 ( \
>                 server,id,name,\
>                 time_on,port,port_type,service_type,protocol,\
>                 ip,call_to,call_from,InBytes,OutBytes,\
>                 term_cause,auth,\
>                 start_time,stop_time,\
>                 connect_info\
>                 ) \
>                 values \
>                 (\
>                 inet_aton('%{NAS-IP-Address}'),\
>                 '%{ZeroUnless:Acct-Session-Id}',\
>                 '%{User-Name}',\
>                 \
>                 %{ZeroUnless:Acct-Session-Time},\
>                 %{ZeroUnless:NAS-Port},\
>                 '%{NAS-Port-Type}',\
>                 '%{Service-Type}',\
>                 '%{Framed-Protocol}',\
>                 \
>                 '%{Framed-IP-Address}',\
>                 '%{Called-Station-Id}',\
>                 '%{Calling-Station-Id}',\
>                 %{ZeroUnless:Acct-Input-Octets},\
>                 %{ZeroUnless:Acct-Output-Octets},\
>                 \
>                 '%{Acct-Terminate-Cause}',\
>                 %{ZeroUnless:Auth-Type},\
>                 From_unixtime(%{ZeroUnless:Timestamp} - 
> %{ZeroUnless:Acct-Session-Time}),\
>                 From_unixtime(%{ZeroUnless:Timestamp}),\
>                 '%{Connect-Info}'\
>                 )
>         </AuthBy>
>         <AuthBy TEST>
>                 # Return a Packet
>         </AuthBy>
> </Handler>
>
> <Handler Client-Identifier = /CVX1/,Acct-Status-Type=/.+/>
>         SessionDatabase Dial-SessDB
> #       AcctLogFileName %L/dial-acct-detail
>         AuthByPolicy DoAllAuths
>         <AuthBy SQL>
>                 ForkOnAccounting
>                 Identifier      AcctSTOP
>                 AuthSelect
>                 DBSource 
> DBI:mysql:database=radius_session_dial;host=10.7.6.15
>                 DBUsername      automan
>                 DBAuth          6o1ahadoto
>                 HandleAcctStatusTypes Stop
>                 AcctSQLStatement insert into usertime \
>                 ( \
>                 server,id,name,\
>                 time_on,port,port_type,service_type,protocol,\
>                 ip,call_to,call_from,InBytes,OutBytes,\
>                 term_cause,auth,\
>                 start_time,stop_time,\
>                 connect_info\
>                 ) \
>                 values \
>                 (\
>                 inet_aton('%{NAS-IP-Address}'),\
>                 '%{ZeroUnless:Acct-Session-Id}',\
>                 '%{User-Name}',\
>                 \
>                 %{ZeroUnless:Acct-Session-Time},\
>                 %{ZeroUnless:NAS-Port},\
>                 '%{NAS-Port-Type}',\
>                 '%{Service-Type}',\
>                 '%{Framed-Protocol}',\
>                 \
>                 '%{Framed-IP-Address}',\
>                 '%{Called-Station-Id}',\
>                 '%{Calling-Station-Id}',\
>                 %{ZeroUnless:Acct-Input-Octets},\
>                 %{ZeroUnless:Acct-Output-Octets},\
>                 \
>                 '%{Acct-Terminate-Cause}',\
>                 %{ZeroUnless:Auth-Type},\
>                 From_unixtime(%{ZeroUnless:Timestamp} - 
> %{ZeroUnless:Acct-Session-Time}),\
>                 From_unixtime(%{ZeroUnless:Timestamp}),\
>                 '%{Connect-Info}'\
>                 )
>         </AuthBy>
>         <AuthBy TEST>
>                 # Return a Packet
>         </AuthBy>
> </Handler>
>
> <Handler Client-Identifier = /YC-Radius/,Acct-Status-Type=/.+/>
>         SessionDatabase Dial-SessDB
> #       AcctLogFileName %L/dial-acct-detail
>         AuthByPolicy DoAllAuths
>         <AuthBy SQL>
>                 ForkOnAccounting
>                 Identifier      AcctSTOP
>                 AuthSelect
>                 DBSource 
> DBI:mysql:database=radius_session_dial;host=10.7.6.15
>                 DBUsername      automan
>                 DBAuth          6o1ahadoto
>                 HandleAcctStatusTypes Stop
>                 AcctSQLStatement insert into usertime \
>                 ( \
>                 server,id,name,\
>                 time_on,port,port_type,service_type,protocol,\
>                 ip,call_to,call_from,InBytes,OutBytes,\
>                 term_cause,auth,\
>                 start_time,stop_time,\
>                 connect_info\
>                 ) \
>                 values \
>                 (\
>                 inet_aton('%{NAS-IP-Address}'),\
>                 '%{ZeroUnless:Acct-Session-Id}',\
>                 '%{User-Name}',\
>                 \
>                 %{ZeroUnless:Acct-Session-Time},\
>                 %{ZeroUnless:NAS-Port},\
>                 '%{NAS-Port-Type}',\
>                 '%{Service-Type}',\
>                 '%{Framed-Protocol}',\
>                 \
>                 '%{Framed-IP-Address}',\
>                 '%{Called-Station-Id}',\
>                 '%{Calling-Station-Id}',\
>                 %{ZeroUnless:Acct-Input-Octets},\
>                 %{ZeroUnless:Acct-Output-Octets},\
>                 \
>                 '%{Acct-Terminate-Cause}',\
>                 %{ZeroUnless:Auth-Type},\
>                 From_unixtime(%{ZeroUnless:Timestamp} - 
> %{ZeroUnless:Acct-Session-Time}),\
>                 From_unixtime(%{ZeroUnless:Timestamp}),\
>                 '%{Connect-Info}'\
>                 )
>         </AuthBy>
>         <AuthBy DYNADDRESS>
>                 AddressAllocator        DialAllocator
>                 PoolHint                %{Client:Identifier}
>         </AuthBy>
>         <AuthBy TEST>
>                 # Return a Packet
>         </AuthBy>
> </Handler>
>
> <Handler Client-Identifier = BT-FRIACO-Radius>
> #<Handler DEFAULT>
> #       PreAuthHook sub {
> ${$_[0]}->addAttrByNum($Radius::Radius::EAP_MESSAGE,1); }
>
> SessionDatabase FRIACO-SessDB
>
> <AuthBy GROUP>
>         AuthByPolicy ContinueUntilAccept
>
>         <AuthBy LDAP2>
>                 Debug           255
>                 NoDefault
>                 HoldServerConnection
>                 Host            10.7.9.13
>                 AuthDN          cn=directory manager
>                 AuthPassword    dir-ad1rmas
>                 BaseDN          ou=customers, ou=people, dc=bsve.net,
> o=internet
>                 #UsernameAttr    uid
>                 #PasswordAttr    friacopassword
>                 AuthAttrDef     FRIACO-todr, Time, check
>                 SearchFilter
> (&(objectclass=friacouser)(csid=0%{Calling-Station-
> Id})(!(suspended=yes)))
>                 AddToReply Service-Type = Framed-User, \
>                         Framed-Protocol = PPP, \
>                         Framed-IP-Address = 255.255.255.254, \
>                         Framed-IP-Netmask = 255.255.255.255, \
>                         Framed-Routing = None, \
>                         Framed-Compression = Van-Jacobsen-TCP-IP, \
>                         Framed-MTU = 1500, \
>                         Session-Timeout = "until Time"
>         </AuthBy>
>
>         <AuthBy LDAP2>
> #                Debug           255
>                 NoDefault
>                 HoldServerConnection
>                 Host            10.7.9.13
>                 AuthDN          cn=directory manager
>                 AuthPassword    dir-ad1rmas
>                 BaseDN          ou=customers, ou=people, dc=bsve.net,
> o=internet
>                 AuthAttrDef     FRIACO-todr, Time, check
>                 UsernameAttr    friacousername
>                 PasswordAttr    friacopassword
>                 SearchFilter
> (&(%0=%1)(objectClass=FRIACOuser)(!(suspended=yes)))
>                 AddToReply Service-Type = Framed-User, \
>                         Framed-Protocol = PPP, \
>                         Framed-IP-Address = 255.255.255.254, \
>                         Framed-IP-Netmask = 255.255.255.255, \
>                         Framed-Routing = None, \
>                         Framed-Compression = Van-Jacobsen-TCP-IP, \
>                         Framed-MTU = 1500, \
>                         Session-Timeout = "until Time"
>         </AuthBy>
>
> </AuthBy>
> PostAuthHook sub { (${$_[1]}->get_attr('Session-Timeout') > 7200) && 
> ${$_[1]}->change_attr('Session-Timeout',7200); } </Handler>
>
> <Handler Client-Identifier = BT-ADSL-Radius>
>         AuthByPolicy    ContinueWhileAccept
>        <AuthBy LDAP2>
> #               Debug           255
>                NoDefault
>                HoldServerConnection
>                Host            10.7.9.13
>                AuthDN          cn=directory manager
>                AuthPassword    dir-ad1rmas
>                BaseDN          ou=customers, ou=people, dc=bsve.net,
> o=internet
>                UsernameAttr    uid
>                PasswordAttr    userpassword
>                SearchFilter
> (&(%0=%1)(objectClass=adsluser)(!(adslsuspended=1)))
>                AuthAttrDef     framed-ip-address, Framed-IP-Address,  
> reply
>                AuthAttrDef     routed-network-address, _ipbase, request
>                AuthAttrDef     routed-network-netmask, _netmask,  
> request
>                AuthAttrDef     explicitnexthopaddress, _nexthop,  
> request
>                PostSearchHook sub { if ($_[2]->get_attr('_ipbase')) { 
> \
>
> $_[3]->get_reply->add_attr('cisco-avpair', \
>
> 'ip:route='.$_[2]->get_attr('_ipbase'). \
>                                           '
> '.$_[2]->get_attr('_netmask'). \
>                                           (  
> $_[2]->get_attr('_nexthop') \
>                                           ? '
> '.$_[3]->get_reply->get_attr('Framed-IP-Address') \
>                                           : '')); \
>                                     } }
>                AddToReply Service-Type = Framed-User, \
>                        Framed-Protocol = PPP, \
>                        cisco-avpair = "ip:dns-servers=62.69.64.134
> 62.69.64.135"
>        </AuthBy>
>         <AuthBy DYNADDRESS>
>                 AddressAllocator        ADSLAllocator
>                 PoolHint                %{Client:Identifier}
>         </AuthBy>
> </Handler>
>
> <Handler Client-Identifier = /CVX1/>
> RewriteUsername s/^([^\@]+).*/$1\@bsdial.net/
>        <AuthBy LDAP2>
> #               Debug           255
>                NoDefault
>                HoldServerConnection
>                Host            10.7.9.13
>                AuthDN          cn=directory manager
>                AuthPassword    dir-ad1rmas
>                BaseDN          ou=customers, ou=people, dc=bsve.net,
> o=internet
>                UsernameAttr    uid
>                PasswordAttr    userpassword
>                SearchFilter
> (&(%0=%1)(dialup-
> nasclass=%{Client:Identifier})(objectClass=dialuser)(!(susp
> ended=1)))
>                AuthAttrDef     dialup-ip-address, Framed-IP-Address,  
> reply
>                AuthAttrDef     dialup-netmask, Framed-IP-Netmask, reply
>                AuthAttrDef     dialup-maximum-bundled-channels,
> CVX-Maximum-Channels, reply
>                AuthAttrDef     dialup-routing-metric, Ascend-Metric,  
> reply
>                PostSearchHook sub {
> $_[3]->get_reply->get_attr('CVX-Maximum-Channels') \
>                                      ||
> $_[3]->get_reply->add_attr('CVX-Maximum-Channels', 2); }
>                AddToReply Service-Type = Framed-User, \
>                           Framed-Protocol = PPP, \
>                           Framed-Routing = None, \
>                           CVX-Idle-Limit = 1800
>         </AuthBy>
> </Handler>
>
> <Handler Client-Identifier = YC-Radius, Called-Station-Id = 
> /0?8450591005|0?8450591010/>
>         RewriteUsername s/^([^\@]+).*/$1\@bsdial.net/
>         <AuthBy DYNADDRESS>
>                 AddressAllocator        DialAllocator
>                 PoolHint                %{Client:Identifier}
>                 AcceptIfMissing
>                 AddToReply Service-Type = Framed-User, \
>                    Framed-Protocol = PPP, \
>                    Framed-Routing = None, \
>                    CVX-Idle-Limit = 1800, \
>                    CVX-Maximum-Channels = 2, \
>                    cisco-avpair = "ip:dns-servers=62.69.64.134
> 62.69.64.135"
>         </AuthBy>
> </Handler>
>
> <Handler Client-Identifier = YC-Radius>
>         RewriteUsername s/^([^\@]+).*/$1\@bsdial.net/
>         AuthByPolicy    ContinueWhileAccept
>         <AuthBy LDAP2>
> #               Debug           255
>                NoDefault
>                HoldServerConnection
>                Host            10.7.9.13
>                AuthDN          cn=directory manager
>                AuthPassword    dir-ad1rmas
>                BaseDN          ou=customers, ou=people, dc=bsve.net,
> o=internet
>                UsernameAttr    uid
>                PasswordAttr    userpassword
>                SearchFilter
> (&(%0=%1)(dialup-nasclass=YC-
> Radius)(objectClass=dialuser)(!(suspended=1)))
>                AuthAttrDef     dialup-ip-address, Framed-IP-Address,  
> reply
>                AuthAttrDef     dialup-netmask, Framed-IP-Netmask, reply
>                AuthAttrDef     dialup-maximum-bundled-channels,
> CVX-Maximum-Channels, reply
>                PostSearchHook sub {
> $_[3]->get_reply->get_attr('CVX-Maximum-Channels') \
>                                      ||
> $_[3]->get_reply->add_attr('CVX-Maximum-Channels', 2); }
>                AddToReply Service-Type = Framed-User, \
>                           Framed-Protocol = PPP, \
>                           Framed-Routing = None, \
>                           CVX-Idle-Limit = 1800, \
>                           cisco-avpair = "ip:dns-servers=62.69.64.134
> 62.69.64.135"
>         </AuthBy>
>         <AuthBy DYNADDRESS>
>                 AddressAllocator        DialAllocator
>                 PoolHint                %{Client:Identifier}
>         </AuthBy>
> </Handler>
>
> Logs look like the following (have included a fragment with both
> errors)
>
> Mon Apr 28 18:36:45 2003: ERR: ldap search failed with error 
> LDAP_OPERATIONS_ERROR. Mon Apr 28 18:36:45 2003: ERR: Disconnecting 
> from LDAP server (server 10.7.9.13:389).
> Mon Apr 28 18:37:08 2003: ERR: do failed for 'update RADPOOL set
> STATE=0,TIME_STAMP=1051551428 where NASIP='212.248.254.18' and NASP
> ORT=266': Lost connection to MySQL server during query
> Mon Apr 28 18:37:08 2003: ERR: do failed for 'insert into usertime (
> server,id,name,time_on,port,port_type,service_type,protocol,ip,
> call_to,call_from,InBytes,OutBytes,term_cause,auth,start_time,stop_time 
> ,conn
> ect_info) values (inet_aton('212.248.254.18'),'0000DF28'
> ,'gas370840 at bsdial.net',83,266,'ISDN','Framed- 
> User','PPP','212.248.147.115',
> '08450591000','1314400032',4289,2229,'User-Request',0,Fr
> om_unixtime(1051551428 - 83),From_unixtime(1051551428),'')': Lost  
> connection
> to MySQL server during query
>
> The patches used follow; they were both taken against Radiator 3.5, 
> but apply cleanly against 3.6 (which is what we're currently running, on
> Solaris
> 2.8)
>
> *** /usr/local/src/Radiator-3.5/Radius/AuthSQL.pm       Fri Nov 29  
> 06:10:07
> 2002
> --- AuthSQL.pm  Thu Apr 10 11:34:18 2003
> ***************
> *** 23,28 ****
> --- 23,29 ----
>        'AcctColumnDef'         => 'stringarray',
>        'HandleAcctStatusTypes' => 'counthash',
>        'AcctInsertQuery'       => 'string',
> +      'ForkOnAccounting'      => 'flag',
>        );
>
>   
> #####################################################################
> ***************
> *** 113,118 ****
> --- 114,138 ----
>             if $self->{AccountingAlivesOnly}
>                && $status_type ne 'Alive';
>
> +         # Now we might fork before running the accounting query/ies
> +         # Should only do this if the database response is "slow"
> +         return ($main::IGNORE, 'forked')
> +              if $self->{ForkOnAccounting} && !$self->handlerFork();
> +
> +       # (Re)-connect to the database if necessary, so we can use
> +       # the quote function.
> +       # No reply will be sent to the original requester if we
> +       # fail to connect
> +       if (!$self->reconnect)
> +       {
> +           &Radius::Util::logAccounting
> +               ($p, undef,
> +                $self->{AcctFailedLogFileName},
> +                $self->{AcctLogFileFormat})
> +                   if $self->{AcctFailedLogFileName};
> +           return ($main::IGNORE, 'Database failure');
> +       }
> +
>         # If AcctSQLStatement is set, parse the strings and execute
> them
>         # Contributed by Nicholas Barrington <nbarrington at smart.net.au>
>         map {$self->do(&Radius::Util::format_special($_, $p))}
> ***************
> *** 122,141 ****
>         # If AcctColumnDef is set, build an insert statment
>         if (defined $self->{AcctColumnDef})
>         {
> -           # (Re)-connect to the database if necessary, so we can use
> -           # the quote function.
> -           # No reply will be sent to the original requester if we
> -           # fail to connect
> -           if (!$self->reconnect)
> -           {
> -               &Radius::Util::logAccounting
> -                   ($p, undef,
> -                    $self->{AcctFailedLogFileName},
> -                    $self->{AcctLogFileFormat})
> -                       if $self->{AcctFailedLogFileName};
> -               return ($main::IGNORE, 'Database failure');
> -           }
> -
>             # Add each column defined by AcctColumnDef
>             # Courtesy Phil Freed ptf at cybertours.com
>             my ($cols, $vals) = $self->getExtraCols($p);
> --- 142,147 ----
>
> *** /usr/local/src/Radiator-3.5/Radius/Util.pm  Tue Dec 17 05:07:31
> 2002
> --- Util.pm     Wed Apr  9 18:01:53 2003
> ***************
> *** 334,339 ****
> --- 334,340 ----
>       $s =~ s/%\{Reply:([^{]+)\}/{$rpacket ? $rpacket->get_attr($1) :
> ''}/egs;
>       $s =~ s/%\{Client:([^{]+)\}/{$p ? $p->{Client}{$1} : ''}/egs;
>       $s =~ s/%\{Handler:([^{]+)\}/{$p ? $p->{Handler}{$1} : ''}/egs;
> +     $s =~ s/%\{ZeroUnless:([^{]+)\}/{($p && $p->get_attr($1)) ?
> $p->get_attr($1) : '0'}/egs;
>   #    $s =~ s/%\{Eval:([^{]+)\}/{eval($1)}/egs;
>       $s =~ s/%\{([^{]+)\}/{$p ? $p->get_attr($1) : ''}/egs; ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list