(RADIATOR) DefaultSimultaneousUse With Cisco

Hugh Irvine hugh at open.com.au
Wed Jan 21 03:53:27 CST 2004


Hello Geoffrey -

Unfortunately this will not work, as there is no Acct-Session-Id in the 
access request.

The problem is to be able to distinguish between different sessions 
when the access request is received so you know how many sessions are 
currently active for the user. You can use the query you show below, 
but there is no way to distinguish between "real" sessions and "stale" 
sessions if you don't have reliable, sensible information.

regards

Hugh


On 21 Jan 2004, at 20:23, DUFOUR Geoffrey wrote:

> Hello Hugh, Al,
>
> If you cannot rely on NAS-Port, simultaneous use can be based on 
> User-Name/Acct-Session-Id instead of NAS-IP-Address/NAS-Port.
>
> DeleteQuery delete from RADONLINE where USERNAME='%u' and 
> ACCTSESSIONID = %3
>
> For this to work, DeleteQuery must not be executed upon reception of 
> Access-Request.
>
> Of course this is less accurate than NAS-IP-Address/NAS-Port.
>
> Hugh, correct ?
>
> Regards.
>
> Geoffrey
>
> -----Message d'origine-----
> De : owner-radiator at open.com.au [mailto:owner-radiator at open.com.au] De 
> la part de Hugh Irvine
> Envoyé : mercredi 21 janvier 2004 0:42
> À : al mccain
> Cc : radiator at open.com.au
> Objet : Re: (RADIATOR) DefaultSimultaneousUse With Cisco
>
>
> Hello Al -
>
> Managing simultaneous use depends on being able to distinguish between
> sessions.
>
> If all of the sessions for the Cisco use NAS-Port 0 it is impossible to
> know which is which.
>
> You should check with Cisco.
>
> regards
>
> Hugh
>
>
> On 21 Jan 2004, at 01:41, al mccain wrote:
>
>> Hugh,
>>
>> Thanks for the quick reply! However, I am a little confused.
>> Are you saying that there is no way to implement this with our cisco
>> boxes?
>>
>> Thanks,
>> Al
>>
>>
>>
>> On Tue, 20 Jan 2004, Hugh Irvine wrote:
>>
>>>
>>> Hello Al -
>>>
>>> I'm guessing here, but I suspect the problem is due to your Client
>>> definitions in the SQL database - specifically the contents of the
>>> NASTYPE field for at least the NAS in question. As you will see from
>>> the debug, Radiator is trying to find a module called "
>>> Radius/Nas/.pm"
>>> in the Redback case so this is not correct at all.
>>>
>>> The problem with the Cisco is that the NAS-Port attribute is always
>>> "0", so this will never work in any case.
>>>
>>> regards
>>>
>>> Hugh
>>>
>>>
>>> On 20 Jan 2004, at 09:04, al mccain wrote:
>>>
>>>>
>>>> Hello Guys,
>>>>
>>>> I have yet another problem. We are trying to implement concurrent
>>>> login
>>>> checks. I am having trouble using DefaultSimultaneousUse = 1 with 
>>>> our
>>>> cisco boxes. It works perfectly for our Redbacks equipment. Could
>>>> someone
>>>> take a look and let me know what I'm doing wrong? I have attached my
>>>> config as well as 2 trace 4's. One is the redback (acting perfectly)
>>>> and
>>>> one of the cisco (acting no-so-perfectly).
>>>>
>>>> Thanks!
>>>>
>>>> Al
>>>>
>>>>
>>>> Config
>>>> --------------------------------------------------------
>>>>
>>>> #Foreground
>>>> #LogStdout
>>>> LogDir /var/adm/radacct
>>>> DbDir /etc/raddb
>>>> PreHandlerHook file:"%D/prehook"
>>>>
>>>> SnmpgetProg /usr/local/bin/snmpget
>>>> Trace 4
>>>> RewriteUsername         s/^([^@]+)\@centurytel.net/$1/
>>>> RewriteUsername         s/^([^@]+)\@digisys.net/$1/
>>>> RewriteUsername         s/\s+//g
>>>> #RewriteUsername		s/\'//g
>>>> RewriteUsername         tr/A-Z/a-z/
>>>> <Client DEFAULT>
>>>>
>>>>
>>>>         Secret letMEin
>>>>         DupInterval 0
>>>>
>>>>
>>>> </Client>
>>>>
>>>> <SessionDatabase SQL>
>>>>
>>>>        DBSource dbi:mysql:radius:*******************
>>>>        DBUsername ******
>>>>        DBAuth ********
>>>>         Identifier SQLS
>>>>
>>>>                 AddQuery insert into RADONLINE (USERNAME,\
>>>>                 NASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP,\
>>>>                 FRAMEDIPADDRESS, NASPORTTYPE) \
>>>>                 values ('%n', '%N',\
>>>>                 '%{NAS-Port}', '%{Acct-Session-Id}', '%o',\
>>>>                 '%{Framed-IP-Address}', '%{NAS-Port-Type}')
>>>>
>>>>
>>>> DeleteQuery  delete from RADONLINE where NASIDENTIFIER='%1' and
>>>> NASPORT=0%2
>>>> ClearNasQuery delete from RADONLINE where NASIDENTIFIER='%0'
>>>> CountQuery select NASIDENTIFIER, NASPORT, ACCTSESSIONID from
>>>> RADONLINE
>>>> \
>>>> where USERNAME ='%u'
>>>>
>>>>
>>>> </SessionDatabase>
>>>>
>>>>
>>>> <ClientListSQL>
>>>>
>>>>         DBSource        dbi:mysql:radius:********************
>>>>         DBUsername *******
>>>>         DBAuth *********
>>>>
>>>>         select NASIDENTIFIER,SECRET,IGNOREACCTSIGNATURE,DUPINTERVAL,
>>>> \
>>>>         DEFAULTREALM,NASTYPE,SNMPCOMMUNITY,LIVINGSTONOFFS, \
>>>>         LIVINGSTONHOLE,FRAMEDGROUPBASEADDRESS, \
>>>>         FRAMEDGROUPMAXPORTSPERCLASSC,REWRITEUSERNAME, \
>>>>         NOIGNOREDUPLICATES from RADCLIENTLIST
>>>>
>>>>
>>>> </ClientListSQL>
>>>> <AuthBy UNIX>
>>>>
>>>> #       DefaultSimultaneousUse 1
>>>>         Identifier System
>>>>         Filename /etc/shadow
>>>>
>>>> </AuthBy>
>>>>
>>>> <AuthBy LDAP2>
>>>>                DefaultSimultaneousUse 1
>>>>                 Identifier LDAP
>>>>                 Host    127.0.0.1
>>>>                 Port    389
>>>>                 AuthDN  uid=searchuser,dc=centurytel,dc=net
>>>>                 AuthPassword    ********
>>>>                 BaseDN  %0=%1,ou=people,dc=centurytel,dc=net
>>>>                 Scope   base
>>>>                 UsernameAttr    uid
>>>>                 PasswordAttr    userPassword
>>>>                 HoldServerConnection
>>>>                 SearchFilter (&(gecos=active)(uid=%1))
>>>>                 AuthAttrDef gidNumber, gid-attr, request
>>>> #               DefaultReply
>>>> Service-Type=Framed-User,Framed-Protocol=PPP
>>>> </AuthBy>
>>>> <AuthBy SQL>
>>>> #       NoDefault
>>>>         DefaultSimultaneousUse 1
>>>>         Identifier CheckSQL
>>>>
>>>>         DBSource        dbi:mysql:radius:********************
>>>>         DBUsername ******
>>>>         DBAuth ********
>>>>
>>>>
>>>>         AuthSelect select PASSWORD, CHECKATTR, REPLYATTR \
>>>>        from SUBSCRIBERS \
>>>>       where USERNAME=%0
>>>>
>>>> AuthColumnDef 0, User-Password, check
>>>> AuthColumnDef 1, GENERIC, check
>>>> AuthColumnDef 2, GENERIC, reply
>>>> #               DefaultReply
>>>> Service-Type=Framed-User,Framed-Protocol=PPP
>>>>
>>>>
>>>> </AuthBy>
>>>> <Realm DEFAULT>
>>>> RewriteUsername s/^([^@]+).*/$1/
>>>>
>>>>
>>>>
>>>>  PostAuthHook file:"%D/postHook"
>>>>         AcctLogFileName %L/%N/detail
>>>>
>>>>
>>>>
>>>>         #AuthByPolicy ContinueWhileReject
>>>>         AuthByPolicy    ContinueUntilAccept
>>>>         #AuthBy LDAP
>>>>         AuthBy CheckSQL
>>>>         AuthBy System
>>>>
>>>>
>>>> </Realm>
>>>>
>>>> ----------------------------------------------
>>>> End Config
>>>>
>>>>
>>>> Trace 4 Redback
>>>> ----------------------------------------------
>>>> Mon Jan 19 12:56:10 2004: DEBUG: Packet dump:
>>>> *** Received from 209.142.136.22 port 1812 ....
>>>> Code:       Access-Request
>>>> Identifier: 11
>>>> Authentic:  E<138><164><4>E<130>FE<30><232><199>@<23>j<201><247>
>>>> Attributes:
>>>> 	User-Name = "nethelp1"
>>>> 	User-Password = "<187>6<25>L<247><7><5><168><148><235>0 5V<3><199>"
>>>> 	NAS-Identifier = "rb-test.mx"
>>>> 	NAS-IP-Address = 209.142.136.22
>>>> 	RB-NAS-Real-Port = 537067624
>>>> 	Service-Type = Framed-User
>>>> 	Framed-Protocol = PPP
>>>> 	NAS-Port = 3892314117
>>>> 	Connect-Info = "ubrc"
>>>>
>>>> Mon Jan 19 12:56:10 2004: DEBUG: Rewrote user name to nethelp1
>>>> Mon Jan 19 12:56:10 2004: DEBUG: Rewrote user name to nethelp1
>>>> Mon Jan 19 12:56:10 2004: DEBUG: Rewrote user name to nethelp1
>>>> Mon Jan 19 12:56:10 2004: DEBUG: Rewrote user name to nethelp1
>>>> Mon Jan 19 12:56:10 2004: DEBUG: Handling request with Handler
>>>> 'Realm=DEFAULT'
>>>> Mon Jan 19 12:56:10 2004: DEBUG: Rewrote user name to nethelp1
>>>> Mon Jan 19 12:56:10 2004: DEBUG: SQLS Deleting session for nethelp1,
>>>> 209.142.136.22, 3892314117
>>>> Mon Jan 19 12:56:10 2004: DEBUG: do query is: 'delete from RADONLINE
>>>> where NASIDENTIFIER='209.142.136.22' and NASPORT=03892314117':
>>>>
>>>> Mon Jan 19 12:56:10 2004: DEBUG: Handling with Radius::AuthSQL
>>>> Mon Jan 19 12:56:10 2004: DEBUG: Handling with Radius::AuthSQL:
>>>> CheckSQL
>>>> Mon Jan 19 12:56:10 2004: DEBUG: Query is: 'select PASSWORD,
>>>> CHECKATTR, REPLYATTR from SUBSCRIBERS where USERNAME='nethelp1'':
>>>>
>>>> Mon Jan 19 12:56:10 2004: DEBUG: Radius::AuthSQL looks for match 
>>>> with
>>>> nethelp1
>>>> Mon Jan 19 12:56:10 2004: DEBUG: Query is: 'select NASIDENTIFIER,
>>>> NASPORT from RADONLINE where USERNAME ='nethelp1'':
>>>>
>>>> Mon Jan 19 12:56:10 2004: DEBUG: Radius::AuthSQL ACCEPT:
>>>> Mon Jan 19 12:56:10 2004: DEBUG: Access accepted for nethelp1
>>>> Mon Jan 19 12:56:10 2004: DEBUG: Packet dump:
>>>> *** Sending to 209.142.136.22 port 1812 ....
>>>> Code:       Access-Accept
>>>> Identifier: 11
>>>> Authentic:  E<138><164><4>E<130>FE<30><232><199>@<23>j<201><247>
>>>> Attributes:
>>>> 	Framed-IP-Address = 66.112.90.42
>>>> 	Service-Type = Framed-User
>>>> 	Framed-Protocol = PPP
>>>> 	Framed-IP-Netmask = 255.255.255.255
>>>> 	Idle-Timeout = 0
>>>> 	Session-Timeout = 0
>>>>
>>>> Mon Jan 19 12:56:12 2004: ERR: Attribute number 144 (vendor 2352) is
>>>> not defined in your dictionary
>>>> Mon Jan 19 12:56:12 2004: DEBUG: Packet dump:
>>>> *** Received from 209.142.136.22 port 1812 ....
>>>> Code:       Accounting-Request
>>>> Identifier: 29
>>>> Authentic:
>>>> <136>}<253><170><198>`<188><251>N<28><253>`<135><232><29>r
>>>> Attributes:
>>>> 	User-Name = "nethelp1"
>>>> 	NAS-Identifier = "rb-test.mx"
>>>> 	NAS-IP-Address = 209.142.136.22
>>>> 	Service-Type = Framed-User
>>>> 	Framed-Protocol = PPP
>>>> 	NAS-Port = 3892314117
>>>> 	RB-NAS-Real-Port = 537067624
>>>> 	Acct-Session-Id = "E8000005-400B2C3E"
>>>> 	Acct-Authentic = RADIUS
>>>> 	Connect-Info = "ubrc"
>>>> 	Framed-IP-Address = 66.112.90.42
>>>> 	Acct-Status-Type = Start
>>>>
>>>> Mon Jan 19 12:56:12 2004: DEBUG: Rewrote user name to nethelp1
>>>> Mon Jan 19 12:56:12 2004: DEBUG: Rewrote user name to nethelp1
>>>> Mon Jan 19 12:56:12 2004: DEBUG: Rewrote user name to nethelp1
>>>> Mon Jan 19 12:56:12 2004: DEBUG: Rewrote user name to nethelp1
>>>> Mon Jan 19 12:56:12 2004: DEBUG: Handling request with Handler
>>>> 'Realm=DEFAULT'
>>>> Mon Jan 19 12:56:12 2004: DEBUG: Rewrote user name to nethelp1
>>>> Mon Jan 19 12:56:12 2004: DEBUG: SQLS Adding session for nethelp1,
>>>> 209.142.136.22, 3892314117
>>>> Mon Jan 19 12:56:12 2004: DEBUG: do query is: 'delete from RADONLINE
>>>> where NASIDENTIFIER='209.142.136.22' and NASPORT=03892314117':
>>>>
>>>> Mon Jan 19 12:56:12 2004: DEBUG: do query is: 'insert into RADONLINE
>>>> (USERNAME,NASIDENTIFIER, NASPORT, ACCTSESSIONID,
>>>> TIME_STAMP,FRAMEDIPADDRESS, NASPORTTYPE) values ('nethelp1',
>>>> '209.142.136.22','3892314117', 'E8000005-400B2C3E', 'Mon Jan 19
>>>> 12:56:12 2004','66.112.90.42', '')':
>>>>
>>>> Mon Jan 19 12:56:12 2004: DEBUG: Handling with Radius::AuthSQL
>>>> Mon Jan 19 12:56:12 2004: DEBUG: Handling accounting with
>>>> Radius::AuthSQL
>>>> Mon Jan 19 12:56:12 2004: DEBUG: Accounting accepted
>>>> Mon Jan 19 12:56:12 2004: DEBUG: Packet dump:
>>>> *** Sending to 209.142.136.22 port 1812 ....
>>>> Code:       Accounting-Response
>>>> Identifier: 29
>>>> Authentic:
>>>> <136>}<253><170><198>`<188><251>N<28><253>`<135><232><29>r
>>>> Attributes:
>>>>
>>>> Mon Jan 19 12:56:13 2004: ERR: Attribute number 144 (vendor 2352) is
>>>> not defined in your dictionary
>>>> Mon Jan 19 12:56:13 2004: DEBUG: Packet dump:
>>>> *** Received from 209.142.136.22 port 1812 ....
>>>> Code:       Accounting-Request
>>>> Identifier: 30
>>>> Authentic:  g%M<161><249><226><174>'<244>NO<194>5Y<176>s
>>>> Attributes:
>>>> 	User-Name = "nethelp1"
>>>> 	NAS-Identifier = "rb-test.mx"
>>>> 	NAS-IP-Address = 209.142.136.22
>>>> 	Service-Type = Framed-User
>>>> 	Framed-Protocol = PPP
>>>> 	NAS-Port = 3892314117
>>>> 	RB-NAS-Real-Port = 537067624
>>>> 	Acct-Session-Id = "E8000005-400B2C3E"
>>>> 	Acct-Authentic = RADIUS
>>>> 	Connect-Info = "ubrc"
>>>> 	Acct-Status-Type = Alive
>>>> 	Framed-IP-Address = 66.112.90.42
>>>> 	Framed-IP-Netmask = 255.255.255.255
>>>> 	RB-Client-DNS-Pri = 209.142.136.85
>>>> 	RB-Client-DNS-Sec = 209.206.199.16
>>>> 	Acct-Input-Octets = 180
>>>> 	Acct-Output-Octets = 0
>>>> 	Acct-Input-Packets = 3
>>>> 	Acct-Output-Packets = 0
>>>> 	Acct-Session-Time = 0
>>>> 	RB-Acct-Input-Octets-64 = 0xb4
>>>> 	RB-Acct-Output-Octets-64 = 0x0
>>>> 	RB-Acct-Input-Packets-64 = 0x3
>>>> 	RB-Acct-Output-Packets-64 = 0x0
>>>>
>>>> Mon Jan 19 12:56:13 2004: DEBUG: Rewrote user name to nethelp1
>>>> Mon Jan 19 12:56:13 2004: DEBUG: Rewrote user name to nethelp1
>>>> Mon Jan 19 12:56:13 2004: DEBUG: Rewrote user name to nethelp1
>>>> Mon Jan 19 12:56:13 2004: DEBUG: Rewrote user name to nethelp1
>>>> Mon Jan 19 12:56:13 2004: DEBUG: Handling request with Handler
>>>> 'Realm=DEFAULT'
>>>> Mon Jan 19 12:56:13 2004: DEBUG: Rewrote user name to nethelp1
>>>> Mon Jan 19 12:56:13 2004: DEBUG: SQLS Adding session for nethelp1,
>>>> 209.142.136.22, 3892314117
>>>> Mon Jan 19 12:56:13 2004: DEBUG: do query is: 'delete from RADONLINE
>>>> where NASIDENTIFIER='209.142.136.22' and NASPORT=03892314117':
>>>>
>>>> Mon Jan 19 12:56:13 2004: DEBUG: do query is: 'insert into RADONLINE
>>>> (USERNAME,NASIDENTIFIER, NASPORT, ACCTSESSIONID,
>>>> TIME_STAMP,FRAMEDIPADDRESS, NASPORTTYPE) values ('nethelp1',
>>>> '209.142.136.22','3892314117', 'E8000005-400B2C3E', 'Mon Jan 19
>>>> 12:56:13 2004','66.112.90.42', '')':
>>>>
>>>> Mon Jan 19 12:56:13 2004: DEBUG: Handling with Radius::AuthSQL
>>>> Mon Jan 19 12:56:13 2004: DEBUG: Handling accounting with
>>>> Radius::AuthSQL
>>>> Mon Jan 19 12:56:13 2004: DEBUG: Accounting accepted
>>>> Mon Jan 19 12:56:13 2004: DEBUG: Packet dump:
>>>> *** Sending to 209.142.136.22 port 1812 ....
>>>> Code:       Accounting-Response
>>>> Identifier: 30
>>>> Authentic:  g%M<161><249><226><174>'<244>NO<194>5Y<176>s
>>>> Attributes:
>>>>
>>>> Mon Jan 19 12:57:53 2004: DEBUG: Packet dump:
>>>> *** Received from 209.142.136.22 port 1812 ....
>>>> Code:       Access-Request
>>>> Identifier: 12
>>>> Authentic:
>>>> <240><165><246>oN<222><231>t<28><143><163>oA<206><12><203>
>>>> Attributes:
>>>> 	User-Name = "nethelp1"
>>>> 	User-Password = ""<4>y<223>1J<218>2<240><239><149><197>I<213>"m"
>>>> 	NAS-Identifier = "rb-test.mx"
>>>> 	NAS-IP-Address = 209.142.136.22
>>>> 	RB-NAS-Real-Port = 537067622
>>>> 	Service-Type = Framed-User
>>>> 	Framed-Protocol = PPP
>>>> 	NAS-Port = 3892314118
>>>> 	Connect-Info = "ubrc"
>>>>
>>>> Mon Jan 19 12:57:53 2004: DEBUG: Rewrote user name to nethelp1
>>>> Mon Jan 19 12:57:53 2004: DEBUG: Rewrote user name to nethelp1
>>>> Mon Jan 19 12:57:53 2004: DEBUG: Rewrote user name to nethelp1
>>>> Mon Jan 19 12:57:53 2004: DEBUG: Rewrote user name to nethelp1
>>>> Mon Jan 19 12:57:53 2004: DEBUG: Handling request with Handler
>>>> 'Realm=DEFAULT'
>>>> Mon Jan 19 12:57:53 2004: DEBUG: Rewrote user name to nethelp1
>>>> Mon Jan 19 12:57:53 2004: DEBUG: SQLS Deleting session for nethelp1,
>>>> 209.142.136.22, 3892314118
>>>> Mon Jan 19 12:57:53 2004: DEBUG: do query is: 'delete from RADONLINE
>>>> where NASIDENTIFIER='209.142.136.22' and NASPORT=03892314118':
>>>>
>>>> Mon Jan 19 12:57:53 2004: DEBUG: Handling with Radius::AuthSQL
>>>> Mon Jan 19 12:57:53 2004: DEBUG: Handling with Radius::AuthSQL:
>>>> CheckSQL
>>>> Mon Jan 19 12:57:53 2004: DEBUG: Query is: 'select PASSWORD,
>>>> CHECKATTR, REPLYATTR from SUBSCRIBERS where USERNAME='nethelp1'':
>>>>
>>>> Mon Jan 19 12:57:53 2004: DEBUG: Radius::AuthSQL looks for match 
>>>> with
>>>> nethelp1
>>>> Mon Jan 19 12:57:53 2004: DEBUG: Query is: 'select NASIDENTIFIER,
>>>> NASPORT from RADONLINE where USERNAME ='nethelp1'':
>>>>
>>>> Mon Jan 19 12:57:53 2004: DEBUG: Checking if user is still online: ,
>>>> nethelp1, 209.142.136.22, 3892314117,
>>>> Mon Jan 19 12:57:53 2004: ERR: Could not load NAS-specific module
>>>> Radius::Nas::: Can't locate Radius/Nas/.pm in @INC (@INC contains: .
>>>> /usr/local/lib/perl5/5.8.0/sun4-solaris /usr/local/lib/perl5/5.8.0
>>>> /usr/local/lib/perl5/site_perl/5.8.0/sun4-solaris
>>>> /usr/local/lib/perl5/site_perl/5.8.0 /usr/local/lib/perl5/site_perl
>>>> .)
>>>> at (eval 190) line 3.
>>>>
>>>> Mon Jan 19 12:57:53 2004: DEBUG: Radius::AuthSQL REJECT:
>>>> Simultaneous-Use of 1 exceeded
>>>> Mon Jan 19 12:57:53 2004: DEBUG: Query is: 'select PASSWORD,
>>>> CHECKATTR, REPLYATTR from SUBSCRIBERS where USERNAME='DEFAULT'':
>>>>
>>>> Mon Jan 19 12:57:53 2004: DEBUG: Radius::AuthSQL looks for match 
>>>> with
>>>> DEFAULT
>>>> Mon Jan 19 12:57:53 2004: DEBUG: Handling with Radius::AuthLDAP2:
>>>> LDAP
>>>> Mon Jan 19 12:57:53 2004: INFO: Connecting to 127.0.0.1, port 389
>>>> Mon Jan 19 12:57:53 2004: ERR: Could not open LDAP connection to
>>>> 127.0.0.1, port 389. Backing off for 600 seconds.
>>>> Mon Jan 19 12:57:53 2004: DEBUG: Radius::AuthSQL IGNORE: User
>>>> database
>>>> access error
>>>> Mon Jan 19 12:57:53 2004: DEBUG: Handling with Radius::AuthUNIX:
>>>> System
>>>> Mon Jan 19 12:57:53 2004: DEBUG: Radius::AuthUNIX looks for match
>>>> with
>>>> nethelp1
>>>> Mon Jan 19 12:57:53 2004: INFO: Access rejected for nethelp1: No 
>>>> such
>>>> user
>>>> Mon Jan 19 12:57:53 2004: DEBUG: Packet dump:
>>>> *** Sending to 209.142.136.22 port 1812 ....
>>>> Code:       Access-Reject
>>>> Identifier: 12
>>>> Authentic:
>>>> <240><165><246>oN<222><231>t<28><143><163>oA<206><12><203>
>>>> Attributes:
>>>> 	Reply-Message = "choice: "
>>>> 	Reply-Message = "Request Denied"
>>>>
>>>> -----------------------------------------------
>>>> end trace 4 redback
>>>>
>>>>
>>>> Trace 4 cisco
>>>> -----------------------------------------------
>>>> Mon Jan 19 12:42:45 2004: DEBUG: Packet dump:
>>>> *** Received from 209.142.136.170 port 21659 ....
>>>> Code:       Access-Request
>>>> Identifier: 15
>>>> Authentic:  ,6~<148>$L<139>/<139>hC<142><166><16><184>D
>>>> Attributes:
>>>> 	Framed-Protocol = PPP
>>>> 	User-Name = "nethelp1"
>>>> 	User-Password =
>>>> "<219>@~<155><31><188><179><167><189><12><204><218><232><31><139>i"
>>>> 	NAS-Port-Type = Virtual
>>>> 	Cisco-NAS-Port = "5/0/0/3.102"
>>>> 	NAS-Port = 0
>>>> 	Service-Type = Framed-User
>>>> 	NAS-IP-Address = 209.142.136.170
>>>>
>>>> Mon Jan 19 12:42:45 2004: DEBUG: Rewrote user name to nethelp1
>>>> Mon Jan 19 12:42:45 2004: DEBUG: Rewrote user name to nethelp1
>>>> Mon Jan 19 12:42:45 2004: DEBUG: Rewrote user name to nethelp1
>>>> Mon Jan 19 12:42:45 2004: DEBUG: Rewrote user name to nethelp1
>>>> Mon Jan 19 12:42:45 2004: DEBUG: Handling request with Handler
>>>> 'Realm=DEFAULT'
>>>> Mon Jan 19 12:42:45 2004: DEBUG: Rewrote user name to nethelp1
>>>> Mon Jan 19 12:42:45 2004: DEBUG: SQLS Deleting session for nethelp1,
>>>> 209.142.136.170, 0
>>>> Mon Jan 19 12:42:45 2004: DEBUG: do query is: 'delete from RADONLINE
>>>> where NASIDENTIFIER='209.142.136.170' and NASPORT=00':
>>>>
>>>> Mon Jan 19 12:42:45 2004: DEBUG: Handling with Radius::AuthSQL
>>>> Mon Jan 19 12:42:45 2004: DEBUG: Handling with Radius::AuthSQL:
>>>> CheckSQL
>>>> Mon Jan 19 12:42:45 2004: DEBUG: Query is: 'select PASSWORD,
>>>> CHECKATTR, REPLYATTR from SUBSCRIBERS where USERNAME='nethelp1'':
>>>>
>>>> Mon Jan 19 12:42:45 2004: DEBUG: Radius::AuthSQL looks for match 
>>>> with
>>>> nethelp1
>>>> Mon Jan 19 12:42:45 2004: DEBUG: Query is: 'select NASIDENTIFIER,
>>>> NASPORT from RADONLINE where USERNAME ='nethelp1'':
>>>>
>>>> Mon Jan 19 12:42:45 2004: DEBUG: Radius::AuthSQL ACCEPT:
>>>> Mon Jan 19 12:42:45 2004: DEBUG: Access accepted for nethelp1
>>>> Mon Jan 19 12:42:45 2004: DEBUG: Packet dump:
>>>> *** Sending to 209.142.136.170 port 21659 ....
>>>> Code:       Access-Accept
>>>> Identifier: 15
>>>> Authentic:  ,6~<148>$L<139>/<139>hC<142><166><16><184>D
>>>> Attributes:
>>>> 	Framed-IP-Address = 66.112.90.42
>>>> 	Service-Type = Framed-User
>>>> 	Framed-Protocol = PPP
>>>> 	Framed-IP-Netmask = 255.255.255.255
>>>> 	Idle-Timeout = 0
>>>> 	Session-Timeout = 0
>>>>
>>>> Mon Jan 19 12:42:45 2004: DEBUG: Packet dump:
>>>> *** Received from 209.142.136.170 port 21659 ....
>>>> Code:       Accounting-Request
>>>> Identifier: 16
>>>> Authentic:  <211><202>yl<21>J<178>fh<233><213><244>4<236><236>b
>>>> Attributes:
>>>> 	Acct-Session-Id = "00000506"
>>>> 	cisco-avpair = "client-mac-address=0060.0f4e.604e"
>>>> 	Framed-Protocol = PPP
>>>> 	Acct-Authentic = RADIUS
>>>> 	User-Name = "nethelp1"
>>>> 	Acct-Status-Type = Start
>>>> 	NAS-Port-Type = Virtual
>>>> 	Cisco-NAS-Port = "5/0/0/3.102"
>>>> 	NAS-Port = 0
>>>> 	Service-Type = Framed-User
>>>> 	NAS-IP-Address = 209.142.136.170
>>>> 	Acct-Delay-Time = 0
>>>>
>>>> Mon Jan 19 12:42:45 2004: DEBUG: Rewrote user name to nethelp1
>>>> Mon Jan 19 12:42:45 2004: DEBUG: Rewrote user name to nethelp1
>>>> Mon Jan 19 12:42:45 2004: DEBUG: Rewrote user name to nethelp1
>>>> Mon Jan 19 12:42:45 2004: DEBUG: Rewrote user name to nethelp1
>>>> Mon Jan 19 12:42:45 2004: DEBUG: Handling request with Handler
>>>> 'Realm=DEFAULT'
>>>> Mon Jan 19 12:42:45 2004: DEBUG: Rewrote user name to nethelp1
>>>> Mon Jan 19 12:42:45 2004: DEBUG: SQLS Adding session for nethelp1,
>>>> 209.142.136.170, 0
>>>> Mon Jan 19 12:42:45 2004: DEBUG: do query is: 'delete from RADONLINE
>>>> where NASIDENTIFIER='209.142.136.170' and NASPORT=00':
>>>>
>>>> Mon Jan 19 12:42:45 2004: DEBUG: do query is: 'insert into RADONLINE
>>>> (USERNAME,NASIDENTIFIER, NASPORT, ACCTSESSIONID,
>>>> TIME_STAMP,FRAMEDIPADDRESS, NASPORTTYPE) values ('nethelp1',
>>>> '209.142.136.170','0', '00000506', 'Mon Jan 19 12:42:45 2004','',
>>>> 'Virtual')':
>>>>
>>>> Mon Jan 19 12:42:45 2004: DEBUG: Handling with Radius::AuthSQL
>>>> Mon Jan 19 12:42:45 2004: DEBUG: Handling accounting with
>>>> Radius::AuthSQL
>>>> Mon Jan 19 12:42:45 2004: DEBUG: Accounting accepted
>>>> Mon Jan 19 12:42:45 2004: DEBUG: Packet dump:
>>>> *** Sending to 209.142.136.170 port 21659 ....
>>>> Code:       Accounting-Response
>>>> Identifier: 16
>>>> Authentic:  <211><202>yl<21>J<178>fh<233><213><244>4<236><236>b
>>>> Attributes:
>>>>
>>>> Mon Jan 19 12:43:46 2004: DEBUG: Packet dump:
>>>> *** Received from 209.142.136.170 port 21659 ....
>>>> Code:       Access-Request
>>>> Identifier: 17
>>>> Authentic:  ~<193>en-4}<12>B<224><28><14>mr<201><0>
>>>> Attributes:
>>>> 	Framed-Protocol = PPP
>>>> 	User-Name = "nethelp1"
>>>> 	User-Password =
>>>> "<27><217><190>0<243><6>g<208><239><241><24><215><249>_<229>+"
>>>> 	NAS-Port-Type = Virtual
>>>> 	Cisco-NAS-Port = "5/0/0/3.104"
>>>> 	NAS-Port = 0
>>>> 	Service-Type = Framed-User
>>>> 	NAS-IP-Address = 209.142.136.170
>>>>
>>>> Mon Jan 19 12:43:46 2004: DEBUG: Rewrote user name to nethelp1
>>>> Mon Jan 19 12:43:46 2004: DEBUG: Rewrote user name to nethelp1
>>>> Mon Jan 19 12:43:46 2004: DEBUG: Rewrote user name to nethelp1
>>>> Mon Jan 19 12:43:46 2004: DEBUG: Rewrote user name to nethelp1
>>>> Mon Jan 19 12:43:46 2004: DEBUG: Handling request with Handler
>>>> 'Realm=DEFAULT'
>>>> Mon Jan 19 12:43:46 2004: DEBUG: Rewrote user name to nethelp1
>>>> Mon Jan 19 12:43:46 2004: DEBUG: SQLS Deleting session for nethelp1,
>>>> 209.142.136.170, 0
>>>> Mon Jan 19 12:43:46 2004: DEBUG: do query is: 'delete from RADONLINE
>>>> where NASIDENTIFIER='209.142.136.170' and NASPORT=00':
>>>>
>>>> Mon Jan 19 12:43:46 2004: DEBUG: Handling with Radius::AuthSQL
>>>> Mon Jan 19 12:43:46 2004: DEBUG: Handling with Radius::AuthSQL:
>>>> CheckSQL
>>>> Mon Jan 19 12:43:46 2004: DEBUG: Query is: 'select PASSWORD,
>>>> CHECKATTR, REPLYATTR from SUBSCRIBERS where USERNAME='nethelp1'':
>>>>
>>>> Mon Jan 19 12:43:46 2004: DEBUG: Radius::AuthSQL looks for match 
>>>> with
>>>> nethelp1
>>>> Mon Jan 19 12:43:46 2004: DEBUG: Query is: 'select NASIDENTIFIER,
>>>> NASPORT from RADONLINE where USERNAME ='nethelp1'':
>>>>
>>>> Mon Jan 19 12:43:46 2004: DEBUG: Radius::AuthSQL ACCEPT:
>>>> Mon Jan 19 12:43:46 2004: DEBUG: Access accepted for nethelp1
>>>> Mon Jan 19 12:43:46 2004: DEBUG: Packet dump:
>>>> *** Sending to 209.142.136.170 port 21659 ....
>>>> Code:       Access-Accept
>>>> Identifier: 17
>>>> Authentic:  ~<193>en-4}<12>B<224><28><14>mr<201><0>
>>>> Attributes:
>>>> 	Framed-IP-Address = 66.112.90.42
>>>> 	Service-Type = Framed-User
>>>> 	Framed-Protocol = PPP
>>>> 	Framed-IP-Netmask = 255.255.255.255
>>>> 	Idle-Timeout = 0
>>>> 	Session-Timeout = 0
>>>>
>>>> Mon Jan 19 12:43:46 2004: DEBUG: Packet dump:
>>>> *** Received from 209.142.136.170 port 21659 ....
>>>> Code:       Accounting-Request
>>>> Identifier: 18
>>>> Authentic:  <223>G<198><10><160>]<178>"<182><166>()<158>PZ<19>
>>>> Attributes:
>>>> 	Acct-Session-Id = "00000507"
>>>> 	cisco-avpair = "client-mac-address=0060.0fd5.b0f0"
>>>> 	Framed-Protocol = PPP
>>>> 	Acct-Authentic = RADIUS
>>>> 	User-Name = "nethelp1"
>>>> 	Acct-Status-Type = Start
>>>> 	NAS-Port-Type = Virtual
>>>> 	Cisco-NAS-Port = "5/0/0/3.104"
>>>> 	NAS-Port = 0
>>>> 	Service-Type = Framed-User
>>>> 	NAS-IP-Address = 209.142.136.170
>>>> 	Acct-Delay-Time = 0
>>>>
>>>> Mon Jan 19 12:43:46 2004: DEBUG: Rewrote user name to nethelp1
>>>> Mon Jan 19 12:43:46 2004: DEBUG: Rewrote user name to nethelp1
>>>> Mon Jan 19 12:43:46 2004: DEBUG: Rewrote user name to nethelp1
>>>> Mon Jan 19 12:43:46 2004: DEBUG: Rewrote user name to nethelp1
>>>> Mon Jan 19 12:43:46 2004: DEBUG: Handling request with Handler
>>>> 'Realm=DEFAULT'
>>>> Mon Jan 19 12:43:46 2004: DEBUG: Rewrote user name to nethelp1
>>>> Mon Jan 19 12:43:46 2004: DEBUG: SQLS Adding session for nethelp1,
>>>> 209.142.136.170, 0
>>>> Mon Jan 19 12:43:46 2004: DEBUG: do query is: 'delete from RADONLINE
>>>> where NASIDENTIFIER='209.142.136.170' and NASPORT=00':
>>>>
>>>> Mon Jan 19 12:43:46 2004: DEBUG: do query is: 'insert into RADONLINE
>>>> (USERNAME,NASIDENTIFIER, NASPORT, ACCTSESSIONID,
>>>> TIME_STAMP,FRAMEDIPADDRESS, NASPORTTYPE) values ('nethelp1',
>>>> '209.142.136.170','0', '00000507', 'Mon Jan 19 12:43:46 2004','',
>>>> 'Virtual')':
>>>>
>>>> Mon Jan 19 12:43:46 2004: DEBUG: Handling with Radius::AuthSQL
>>>> Mon Jan 19 12:43:46 2004: DEBUG: Handling accounting with
>>>> Radius::AuthSQL
>>>> Mon Jan 19 12:43:46 2004: DEBUG: Accounting accepted
>>>> Mon Jan 19 12:43:46 2004: DEBUG: Packet dump:
>>>> *** Sending to 209.142.136.170 port 21659 ....
>>>> Code:       Accounting-Response
>>>> Identifier: 18
>>>> Authentic:  <223>G<198><10><160>]<178>"<182><166>()<158>PZ<19>
>>>> Attributes:
>>>>
>>>> -------------------------------------------------------------
>>>> end trace 4 cisco
>>>>
>>>> ===
>>>> Archive at http://www.open.com.au/archives/radiator/
>>>> Announcements on radiator-announce at open.com.au
>>>> To unsubscribe, email 'majordomo at open.com.au' with
>>>> 'unsubscribe radiator' in the body of the message.
>>>>
>>>>
>>>
>>> NB: have you included a copy of your configuration file (no secrets),
>>> together with a trace 4 debug showing what is happening?
>>>
>>> --
>>> Radiator: the most portable, flexible and configurable RADIUS server
>>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>>> -
>>> Nets: internetwork inventory and management - graphical, extensible,
>>> flexible with hardware, software, platform and database independence.
>>> -
>>> CATool: Private Certificate Authority for Unix and Unix-like systems.
>>>
>>> ===
>>> Archive at http://www.open.com.au/archives/radiator/
>>> Announcements on radiator-announce at open.com.au
>>> To unsubscribe, email 'majordomo at open.com.au' with
>>> 'unsubscribe radiator' in the body of the message.
>>>
>>
>>
>
> NB: have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
>
> -- 
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list