(RADIATOR) sqlradius / proxy-state
Hugh Irvine
hugh at open.com.au
Mon Sep 20 00:27:44 CDT 2004
Hello Miguel -
Could you please tell me the name of the registered company that has
purchased this copy of Radiator?
Please reply to me directly.
regards
Hugh
On 20 Sep 2004, at 13:17, Miguel Sanches wrote:
> hello
>
> I am testing a new radiator server (to do some sanity checks on the
> account before auth proxy) and am noticing 'Unknown reply' warnings in
> log file.
>> From digging around it looks like this is due to the Proxy-State not
>> being
> forwarded onto the cust from our radfep01 (but the response is still
> accepted from the cust, and proxied back to our other internal box,
> along with Proxy-State).
>
> I've checked that the responses from cust are coming back from where
> they were sent (ie not going in one interface at the custs end and
> coming out another) so this bit seems OK. but it also looks like there
> are two responses coming back from cust-radius-server? maybe this is
> why..
>
> the requests should flow like: radfep01 <-> (the new box) <->
> cust-radius-server
>
> Maybe its something obvious from the config file.
> Any help is more than appreciated.
>
> --trace 4 log---
>
> Mon Sep 20 12:42:31 2004: DEBUG: Packet dump:
> *** Received from radfep01 port 1813 ....
> Code: Accounting-Request
> Identifier: 224
> Authentic:
> $<218><21><226><233><222>ST<180><29><141><174><141><246><200><18>
> Attributes:
> Acct-Session-Id = "000B6C97"
> Tunnel-Server-Endpoint = xx
> Tunnel-Client-Endpoint = xx
> Tunnel-Assignment-ID = 1
> Tunnel-Type = 0:L2TP
> Tunnel-ID = 28215924
> Tunnel-Client-Auth-ID = n2563728k-veb1
> Tunnel-Server-Auth-ID = OUR-LNS
> Framed-Protocol = PPP
> Framed-IP-Address = xxx
> Ascend-Connect-Progress = prLanSessionUp
> Ascend-PreSession-Time = 5
> Ascend-Xmit-Rate = 512
> Ascend-Data-Rate = 512
> Acct-Session-Time = 82193
> Acct-Input-Octets = 349655
> Acct-Output-Octets = 432453
> Ascend-Pre-Input-Octets = 0
> Ascend-Pre-Output-Octets = 107
> Acct-Input-Packets = 17817
> Acct-Output-Packets = 17864
> Ascend-Pre-Input-Packets = 0
> Ascend-Pre-Output-Packets = 5
> Acct-Authentic = RADIUS
> Acct-Status-Type = Alive
> NAS-Port-Type = Virtual
> NAS-Port = 4123
> Calling-Station-Id = "atm 9"
> Called-Station-Id = "1:2.95#184551756##speed:UBR:512#pppoe
> 00:04:ed:0d:03:36#/"
> Service-Type = Framed-User
> NAS-IP-Address = our-lns-ip
> Ascend-Session-Svr-Key = "xx"
> Event-Timestamp = 1095648161
> NAS-Identifier = "OUR-LNS-FQDN"
> Acct-Delay-Time = 0
> User-Name = "someuser at dsl.net"
> Proxy-State =
> BSP2radfep01/
> C2AA4EE0252AF86DA33A5FCB81EE3D06502F8DD12BE6CBA3EB6606A7C78150181161CF9
> 82BE6C91F20BA4A3D92894001CD919D5FC1EED618D3056D1EB5EA737A6300AD165B89F9
> 28AB0F6B0CB7E83266754FB71E5E94E57C980A2B11A2F5
>
> Mon Sep 20 12:42:31 2004: DEBUG: Handling request with Handler
> 'Request-Type=Accounting-Request,Acct-Status-Type=Alive'
> Mon Sep 20 12:42:31 2004: DEBUG: Handling with Radius::AuthRADIUS
> Mon Sep 20 12:42:31 2004: DEBUG: Query is: 'SELECT irh.acct_ip_addr,
> irh.secret, irh.auth_portno, acct_portno FROM isp_radius_host irh,
> isp_domain id WHERE irh.isp_id = id.isp_id and irh.priority = 1 AND
> id.domain_name = 'custs-realm'':
>
> Mon Sep 20 12:42:31 2004: DEBUG: Packet dump:
> *** Sending to cust-radius-server port 1813 ....
> Code: Accounting-Request
> Identifier: 36
> Authentic: <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> Attributes:
> Acct-Session-Id = "000B6C97"
> Tunnel-Server-Endpoint = xx
> Tunnel-Client-Endpoint = xx
> Tunnel-Assignment-ID = 1
> Tunnel-Type = 0:L2TP
> Tunnel-ID = 28215924
> Tunnel-Client-Auth-ID = n2563728k-veb1
> Tunnel-Server-Auth-ID = OUR-LNS
> Framed-Protocol = PPP
> Framed-IP-Address = xx
> Ascend-Connect-Progress = prLanSessionUp
> Ascend-PreSession-Time = 5
> Ascend-Xmit-Rate = 512
> Ascend-Data-Rate = 512
> Acct-Session-Time = 82193
> Acct-Input-Octets = 349655
> Acct-Output-Octets = 432453
> Ascend-Pre-Input-Octets = 0
> Ascend-Pre-Output-Octets = 107
> Acct-Input-Packets = 17817
> Acct-Output-Packets = 17864
> Ascend-Pre-Input-Packets = 0
> Ascend-Pre-Output-Packets = 5
> Acct-Authentic = RADIUS
> Acct-Status-Type = Alive
> NAS-Port-Type = Virtual
> NAS-Port = 4123
> Calling-Station-Id = "atm 9"
> Called-Station-Id = "1:2.95#184551756##speed:UBR:512#pppoe
> 00:04:ed:0d:03:36#/"
> Service-Type = Framed-User
> NAS-IP-Address = our-lns-ip
> Ascend-Session-Svr-Key = "xx"
> Event-Timestamp = 1095648161
> NAS-Identifier = "OUR-LNS-FQDN"
> Acct-Delay-Time = 0
> User-Name = "someuser at dsl.net"
> Timestamp = 1095648151
>
> Mon Sep 20 12:42:31 2004: DEBUG: Packet dump:
> *** Received from cust-radius-server port 1813 ....
> Code: Accounting-Response
> Identifier: 36
> Authentic: \<214>zp<153>P!<181><177>=<5>^<253>^<239><255>
> Attributes:
>
> Mon Sep 20 12:42:31 2004: DEBUG: Received reply in AuthRADIUS for req
> 36 from cust-radius-server:1813
> Mon Sep 20 12:42:31 2004: DEBUG: Accounting accepted
> Mon Sep 20 12:42:31 2004: DEBUG: Packet dump:
> *** Sending to radfep01 port 1813 ....
> Code: Accounting-Response
> Identifier: 224
> Authentic:
> $<218><21><226><233><222>ST<180><29><141><174><141><246><200><18>
> Attributes:
> Proxy-State =
> BSP2radfep01/
> C2AA4EE0252AF86DA33A5FCB81EE3D06502F8DD12BE6CBA3EB6606A7C78150181161CF9
> 82BE6C91F20BA4A3D92894001CD919D5FC1EED618D3056D1EB5EA737A6300AD165B89F9
> 28AB0F6B0CB7E83266754FB71E5E94E57C980A2B11A2F5
>
> Mon Sep 20 12:42:31 2004: DEBUG: Packet dump:
> *** Received from cust-radius-server port 1813 ....
> Code: Accounting-Response
> Identifier: 36
> Authentic: \<214>zp<153>P!<181><177>=<5>^<253>^<239><255>
> Attributes:
>
> Mon Sep 20 12:42:31 2004: WARNING: Unknown reply received in
> AuthRADIUS for request 36 from cust-radius-server:1813
>
>
> --radius.cfg--
>
> # Global variables
> Foreground
> DbDir /opt/Radiator
> LogDir /var/log/radius
> LogFile %L/%h-%Y-%m.log
> PidFile %L/radiusd.pid
>
> DictionaryFile %D/current/dictionary
>
> Trace 0
>
> AuthPort 1812
> AcctPort 1813
>
> <Client DEFAULT>
> Secret xxxxx
> DupInterval 0
> </Client>
>
> PreClientHook file:"%D/hooks/chkactv.pl"
>
> <AuthBy FILE>
> Identifier REJECT
> Filename %D/etc/reject.users
> </Authby>
>
> <AuthBy SQLRADIUS>
> Identifier ACCT_PROXY
> Include %D/etc/sql.cfg
> Retries 0
> RetryTimeout 5
> FailureBackoffTime 180
>
> HostSelect SELECT irh.acct_ip_addr, irh.secret,
> irh.auth_portno, acct_portno \
> FROM isp_radius_host irh, isp_domain id \
> WHERE irh.isp_id = id.isp_id and irh.priority =
> %0 AND id.domain_name = '%R'
>
> HostColumnDef 0, Host
> HostColumnDef 1, Secret
> HostColumnDef 2, AuthPort
> HostColumnDef 3, AcctPort
> </AuthBy>
>
> <AuthBy SQL>
> Identifier ACCT_START
> Include %D/etc/sql.cfg
> IgnoreAuthentication
> AuthSelect
>
> AccountingTable ONLINE_SESSION
>
> AcctColumnDef TIMESTAMP,Timestamp,formatted-date,to_date('%e
> %m %Y %H:%M:%S','DD MM YYYY HH24:MI:SS')
> AcctColumnDef USERNAME,User-Name
> AcctColumnDef NAS_IP_ADDR,NAS-IP-Address
> AcctColumnDef NAS_PORT,NAS-Port,integer
> AcctColumnDef FRAMED_IP_ADDR,Framed-IP-Address
> AcctColumnDef ASCEND_SESSION_SVR_KEY,Ascend-Session-Svr-Key
> AcctColumnDef ACCT_SESSION_ID,Acct-Session-Id
> AcctColumnDef INPUT_OCTETS,Acct-Input-Octets,integer
> AcctColumnDef OUTPUT_OCTETS,AcCt-Output-Octets,integer
> AcctColumnDef ACCT_STATUS_TYPE,Acct-Status-Type
>
> AcctInsertQuery insert into %0(%1) values (%2)
> </AuthBy>
>
> <AuthBy SQL>
> Identifier ACCT_ALIVE
> Include %D/etc/sql.cfg
> IgnoreAuthentication
> AuthSelect
>
> AccountingTable ONLINE_SESSION
>
> AcctColumnDef TIMESTAMP,Timestamp,formatted-date,to_date('%e
> %m %Y %H:%M:%S','DD MM YYYY HH24:MI:SS')
> AcctColumnDef USERNAME,User-Name
> AcctColumnDef NAS_IP_ADDR,NAS-IP-Address
> AcctColumnDef NAS_PORT,NAS-Port,integer
> AcctColumnDef FRAMED_IP_ADDR,Framed-IP-Address
> AcctColumnDef ASCEND_SESSION_SVR_KEY,Ascend-Session-Svr-Key
> AcctColumnDef ACCT_SESSION_ID,Acct-Session-Id
> AcctColumnDef INPUT_OCTETS,Acct-Input-Octets,integer
> AcctColumnDef OUTPUT_OCTETS,Acct-Output-Octets,integer
> AcctColumnDef ACCT_STATUS_TYPE,Acct-Status-Type
>
> AcctInsertQuery update %0 SET \
> INPUT_OCTETS='%{Acct-Input-Octets}', \
> OUTPUT_OCTETS='%{Acct-Output-Octets}', \
> ACCT_STATUS_TYPE='%{Acct-Status-Type}' \
> where USERNAME = '%n'
> </AuthBy>
>
> <AuthBy SQL>
> Identifier ACCT_STOP
> Include %D/etc/sql.cfg
> IgnoreAuthentication
> AuthSelect
>
> AccountingTable ONLINE_SESSION
>
> AcctColumnDef TIMESTAMP,Timestamp,formatted-date,to_date('%e
> %m %Y %H:%M:%S','DD MM YYYY HH24:MI:SS')
> AcctColumnDef USERNAME,User-Name
> AcctColumnDef NAS_IP_ADDR,NAS-IP-Address
> AcctColumnDef NAS_PORT,NAS-Port,integer
> AcctColumnDef FRAMED_IP_ADDR,Framed-IP-Address
> AcctColumnDef ASCEND_SESSION_SVR_KEY,Ascend-Session-Svr-Key
> AcctColumnDef ACCT_SESSION_ID,Acct-Session-Id
> AcctColumnDef INPUT_OCTETS,Acct-Input-Octets,integer
> AcctColumnDef OUTPUT_OCTETS,Acct-Output-Octets,integer
> AcctColumnDef ACCT_STATUS_TYPE,Acct-Status-Type
>
> AcctInsertQuery delete from %0 where USERNAME = '%n'
> </AuthBy>
>
> <AuthBy SQLRADIUS>
> Identifier AUTH_PROXY
> Include %D/etc/sql.cfg
> Retries 0
> RetryTimeout 5
> IgnoreAccounting
> FailureBackoffTime 180
>
> HostSelect SELECT irh.auth_ip_addr, irh.secret,
> irh.auth_portno, acct_portno \
> FROM isp_radius_host irh, isp_domain id \
> WHERE irh.isp_id = id.isp_id and irh.priority =
> %0 AND id.domain_name = '%R'
> HostColumnDef 0, Host
> HostColumnDef 1, Secret
> HostColumnDef 2, AuthPort
> HostColumnDef 3, AcctPort
> </AuthBy>
>
> <Handler User-Status=0>
> AuthBy REJECT
> AddToReply Reply-Message = "%{User-Name} is not a active"
> </Handler>
>
> <Handler User-Status=1>
> AuthByPolicy ContinueWhileAccept
> <AuthBy PORTLIMITCHECK>
> SessionLimit 2
> CountQuery select COUNT(*) from ONLINE_SESSION where
> USERNAME = '%{User-Name}'
> </AuthBy>
> AuthBy AUTH_PROXY
> </Handler>
>
> <Handler Request-Type=Accounting-Request,Acct-Status-Type=Start>
> AuthByPolicy ContinueWhileAccept
> AuthBy ACCT_PROXY
> AuthBy ACCT_START
> </Handler>
>
> <Handler Request-Type=Accounting-Request,Acct-Status-Type=Alive>
> AuthByPolicy ContinueWhileAccept
> AuthBy ACCT_PROXY
> AuthBy ACCT_ALIVE
> </Handler>
>
> <Handler Request-Type=Accounting-Request,Acct-Status-Type=Stop>
> AuthByPolicy ContinueWhileAccept
> AuthBy ACCT_PROXY
> AuthBy ACCT_STOP
> </Handler>
>
> <Handler>
> AuthBy REJECT
> AddToReply "Unknown Request"
> </Handler>
>
> <SessionDatabase SQL>
> Include %D/etc/sql.cfg
> AddQuery
> DeleteQuery
> ReplaceQuery
> ClearNasQuery
> </SessionDatabase>
>
> _________________________________________________________________
> The new MSN 8: smart spam protection and 2 months FREE*
> http://join.msn.com/?page=features/junkmail
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>
NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list