(RADIATOR) DefaultSimultaneousUse With Cisco

Hugh Irvine hugh at open.com.au
Wed Jan 21 16:45:10 CST 2004


Hello Geoffrey -

No you aren't missing anything - Radiator just tries to be 
"self-healing" with the DeleteQuery which is why it is run when the 
access request is processed.

The only other way to recover from what you list below as problems is 
to be able query the access server(s) when a simultaneous use exception 
is detected, which is what the "NasType" parameter is used for in the 
Client clause. Note that for this to work you must be able to query the 
access server in some way (SNMP or whatever) and the performance 
penalty is non-trivial.

regards

Hugh


On 21 Jan 2004, at 21:30, DUFOUR Geoffrey wrote:

> Hugh,
>
> I can understand the NAS-IP-Address/NAS-Port solution is far more 
> reliable, but I think the User-Name/Acct-Session-Id is an interesting 
> alternative when you cannot rely on Nas-Port.
>
> DeleteQuery delete from RADONLINE where USERNAME='%u' and 
> ACCTSESSIONID = %3
> CountQuery select ... from RADONLINE where USERNAME = '%u'
>
> Moreover I think if you need to limit simultaneous use to 1 for all 
> your users you could rely on User-Name only.
>
> Of course, you need to modify RADIATOR code to prevent execution of 
> the DeleteQuery upon reception of Access-Request.
>
> Depending on the Access Server reliability (Accounting, "Ghost" 
> Sessions, ...), this could be an interesting alternative. But I do 
> agree it can quickly lead to unwanted Access-Reject's in case of NAS 
> Reboot, lost Accounting-Stop, or "Ghost" sessions (VPN servers, ...).
>
> Am I missing something ? I guess I am :) !
>
> Regards.
>
> Geoffrey
>
> -----Message d'origine-----
> De : Hugh Irvine [mailto:hugh at open.com.au]
> Envoyé : mercredi 21 janvier 2004 10:53
> À : DUFOUR Geoffrey
> Cc : radiator at open.com.au; al mccain
> Objet : Re: (RADIATOR) DefaultSimultaneousUse With Cisco
>
>
> Hello Geoffrey -
>
> Unfortunately this will not work, as there is no Acct-Session-Id in the
> access request.
>
> The problem is to be able to distinguish between different sessions
> when the access request is received so you know how many sessions are
> currently active for the user. You can use the query you show below,
> but there is no way to distinguish between "real" sessions and "stale"
> sessions if you don't have reliable, sensible information.
>
> regards
>
> Hugh
>
>
> On 21 Jan 2004, at 20:23, DUFOUR Geoffrey wrote:
>
>> Hello Hugh, Al,
>>
>> If you cannot rely on NAS-Port, simultaneous use can be based on
>> User-Name/Acct-Session-Id instead of NAS-IP-Address/NAS-Port.
>>
>> DeleteQuery delete from RADONLINE where USERNAME='%u' and
>> ACCTSESSIONID = %3
>>
>> For this to work, DeleteQuery must not be executed upon reception of
>> Access-Request.
>>
>> Of course this is less accurate than NAS-IP-Address/NAS-Port.
>>
>> Hugh, correct ?
>>
>> Regards.
>>
>> Geoffrey
>>
>> -----Message d'origine-----
>> De : owner-radiator at open.com.au [mailto:owner-radiator at open.com.au] De
>> la part de Hugh Irvine
>> Envoyé : mercredi 21 janvier 2004 0:42
>> À : al mccain
>> Cc : radiator at open.com.au
>> Objet : Re: (RADIATOR) DefaultSimultaneousUse With Cisco
>>
>>
>> Hello Al -
>>
>> Managing simultaneous use depends on being able to distinguish between
>> sessions.
>>
>> If all of the sessions for the Cisco use NAS-Port 0 it is impossible 
>> to
>> know which is which.
>>
>> You should check with Cisco.
>>
>> regards
>>
>> Hugh
>>
>>
>> On 21 Jan 2004, at 01:41, al mccain wrote:
>>
>>> Hugh,
>>>
>>> Thanks for the quick reply! However, I am a little confused.
>>> Are you saying that there is no way to implement this with our cisco
>>> boxes?
>>>
>>> Thanks,
>>> Al
>>>
>>>
>>>
>>> On Tue, 20 Jan 2004, Hugh Irvine wrote:
>>>
>>>>
>>>> Hello Al -
>>>>
>>>> I'm guessing here, but I suspect the problem is due to your Client
>>>> definitions in the SQL database - specifically the contents of the
>>>> NASTYPE field for at least the NAS in question. As you will see from
>>>> the debug, Radiator is trying to find a module called "
>>>> Radius/Nas/.pm"
>>>> in the Redback case so this is not correct at all.
>>>>
>>>> The problem with the Cisco is that the NAS-Port attribute is always
>>>> "0", so this will never work in any case.
>>>>
>>>> regards
>>>>
>>>> Hugh
>>>>
>>>>
>>>> On 20 Jan 2004, at 09:04, al mccain wrote:
>>>>
>>>>>
>>>>> Hello Guys,
>>>>>
>>>>> I have yet another problem. We are trying to implement concurrent
>>>>> login
>>>>> checks. I am having trouble using DefaultSimultaneousUse = 1 with
>>>>> our
>>>>> cisco boxes. It works perfectly for our Redbacks equipment. Could
>>>>> someone
>>>>> take a look and let me know what I'm doing wrong? I have attached 
>>>>> my
>>>>> config as well as 2 trace 4's. One is the redback (acting 
>>>>> perfectly)
>>>>> and
>>>>> one of the cisco (acting no-so-perfectly).
>>>>>
>>>>> Thanks!
>>>>>
>>>>> Al
>>>>>
>>>>>
>>>>> Config
>>>>> --------------------------------------------------------
>>>>>
>>>>> #Foreground
>>>>> #LogStdout
>>>>> LogDir /var/adm/radacct
>>>>> DbDir /etc/raddb
>>>>> PreHandlerHook file:"%D/prehook"
>>>>>
>>>>> SnmpgetProg /usr/local/bin/snmpget
>>>>> Trace 4
>>>>> RewriteUsername         s/^([^@]+)\@centurytel.net/$1/
>>>>> RewriteUsername         s/^([^@]+)\@digisys.net/$1/
>>>>> RewriteUsername         s/\s+//g
>>>>> #RewriteUsername		s/\'//g
>>>>> RewriteUsername         tr/A-Z/a-z/
>>>>> <Client DEFAULT>
>>>>>
>>>>>
>>>>>         Secret letMEin
>>>>>         DupInterval 0
>>>>>
>>>>>
>>>>> </Client>
>>>>>
>>>>> <SessionDatabase SQL>
>>>>>
>>>>>        DBSource dbi:mysql:radius:*******************
>>>>>        DBUsername ******
>>>>>        DBAuth ********
>>>>>         Identifier SQLS
>>>>>
>>>>>                 AddQuery insert into RADONLINE (USERNAME,\
>>>>>                 NASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP,\
>>>>>                 FRAMEDIPADDRESS, NASPORTTYPE) \
>>>>>                 values ('%n', '%N',\
>>>>>                 '%{NAS-Port}', '%{Acct-Session-Id}', '%o',\
>>>>>                 '%{Framed-IP-Address}', '%{NAS-Port-Type}')
>>>>>
>>>>>
>>>>> DeleteQuery  delete from RADONLINE where NASIDENTIFIER='%1' and
>>>>> NASPORT=0%2
>>>>> ClearNasQuery delete from RADONLINE where NASIDENTIFIER='%0'
>>>>> CountQuery select NASIDENTIFIER, NASPORT, ACCTSESSIONID from
>>>>> RADONLINE
>>>>> \
>>>>> where USERNAME ='%u'
>>>>>
>>>>>
>>>>> </SessionDatabase>
>>>>>
>>>>>
>>>>> <ClientListSQL>
>>>>>
>>>>>         DBSource        dbi:mysql:radius:********************
>>>>>         DBUsername *******
>>>>>         DBAuth *********
>>>>>
>>>>>         select 
>>>>> NASIDENTIFIER,SECRET,IGNOREACCTSIGNATURE,DUPINTERVAL,
>>>>> \
>>>>>         DEFAULTREALM,NASTYPE,SNMPCOMMUNITY,LIVINGSTONOFFS, \
>>>>>         LIVINGSTONHOLE,FRAMEDGROUPBASEADDRESS, \
>>>>>         FRAMEDGROUPMAXPORTSPERCLASSC,REWRITEUSERNAME, \
>>>>>         NOIGNOREDUPLICATES from RADCLIENTLIST
>>>>>
>>>>>
>>>>> </ClientListSQL>
>>>>> <AuthBy UNIX>
>>>>>
>>>>> #       DefaultSimultaneousUse 1
>>>>>         Identifier System
>>>>>         Filename /etc/shadow
>>>>>
>>>>> </AuthBy>
>>>>>
>>>>> <AuthBy LDAP2>
>>>>>                DefaultSimultaneousUse 1
>>>>>                 Identifier LDAP
>>>>>                 Host    127.0.0.1
>>>>>                 Port    389
>>>>>                 AuthDN  uid=searchuser,dc=centurytel,dc=net
>>>>>                 AuthPassword    ********
>>>>>                 BaseDN  %0=%1,ou=people,dc=centurytel,dc=net
>>>>>                 Scope   base
>>>>>                 UsernameAttr    uid
>>>>>                 PasswordAttr    userPassword
>>>>>                 HoldServerConnection
>>>>>                 SearchFilter (&(gecos=active)(uid=%1))
>>>>>                 AuthAttrDef gidNumber, gid-attr, request
>>>>> #               DefaultReply
>>>>> Service-Type=Framed-User,Framed-Protocol=PPP
>>>>> </AuthBy>
>>>>> <AuthBy SQL>
>>>>> #       NoDefault
>>>>>         DefaultSimultaneousUse 1
>>>>>         Identifier CheckSQL
>>>>>
>>>>>         DBSource        dbi:mysql:radius:********************
>>>>>         DBUsername ******
>>>>>         DBAuth ********
>>>>>
>>>>>
>>>>>         AuthSelect select PASSWORD, CHECKATTR, REPLYATTR \
>>>>>        from SUBSCRIBERS \
>>>>>       where USERNAME=%0
>>>>>
>>>>> AuthColumnDef 0, User-Password, check
>>>>> AuthColumnDef 1, GENERIC, check
>>>>> AuthColumnDef 2, GENERIC, reply
>>>>> #               DefaultReply
>>>>> Service-Type=Framed-User,Framed-Protocol=PPP
>>>>>
>>>>>
>>>>> </AuthBy>
>>>>> <Realm DEFAULT>
>>>>> RewriteUsername s/^([^@]+).*/$1/
>>>>>
>>>>>
>>>>>
>>>>>  PostAuthHook file:"%D/postHook"
>>>>>         AcctLogFileName %L/%N/detail
>>>>>
>>>>>
>>>>>
>>>>>         #AuthByPolicy ContinueWhileReject
>>>>>         AuthByPolicy    ContinueUntilAccept
>>>>>         #AuthBy LDAP
>>>>>         AuthBy CheckSQL
>>>>>         AuthBy System
>>>>>
>>>>>
>>>>> </Realm>
>>>>>
>>>>> ----------------------------------------------
>>>>> End Config
>>>>>
>>>>>
>>>>> Trace 4 Redback
>>>>> ----------------------------------------------
>>>>> Mon Jan 19 12:56:10 2004: DEBUG: Packet dump:
>>>>> *** Received from 209.142.136.22 port 1812 ....
>>>>> Code:       Access-Request
>>>>> Identifier: 11
>>>>> Authentic:  E<138><164><4>E<130>FE<30><232><199>@<23>j<201><247>
>>>>> Attributes:
>>>>> 	User-Name = "nethelp1"
>>>>> 	User-Password = "<187>6<25>L<247><7><5><168><148><235>0 
>>>>> 5V<3><199>"
>>>>> 	NAS-Identifier = "rb-test.mx"
>>>>> 	NAS-IP-Address = 209.142.136.22
>>>>> 	RB-NAS-Real-Port = 537067624
>>>>> 	Service-Type = Framed-User
>>>>> 	Framed-Protocol = PPP
>>>>> 	NAS-Port = 3892314117
>>>>> 	Connect-Info = "ubrc"
>>>>>
>>>>> Mon Jan 19 12:56:10 2004: DEBUG: Rewrote user name to nethelp1
>>>>> Mon Jan 19 12:56:10 2004: DEBUG: Rewrote user name to nethelp1
>>>>> Mon Jan 19 12:56:10 2004: DEBUG: Rewrote user name to nethelp1
>>>>> Mon Jan 19 12:56:10 2004: DEBUG: Rewrote user name to nethelp1
>>>>> Mon Jan 19 12:56:10 2004: DEBUG: Handling request with Handler
>>>>> 'Realm=DEFAULT'
>>>>> Mon Jan 19 12:56:10 2004: DEBUG: Rewrote user name to nethelp1
>>>>> Mon Jan 19 12:56:10 2004: DEBUG: SQLS Deleting session for 
>>>>> nethelp1,
>>>>> 209.142.136.22, 3892314117
>>>>> Mon Jan 19 12:56:10 2004: DEBUG: do query is: 'delete from 
>>>>> RADONLINE
>>>>> where NASIDENTIFIER='209.142.136.22' and NASPORT=03892314117':
>>>>>
>>>>> Mon Jan 19 12:56:10 2004: DEBUG: Handling with Radius::AuthSQL
>>>>> Mon Jan 19 12:56:10 2004: DEBUG: Handling with Radius::AuthSQL:
>>>>> CheckSQL
>>>>> Mon Jan 19 12:56:10 2004: DEBUG: Query is: 'select PASSWORD,
>>>>> CHECKATTR, REPLYATTR from SUBSCRIBERS where USERNAME='nethelp1'':
>>>>>
>>>>> Mon Jan 19 12:56:10 2004: DEBUG: Radius::AuthSQL looks for match
>>>>> with
>>>>> nethelp1
>>>>> Mon Jan 19 12:56:10 2004: DEBUG: Query is: 'select NASIDENTIFIER,
>>>>> NASPORT from RADONLINE where USERNAME ='nethelp1'':
>>>>>
>>>>> Mon Jan 19 12:56:10 2004: DEBUG: Radius::AuthSQL ACCEPT:
>>>>> Mon Jan 19 12:56:10 2004: DEBUG: Access accepted for nethelp1
>>>>> Mon Jan 19 12:56:10 2004: DEBUG: Packet dump:
>>>>> *** Sending to 209.142.136.22 port 1812 ....
>>>>> Code:       Access-Accept
>>>>> Identifier: 11
>>>>> Authentic:  E<138><164><4>E<130>FE<30><232><199>@<23>j<201><247>
>>>>> Attributes:
>>>>> 	Framed-IP-Address = 66.112.90.42
>>>>> 	Service-Type = Framed-User
>>>>> 	Framed-Protocol = PPP
>>>>> 	Framed-IP-Netmask = 255.255.255.255
>>>>> 	Idle-Timeout = 0
>>>>> 	Session-Timeout = 0
>>>>>
>>>>> Mon Jan 19 12:56:12 2004: ERR: Attribute number 144 (vendor 2352) 
>>>>> is
>>>>> not defined in your dictionary
>>>>> Mon Jan 19 12:56:12 2004: DEBUG: Packet dump:
>>>>> *** Received from 209.142.136.22 port 1812 ....
>>>>> Code:       Accounting-Request
>>>>> Identifier: 29
>>>>> Authentic:
>>>>> <136>}<253><170><198>`<188><251>N<28><253>`<135><232><29>r
>>>>> Attributes:
>>>>> 	User-Name = "nethelp1"
>>>>> 	NAS-Identifier = "rb-test.mx"
>>>>> 	NAS-IP-Address = 209.142.136.22
>>>>> 	Service-Type = Framed-User
>>>>> 	Framed-Protocol = PPP
>>>>> 	NAS-Port = 3892314117
>>>>> 	RB-NAS-Real-Port = 537067624
>>>>> 	Acct-Session-Id = "E8000005-400B2C3E"
>>>>> 	Acct-Authentic = RADIUS
>>>>> 	Connect-Info = "ubrc"
>>>>> 	Framed-IP-Address = 66.112.90.42
>>>>> 	Acct-Status-Type = Start
>>>>>
>>>>> Mon Jan 19 12:56:12 2004: DEBUG: Rewrote user name to nethelp1
>>>>> Mon Jan 19 12:56:12 2004: DEBUG: Rewrote user name to nethelp1
>>>>> Mon Jan 19 12:56:12 2004: DEBUG: Rewrote user name to nethelp1
>>>>> Mon Jan 19 12:56:12 2004: DEBUG: Rewrote user name to nethelp1
>>>>> Mon Jan 19 12:56:12 2004: DEBUG: Handling request with Handler
>>>>> 'Realm=DEFAULT'
>>>>> Mon Jan 19 12:56:12 2004: DEBUG: Rewrote user name to nethelp1
>>>>> Mon Jan 19 12:56:12 2004: DEBUG: SQLS Adding session for nethelp1,
>>>>> 209.142.136.22, 3892314117
>>>>> Mon Jan 19 12:56:12 2004: DEBUG: do query is: 'delete from 
>>>>> RADONLINE
>>>>> where NASIDENTIFIER='209.142.136.22' and NASPORT=03892314117':
>>>>>
>>>>> Mon Jan 19 12:56:12 2004: DEBUG: do query is: 'insert into 
>>>>> RADONLINE
>>>>> (USERNAME,NASIDENTIFIER, NASPORT, ACCTSESSIONID,
>>>>> TIME_STAMP,FRAMEDIPADDRESS, NASPORTTYPE) values ('nethelp1',
>>>>> '209.142.136.22','3892314117', 'E8000005-400B2C3E', 'Mon Jan 19
>>>>> 12:56:12 2004','66.112.90.42', '')':
>>>>>
>>>>> Mon Jan 19 12:56:12 2004: DEBUG: Handling with Radius::AuthSQL
>>>>> Mon Jan 19 12:56:12 2004: DEBUG: Handling accounting with
>>>>> Radius::AuthSQL
>>>>> Mon Jan 19 12:56:12 2004: DEBUG: Accounting accepted
>>>>> Mon Jan 19 12:56:12 2004: DEBUG: Packet dump:
>>>>> *** Sending to 209.142.136.22 port 1812 ....
>>>>> Code:       Accounting-Response
>>>>> Identifier: 29
>>>>> Authentic:
>>>>> <136>}<253><170><198>`<188><251>N<28><253>`<135><232><29>r
>>>>> Attributes:
>>>>>
>>>>> Mon Jan 19 12:56:13 2004: ERR: Attribute number 144 (vendor 2352) 
>>>>> is
>>>>> not defined in your dictionary
>>>>> Mon Jan 19 12:56:13 2004: DEBUG: Packet dump:
>>>>> *** Received from 209.142.136.22 port 1812 ....
>>>>> Code:       Accounting-Request
>>>>> Identifier: 30
>>>>> Authentic:  g%M<161><249><226><174>'<244>NO<194>5Y<176>s
>>>>> Attributes:
>>>>> 	User-Name = "nethelp1"
>>>>> 	NAS-Identifier = "rb-test.mx"
>>>>> 	NAS-IP-Address = 209.142.136.22
>>>>> 	Service-Type = Framed-User
>>>>> 	Framed-Protocol = PPP
>>>>> 	NAS-Port = 3892314117
>>>>> 	RB-NAS-Real-Port = 537067624
>>>>> 	Acct-Session-Id = "E8000005-400B2C3E"
>>>>> 	Acct-Authentic = RADIUS
>>>>> 	Connect-Info = "ubrc"
>>>>> 	Acct-Status-Type = Alive
>>>>> 	Framed-IP-Address = 66.112.90.42
>>>>> 	Framed-IP-Netmask = 255.255.255.255
>>>>> 	RB-Client-DNS-Pri = 209.142.136.85
>>>>> 	RB-Client-DNS-Sec = 209.206.199.16
>>>>> 	Acct-Input-Octets = 180
>>>>> 	Acct-Output-Octets = 0
>>>>> 	Acct-Input-Packets = 3
>>>>> 	Acct-Output-Packets = 0
>>>>> 	Acct-Session-Time = 0
>>>>> 	RB-Acct-Input-Octets-64 = 0xb4
>>>>> 	RB-Acct-Output-Octets-64 = 0x0
>>>>> 	RB-Acct-Input-Packets-64 = 0x3
>>>>> 	RB-Acct-Output-Packets-64 = 0x0
>>>>>
>>>>> Mon Jan 19 12:56:13 2004: DEBUG: Rewrote user name to nethelp1
>>>>> Mon Jan 19 12:56:13 2004: DEBUG: Rewrote user name to nethelp1
>>>>> Mon Jan 19 12:56:13 2004: DEBUG: Rewrote user name to nethelp1
>>>>> Mon Jan 19 12:56:13 2004: DEBUG: Rewrote user name to nethelp1
>>>>> Mon Jan 19 12:56:13 2004: DEBUG: Handling request with Handler
>>>>> 'Realm=DEFAULT'
>>>>> Mon Jan 19 12:56:13 2004: DEBUG: Rewrote user name to nethelp1
>>>>> Mon Jan 19 12:56:13 2004: DEBUG: SQLS Adding session for nethelp1,
>>>>> 209.142.136.22, 3892314117
>>>>> Mon Jan 19 12:56:13 2004: DEBUG: do query is: 'delete from 
>>>>> RADONLINE
>>>>> where NASIDENTIFIER='209.142.136.22' and NASPORT=03892314117':
>>>>>
>>>>> Mon Jan 19 12:56:13 2004: DEBUG: do query is: 'insert into 
>>>>> RADONLINE
>>>>> (USERNAME,NASIDENTIFIER, NASPORT, ACCTSESSIONID,
>>>>> TIME_STAMP,FRAMEDIPADDRESS, NASPORTTYPE) values ('nethelp1',
>>>>> '209.142.136.22','3892314117', 'E8000005-400B2C3E', 'Mon Jan 19
>>>>> 12:56:13 2004','66.112.90.42', '')':
>>>>>
>>>>> Mon Jan 19 12:56:13 2004: DEBUG: Handling with Radius::AuthSQL
>>>>> Mon Jan 19 12:56:13 2004: DEBUG: Handling accounting with
>>>>> Radius::AuthSQL
>>>>> Mon Jan 19 12:56:13 2004: DEBUG: Accounting accepted
>>>>> Mon Jan 19 12:56:13 2004: DEBUG: Packet dump:
>>>>> *** Sending to 209.142.136.22 port 1812 ....
>>>>> Code:       Accounting-Response
>>>>> Identifier: 30
>>>>> Authentic:  g%M<161><249><226><174>'<244>NO<194>5Y<176>s
>>>>> Attributes:
>>>>>
>>>>> Mon Jan 19 12:57:53 2004: DEBUG: Packet dump:
>>>>> *** Received from 209.142.136.22 port 1812 ....
>>>>> Code:       Access-Request
>>>>> Identifier: 12
>>>>> Authentic:
>>>>> <240><165><246>oN<222><231>t<28><143><163>oA<206><12><203>
>>>>> Attributes:
>>>>> 	User-Name = "nethelp1"
>>>>> 	User-Password = ""<4>y<223>1J<218>2<240><239><149><197>I<213>"m"
>>>>> 	NAS-Identifier = "rb-test.mx"
>>>>> 	NAS-IP-Address = 209.142.136.22
>>>>> 	RB-NAS-Real-Port = 537067622
>>>>> 	Service-Type = Framed-User
>>>>> 	Framed-Protocol = PPP
>>>>> 	NAS-Port = 3892314118
>>>>> 	Connect-Info = "ubrc"
>>>>>
>>>>> Mon Jan 19 12:57:53 2004: DEBUG: Rewrote user name to nethelp1
>>>>> Mon Jan 19 12:57:53 2004: DEBUG: Rewrote user name to nethelp1
>>>>> Mon Jan 19 12:57:53 2004: DEBUG: Rewrote user name to nethelp1
>>>>> Mon Jan 19 12:57:53 2004: DEBUG: Rewrote user name to nethelp1
>>>>> Mon Jan 19 12:57:53 2004: DEBUG: Handling request with Handler
>>>>> 'Realm=DEFAULT'
>>>>> Mon Jan 19 12:57:53 2004: DEBUG: Rewrote user name to nethelp1
>>>>> Mon Jan 19 12:57:53 2004: DEBUG: SQLS Deleting session for 
>>>>> nethelp1,
>>>>> 209.142.136.22, 3892314118
>>>>> Mon Jan 19 12:57:53 2004: DEBUG: do query is: 'delete from 
>>>>> RADONLINE
>>>>> where NASIDENTIFIER='209.142.136.22' and NASPORT=03892314118':
>>>>>
>>>>> Mon Jan 19 12:57:53 2004: DEBUG: Handling with Radius::AuthSQL
>>>>> Mon Jan 19 12:57:53 2004: DEBUG: Handling with Radius::AuthSQL:
>>>>> CheckSQL
>>>>> Mon Jan 19 12:57:53 2004: DEBUG: Query is: 'select PASSWORD,
>>>>> CHECKATTR, REPLYATTR from SUBSCRIBERS where USERNAME='nethelp1'':
>>>>>
>>>>> Mon Jan 19 12:57:53 2004: DEBUG: Radius::AuthSQL looks for match
>>>>> with
>>>>> nethelp1
>>>>> Mon Jan 19 12:57:53 2004: DEBUG: Query is: 'select NASIDENTIFIER,
>>>>> NASPORT from RADONLINE where USERNAME ='nethelp1'':
>>>>>
>>>>> Mon Jan 19 12:57:53 2004: DEBUG: Checking if user is still online: 
>>>>> ,
>>>>> nethelp1, 209.142.136.22, 3892314117,
>>>>> Mon Jan 19 12:57:53 2004: ERR: Could not load NAS-specific module
>>>>> Radius::Nas::: Can't locate Radius/Nas/.pm in @INC (@INC contains: 
>>>>> .
>>>>> /usr/local/lib/perl5/5.8.0/sun4-solaris /usr/local/lib/perl5/5.8.0
>>>>> /usr/local/lib/perl5/site_perl/5.8.0/sun4-solaris
>>>>> /usr/local/lib/perl5/site_perl/5.8.0 /usr/local/lib/perl5/site_perl
>>>>> .)
>>>>> at (eval 190) line 3.
>>>>>
>>>>> Mon Jan 19 12:57:53 2004: DEBUG: Radius::AuthSQL REJECT:
>>>>> Simultaneous-Use of 1 exceeded
>>>>> Mon Jan 19 12:57:53 2004: DEBUG: Query is: 'select PASSWORD,
>>>>> CHECKATTR, REPLYATTR from SUBSCRIBERS where USERNAME='DEFAULT'':
>>>>>
>>>>> Mon Jan 19 12:57:53 2004: DEBUG: Radius::AuthSQL looks for match
>>>>> with
>>>>> DEFAULT
>>>>> Mon Jan 19 12:57:53 2004: DEBUG: Handling with Radius::AuthLDAP2:
>>>>> LDAP
>>>>> Mon Jan 19 12:57:53 2004: INFO: Connecting to 127.0.0.1, port 389
>>>>> Mon Jan 19 12:57:53 2004: ERR: Could not open LDAP connection to
>>>>> 127.0.0.1, port 389. Backing off for 600 seconds.
>>>>> Mon Jan 19 12:57:53 2004: DEBUG: Radius::AuthSQL IGNORE: User
>>>>> database
>>>>> access error
>>>>> Mon Jan 19 12:57:53 2004: DEBUG: Handling with Radius::AuthUNIX:
>>>>> System
>>>>> Mon Jan 19 12:57:53 2004: DEBUG: Radius::AuthUNIX looks for match
>>>>> with
>>>>> nethelp1
>>>>> Mon Jan 19 12:57:53 2004: INFO: Access rejected for nethelp1: No
>>>>> such
>>>>> user
>>>>> Mon Jan 19 12:57:53 2004: DEBUG: Packet dump:
>>>>> *** Sending to 209.142.136.22 port 1812 ....
>>>>> Code:       Access-Reject
>>>>> Identifier: 12
>>>>> Authentic:
>>>>> <240><165><246>oN<222><231>t<28><143><163>oA<206><12><203>
>>>>> Attributes:
>>>>> 	Reply-Message = "choice: "
>>>>> 	Reply-Message = "Request Denied"
>>>>>
>>>>> -----------------------------------------------
>>>>> end trace 4 redback
>>>>>
>>>>>
>>>>> Trace 4 cisco
>>>>> -----------------------------------------------
>>>>> Mon Jan 19 12:42:45 2004: DEBUG: Packet dump:
>>>>> *** Received from 209.142.136.170 port 21659 ....
>>>>> Code:       Access-Request
>>>>> Identifier: 15
>>>>> Authentic:  ,6~<148>$L<139>/<139>hC<142><166><16><184>D
>>>>> Attributes:
>>>>> 	Framed-Protocol = PPP
>>>>> 	User-Name = "nethelp1"
>>>>> 	User-Password =
>>>>> "<219>@~<155><31><188><179><167><189><12><204><218><232><31><139>i"
>>>>> 	NAS-Port-Type = Virtual
>>>>> 	Cisco-NAS-Port = "5/0/0/3.102"
>>>>> 	NAS-Port = 0
>>>>> 	Service-Type = Framed-User
>>>>> 	NAS-IP-Address = 209.142.136.170
>>>>>
>>>>> Mon Jan 19 12:42:45 2004: DEBUG: Rewrote user name to nethelp1
>>>>> Mon Jan 19 12:42:45 2004: DEBUG: Rewrote user name to nethelp1
>>>>> Mon Jan 19 12:42:45 2004: DEBUG: Rewrote user name to nethelp1
>>>>> Mon Jan 19 12:42:45 2004: DEBUG: Rewrote user name to nethelp1
>>>>> Mon Jan 19 12:42:45 2004: DEBUG: Handling request with Handler
>>>>> 'Realm=DEFAULT'
>>>>> Mon Jan 19 12:42:45 2004: DEBUG: Rewrote user name to nethelp1
>>>>> Mon Jan 19 12:42:45 2004: DEBUG: SQLS Deleting session for 
>>>>> nethelp1,
>>>>> 209.142.136.170, 0
>>>>> Mon Jan 19 12:42:45 2004: DEBUG: do query is: 'delete from 
>>>>> RADONLINE
>>>>> where NASIDENTIFIER='209.142.136.170' and NASPORT=00':
>>>>>
>>>>> Mon Jan 19 12:42:45 2004: DEBUG: Handling with Radius::AuthSQL
>>>>> Mon Jan 19 12:42:45 2004: DEBUG: Handling with Radius::AuthSQL:
>>>>> CheckSQL
>>>>> Mon Jan 19 12:42:45 2004: DEBUG: Query is: 'select PASSWORD,
>>>>> CHECKATTR, REPLYATTR from SUBSCRIBERS where USERNAME='nethelp1'':
>>>>>
>>>>> Mon Jan 19 12:42:45 2004: DEBUG: Radius::AuthSQL looks for match
>>>>> with
>>>>> nethelp1
>>>>> Mon Jan 19 12:42:45 2004: DEBUG: Query is: 'select NASIDENTIFIER,
>>>>> NASPORT from RADONLINE where USERNAME ='nethelp1'':
>>>>>
>>>>> Mon Jan 19 12:42:45 2004: DEBUG: Radius::AuthSQL ACCEPT:
>>>>> Mon Jan 19 12:42:45 2004: DEBUG: Access accepted for nethelp1
>>>>> Mon Jan 19 12:42:45 2004: DEBUG: Packet dump:
>>>>> *** Sending to 209.142.136.170 port 21659 ....
>>>>> Code:       Access-Accept
>>>>> Identifier: 15
>>>>> Authentic:  ,6~<148>$L<139>/<139>hC<142><166><16><184>D
>>>>> Attributes:
>>>>> 	Framed-IP-Address = 66.112.90.42
>>>>> 	Service-Type = Framed-User
>>>>> 	Framed-Protocol = PPP
>>>>> 	Framed-IP-Netmask = 255.255.255.255
>>>>> 	Idle-Timeout = 0
>>>>> 	Session-Timeout = 0
>>>>>
>>>>> Mon Jan 19 12:42:45 2004: DEBUG: Packet dump:
>>>>> *** Received from 209.142.136.170 port 21659 ....
>>>>> Code:       Accounting-Request
>>>>> Identifier: 16
>>>>> Authentic:  <211><202>yl<21>J<178>fh<233><213><244>4<236><236>b
>>>>> Attributes:
>>>>> 	Acct-Session-Id = "00000506"
>>>>> 	cisco-avpair = "client-mac-address=0060.0f4e.604e"
>>>>> 	Framed-Protocol = PPP
>>>>> 	Acct-Authentic = RADIUS
>>>>> 	User-Name = "nethelp1"
>>>>> 	Acct-Status-Type = Start
>>>>> 	NAS-Port-Type = Virtual
>>>>> 	Cisco-NAS-Port = "5/0/0/3.102"
>>>>> 	NAS-Port = 0
>>>>> 	Service-Type = Framed-User
>>>>> 	NAS-IP-Address = 209.142.136.170
>>>>> 	Acct-Delay-Time = 0
>>>>>
>>>>> Mon Jan 19 12:42:45 2004: DEBUG: Rewrote user name to nethelp1
>>>>> Mon Jan 19 12:42:45 2004: DEBUG: Rewrote user name to nethelp1
>>>>> Mon Jan 19 12:42:45 2004: DEBUG: Rewrote user name to nethelp1
>>>>> Mon Jan 19 12:42:45 2004: DEBUG: Rewrote user name to nethelp1
>>>>> Mon Jan 19 12:42:45 2004: DEBUG: Handling request with Handler
>>>>> 'Realm=DEFAULT'
>>>>> Mon Jan 19 12:42:45 2004: DEBUG: Rewrote user name to nethelp1
>>>>> Mon Jan 19 12:42:45 2004: DEBUG: SQLS Adding session for nethelp1,
>>>>> 209.142.136.170, 0
>>>>> Mon Jan 19 12:42:45 2004: DEBUG: do query is: 'delete from 
>>>>> RADONLINE
>>>>> where NASIDENTIFIER='209.142.136.170' and NASPORT=00':
>>>>>
>>>>> Mon Jan 19 12:42:45 2004: DEBUG: do query is: 'insert into 
>>>>> RADONLINE
>>>>> (USERNAME,NASIDENTIFIER, NASPORT, ACCTSESSIONID,
>>>>> TIME_STAMP,FRAMEDIPADDRESS, NASPORTTYPE) values ('nethelp1',
>>>>> '209.142.136.170','0', '00000506', 'Mon Jan 19 12:42:45 2004','',
>>>>> 'Virtual')':
>>>>>
>>>>> Mon Jan 19 12:42:45 2004: DEBUG: Handling with Radius::AuthSQL
>>>>> Mon Jan 19 12:42:45 2004: DEBUG: Handling accounting with
>>>>> Radius::AuthSQL
>>>>> Mon Jan 19 12:42:45 2004: DEBUG: Accounting accepted
>>>>> Mon Jan 19 12:42:45 2004: DEBUG: Packet dump:
>>>>> *** Sending to 209.142.136.170 port 21659 ....
>>>>> Code:       Accounting-Response
>>>>> Identifier: 16
>>>>> Authentic:  <211><202>yl<21>J<178>fh<233><213><244>4<236><236>b
>>>>> Attributes:
>>>>>
>>>>> Mon Jan 19 12:43:46 2004: DEBUG: Packet dump:
>>>>> *** Received from 209.142.136.170 port 21659 ....
>>>>> Code:       Access-Request
>>>>> Identifier: 17
>>>>> Authentic:  ~<193>en-4}<12>B<224><28><14>mr<201><0>
>>>>> Attributes:
>>>>> 	Framed-Protocol = PPP
>>>>> 	User-Name = "nethelp1"
>>>>> 	User-Password =
>>>>> "<27><217><190>0<243><6>g<208><239><241><24><215><249>_<229>+"
>>>>> 	NAS-Port-Type = Virtual
>>>>> 	Cisco-NAS-Port = "5/0/0/3.104"
>>>>> 	NAS-Port = 0
>>>>> 	Service-Type = Framed-User
>>>>> 	NAS-IP-Address = 209.142.136.170
>>>>>
>>>>> Mon Jan 19 12:43:46 2004: DEBUG: Rewrote user name to nethelp1
>>>>> Mon Jan 19 12:43:46 2004: DEBUG: Rewrote user name to nethelp1
>>>>> Mon Jan 19 12:43:46 2004: DEBUG: Rewrote user name to nethelp1
>>>>> Mon Jan 19 12:43:46 2004: DEBUG: Rewrote user name to nethelp1
>>>>> Mon Jan 19 12:43:46 2004: DEBUG: Handling request with Handler
>>>>> 'Realm=DEFAULT'
>>>>> Mon Jan 19 12:43:46 2004: DEBUG: Rewrote user name to nethelp1
>>>>> Mon Jan 19 12:43:46 2004: DEBUG: SQLS Deleting session for 
>>>>> nethelp1,
>>>>> 209.142.136.170, 0
>>>>> Mon Jan 19 12:43:46 2004: DEBUG: do query is: 'delete from 
>>>>> RADONLINE
>>>>> where NASIDENTIFIER='209.142.136.170' and NASPORT=00':
>>>>>
>>>>> Mon Jan 19 12:43:46 2004: DEBUG: Handling with Radius::AuthSQL
>>>>> Mon Jan 19 12:43:46 2004: DEBUG: Handling with Radius::AuthSQL:
>>>>> CheckSQL
>>>>> Mon Jan 19 12:43:46 2004: DEBUG: Query is: 'select PASSWORD,
>>>>> CHECKATTR, REPLYATTR from SUBSCRIBERS where USERNAME='nethelp1'':
>>>>>
>>>>> Mon Jan 19 12:43:46 2004: DEBUG: Radius::AuthSQL looks for match
>>>>> with
>>>>> nethelp1
>>>>> Mon Jan 19 12:43:46 2004: DEBUG: Query is: 'select NASIDENTIFIER,
>>>>> NASPORT from RADONLINE where USERNAME ='nethelp1'':
>>>>>
>>>>> Mon Jan 19 12:43:46 2004: DEBUG: Radius::AuthSQL ACCEPT:
>>>>> Mon Jan 19 12:43:46 2004: DEBUG: Access accepted for nethelp1
>>>>> Mon Jan 19 12:43:46 2004: DEBUG: Packet dump:
>>>>> *** Sending to 209.142.136.170 port 21659 ....
>>>>> Code:       Access-Accept
>>>>> Identifier: 17
>>>>> Authentic:  ~<193>en-4}<12>B<224><28><14>mr<201><0>
>>>>> Attributes:
>>>>> 	Framed-IP-Address = 66.112.90.42
>>>>> 	Service-Type = Framed-User
>>>>> 	Framed-Protocol = PPP
>>>>> 	Framed-IP-Netmask = 255.255.255.255
>>>>> 	Idle-Timeout = 0
>>>>> 	Session-Timeout = 0
>>>>>
>>>>> Mon Jan 19 12:43:46 2004: DEBUG: Packet dump:
>>>>> *** Received from 209.142.136.170 port 21659 ....
>>>>> Code:       Accounting-Request
>>>>> Identifier: 18
>>>>> Authentic:  <223>G<198><10><160>]<178>"<182><166>()<158>PZ<19>
>>>>> Attributes:
>>>>> 	Acct-Session-Id = "00000507"
>>>>> 	cisco-avpair = "client-mac-address=0060.0fd5.b0f0"
>>>>> 	Framed-Protocol = PPP
>>>>> 	Acct-Authentic = RADIUS
>>>>> 	User-Name = "nethelp1"
>>>>> 	Acct-Status-Type = Start
>>>>> 	NAS-Port-Type = Virtual
>>>>> 	Cisco-NAS-Port = "5/0/0/3.104"
>>>>> 	NAS-Port = 0
>>>>> 	Service-Type = Framed-User
>>>>> 	NAS-IP-Address = 209.142.136.170
>>>>> 	Acct-Delay-Time = 0
>>>>>
>>>>> Mon Jan 19 12:43:46 2004: DEBUG: Rewrote user name to nethelp1
>>>>> Mon Jan 19 12:43:46 2004: DEBUG: Rewrote user name to nethelp1
>>>>> Mon Jan 19 12:43:46 2004: DEBUG: Rewrote user name to nethelp1
>>>>> Mon Jan 19 12:43:46 2004: DEBUG: Rewrote user name to nethelp1
>>>>> Mon Jan 19 12:43:46 2004: DEBUG: Handling request with Handler
>>>>> 'Realm=DEFAULT'
>>>>> Mon Jan 19 12:43:46 2004: DEBUG: Rewrote user name to nethelp1
>>>>> Mon Jan 19 12:43:46 2004: DEBUG: SQLS Adding session for nethelp1,
>>>>> 209.142.136.170, 0
>>>>> Mon Jan 19 12:43:46 2004: DEBUG: do query is: 'delete from 
>>>>> RADONLINE
>>>>> where NASIDENTIFIER='209.142.136.170' and NASPORT=00':
>>>>>
>>>>> Mon Jan 19 12:43:46 2004: DEBUG: do query is: 'insert into 
>>>>> RADONLINE
>>>>> (USERNAME,NASIDENTIFIER, NASPORT, ACCTSESSIONID,
>>>>> TIME_STAMP,FRAMEDIPADDRESS, NASPORTTYPE) values ('nethelp1',
>>>>> '209.142.136.170','0', '00000507', 'Mon Jan 19 12:43:46 2004','',
>>>>> 'Virtual')':
>>>>>
>>>>> Mon Jan 19 12:43:46 2004: DEBUG: Handling with Radius::AuthSQL
>>>>> Mon Jan 19 12:43:46 2004: DEBUG: Handling accounting with
>>>>> Radius::AuthSQL
>>>>> Mon Jan 19 12:43:46 2004: DEBUG: Accounting accepted
>>>>> Mon Jan 19 12:43:46 2004: DEBUG: Packet dump:
>>>>> *** Sending to 209.142.136.170 port 21659 ....
>>>>> Code:       Accounting-Response
>>>>> Identifier: 18
>>>>> Authentic:  <223>G<198><10><160>]<178>"<182><166>()<158>PZ<19>
>>>>> Attributes:
>>>>>
>>>>> -------------------------------------------------------------
>>>>> end trace 4 cisco
>>>>>
>>>>> ===
>>>>> Archive at http://www.open.com.au/archives/radiator/
>>>>> Announcements on radiator-announce at open.com.au
>>>>> To unsubscribe, email 'majordomo at open.com.au' with
>>>>> 'unsubscribe radiator' in the body of the message.
>>>>>
>>>>>
>>>>
>>>> NB: have you included a copy of your configuration file (no 
>>>> secrets),
>>>> together with a trace 4 debug showing what is happening?
>>>>
>>>> --
>>>> Radiator: the most portable, flexible and configurable RADIUS server
>>>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>>>> -
>>>> Nets: internetwork inventory and management - graphical, extensible,
>>>> flexible with hardware, software, platform and database 
>>>> independence.
>>>> -
>>>> CATool: Private Certificate Authority for Unix and Unix-like 
>>>> systems.
>>>>
>>>> ===
>>>> Archive at http://www.open.com.au/archives/radiator/
>>>> Announcements on radiator-announce at open.com.au
>>>> To unsubscribe, email 'majordomo at open.com.au' with
>>>> 'unsubscribe radiator' in the body of the message.
>>>>
>>>
>>>
>>
>> NB: have you included a copy of your configuration file (no secrets),
>> together with a trace 4 debug showing what is happening?
>>
>> -- 
>> Radiator: the most portable, flexible and configurable RADIUS server
>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>> -
>> Nets: internetwork inventory and management - graphical, extensible,
>> flexible with hardware, software, platform and database independence.
>> -
>> CATool: Private Certificate Authority for Unix and Unix-like systems.
>>
>> ===
>> Archive at http://www.open.com.au/archives/radiator/
>> Announcements on radiator-announce at open.com.au
>> To unsubscribe, email 'majordomo at open.com.au' with
>> 'unsubscribe radiator' in the body of the message.
>> ===
>> Archive at http://www.open.com.au/archives/radiator/
>> Announcements on radiator-announce at open.com.au
>> To unsubscribe, email 'majordomo at open.com.au' with
>> 'unsubscribe radiator' in the body of the message.
>>
>>
>
> NB: have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
>
> -- 
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list