(RADIATOR) TotalControl snmpget MIB problem

Thu Apr 29 15:17:41 CDT 2004

Hello,

I'm having problems with multiple logins on my TotalControl NAS.  I have
set MaxSessions to 1, but users are still able to login as many times as
they like.  I seached the list archives and found others having similar
problems.  Someone suggesting making the following modifications to the
Nas.pm module:

Find subfunction isOnlineTotalControlSNMP in Nas.pm. Try to replace the 
corresponding code there with the following:

$nas_port=$nas_port+1256;     
my $result = &Radius::SNMP::snmpget($nas_id,                          
$client->{SNMPCommunity}, "$Radius::Nas::TCMIB.4.10.1.1.18.$nas_port");

My problem is that I'm running BSDI, and there's 3 Nas.pm's on my radius
server.  I will assume that at least 2 belong to BSDI, but I'm not sure
which one to make the modifications to:

/usr/local/lib/perl5/site_perl/5.005/Radius/Nas.pm
/usr/local/radius/blib/lib/Radius/Nas.pm
/usr/local/radius/Radius/Nas.pm

I did find the section that the poster was referring to, but it looked
nothing like what he suggested.  

I looked through a Trace 4 logfile and see the command line snmpget is
using.  When I issue that same command line manually I get the following
results:

snmpget x.x.x.x blahblah
.iso.org.dod.internet.private.enterprises.429.4.10.1.1.18.2797
Timeout: No Response from x.x.x.x.

I will assume at this point that my NAS isn't configured properly to
receive snmp requests??  I've searched around on the net without finding
any documentation on how one would go about do this, so I'm lost here as
well.

I'm using Radiator V 2.14.1

Here's a copy of my config file:

LogDir /var/log/radius
DbDir /usr/local/rodopi/raddb
DictionaryFile /usr/local/etc/raddb/dictionary
AuthPort 1645
AcctPort 1646
Trace 3
SnmpgetProg /usr/local/bin/snmpget

# For testing: this allows us to honour requests from radpwtst
# on the same host.
<Client localhost>
        Secret blahblah
        DupInterval 0
</Client>

<Client xxx.xxx.xxx.xxx>
        Secret blahblahblah
        NasType TotalControlSNMP
        SNMPCommunity private
        IgnoreAcctSignature
        DupInterval 0
</Client>

<Realm DEFAULT>
        <AuthBy FILE>
        Filename %D/users
        </AuthBy>
        # Limit all users in this realm to max of 1 session
        MaxSessions 1
        # Log accounting to the detail file in LogDir
        AcctLogFileName %L/detail
        PasswordLogFileName %L/pwdlog
        # these two options remove @azalea.net and
        # change to lower case.
        #RewriteUsername tr/A-Z/a-z/
        #RewriteUsername s/^([^@]+).*/$1/
</Realm>

<SessionDatabase DBM>
        Filename %L/online
</SessionDatabase>

Here's the output of Trace level 4 where a user is logging in:

*** Received from x.x.x.x port 1645 ....
Code:       Access-Request
Identifier: 28
Authentic: 
<225><195><127><5><255>ud<160><207><28><207><127>~<249><22><210>
Attributes:
        User-Name = "alt"
        User-Password =
"<153><147><145><147><16><245>I<11><234>52%<226><24>te"
        NAS-IP-Address = x.x.x.x
        NAS-Identifier = "x.x.x.x"
        NAS-Port = 1558
        Acct-Session-Id = "102040509"
        USR-Interface-Index = 2814
        Tunnel-Supports-Tags = 0
        Service-Type = Framed-User
        Framed-Protocol = PPP
        USR-Chassis-Call-Slot = 7
        USR-Chassis-Call-Span = 1
        USR-Chassis-Call-Channel = 22
        USR-Connect-Speed = NONE
        Called-Station-Id = "000000000"
        NAS-Port-Type = Async

Thu Apr 29 14:42:39 2004: DEBUG: Handling request with Handler
'Realm=DEFAULT'
Thu Apr 29 14:42:39 2004: DEBUG:  Deleting session for alt, x.x.x.x,
1558
Thu Apr 29 14:42:40 2004: DEBUG: Checking if user is still online:
TotalControlSNMP, alt, 65.171.
Thu Apr 29 14:42:40 2004: DEBUG: Running command `/usr/local/bin/snmpget
x.x.x.x private .is
Thu Apr 29 14:42:46 2004: NOTICE:  Session for alt at 65.171.216.6:1541
has gone away
Thu Apr 29 14:42:46 2004: DEBUG:  Deleting session for alt,
65.171.216.6, 1541
Thu Apr 29 14:42:46 2004: DEBUG: Handling with Radius::AuthFILE
Thu Apr 29 14:42:46 2004: DEBUG: Radius::AuthFILE looks for match with
alt
Thu Apr 29 14:42:46 2004: DEBUG: Radius::AuthFILE ACCEPT:
Thu Apr 29 14:42:46 2004: DEBUG: Access accepted for alt
Thu Apr 29 14:42:46 2004: DEBUG: Packet dump:
*** Sending to 65.171.216.6 port 1645 ....

I will assume that the user is being allowed access since it can't
verify that he's online.  It simply deletes the user from the session
file and goes on.

What should I do?

Thanks in advance for any help that can be given.

Robert

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.