(RADIATOR) NULL usernames in Radius Packets

Mahesh Neelakanta Mahesh at ifxcorp.com
Thu Oct 9 15:12:54 CDT 2003


Just a followup. We indeed were ignoring those "types" of packets since
we don't have a handler where username is NULL (we check based on
realms). So we added:

<Handler>
        RejectHasReason
        <AuthBy INTERNAL>
                DefaultResult   REJECT
                AcctResult      ACCEPT
        </AuthBy>
</Handler>

And this seems to have helped. From what I can tell, others have also
had problems with TNT sending NULL usernames. 

Thanks again,
mahesh

-----Original Message-----
From: Hugh Irvine [mailto:hugh at open.com.au] 
Sent: Wednesday, October 01, 2003 10:27 PM
To: Mahesh Neelakanta
Cc: radiator at open.com.au
Subject: Re: (RADIATOR) NULL usernames in Radius Packets



Hello Mahesh -

Yes it does look like the NAS has been trying to send this accounting 
for a long time.

What does the trace 4 debug from Radiator show? Perhaps your 
configuration file is not processing the request and it is simply being 
being ignored and retried forever.

regards

Hugh


On Thursday, Oct 2, 2003, at 02:20 Australia/Melbourne, Mahesh 
Neelakanta wrote:

> Elias and Hugh,
>  Thanks for your responses. We had though about this but what we are
> getting is a Start Accounting packet (captured from radstock):
>
>   NAS-IP-Address         Len  6         XX.XX.XX.XX
>   NAS-Port-Id            Len  6         111
>   NAS-Port-Type          Len  6         Async
>   Acct-Status-Type       Len  6         Start
>   Acct-Delay-Time        Len  6         75841
>   Acct-Session-Id        Len 12         "432625102*"
>   Acct-Authentic         Len  6         Local
>   Idle-Timeout           Len  6         0
>   Ascend-Modem-PortNo    Len  6         21
>   Ascend-Modem-SlotNo    Len  6         7
>   Ascend-Modem-ShelfNo   Len  6         1
>   Calling-Station-Id     Len 12         "2122859024"
>   Called-Station-Id      Len  6         "1111"
>
> What is strange is the "Acct-Autentic" (Local?) and the
> "Acct-Delay-Time" (over 21 hours). We believe this is definitely a 
> local
> RAS issue but are not sure what it could be. It's almost as if the RAS
> has a HUGE backlog of old accounting which it is trying to re-send but
> only sends a portion of the full information.
>
> We did set "acct-drop-stop-on-auth-fail = no" to no avail.
>
> mahesh
>
> -----Original Message-----
> From: Elias [mailto:elias at tmnet.com.my]
> Sent: Tuesday, September 30, 2003 11:10 PM
> To: Mahesh Neelakanta
> Cc: Hugh Irvine
> Subject: Re: (RADIATOR) NULL usernames in Radius Packets
>
>
> ***********************
> Your mail has been scanned by TMnet VirusWall.
> ***********************
>
>
> Hi Mahesh,
>
> We've had the same thing happen to us before. Its actually a
> configuration
> on the tnt boxes. If I remember correctly it will send an Stop
> accounting
> packet with a blank username if the line gets dropped prematurely
> (before a
> proper connection gets established).
>
>
> - Elias -
>
> ----- Original Message -----
> From: "Hugh Irvine" <hugh at open.com.au>
> To: "Mahesh Neelakanta" <Mahesh at ifxcorp.com>
> Cc: <radiator at open.com.au>
> Sent: Wednesday, October 01, 2003 6:41 AM
> Subject: Re: (RADIATOR) NULL usernames in Radius Packets
>
>
>> ***********************
>> Your mail has been scanned by TMnet VirusWall.
>> ***********************
>>
>>
>>
>> Hello Mahesh -
>>
>> Unless you are using a RewriteUsername, Radiator does not do anything
>> with the username. I suspect that the NAS is sending an empty
> username,
>> but without seeing a copy of your configuration file (no secrets) and
> a
>> trace 4 debug from Radiator showing what is happening it is not
>> possible to say any more.
>>
>> regards
>>
>> Hugh
>>
>>
>> On Wednesday, Oct 1, 2003, at 07:02 Australia/Melbourne, Mahesh
>> Neelakanta wrote:
>>
>>> Hello,
>>>  We are seeing the following error in radiator.log:
>>>
>>> Tue Sep 30 16:56:20 2003: ERR: do failed for 'insert into RADONLINE
>>> (USERNAME, NASIDENTIFIER, NASPORT,ACCTSESSIONID, TIMESTAMP,
>>> FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE,CALLERID,CLIENTPORTDNIS)
>>> values ('', 'XX.XX.XX.XX', 01071,'432626086', to_date('30 09 2003
>>> 16:56:20', 'DD MM YYYY HH24:MI:SS'), '','Async',
>>> '','2126823450','5000')': ORA-01400: cannot insert NULL into
>>> ("RADIUS"."RADONLINE"."USERNAME") (DBD ERROR: OCIStmtExecute)
>>>
>>>  From what we can tell, the RAS XX.XX.XX.XX is sending us start or
> stop
>>> packets with no username. Is there something in the configuration
> (on
>>> the radiator side or the ras, which is a lucent tnt) which could
> cause
>>> this. My guess is that it is a RAS issue but we are not sure
> what/why
>>> this is occuring.
>>>
>>> mahesh
>>> ===
>>> Archive at http://www.open.com.au/archives/radiator/
>>> Announcements on radiator-announce at open.com.au
>>> To unsubscribe, email 'majordomo at open.com.au' with
>>> 'unsubscribe radiator' in the body of the message.
>>>
>>>
>>
>> NB: have you included a copy of your configuration file (no secrets),
>> together with a trace 4 debug showing what is happening?
>>
>> -- 
>> Radiator: the most portable, flexible and configurable RADIUS server
>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>> -
>> Nets: internetwork inventory and management - graphical, extensible,
>> flexible with hardware, software, platform and database independence.
>>
>> ===
>> Archive at http://www.open.com.au/archives/radiator/
>> Announcements on radiator-announce at open.com.au
>> To unsubscribe, email 'majordomo at open.com.au' with
>> 'unsubscribe radiator' in the body of the message.
>>
>>
>
>
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list