(RADIATOR) TotalControl snmpget MIB problem
Hugh Irvine
hugh at open.com.au
Thu Apr 29 17:16:49 CDT 2004
Hello Robert -
The latest version is Radiator 3.9 and I suggest you download it and
check the history file for any fixes.
There was a patch for this in Radiator 2.16:
Fixed algorithm for computing port index for Total Control
SNMP access checking. Contributed by Aaron Nabil
BTW - there is now a subdirectory for NAS types "Radius/Nas".
regards
Hugh
On 30 Apr 2004, at 06:17, Robert Sharp wrote:
> Hello,
>
> I'm having problems with multiple logins on my TotalControl NAS. I
> have
> set MaxSessions to 1, but users are still able to login as many times
> as
> they like. I seached the list archives and found others having similar
> problems. Someone suggesting making the following modifications to the
> Nas.pm module:
>
> Find subfunction isOnlineTotalControlSNMP in Nas.pm. Try to replace the
> corresponding code there with the following:
>
> $nas_port=$nas_port+1256;
> my $result = &Radius::SNMP::snmpget($nas_id,
> $client->{SNMPCommunity}, "$Radius::Nas::TCMIB.4.10.1.1.18.$nas_port");
>
> My problem is that I'm running BSDI, and there's 3 Nas.pm's on my
> radius
> server. I will assume that at least 2 belong to BSDI, but I'm not sure
> which one to make the modifications to:
>
> /usr/local/lib/perl5/site_perl/5.005/Radius/Nas.pm
> /usr/local/radius/blib/lib/Radius/Nas.pm
> /usr/local/radius/Radius/Nas.pm
>
> I did find the section that the poster was referring to, but it looked
> nothing like what he suggested.
>
> I looked through a Trace 4 logfile and see the command line snmpget is
> using. When I issue that same command line manually I get the
> following
> results:
>
> snmpget x.x.x.x blahblah
> .iso.org.dod.internet.private.enterprises.429.4.10.1.1.18.2797
> Timeout: No Response from x.x.x.x.
>
> I will assume at this point that my NAS isn't configured properly to
> receive snmp requests?? I've searched around on the net without
> finding
> any documentation on how one would go about do this, so I'm lost here
> as
> well.
>
> I'm using Radiator V 2.14.1
>
> Here's a copy of my config file:
>
> LogDir /var/log/radius
> DbDir /usr/local/rodopi/raddb
> DictionaryFile /usr/local/etc/raddb/dictionary
> AuthPort 1645
> AcctPort 1646
> Trace 3
> SnmpgetProg /usr/local/bin/snmpget
>
> # For testing: this allows us to honour requests from radpwtst
> # on the same host.
> <Client localhost>
> Secret blahblah
> DupInterval 0
> </Client>
>
> <Client xxx.xxx.xxx.xxx>
> Secret blahblahblah
> NasType TotalControlSNMP
> SNMPCommunity private
> IgnoreAcctSignature
> DupInterval 0
> </Client>
>
>
> <Realm DEFAULT>
> <AuthBy FILE>
> Filename %D/users
> </AuthBy>
> # Limit all users in this realm to max of 1 session
> MaxSessions 1
> # Log accounting to the detail file in LogDir
> AcctLogFileName %L/detail
> PasswordLogFileName %L/pwdlog
> # these two options remove @azalea.net and
> # change to lower case.
> #RewriteUsername tr/A-Z/a-z/
> #RewriteUsername s/^([^@]+).*/$1/
> </Realm>
>
> <SessionDatabase DBM>
> Filename %L/online
> </SessionDatabase>
>
> Here's the output of Trace level 4 where a user is logging in:
>
> *** Received from x.x.x.x port 1645 ....
> Code: Access-Request
> Identifier: 28
> Authentic:
> <225><195><127><5><255>ud<160><207><28><207><127>~<249><22><210>
> Attributes:
> User-Name = "alt"
> User-Password =
> "<153><147><145><147><16><245>I<11><234>52%<226><24>te"
> NAS-IP-Address = x.x.x.x
> NAS-Identifier = "x.x.x.x"
> NAS-Port = 1558
> Acct-Session-Id = "102040509"
> USR-Interface-Index = 2814
> Tunnel-Supports-Tags = 0
> Service-Type = Framed-User
> Framed-Protocol = PPP
> USR-Chassis-Call-Slot = 7
> USR-Chassis-Call-Span = 1
> USR-Chassis-Call-Channel = 22
> USR-Connect-Speed = NONE
> Called-Station-Id = "000000000"
> NAS-Port-Type = Async
>
> Thu Apr 29 14:42:39 2004: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Thu Apr 29 14:42:39 2004: DEBUG: Deleting session for alt, x.x.x.x,
> 1558
> Thu Apr 29 14:42:40 2004: DEBUG: Checking if user is still online:
> TotalControlSNMP, alt, 65.171.
> Thu Apr 29 14:42:40 2004: DEBUG: Running command
> `/usr/local/bin/snmpget
> x.x.x.x private .is
> Thu Apr 29 14:42:46 2004: NOTICE: Session for alt at 65.171.216.6:1541
> has gone away
> Thu Apr 29 14:42:46 2004: DEBUG: Deleting session for alt,
> 65.171.216.6, 1541
> Thu Apr 29 14:42:46 2004: DEBUG: Handling with Radius::AuthFILE
> Thu Apr 29 14:42:46 2004: DEBUG: Radius::AuthFILE looks for match with
> alt
> Thu Apr 29 14:42:46 2004: DEBUG: Radius::AuthFILE ACCEPT:
> Thu Apr 29 14:42:46 2004: DEBUG: Access accepted for alt
> Thu Apr 29 14:42:46 2004: DEBUG: Packet dump:
> *** Sending to 65.171.216.6 port 1645 ....
>
> I will assume that the user is being allowed access since it can't
> verify that he's online. It simply deletes the user from the session
> file and goes on.
>
> What should I do?
>
> Thanks in advance for any help that can be given.
>
> Robert
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>
NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list