(RADIATOR) DefaultSimultaneousUse With Cisco

al mccain mccainca at centurytel.net
Wed Jan 21 08:18:02 CST 2004


Hugh and Geoffrey,
Thanks so much for the help! I'll check with Cisco and see if there is a
way to handle this.

Thanks again,
al

On Wed, 21 Jan 2004, DUFOUR Geoffrey wrote:

> Hugh,
>
> I can understand the NAS-IP-Address/NAS-Port solution is far more reliable, but I think the User-Name/Acct-Session-Id is an interesting alternative when you cannot rely on Nas-Port.
>
> DeleteQuery delete from RADONLINE where USERNAME='%u' and ACCTSESSIONID = %3
> CountQuery select ... from RADONLINE where USERNAME = '%u'
>
> Moreover I think if you need to limit simultaneous use to 1 for all your users you could rely on User-Name only.
>
> Of course, you need to modify RADIATOR code to prevent execution of the DeleteQuery upon reception of Access-Request.
>
> Depending on the Access Server reliability (Accounting, "Ghost" Sessions, ...), this could be an interesting alternative. But I do agree it can quickly lead to unwanted Access-Reject's in case of NAS Reboot, lost Accounting-Stop, or "Ghost" sessions (VPN servers, ...).
>
> Am I missing something ? I guess I am :) !
>
> Regards.
>
> Geoffrey
>
> -----Message d'origine-----
> De : Hugh Irvine [mailto:hugh at open.com.au]
> Envoyé : mercredi 21 janvier 2004 10:53
> À : DUFOUR Geoffrey
> Cc : radiator at open.com.au; al mccain
> Objet : Re: (RADIATOR) DefaultSimultaneousUse With Cisco
>
>
> Hello Geoffrey -
>
> Unfortunately this will not work, as there is no Acct-Session-Id in the
> access request.
>
> The problem is to be able to distinguish between different sessions
> when the access request is received so you know how many sessions are
> currently active for the user. You can use the query you show below,
> but there is no way to distinguish between "real" sessions and "stale"
> sessions if you don't have reliable, sensible information.
>
> regards
>
> Hugh
>
>
> On 21 Jan 2004, at 20:23, DUFOUR Geoffrey wrote:
>
> > Hello Hugh, Al,
> >
> > If you cannot rely on NAS-Port, simultaneous use can be based on
> > User-Name/Acct-Session-Id instead of NAS-IP-Address/NAS-Port.
> >
> > DeleteQuery delete from RADONLINE where USERNAME='%u' and
> > ACCTSESSIONID = %3
> >
> > For this to work, DeleteQuery must not be executed upon reception of
> > Access-Request.
> >
> > Of course this is less accurate than NAS-IP-Address/NAS-Port.
> >
> > Hugh, correct ?
> >
> > Regards.
> >
> > Geoffrey
> >
> > -----Message d'origine-----
> > De : owner-radiator at open.com.au [mailto:owner-radiator at open.com.au] De
> > la part de Hugh Irvine
> > Envoyé : mercredi 21 janvier 2004 0:42
> > À : al mccain
> > Cc : radiator at open.com.au
> > Objet : Re: (RADIATOR) DefaultSimultaneousUse With Cisco
> >
> >
> > Hello Al -
> >
> > Managing simultaneous use depends on being able to distinguish between
> > sessions.
> >
> > If all of the sessions for the Cisco use NAS-Port 0 it is impossible to
> > know which is which.
> >
> > You should check with Cisco.
> >
> > regards
> >
> > Hugh
> >
> >
> > On 21 Jan 2004, at 01:41, al mccain wrote:
> >
> >> Hugh,
> >>
> >> Thanks for the quick reply! However, I am a little confused.
> >> Are you saying that there is no way to implement this with our cisco
> >> boxes?
> >>
> >> Thanks,
> >> Al
> >>
> >>
> >>
> >> On Tue, 20 Jan 2004, Hugh Irvine wrote:
> >>
> >>>
> >>> Hello Al -
> >>>
> >>> I'm guessing here, but I suspect the problem is due to your Client
> >>> definitions in the SQL database - specifically the contents of the
> >>> NASTYPE field for at least the NAS in question. As you will see from
> >>> the debug, Radiator is trying to find a module called "
> >>> Radius/Nas/.pm"
> >>> in the Redback case so this is not correct at all.
> >>>
> >>> The problem with the Cisco is that the NAS-Port attribute is always
> >>> "0", so this will never work in any case.
> >>>
> >>> regards
> >>>
> >>> Hugh
> >>>
> >>>
> >>> On 20 Jan 2004, at 09:04, al mccain wrote:
> >>>
> >>>>
> >>>> Hello Guys,
> >>>>
> >>>> I have yet another problem. We are trying to implement concurrent
> >>>> login
> >>>> checks. I am having trouble using DefaultSimultaneousUse = 1 with
> >>>> our
> >>>> cisco boxes. It works perfectly for our Redbacks equipment. Could
> >>>> someone
> >>>> take a look and let me know what I'm doing wrong? I have attached my
> >>>> config as well as 2 trace 4's. One is the redback (acting perfectly)
> >>>> and
> >>>> one of the cisco (acting no-so-perfectly).
> >>>>
> >>>> Thanks!
> >>>>
> >>>> Al
> >>>>
> >>>>
> >>>> Config
> >>>> --------------------------------------------------------
> >>>>
> >>>> #Foreground
> >>>> #LogStdout
> >>>> LogDir /var/adm/radacct
> >>>> DbDir /etc/raddb
> >>>> PreHandlerHook file:"%D/prehook"
> >>>>
> >>>> SnmpgetProg /usr/local/bin/snmpget
> >>>> Trace 4
> >>>> RewriteUsername         s/^([^@]+)\@centurytel.net/$1/
> >>>> RewriteUsername         s/^([^@]+)\@digisys.net/$1/
> >>>> RewriteUsername         s/\s+//g
> >>>> #RewriteUsername		s/\'//g
> >>>> RewriteUsername         tr/A-Z/a-z/
> >>>> <Client DEFAULT>
> >>>>
> >>>>
> >>>>         Secret letMEin
> >>>>         DupInterval 0
> >>>>
> >>>>
> >>>> </Client>
> >>>>
> >>>> <SessionDatabase SQL>
> >>>>
> >>>>        DBSource dbi:mysql:radius:*******************
> >>>>        DBUsername ******
> >>>>        DBAuth ********
> >>>>         Identifier SQLS
> >>>>
> >>>>                 AddQuery insert into RADONLINE (USERNAME,\
> >>>>                 NASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP,\
> >>>>                 FRAMEDIPADDRESS, NASPORTTYPE) \
> >>>>                 values ('%n', '%N',\
> >>>>                 '%{NAS-Port}', '%{Acct-Session-Id}', '%o',\
> >>>>                 '%{Framed-IP-Address}', '%{NAS-Port-Type}')
> >>>>
> >>>>
> >>>> DeleteQuery  delete from RADONLINE where NASIDENTIFIER='%1' and
> >>>> NASPORT=0%2
> >>>> ClearNasQuery delete from RADONLINE where NASIDENTIFIER='%0'
> >>>> CountQuery select NASIDENTIFIER, NASPORT, ACCTSESSIONID from
> >>>> RADONLINE
> >>>> \
> >>>> where USERNAME ='%u'
> >>>>
> >>>>
> >>>> </SessionDatabase>
> >>>>
> >>>>
> >>>> <ClientListSQL>
> >>>>
> >>>>         DBSource        dbi:mysql:radius:********************
> >>>>         DBUsername *******
> >>>>         DBAuth *********
> >>>>
> >>>>         select NASIDENTIFIER,SECRET,IGNOREACCTSIGNATURE,DUPINTERVAL,
> >>>> \
> >>>>         DEFAULTREALM,NASTYPE,SNMPCOMMUNITY,LIVINGSTONOFFS, \
> >>>>         LIVINGSTONHOLE,FRAMEDGROUPBASEADDRESS, \
> >>>>         FRAMEDGROUPMAXPORTSPERCLASSC,REWRITEUSERNAME, \
> >>>>         NOIGNOREDUPLICATES from RADCLIENTLIST
> >>>>
> >>>>
> >>>> </ClientListSQL>
> >>>> <AuthBy UNIX>
> >>>>
> >>>> #       DefaultSimultaneousUse 1
> >>>>         Identifier System
> >>>>         Filename /etc/shadow
> >>>>
> >>>> </AuthBy>
> >>>>
> >>>> <AuthBy LDAP2>
> >>>>                DefaultSimultaneousUse 1
> >>>>                 Identifier LDAP
> >>>>                 Host    127.0.0.1
> >>>>                 Port    389
> >>>>                 AuthDN  uid=searchuser,dc=centurytel,dc=net
> >>>>                 AuthPassword    ********
> >>>>                 BaseDN  %0=%1,ou=people,dc=centurytel,dc=net
> >>>>                 Scope   base
> >>>>                 UsernameAttr    uid
> >>>>                 PasswordAttr    userPassword
> >>>>                 HoldServerConnection
> >>>>                 SearchFilter (&(gecos=active)(uid=%1))
> >>>>                 AuthAttrDef gidNumber, gid-attr, request
> >>>> #               DefaultReply
> >>>> Service-Type=Framed-User,Framed-Protocol=PPP
> >>>> </AuthBy>
> >>>> <AuthBy SQL>
> >>>> #       NoDefault
> >>>>         DefaultSimultaneousUse 1
> >>>>         Identifier CheckSQL
> >>>>
> >>>>         DBSource        dbi:mysql:radius:********************
> >>>>         DBUsername ******
> >>>>         DBAuth ********
> >>>>
> >>>>
> >>>>         AuthSelect select PASSWORD, CHECKATTR, REPLYATTR \
> >>>>        from SUBSCRIBERS \
> >>>>       where USERNAME=%0
> >>>>
> >>>> AuthColumnDef 0, User-Password, check
> >>>> AuthColumnDef 1, GENERIC, check
> >>>> AuthColumnDef 2, GENERIC, reply
> >>>> #               DefaultReply
> >>>> Service-Type=Framed-User,Framed-Protocol=PPP
> >>>>
> >>>>
> >>>> </AuthBy>
> >>>> <Realm DEFAULT>
> >>>> RewriteUsername s/^([^@]+).*/$1/
> >>>>
> >>>>
> >>>>
> >>>>  PostAuthHook file:"%D/postHook"
> >>>>         AcctLogFileName %L/%N/detail
> >>>>
> >>>>
> >>>>
> >>>>         #AuthByPolicy ContinueWhileReject
> >>>>         AuthByPolicy    ContinueUntilAccept
> >>>>         #AuthBy LDAP
> >>>>         AuthBy CheckSQL
> >>>>         AuthBy System
> >>>>
> >>>>
> >>>> </Realm>
> >>>>
> >>>> ----------------------------------------------
> >>>> End Config
> >>>>
> >>>>
> >>>> Trace 4 Redback
> >>>> ----------------------------------------------
> >>>> Mon Jan 19 12:56:10 2004: DEBUG: Packet dump:
> >>>> *** Received from 209.142.136.22 port 1812 ....
> >>>> Code:       Access-Request
> >>>> Identifier: 11
> >>>> Authentic:  E<138><164><4>E<130>FE<30><232><199>@<23>j<201><247>
> >>>> Attributes:
> >>>> 	User-Name = "nethelp1"
> >>>> 	User-Password = "<187>6<25>L<247><7><5><168><148><235>0 5V<3><199>"
> >>>> 	NAS-Identifier = "rb-test.mx"
> >>>> 	NAS-IP-Address = 209.142.136.22
> >>>> 	RB-NAS-Real-Port = 537067624
> >>>> 	Service-Type = Framed-User
> >>>> 	Framed-Protocol = PPP
> >>>> 	NAS-Port = 3892314117
> >>>> 	Connect-Info = "ubrc"
> >>>>
> >>>> Mon Jan 19 12:56:10 2004: DEBUG: Rewrote user name to nethelp1
> >>>> Mon Jan 19 12:56:10 2004: DEBUG: Rewrote user name to nethelp1
> >>>> Mon Jan 19 12:56:10 2004: DEBUG: Rewrote user name to nethelp1
> >>>> Mon Jan 19 12:56:10 2004: DEBUG: Rewrote user name to nethelp1
> >>>> Mon Jan 19 12:56:10 2004: DEBUG: Handling request with Handler
> >>>> 'Realm=DEFAULT'
> >>>> Mon Jan 19 12:56:10 2004: DEBUG: Rewrote user name to nethelp1
> >>>> Mon Jan 19 12:56:10 2004: DEBUG: SQLS Deleting session for nethelp1,
> >>>> 209.142.136.22, 3892314117
> >>>> Mon Jan 19 12:56:10 2004: DEBUG: do query is: 'delete from RADONLINE
> >>>> where NASIDENTIFIER='209.142.136.22' and NASPORT=03892314117':
> >>>>
> >>>> Mon Jan 19 12:56:10 2004: DEBUG: Handling with Radius::AuthSQL
> >>>> Mon Jan 19 12:56:10 2004: DEBUG: Handling with Radius::AuthSQL:
> >>>> CheckSQL
> >>>> Mon Jan 19 12:56:10 2004: DEBUG: Query is: 'select PASSWORD,
> >>>> CHECKATTR, REPLYATTR from SUBSCRIBERS where USERNAME='nethelp1'':
> >>>>
> >>>> Mon Jan 19 12:56:10 2004: DEBUG: Radius::AuthSQL looks for match
> >>>> with
> >>>> nethelp1
> >>>> Mon Jan 19 12:56:10 2004: DEBUG: Query is: 'select NASIDENTIFIER,
> >>>> NASPORT from RADONLINE where USERNAME ='nethelp1'':
> >>>>
> >>>> Mon Jan 19 12:56:10 2004: DEBUG: Radius::AuthSQL ACCEPT:
> >>>> Mon Jan 19 12:56:10 2004: DEBUG: Access accepted for nethelp1
> >>>> Mon Jan 19 12:56:10 2004: DEBUG: Packet dump:
> >>>> *** Sending to 209.142.136.22 port 1812 ....
> >>>> Code:       Access-Accept
> >>>> Identifier: 11
> >>>> Authentic:  E<138><164><4>E<130>FE<30><232><199>@<23>j<201><247>
> >>>> Attributes:
> >>>> 	Framed-IP-Address = 66.112.90.42
> >>>> 	Service-Type = Framed-User
> >>>> 	Framed-Protocol = PPP
> >>>> 	Framed-IP-Netmask = 255.255.255.255
> >>>> 	Idle-Timeout = 0
> >>>> 	Session-Timeout = 0
> >>>>
> >>>> Mon Jan 19 12:56:12 2004: ERR: Attribute number 144 (vendor 2352) is
> >>>> not defined in your dictionary
> >>>> Mon Jan 19 12:56:12 2004: DEBUG: Packet dump:
> >>>> *** Received from 209.142.136.22 port 1812 ....
> >>>> Code:       Accounting-Request
> >>>> Identifier: 29
> >>>> Authentic:
> >>>> <136>}<253><170><198>`<188><251>N<28><253>`<135><232><29>r
> >>>> Attributes:
> >>>> 	User-Name = "nethelp1"
> >>>> 	NAS-Identifier = "rb-test.mx"
> >>>> 	NAS-IP-Address = 209.142.136.22
> >>>> 	Service-Type = Framed-User
> >>>> 	Framed-Protocol = PPP
> >>>> 	NAS-Port = 3892314117
> >>>> 	RB-NAS-Real-Port = 537067624
> >>>> 	Acct-Session-Id = "E8000005-400B2C3E"
> >>>> 	Acct-Authentic = RADIUS
> >>>> 	Connect-Info = "ubrc"
> >>>> 	Framed-IP-Address = 66.112.90.42
> >>>> 	Acct-Status-Type = Start
> >>>>
> >>>> Mon Jan 19 12:56:12 2004: DEBUG: Rewrote user name to nethelp1
> >>>> Mon Jan 19 12:56:12 2004: DEBUG: Rewrote user name to nethelp1
> >>>> Mon Jan 19 12:56:12 2004: DEBUG: Rewrote user name to nethelp1
> >>>> Mon Jan 19 12:56:12 2004: DEBUG: Rewrote user name to nethelp1
> >>>> Mon Jan 19 12:56:12 2004: DEBUG: Handling request with Handler
> >>>> 'Realm=DEFAULT'
> >>>> Mon Jan 19 12:56:12 2004: DEBUG: Rewrote user name to nethelp1
> >>>> Mon Jan 19 12:56:12 2004: DEBUG: SQLS Adding session for nethelp1,
> >>>> 209.142.136.22, 3892314117
> >>>> Mon Jan 19 12:56:12 2004: DEBUG: do query is: 'delete from RADONLINE
> >>>> where NASIDENTIFIER='209.142.136.22' and NASPORT=03892314117':
> >>>>
> >>>> Mon Jan 19 12:56:12 2004: DEBUG: do query is: 'insert into RADONLINE
> >>>> (USERNAME,NASIDENTIFIER, NASPORT, ACCTSESSIONID,
> >>>> TIME_STAMP,FRAMEDIPADDRESS, NASPORTTYPE) values ('nethelp1',
> >>>> '209.142.136.22','3892314117', 'E8000005-400B2C3E', 'Mon Jan 19
> >>>> 12:56:12 2004','66.112.90.42', '')':
> >>>>
> >>>> Mon Jan 19 12:56:12 2004: DEBUG: Handling with Radius::AuthSQL
> >>>> Mon Jan 19 12:56:12 2004: DEBUG: Handling accounting with
> >>>> Radius::AuthSQL
> >>>> Mon Jan 19 12:56:12 2004: DEBUG: Accounting accepted
> >>>> Mon Jan 19 12:56:12 2004: DEBUG: Packet dump:
> >>>> *** Sending to 209.142.136.22 port 1812 ....
> >>>> Code:       Accounting-Response
> >>>> Identifier: 29
> >>>> Authentic:
> >>>> <136>}<253><170><198>`<188><251>N<28><253>`<135><232><29>r
> >>>> Attributes:
> >>>>
> >>>> Mon Jan 19 12:56:13 2004: ERR: Attribute number 144 (vendor 2352) is
> >>>> not defined in your dictionary
> >>>> Mon Jan 19 12:56:13 2004: DEBUG: Packet dump:
> >>>> *** Received from 209.142.136.22 port 1812 ....
> >>>> Code:       Accounting-Request
> >>>> Identifier: 30
> >>>> Authentic:  g%M<161><249><226><174>'<244>NO<194>5Y<176>s
> >>>> Attributes:
> >>>> 	User-Name = "nethelp1"
> >>>> 	NAS-Identifier = "rb-test.mx"
> >>>> 	NAS-IP-Address = 209.142.136.22
> >>>> 	Service-Type = Framed-User
> >>>> 	Framed-Protocol = PPP
> >>>> 	NAS-Port = 3892314117
> >>>> 	RB-NAS-Real-Port = 537067624
> >>>> 	Acct-Session-Id = "E8000005-400B2C3E"
> >>>> 	Acct-Authentic = RADIUS
> >>>> 	Connect-Info = "ubrc"
> >>>> 	Acct-Status-Type = Alive
> >>>> 	Framed-IP-Address = 66.112.90.42
> >>>> 	Framed-IP-Netmask = 255.255.255.255
> >>>> 	RB-Client-DNS-Pri = 209.142.136.85
> >>>> 	RB-Client-DNS-Sec = 209.206.199.16
> >>>> 	Acct-Input-Octets = 180
> >>>> 	Acct-Output-Octets = 0
> >>>> 	Acct-Input-Packets = 3
> >>>> 	Acct-Output-Packets = 0
> >>>> 	Acct-Session-Time = 0
> >>>> 	RB-Acct-Input-Octets-64 = 0xb4
> >>>> 	RB-Acct-Output-Octets-64 = 0x0
> >>>> 	RB-Acct-Input-Packets-64 = 0x3
> >>>> 	RB-Acct-Output-Packets-64 = 0x0
> >>>>
> >>>> Mon Jan 19 12:56:13 2004: DEBUG: Rewrote user name to nethelp1
> >>>> Mon Jan 19 12:56:13 2004: DEBUG: Rewrote user name to nethelp1
> >>>> Mon Jan 19 12:56:13 2004: DEBUG: Rewrote user name to nethelp1
> >>>> Mon Jan 19 12:56:13 2004: DEBUG: Rewrote user name to nethelp1
> >>>> Mon Jan 19 12:56:13 2004: DEBUG: Handling request with Handler
> >>>> 'Realm=DEFAULT'
> >>>> Mon Jan 19 12:56:13 2004: DEBUG: Rewrote user name to nethelp1
> >>>> Mon Jan 19 12:56:13 2004: DEBUG: SQLS Adding session for nethelp1,
> >>>> 209.142.136.22, 3892314117
> >>>> Mon Jan 19 12:56:13 2004: DEBUG: do query is: 'delete from RADONLINE
> >>>> where NASIDENTIFIER='209.142.136.22' and NASPORT=03892314117':
> >>>>
> >>>> Mon Jan 19 12:56:13 2004: DEBUG: do query is: 'insert into RADONLINE
> >>>> (USERNAME,NASIDENTIFIER, NASPORT, ACCTSESSIONID,
> >>>> TIME_STAMP,FRAMEDIPADDRESS, NASPORTTYPE) values ('nethelp1',
> >>>> '209.142.136.22','3892314117', 'E8000005-400B2C3E', 'Mon Jan 19
> >>>> 12:56:13 2004','66.112.90.42', '')':
> >>>>
> >>>> Mon Jan 19 12:56:13 2004: DEBUG: Handling with Radius::AuthSQL
> >>>> Mon Jan 19 12:56:13 2004: DEBUG: Handling accounting with
> >>>> Radius::AuthSQL
> >>>> Mon Jan 19 12:56:13 2004: DEBUG: Accounting accepted
> >>>> Mon Jan 19 12:56:13 2004: DEBUG: Packet dump:
> >>>> *** Sending to 209.142.136.22 port 1812 ....
> >>>> Code:       Accounting-Response
> >>>> Identifier: 30
> >>>> Authentic:  g%M<161><249><226><174>'<244>NO<194>5Y<176>s
> >>>> Attributes:
> >>>>
> >>>> Mon Jan 19 12:57:53 2004: DEBUG: Packet dump:
> >>>> *** Received from 209.142.136.22 port 1812 ....
> >>>> Code:       Access-Request
> >>>> Identifier: 12
> >>>> Authentic:
> >>>> <240><165><246>oN<222><231>t<28><143><163>oA<206><12><203>
> >>>> Attributes:
> >>>> 	User-Name = "nethelp1"
> >>>> 	User-Password = ""<4>y<223>1J<218>2<240><239><149><197>I<213>"m"
> >>>> 	NAS-Identifier = "rb-test.mx"
> >>>> 	NAS-IP-Address = 209.142.136.22
> >>>> 	RB-NAS-Real-Port = 537067622
> >>>> 	Service-Type = Framed-User
> >>>> 	Framed-Protocol = PPP
> >>>> 	NAS-Port = 3892314118
> >>>> 	Connect-Info = "ubrc"
> >>>>
> >>>> Mon Jan 19 12:57:53 2004: DEBUG: Rewrote user name to nethelp1
> >>>> Mon Jan 19 12:57:53 2004: DEBUG: Rewrote user name to nethelp1
> >>>> Mon Jan 19 12:57:53 2004: DEBUG: Rewrote user name to nethelp1
> >>>> Mon Jan 19 12:57:53 2004: DEBUG: Rewrote user name to nethelp1
> >>>> Mon Jan 19 12:57:53 2004: DEBUG: Handling request with Handler
> >>>> 'Realm=DEFAULT'
> >>>> Mon Jan 19 12:57:53 2004: DEBUG: Rewrote user name to nethelp1
> >>>> Mon Jan 19 12:57:53 2004: DEBUG: SQLS Deleting session for nethelp1,
> >>>> 209.142.136.22, 3892314118
> >>>> Mon Jan 19 12:57:53 2004: DEBUG: do query is: 'delete from RADONLINE
> >>>> where NASIDENTIFIER='209.142.136.22' and NASPORT=03892314118':
> >>>>
> >>>> Mon Jan 19 12:57:53 2004: DEBUG: Handling with Radius::AuthSQL
> >>>> Mon Jan 19 12:57:53 2004: DEBUG: Handling with Radius::AuthSQL:
> >>>> CheckSQL
> >>>> Mon Jan 19 12:57:53 2004: DEBUG: Query is: 'select PASSWORD,
> >>>> CHECKATTR, REPLYATTR from SUBSCRIBERS where USERNAME='nethelp1'':
> >>>>
> >>>> Mon Jan 19 12:57:53 2004: DEBUG: Radius::AuthSQL looks for match
> >>>> with
> >>>> nethelp1
> >>>> Mon Jan 19 12:57:53 2004: DEBUG: Query is: 'select NASIDENTIFIER,
> >>>> NASPORT from RADONLINE where USERNAME ='nethelp1'':
> >>>>
> >>>> Mon Jan 19 12:57:53 2004: DEBUG: Checking if user is still online: ,
> >>>> nethelp1, 209.142.136.22, 3892314117,
> >>>> Mon Jan 19 12:57:53 2004: ERR: Could not load NAS-specific module
> >>>> Radius::Nas::: Can't locate Radius/Nas/.pm in @INC (@INC contains: .
> >>>> /usr/local/lib/perl5/5.8.0/sun4-solaris /usr/local/lib/perl5/5.8.0
> >>>> /usr/local/lib/perl5/site_perl/5.8.0/sun4-solaris
> >>>> /usr/local/lib/perl5/site_perl/5.8.0 /usr/local/lib/perl5/site_perl
> >>>> .)
> >>>> at (eval 190) line 3.
> >>>>
> >>>> Mon Jan 19 12:57:53 2004: DEBUG: Radius::AuthSQL REJECT:
> >>>> Simultaneous-Use of 1 exceeded
> >>>> Mon Jan 19 12:57:53 2004: DEBUG: Query is: 'select PASSWORD,
> >>>> CHECKATTR, REPLYATTR from SUBSCRIBERS where USERNAME='DEFAULT'':
> >>>>
> >>>> Mon Jan 19 12:57:53 2004: DEBUG: Radius::AuthSQL looks for match
> >>>> with
> >>>> DEFAULT
> >>>> Mon Jan 19 12:57:53 2004: DEBUG: Handling with Radius::AuthLDAP2:
> >>>> LDAP
> >>>> Mon Jan 19 12:57:53 2004: INFO: Connecting to 127.0.0.1, port 389
> >>>> Mon Jan 19 12:57:53 2004: ERR: Could not open LDAP connection to
> >>>> 127.0.0.1, port 389. Backing off for 600 seconds.
> >>>> Mon Jan 19 12:57:53 2004: DEBUG: Radius::AuthSQL IGNORE: User
> >>>> database
> >>>> access error
> >>>> Mon Jan 19 12:57:53 2004: DEBUG: Handling with Radius::AuthUNIX:
> >>>> System
> >>>> Mon Jan 19 12:57:53 2004: DEBUG: Radius::AuthUNIX looks for match
> >>>> with
> >>>> nethelp1
> >>>> Mon Jan 19 12:57:53 2004: INFO: Access rejected for nethelp1: No
> >>>> such
> >>>> user
> >>>> Mon Jan 19 12:57:53 2004: DEBUG: Packet dump:
> >>>> *** Sending to 209.142.136.22 port 1812 ....
> >>>> Code:       Access-Reject
> >>>> Identifier: 12
> >>>> Authentic:
> >>>> <240><165><246>oN<222><231>t<28><143><163>oA<206><12><203>
> >>>> Attributes:
> >>>> 	Reply-Message = "choice: "
> >>>> 	Reply-Message = "Request Denied"
> >>>>
> >>>> -----------------------------------------------
> >>>> end trace 4 redback
> >>>>
> >>>>
> >>>> Trace 4 cisco
> >>>> -----------------------------------------------
> >>>> Mon Jan 19 12:42:45 2004: DEBUG: Packet dump:
> >>>> *** Received from 209.142.136.170 port 21659 ....
> >>>> Code:       Access-Request
> >>>> Identifier: 15
> >>>> Authentic:  ,6~<148>$L<139>/<139>hC<142><166><16><184>D
> >>>> Attributes:
> >>>> 	Framed-Protocol = PPP
> >>>> 	User-Name = "nethelp1"
> >>>> 	User-Password =
> >>>> "<219>@~<155><31><188><179><167><189><12><204><218><232><31><139>i"
> >>>> 	NAS-Port-Type = Virtual
> >>>> 	Cisco-NAS-Port = "5/0/0/3.102"
> >>>> 	NAS-Port = 0
> >>>> 	Service-Type = Framed-User
> >>>> 	NAS-IP-Address = 209.142.136.170
> >>>>
> >>>> Mon Jan 19 12:42:45 2004: DEBUG: Rewrote user name to nethelp1
> >>>> Mon Jan 19 12:42:45 2004: DEBUG: Rewrote user name to nethelp1
> >>>> Mon Jan 19 12:42:45 2004: DEBUG: Rewrote user name to nethelp1
> >>>> Mon Jan 19 12:42:45 2004: DEBUG: Rewrote user name to nethelp1
> >>>> Mon Jan 19 12:42:45 2004: DEBUG: Handling request with Handler
> >>>> 'Realm=DEFAULT'
> >>>> Mon Jan 19 12:42:45 2004: DEBUG: Rewrote user name to nethelp1
> >>>> Mon Jan 19 12:42:45 2004: DEBUG: SQLS Deleting session for nethelp1,
> >>>> 209.142.136.170, 0
> >>>> Mon Jan 19 12:42:45 2004: DEBUG: do query is: 'delete from RADONLINE
> >>>> where NASIDENTIFIER='209.142.136.170' and NASPORT=00':
> >>>>
> >>>> Mon Jan 19 12:42:45 2004: DEBUG: Handling with Radius::AuthSQL
> >>>> Mon Jan 19 12:42:45 2004: DEBUG: Handling with Radius::AuthSQL:
> >>>> CheckSQL
> >>>> Mon Jan 19 12:42:45 2004: DEBUG: Query is: 'select PASSWORD,
> >>>> CHECKATTR, REPLYATTR from SUBSCRIBERS where USERNAME='nethelp1'':
> >>>>
> >>>> Mon Jan 19 12:42:45 2004: DEBUG: Radius::AuthSQL looks for match
> >>>> with
> >>>> nethelp1
> >>>> Mon Jan 19 12:42:45 2004: DEBUG: Query is: 'select NASIDENTIFIER,
> >>>> NASPORT from RADONLINE where USERNAME ='nethelp1'':
> >>>>
> >>>> Mon Jan 19 12:42:45 2004: DEBUG: Radius::AuthSQL ACCEPT:
> >>>> Mon Jan 19 12:42:45 2004: DEBUG: Access accepted for nethelp1
> >>>> Mon Jan 19 12:42:45 2004: DEBUG: Packet dump:
> >>>> *** Sending to 209.142.136.170 port 21659 ....
> >>>> Code:       Access-Accept
> >>>> Identifier: 15
> >>>> Authentic:  ,6~<148>$L<139>/<139>hC<142><166><16><184>D
> >>>> Attributes:
> >>>> 	Framed-IP-Address = 66.112.90.42
> >>>> 	Service-Type = Framed-User
> >>>> 	Framed-Protocol = PPP
> >>>> 	Framed-IP-Netmask = 255.255.255.255
> >>>> 	Idle-Timeout = 0
> >>>> 	Session-Timeout = 0
> >>>>
> >>>> Mon Jan 19 12:42:45 2004: DEBUG: Packet dump:
> >>>> *** Received from 209.142.136.170 port 21659 ....
> >>>> Code:       Accounting-Request
> >>>> Identifier: 16
> >>>> Authentic:  <211><202>yl<21>J<178>fh<233><213><244>4<236><236>b
> >>>> Attributes:
> >>>> 	Acct-Session-Id = "00000506"
> >>>> 	cisco-avpair = "client-mac-address=0060.0f4e.604e"
> >>>> 	Framed-Protocol = PPP
> >>>> 	Acct-Authentic = RADIUS
> >>>> 	User-Name = "nethelp1"
> >>>> 	Acct-Status-Type = Start
> >>>> 	NAS-Port-Type = Virtual
> >>>> 	Cisco-NAS-Port = "5/0/0/3.102"
> >>>> 	NAS-Port = 0
> >>>> 	Service-Type = Framed-User
> >>>> 	NAS-IP-Address = 209.142.136.170
> >>>> 	Acct-Delay-Time = 0
> >>>>
> >>>> Mon Jan 19 12:42:45 2004: DEBUG: Rewrote user name to nethelp1
> >>>> Mon Jan 19 12:42:45 2004: DEBUG: Rewrote user name to nethelp1
> >>>> Mon Jan 19 12:42:45 2004: DEBUG: Rewrote user name to nethelp1
> >>>> Mon Jan 19 12:42:45 2004: DEBUG: Rewrote user name to nethelp1
> >>>> Mon Jan 19 12:42:45 2004: DEBUG: Handling request with Handler
> >>>> 'Realm=DEFAULT'
> >>>> Mon Jan 19 12:42:45 2004: DEBUG: Rewrote user name to nethelp1
> >>>> Mon Jan 19 12:42:45 2004: DEBUG: SQLS Adding session for nethelp1,
> >>>> 209.142.136.170, 0
> >>>> Mon Jan 19 12:42:45 2004: DEBUG: do query is: 'delete from RADONLINE
> >>>> where NASIDENTIFIER='209.142.136.170' and NASPORT=00':
> >>>>
> >>>> Mon Jan 19 12:42:45 2004: DEBUG: do query is: 'insert into RADONLINE
> >>>> (USERNAME,NASIDENTIFIER, NASPORT, ACCTSESSIONID,
> >>>> TIME_STAMP,FRAMEDIPADDRESS, NASPORTTYPE) values ('nethelp1',
> >>>> '209.142.136.170','0', '00000506', 'Mon Jan 19 12:42:45 2004','',
> >>>> 'Virtual')':
> >>>>
> >>>> Mon Jan 19 12:42:45 2004: DEBUG: Handling with Radius::AuthSQL
> >>>> Mon Jan 19 12:42:45 2004: DEBUG: Handling accounting with
> >>>> Radius::AuthSQL
> >>>> Mon Jan 19 12:42:45 2004: DEBUG: Accounting accepted
> >>>> Mon Jan 19 12:42:45 2004: DEBUG: Packet dump:
> >>>> *** Sending to 209.142.136.170 port 21659 ....
> >>>> Code:       Accounting-Response
> >>>> Identifier: 16
> >>>> Authentic:  <211><202>yl<21>J<178>fh<233><213><244>4<236><236>b
> >>>> Attributes:
> >>>>
> >>>> Mon Jan 19 12:43:46 2004: DEBUG: Packet dump:
> >>>> *** Received from 209.142.136.170 port 21659 ....
> >>>> Code:       Access-Request
> >>>> Identifier: 17
> >>>> Authentic:  ~<193>en-4}<12>B<224><28><14>mr<201><0>
> >>>> Attributes:
> >>>> 	Framed-Protocol = PPP
> >>>> 	User-Name = "nethelp1"
> >>>> 	User-Password =
> >>>> "<27><217><190>0<243><6>g<208><239><241><24><215><249>_<229>+"
> >>>> 	NAS-Port-Type = Virtual
> >>>> 	Cisco-NAS-Port = "5/0/0/3.104"
> >>>> 	NAS-Port = 0
> >>>> 	Service-Type = Framed-User
> >>>> 	NAS-IP-Address = 209.142.136.170
> >>>>
> >>>> Mon Jan 19 12:43:46 2004: DEBUG: Rewrote user name to nethelp1
> >>>> Mon Jan 19 12:43:46 2004: DEBUG: Rewrote user name to nethelp1
> >>>> Mon Jan 19 12:43:46 2004: DEBUG: Rewrote user name to nethelp1
> >>>> Mon Jan 19 12:43:46 2004: DEBUG: Rewrote user name to nethelp1
> >>>> Mon Jan 19 12:43:46 2004: DEBUG: Handling request with Handler
> >>>> 'Realm=DEFAULT'
> >>>> Mon Jan 19 12:43:46 2004: DEBUG: Rewrote user name to nethelp1
> >>>> Mon Jan 19 12:43:46 2004: DEBUG: SQLS Deleting session for nethelp1,
> >>>> 209.142.136.170, 0
> >>>> Mon Jan 19 12:43:46 2004: DEBUG: do query is: 'delete from RADONLINE
> >>>> where NASIDENTIFIER='209.142.136.170' and NASPORT=00':
> >>>>
> >>>> Mon Jan 19 12:43:46 2004: DEBUG: Handling with Radius::AuthSQL
> >>>> Mon Jan 19 12:43:46 2004: DEBUG: Handling with Radius::AuthSQL:
> >>>> CheckSQL
> >>>> Mon Jan 19 12:43:46 2004: DEBUG: Query is: 'select PASSWORD,
> >>>> CHECKATTR, REPLYATTR from SUBSCRIBERS where USERNAME='nethelp1'':
> >>>>
> >>>> Mon Jan 19 12:43:46 2004: DEBUG: Radius::AuthSQL looks for match
> >>>> with
> >>>> nethelp1
> >>>> Mon Jan 19 12:43:46 2004: DEBUG: Query is: 'select NASIDENTIFIER,
> >>>> NASPORT from RADONLINE where USERNAME ='nethelp1'':
> >>>>
> >>>> Mon Jan 19 12:43:46 2004: DEBUG: Radius::AuthSQL ACCEPT:
> >>>> Mon Jan 19 12:43:46 2004: DEBUG: Access accepted for nethelp1
> >>>> Mon Jan 19 12:43:46 2004: DEBUG: Packet dump:
> >>>> *** Sending to 209.142.136.170 port 21659 ....
> >>>> Code:       Access-Accept
> >>>> Identifier: 17
> >>>> Authentic:  ~<193>en-4}<12>B<224><28><14>mr<201><0>
> >>>> Attributes:
> >>>> 	Framed-IP-Address = 66.112.90.42
> >>>> 	Service-Type = Framed-User
> >>>> 	Framed-Protocol = PPP
> >>>> 	Framed-IP-Netmask = 255.255.255.255
> >>>> 	Idle-Timeout = 0
> >>>> 	Session-Timeout = 0
> >>>>
> >>>> Mon Jan 19 12:43:46 2004: DEBUG: Packet dump:
> >>>> *** Received from 209.142.136.170 port 21659 ....
> >>>> Code:       Accounting-Request
> >>>> Identifier: 18
> >>>> Authentic:  <223>G<198><10><160>]<178>"<182><166>()<158>PZ<19>
> >>>> Attributes:
> >>>> 	Acct-Session-Id = "00000507"
> >>>> 	cisco-avpair = "client-mac-address=0060.0fd5.b0f0"
> >>>> 	Framed-Protocol = PPP
> >>>> 	Acct-Authentic = RADIUS
> >>>> 	User-Name = "nethelp1"
> >>>> 	Acct-Status-Type = Start
> >>>> 	NAS-Port-Type = Virtual
> >>>> 	Cisco-NAS-Port = "5/0/0/3.104"
> >>>> 	NAS-Port = 0
> >>>> 	Service-Type = Framed-User
> >>>> 	NAS-IP-Address = 209.142.136.170
> >>>> 	Acct-Delay-Time = 0
> >>>>
> >>>> Mon Jan 19 12:43:46 2004: DEBUG: Rewrote user name to nethelp1
> >>>> Mon Jan 19 12:43:46 2004: DEBUG: Rewrote user name to nethelp1
> >>>> Mon Jan 19 12:43:46 2004: DEBUG: Rewrote user name to nethelp1
> >>>> Mon Jan 19 12:43:46 2004: DEBUG: Rewrote user name to nethelp1
> >>>> Mon Jan 19 12:43:46 2004: DEBUG: Handling request with Handler
> >>>> 'Realm=DEFAULT'
> >>>> Mon Jan 19 12:43:46 2004: DEBUG: Rewrote user name to nethelp1
> >>>> Mon Jan 19 12:43:46 2004: DEBUG: SQLS Adding session for nethelp1,
> >>>> 209.142.136.170, 0
> >>>> Mon Jan 19 12:43:46 2004: DEBUG: do query is: 'delete from RADONLINE
> >>>> where NASIDENTIFIER='209.142.136.170' and NASPORT=00':
> >>>>
> >>>> Mon Jan 19 12:43:46 2004: DEBUG: do query is: 'insert into RADONLINE
> >>>> (USERNAME,NASIDENTIFIER, NASPORT, ACCTSESSIONID,
> >>>> TIME_STAMP,FRAMEDIPADDRESS, NASPORTTYPE) values ('nethelp1',
> >>>> '209.142.136.170','0', '00000507', 'Mon Jan 19 12:43:46 2004','',
> >>>> 'Virtual')':
> >>>>
> >>>> Mon Jan 19 12:43:46 2004: DEBUG: Handling with Radius::AuthSQL
> >>>> Mon Jan 19 12:43:46 2004: DEBUG: Handling accounting with
> >>>> Radius::AuthSQL
> >>>> Mon Jan 19 12:43:46 2004: DEBUG: Accounting accepted
> >>>> Mon Jan 19 12:43:46 2004: DEBUG: Packet dump:
> >>>> *** Sending to 209.142.136.170 port 21659 ....
> >>>> Code:       Accounting-Response
> >>>> Identifier: 18
> >>>> Authentic:  <223>G<198><10><160>]<178>"<182><166>()<158>PZ<19>
> >>>> Attributes:
> >>>>
> >>>> -------------------------------------------------------------
> >>>> end trace 4 cisco
> >>>>
> >>>> ===
> >>>> Archive at http://www.open.com.au/archives/radiator/
> >>>> Announcements on radiator-announce at open.com.au
> >>>> To unsubscribe, email 'majordomo at open.com.au' with
> >>>> 'unsubscribe radiator' in the body of the message.
> >>>>
> >>>>
> >>>
> >>> NB: have you included a copy of your configuration file (no secrets),
> >>> together with a trace 4 debug showing what is happening?
> >>>
> >>> --
> >>> Radiator: the most portable, flexible and configurable RADIUS server
> >>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> >>> -
> >>> Nets: internetwork inventory and management - graphical, extensible,
> >>> flexible with hardware, software, platform and database independence.
> >>> -
> >>> CATool: Private Certificate Authority for Unix and Unix-like systems.
> >>>
> >>> ===
> >>> Archive at http://www.open.com.au/archives/radiator/
> >>> Announcements on radiator-announce at open.com.au
> >>> To unsubscribe, email 'majordomo at open.com.au' with
> >>> 'unsubscribe radiator' in the body of the message.
> >>>
> >>
> >>
> >
> > NB: have you included a copy of your configuration file (no secrets),
> > together with a trace 4 debug showing what is happening?
> >
> > --
> > Radiator: the most portable, flexible and configurable RADIUS server
> > anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> > -
> > Nets: internetwork inventory and management - graphical, extensible,
> > flexible with hardware, software, platform and database independence.
> > -
> > CATool: Private Certificate Authority for Unix and Unix-like systems.
> >
> > ===
> > Archive at http://www.open.com.au/archives/radiator/
> > Announcements on radiator-announce at open.com.au
> > To unsubscribe, email 'majordomo at open.com.au' with
> > 'unsubscribe radiator' in the body of the message.
> > ===
> > Archive at http://www.open.com.au/archives/radiator/
> > Announcements on radiator-announce at open.com.au
> > To unsubscribe, email 'majordomo at open.com.au' with
> > 'unsubscribe radiator' in the body of the message.
> >
> >
>
> NB: have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list