(RADIATOR) TotalControlSNMP OID Question.
Hugh Irvine
hugh at open.com.au
Wed Dec 22 21:48:51 CST 2004
Hello Jay -
I can see from the code in "Radius/Nas/TotalControlSNMP.pm" that this
is contributed code.
Unfortunately we have no way of testing this code as we don't have
access to any NAS equipment.
If an earlier version of Radiator works correctly I suggest you replace
the module mentioned above with the earlier one that works.
Otherwise you will need to check with your NAS vendor to find out what
OID you need and modify the code accordingly.
regards
Hugh
On 22 Dec 2004, at 08:06, Jay Pike wrote:
> Sorry, forgot to attach the file.
>
> jp
>
> Jay Pike wrote:
>> Hugh,
>>
>> Thanks. Sorry for being so vague. Attached should be our
>> config file. Its a little complex. :) I've made some modifications
>> to
>> Radiator to support our systems. But, the core is the same.
>>
>> The problem is this: We've recently upgraded some 3COM Total
>> Control boxes to a newer version of firmware (newer meaning that we
>> haven't upgraded for almost 4 years due to service contract issues).
>> After the upgrade (about a month ago), we have started to notice that
>> customers are NOT getting sim-use issues on the pops that we upgraded.
>>
>> I tracked it back to the snmpget ALWAYS returing an 'Error in
>> packet', when it should be seeing a user on that port.
>>
>> So, I did an SNMP walk starting at enterprises.429.4 and found
>> that the username shows up in a completely different place now.
>>
>> A work college of mine pointed out that the new OID for the snmp
>> string is actually the username in decimal....
>>
>> Here is the stack trace you requested (note: this should have failed
>> since the
>> user was already logged on at a different (port,nas,callerid,etc):
>>
>>
>>
>> Tue Dec 21 11:33:07 2004: DEBUG: Packet dump:
>> *** Received from 216.93.114.83 port 1645 ....
>> Code: Access-Request
>> Identifier: 52
>> Authentic: ,l<133>r<195>?&)<9><217>9t<229><175><22>C
>> Attributes:
>> User-Name = "socrates at dmci.net"
>> User-Password =
>> "<135><213>5c<232><222><163>{<22>U<227>Bu<216>6<18>"
>> NAS-IP-Address = 216.93.114.83
>> NAS-Identifier = "216.93.114.83"
>> NAS-Port = 3078
>> Acct-Session-Id = "201655062"
>> USR-Interface-Index = 4334
>> Tunnel-Supports-Tags = 0
>> Service-Type = Framed-User
>> Framed-Protocol = PPP
>> USR-MP-EDO =
>> "<169>CN<157><138><213>A<224><167><222><30><248><194><23><224><146>"
>> MP-EDO =
>> "<169>CN<157><138><213>A<224><167><222><30><248><194><23><224><146>"
>> Chassis-Call-Slot = 13
>> Chassis-Call-Span = 1
>> Chassis-Call-Channel = 6
>> Connect-Speed = 1
>> Calling-Station-Id = "5173248940"
>> Called-Station-Id = "6162241400"
>> NAS-Port-Type = Async
>>
>> Tue Dec 21 11:33:07 2004: DEBUG: Rewrote user name to
>> socrates at dmci.net
>> Tue Dec 21 11:33:07 2004: DEBUG: Rewrote user name to
>> socrates at dmci.net
>> Tue Dec 21 11:33:07 2004: DEBUG: Rewrote user name to
>> socrates at dmci.net
>> Tue Dec 21 11:33:07 2004: DEBUG: Rewrote user name to
>> socrates at dmci.net
>> Tue Dec 21 11:33:07 2004: DEBUG: Rewrote user name to
>> socrates at dmci.net
>> Tue Dec 21 11:33:07 2004: DEBUG: Rewrote user name to
>> socrates at dmci.net
>> Tue Dec 21 11:33:07 2004: DEBUG: Rewrote user name to
>> socrates at dmci.net
>> Tue Dec 21 11:33:07 2004: DEBUG: Rewrote user name to
>> socrates at dmci.net
>> Tue Dec 21 11:33:07 2004: DEBUG: Handling request with Handler 'Realm
>> = /.*/ '
>> Tue Dec 21 11:33:07 2004: DEBUG: Rewrote user name to
>> socrates at dmci.net
>> Tue Dec 21 11:33:07 2004: DEBUG: SDB1 Deleting session for
>> socrates at dmci.net, 216.93.114.83, 3078
>> Tue Dec 21 11:33:07 2004: DEBUG: do query is: 'delete from RADONLINE
>> where USERNAME='socrates' and NASIDENTIFIER='216.93.114.83' and
>> (NASPORT='3078' or (CALLING_STATION_ID = '5173248940') and
>> (CALLING_STATION_ID != ''))':
>>
>> Tue Dec 21 11:33:07 2004: DEBUG: Handling with Radius::AuthMagic
>> Tue Dec 21 11:33:07 2004: DEBUG: Handling with Radius::AuthMagic:
>> authbymagic
>> Tue Dec 21 11:33:07 2004: DEBUG: Client Secret: pap8kn1ght3conn
>> Tue Dec 21 11:33:07 2004: DEBUG: Decoded Password : 21noback12
>> Tue Dec 21 11:33:07 2004: DEBUG: Query is: 'select ENCRYPTEDPASSWORD,
>> REALM,PROFILE from SUBSCRIBERS where (USERNAME='socrates' and
>> REALM='dmci.net' and FIND_IN_SET('core', ISP)>0) order by realm
>> desc':
>>
>> Tue Dec 21 11:33:07 2004: DEBUG: Using Encrypted Password
>> Tue Dec 21 11:33:07 2004: DEBUG: User Found FQUN :
>> socrates at dmci.net
>> Tue Dec 21 11:33:07 2004: DEBUG: account_type : asyncdialup
>> Tue Dec 21 11:33:07 2004: DEBUG: Initializing response packet
>> Tue Dec 21 11:33:07 2004: DEBUG: Replacing %p with asyncdialup
>> Tue Dec 21 11:33:07 2004: DEBUG: Query is: 'select profile, type,
>> attribute, value, uniq from profiles where (profile='asyncdialup' or
>> profile='socrates at dmci.net') order by linenum':
>>
>> Tue Dec 21 11:33:07 2004: DEBUG: Adding Session-Timeout = 28800
>> Tue Dec 21 11:33:07 2004: DEBUG: Adding Ascend-Idle-Limit = 1200
>> Tue Dec 21 11:33:07 2004: DEBUG: Adding Service-Type = Framed-User
>> Tue Dec 21 11:33:07 2004: DEBUG: Adding Idle-Timeout = 1200
>> Tue Dec 21 11:33:07 2004: DEBUG: Adding Framed-Compression =
>> Van-Jacobson-TCP-IP
>> Tue Dec 21 11:33:07 2004: DEBUG: Adding Ascend-Maximum-Call-Duration
>> = 28800
>> Tue Dec 21 11:33:07 2004: DEBUG: Adding Port-Limit = 1
>> Tue Dec 21 11:33:07 2004: DEBUG: Adding Framed-Routing = None
>> Tue Dec 21 11:33:07 2004: DEBUG: Adding Framed-Protocol = PPP
>> Tue Dec 21 11:33:07 2004: DEBUG: Adding Framed-IP-Address =
>> 255.255.255.254
>> Tue Dec 21 11:33:07 2004: DEBUG: Adding Ascend-Maximum-Channels = 1
>> Tue Dec 21 11:33:07 2004: DEBUG: Adding Framed-MTU = 1500
>> Tue Dec 21 11:33:07 2004: DEBUG: Checking NAS-Port-Type =
>> /Async|Virtual/
>> Tue Dec 21 11:33:07 2004: DEBUG: Checking Simultaneous-Use = 1
>> Tue Dec 21 11:33:07 2004: DEBUG: Radius::AuthMagic looks for match
>> with socrates at dmci.net
>> Tue Dec 21 11:33:07 2004: DEBUG: Query is: 'select NASIDENTIFIER,
>> NASPORT, ACCTSESSIONID from RADONLINE where USERNAME='socrates' and
>> REALM='dmci.net' and NASPORTTYPE != 'Virtual' and (CALLING_STATION_ID
>> = '' or CALLING_STATION_ID != '5173248940')':
>>
>> Tue Dec 21 11:33:07 2004: DEBUG: Checking if user is still online:
>> TotalControlSNMP, socrates at dmci.net, 216.93.114.83, 2066, 135332523
>> Tue Dec 21 11:33:07 2004: DEBUG: Running command `/usr/bin/snmpget
>> -v1 -r0 -t1 -c"v0ya63r" 216.93.114.83
>> .iso.org.dod.internet.private.enterprises.429.4.2.1.140.1.2.9.49.51.53
>> .51.51.50.53.50.51 2>&1`
>> Tue Dec 21 11:33:07 2004: ERR: The command '/usr/bin/snmpget -v1 -r0
>> -t1 -c"v0ya63r" 216.93.114.83
>> .iso.org.dod.internet.private.enterprises.429.4.2.1.140.1.2.9.49.51.53
>> .51.51.50.53.50.51 2>&1' failed with an error: Error in packet
>> Reason: (noSuchName) There is no such variable name in this MIB.
>> Failed object:
>> SNMPv2-SMI::
>> enterprises.429.4.2.1.140.1.2.9.49.51.53.51.51.50.53.50.51
>>
>>
>> Tue Dec 21 11:33:07 2004: INFO: SDB1 Session for socrates at dmci.net at
>> 216.93.114.83:2066 has gone away
>> Tue Dec 21 11:33:07 2004: DEBUG: SDB1 Deleting session for
>> socrates at dmci.net, 216.93.114.83, 2066
>> Tue Dec 21 11:33:07 2004: DEBUG: do query is: 'delete from RADONLINE
>> where USERNAME='socrates' and NASIDENTIFIER='216.93.114.83' and
>> (NASPORT='3078' or (CALLING_STATION_ID = '5173248940') and
>> (CALLING_STATION_ID != ''))':
>>
>> Tue Dec 21 11:33:07 2004: DEBUG: Radius::AuthMagic ACCEPT:
>> Tue Dec 21 11:33:07 2004: DEBUG: Access accepted for socrates at dmci.net
>> Tue Dec 21 11:33:07 2004: DEBUG: do query is: 'INSERT INTO AUTHLOG
>> (timestamp, username, realm, password, client, status, origusername,
>> sessionid, nasporttype, callerid, calledid, radiusip,
>> radiusidentifier ) VALUES
>> ('1103646787','socrates','dmci.net','21noback12','216.93.114.83','PASS
>> ', 'socrates at dmci.net', '201655062', 'Async', '5173248940',
>> '6162241400', '216.93.114.83', 'TotalControl' )':
>>
>> Tue Dec 21 11:33:07 2004: DEBUG: Packet dump:
>> *** Sending to 216.93.114.83 port 1645 ....
>> Code: Access-Accept
>> Identifier: 52
>> Authentic: ,l<133>r<195>?&)<9><217>9t<229><175><22>C
>> Attributes:
>> Framed-IP-Address = 255.255.255.254
>> Session-Timeout = 28800
>> Service-Type = Framed-User
>> Idle-Timeout = 1200
>> Framed-Compression = Van-Jacobson-TCP-IP
>> Port-Limit = 1
>> Framed-Routing = None
>> Framed-Protocol = PPP
>> Ascend-Maximum-Channels = 1
>> Framed-MTU = 1500
>> Class = "socrates at dmci.net:asyncdialup"
>> NAS-Port-Type = Async
>> NAS-Identifier = "216.93.114.83"
>>
>> jp
>>> Hello Jay -
>>>
>>> It is not clear to me whether the problem is with the new NAS or the
>>> Radiator code?
>>>
>>> Could you please send me a copy of your configuration file and a
>>> trace
>>> 4 debug from Radiator showing what is happening?
>>>
>>> regards
>>>
>>> Hugh
>>>
>>>
>>> On 22 Dec 2004, at 04:35, Jay Pike wrote:
>>>
>>>> Hello All,
>>>>
>>>> We've just upgraded to new USR/3COM Total Control code on a part
>>>> of our network, and have noticed a significant OID change, and
>>>> computation changes.
>>>>
>>>> Under our older versions, the OIDs that Radiator would use
>>>> snmpget to check would be like:
>>>>
>>>> enterprises.429.4.2.1.140.1.2.3.97.102
>>>>
>>>> But, the new version seems to dump out:
>>>>
>>>> enterprises.429.4.1.7.1.9.32.108.114.115.116.97.109.98.97.117.103.10
>>>> 4.6
>>>> 4.118.111.121.97.103.101.114.46.110.101.116.45.105.112.45.73.52.51.5
>>>> 2.5
>>>> 3
>>>>
>>>> I don't know how its generating these long strings, or how to fix
>>>> the
>>>> 'TotalControlSNMP.pm' file to use these new strings....
>>>>
>>>> Help?
>>>>
>>>> jp
>>>>
>>>> --
>>>> __________________________________________________________________
>>>> /
>>>> \
>>>> | James J. Pike Jr. Phone: 888.747.4638
>>>> |
>>>> | Systems Engineer Direct Phone: 517-664-8610
>>>> |
>>>> | CoreComm Inc. Http: http://www.core.com/
>>>> |
>>>> | EMail: jay.pike at corecomm.com
>>>> |
>>>> | PGPKey: http://my.voyager.net/jaypike/pgpkey.txt
>>>> |
>>>> \
>>>> /
>>>> ------------------------------------------------------------------
>>>>
>>>> --
>>>> Archive at http://www.open.com.au/archives/radiator/
>>>> Announcements on radiator-announce at open.com.au
>>>> To unsubscribe, email 'majordomo at open.com.au' with
>>>> 'unsubscribe radiator' in the body of the message.
>>>>
>>>>
>>>
>>> NB:
>>>
>>> Have you read the reference manual ("doc/ref.html")?
>>> Have you searched the mailing list archive
>>> (www.open.com.au/archives/radiator)?
>>> Have you had a quick look on Google (www.google.com)?
>>> Have you included a copy of your configuration file (no secrets),
>>> together with a trace 4 debug showing what is happening?
>>>
>>> --
>>> Radiator: the most portable, flexible and configurable RADIUS server
>>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>>> -
>>> Nets: internetwork inventory and management - graphical, extensible,
>>> flexible with hardware, software, platform and database independence.
>>> -
>>> CATool: Private Certificate Authority for Unix and Unix-like systems.
>>>
>>
>> --
>> __________________________________________________________________
>> /
>> \
>> | James J. Pike Jr. Phone: 888.747.4638
>> |
>> | Systems Engineer Direct Phone: 517-664-8610
>> |
>> | CoreComm Inc. Http: http://www.core.com/
>> |
>> | EMail: jay.pike at corecomm.com
>> |
>> | PGPKey: http://my.voyager.net/jaypike/pgpkey.txt
>> |
>> \
>> /
>> ------------------------------------------------------------------
>
> --
> __________________________________________________________________
> / \
> | James J. Pike Jr. Phone: 888.747.4638
> |
> | Systems Engineer Direct Phone: 517-664-8610
> |
> | CoreComm Inc. Http: http://www.core.com/
> |
> | EMail: jay.pike at corecomm.com
> |
> | PGPKey: http://my.voyager.net/jaypike/pgpkey.txt
> |
> \ /
> ------------------------------------------------------------------
> <radius.cfg>
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive
(www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list