(RADIATOR) Problems with Radiator : Hanging
Ricardo Martinez
rmartinez at redvoiss.net
Mon Aug 1 15:00:24 CDT 2005
Thanks Hugh and Ray.
I'm going to increase the trace level in my machine in order to get
more debug information, i think it worth the risk. I'm also attaching to
you my configuration file.
****************************************************************************
********
#Foreground
LogStdout
DbDir .
LogDir /etc/rd/logs
LogFile %L/logfile_rr_auth_ser
PidFile %L/rrd_rr_auth_ser.pid
AuthPort 1647
AcctPort
# This will log at DEBUG level: very verbose
# User a lower trace level in production systems, typically use 3
Trace 3
# You will probably want to add other Clients to suit your site,
# one for each NAS you want to work with. This will work
# at least with radpwtst running on the local machine
PreClientHook file:"/usr/share/doc/Radiator-3.9/goodies/digest.pl"
<Client 200.0.0.5>
Secret mysupersecret
</Client>
<Client 200.0.0.2>
Secret mysupersecret
</Client>
# Authentication LOG profile, %L is replaced by LogDir above.
<AuthLog FILE>
Identifier AUTH_SIP_LOG
Filename %L/auth/sip/auth_%{Digest-Method}_%Y.%m.%d.%q.csv
LogSuccess 1
LogFailure 1
# FORMAT
Time,User-Name,User,Realm,Nonce,Uri,Method,qop,Nonce-count,Cnonce,Nonce-Resp
onse,Service-Type,SIP-Uri-User,NAS-IP-A
ddress,MessageSeverity,Reason,OK/FAIL
SuccessFormat
%l,%{User-Name},%{Digest-User},%{Digest-Realm},%{Digest-Nonce},%{Digest-Uri}
,%{Digest-Method},%{Digest-qop},%{
Digest-Nonce-count},%{Digest-Cnonce},%{Digest-Response},%{Service-Type},%{Si
p-Uri-User},%{NAS-IP-Address},%0,%1:OK
FailureFormat
%l,%{User-Name},%{Digest-User},%{Digest-Realm},%{Digest-Nonce},%{Digest-Uri}
,%{Digest-Method},%{Digest-qop},%{
Digest-Nonce-count},%{Digest-Cnonce},%{Digest-Response},%{Service-Type},%{Si
p-Uri-User},%{NAS-IP-Address},%0,%1:FAIL
</AuthLog>
<Handler Realm=sip.mydomain.com,Digest-Method=REGISTER>
# Se agrega el AuthByPolicy para manejar los Timeout de la Base de
Datos.
AuthByPolicy ContinueWhileIgnore
<AuthBy SQL>
DBSource dbi:Oracle:rdb
DBUsername rr
DBAuth rd
AuthSelect select a.sip_pwd, a.gt_Cod from pg.pl_gw
a,pg.pl_gw_nb b \
where rd.username(a.tmal_alias)=rd.extus('%{User-Name}') \
and a.gt_tab=b.gt_tab \
and b.nb='%{Sip-Uri-User}'
AuthColumnDef 0, User-Password, check
AuthColumnDef 1, NAS-Port-Type, reply
</AuthBy>
<AuthBy INTERNAL>
DefaultResult REJECT
</AuthBy>
# Log authentication to a detail file.
AuthLog AUTH_SIP_LOG
</Handler>
<Handler Realm=sip.mydomain.com,Digest-Method=INVITE>
# Se agrega el AuthByPolicy para manejar los Timeout de la Base de
Datos.
AuthByPolicy ContinueWhileIgnore
<AuthBy SQL>
DBSource dbi:Oracle:rdb
DBUsername rr
DBAuth rd
AuthSelect select a.gt_tab from pg.pl_gw a, pg.pl_gw_nb b,
pg.pl_uu c \
where a.gt_tab=b.gt_tab \
and a.usua_tab=c.usua_tab \
and b.nb='%{Sip-Uri-User}' \
and b.admin_tt_tab=1 \
and b.user_tt_tab=1 \
and a.admin_tt_tab=1 \
and a.user_tt_tab=1 \
and rd.username(a.tmal_alias)=rd.extus('%{User-Name}') \
and c.saldo>0
AuthColumnDef 0, NAS-Port-Type, reply
</AuthBy>
<AuthBy INTERNAL>
DefaultResult REJECT
</AuthBy>
# Log authentication to a detail file.
AuthLog AUTH_SIP_LOG
</Handler>
<Handler Realm=sipbk.mydomain.com,Digest-Method=REGISTER>
# Se agrega el AuthByPolicy para manejar los Timeout de la Base de
Datos.
AuthByPolicy ContinueWhileIgnore
<AuthBy SQL>
DBSource dbi:Oracle:rdb
DBUsername rr
DBAuth rd
AuthSelect select a.sip_pwd, a.gt_Cod from pg.pl_mayo_gw
a,pg.pl_mayo_nb b \
where a.gt_tab=b.gt_tab and a.tt_tab=1 and a.tmal_alias like
'H:' || \
rd.extus('%{User-Name}') || '%%' \
and b.nb='%{Sip-Uri-User}'
AuthColumnDef 0, User-Password, check
AuthColumnDef 1, NAS-Port-Type, reply
</AuthBy>
<AuthBy INTERNAL>
DefaultResult REJECT
</AuthBy>
# Log authentication to a detail file.
AuthLog AUTH_SIP_LOG
</Handler>
<Handler Realm=sipbk.mydomain.com,Digest-Method=INVITE>
# Se agrega el AuthByPolicy para manejar los Timeout de la Base de
Datos.
AuthByPolicy ContinueWhileIgnore
<AuthBy SQL>
DBSource dbi:Oracle:rdb
DBUsername rr
DBAuth rd
AuthSelect select a.gt_tab from pg.pl_mayo_gw a,
pg.pl_mayo_nb b, pg.pl_mayo_cliente c, pg.pl_uu d \
where a.gt_tab=b.gt_tab \
and a.clie_tab=c.clie_tab \
and c.usua_tab=d.usua_tab \
and b.nb='%{Sip-Uri-User}' \
and b.mayo_tt_tab=1 \
and b.vss_tt_tab=1 \
and a.mayo_tt_tab=1 \
and a.vss_tt_tab=1 \
and c.mayo_tt_tab=1 \
and c.vss_tt_tab=1 \
and rd.username(a.tmal_alias)=rd.extus('%{User-Name}') \
and c.saldo>c.limite_credito \
and d.saldo>0
AuthColumnDef 0, NAS-Port-Type, reply
</AuthBy>
<AuthBy INTERNAL>
DefaultResult REJECT
</AuthBy>
# Log authentication to a detail file.
AuthLog AUTH_SIP_LOG
</Handler>
<Handler Service-Type=18>
<AuthBy SQL>
DBSource dbi:Oracle:rdb
DBUsername rr
DBAuth rd
AuthSelect select 'tranum:sip:' ||
rd.traduce('sip:%{User-Name}','sip:%{Sip-Translated-Req-ID}') \
|| '@sip.mydomain.com' from dual
AuthColumnDef 0, SIP-AVP, reply
</AuthBy>
<AuthBy INTERNAL>
DefaultResult REJECT
</AuthBy>
</Handler>
<Handler Service-Type=Authenticate-Only>
# Handler para manejar los Request del NAGIOS.
<AuthBy INTERNAL>
AuthResult ACCEPT
</AuthBy>
</Handler>
<Handler>
# Reject todos los Request que no son conocidos.
<AuthBy INTERNAL>
DefaultResult REJECT
RejectReason PRIVATE_SERVICE-Unknown_Request
</AuthBy>
# Log authentication to a detail file.
AuthLog AUTH_SIP_LOG
</Handler>
#Monitor para el Radar , user y pwd.
<Monitor>
Port 19005
Username myuser
Password mypassword
</Monitor>
****************************************************************************
************
Thanks.
Regards,
Ricardo Martinez.-
> -----Mensaje original-----
> De: Hugh Irvine [mailto:hugh at open.com.au]
> Enviado el: Viernes, 29 de Julio de 2005 19:22
> Para: Ricardo Martinez
> CC: 'radiator at open.com.au'
> Asunto: Re: (RADIATOR) Problems with Radiator : Hanging
>
>
>
> Hello Ricardo -
>
> The only way to help you is to look at a copy of your configuration
> file (no secrets) together with a trace 4 debug showing what is
> happening.
>
> You should also check your database logs to see what is
> happening there.
>
> New Radiator versions should always be exercised thoroughly
> in a test
> environment before being put into production.
>
> regards
>
> Hugh
>
>
> On 30 Jul 2005, at 03:02, Ricardo Martinez wrote:
>
> > Hello List.
> > I'm using radiator version 3.9 since about 1.5 years without any
> > problem. But the last two weeks my Radiator started to "hang"
> > without any
> > reason. The process is "up" but radiator don't answer any
> Request,
> > i even
> > tried to dump some debugs via Radar, but i can not connect to the
> > process
> > when the problems is happening. There is no trace in the logfile
> > or in the
> > /var/log/messages file.
> > I want to make a couple of questions regarding to this issue.
> >
> > - First, i realized that i never applied the patches for that
> > version (my
> > mistake!). Is safe to apply the patches now? This is a
> "production"
> > machine so is important to this upgrade have a minor impact in the
> > uptime of
> > the service. How can i do this task?.
> >
> > - Second, is the 3.13 version more stable that 3.9
> version?. Maybe
> > the
> > problem is related with a fixed bug in an newer version.
> >
> > - Third, i need to trace this problem (for a better report) but i
> > need some
> > help here. Since i'm using Radiator in a production machine i set
> > the trace
> > level to 3, but with this level i'm not obtaining any information
> > about
> > what's going on when the problem is happening in the log file.
> > Does anyone
> > know if Radiator leaves more log information in another
> file? If i
> > use
> > trace level 4 would this have an impact in the performance of the
> > machine?.
> >
> > For the record i use radiator in conjunction with a ORACLE
> DB. So
> > i'm
> > using AuthBy SQL procedures.
> >
> > Hope that someone can help me here.
> > Thanks in advance
> >
> > Regards,
> > Ricardo Martinez.-
> >
> > --
> > Archive at http://www.open.com.au/archives/radiator/
> > Announcements on radiator-announce at open.com.au
> > To unsubscribe, email 'majordomo at open.com.au' with
> > 'unsubscribe radiator' in the body of the message.
> >
>
>
> NB:
>
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive (www.open.com.au/archives/
> radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
>
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
>
>
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list