(RADIATOR) SessionDatabase SQL problems
Hugh Irvine
hugh at open.com.au
Mon Jan 17 16:25:47 CST 2005
Hello Mark -
The main problem here is due to the access point always sending a
NAS-Port attribute of '0' which is what Radiator uses to distinguish
between sessions. As you will see in the debug, when the each request
comes in Radiator does a delete on the session database using the
NAS-Identifier and the NAS-Port attribute as a means of
"house-keeping" in case we have missed a stop record. Radiator uses the
NAS-Identifier and NAS-Port combination to distinguish between
different sessions for the same user. If the NAS-Port attribute is
always '0' there is no way to know which session is which.
I also notice that there are some undefined radius attributes for
vendor 7221 (Handlink: www.handlink.com.tw) so you should contact them
and ask them about both the definitions of their radius vendor-specific
attributes and also about correctly setting the NAS-Port attribute. BTW
- when you do find out about their vendor-specific attributes, could
you please send me the definitions so I can add them to the Radiator
dictionary?
regards
Hugh
On 18 Jan 2005, at 02:06, Mark F wrote:
> Hi,
>
> I'm bit of a newbi to RADIATOR. Can anyone help me I am trying to get
> SimultaneousUse 1 working. So I add in the SessionDatabase SQl in. It
> doesn't work correctly for me. I log onto the system with one machine
> it
> adds the row into my RADONLINE
>
> USERNAME NASIDENTIFIER NASPORT ACCTSESSIONID TIME_STAMP
> FRAMEDIPADDRESS NASPORTTYPE SERVICETYPE
>
> mark 172.31.1.3 0 0050fcd00d131a00002d 1105973866
> 10.100.1.10 Ethernet
>
> Then I log in from another machine with same account details and it
> updates
> the table to
>
> USERNAME NASIDENTIFIER NASPORT ACCTSESSIONID TIME_STAMP
> FRAMEDIPADDRESS NASPORTTYPE SERVICETYPE
>
> mark 172.31.1.3 0 00090a0189181a00002e 1105974176
> 10.100.1.11 Ethernet
>
> It didn't stop the second machine logging in ? :@
>
> My CFG file is.
>
> #Foreground
> #LogStdout
> LogDir /etc/radiator/logging
> DbDir .
> # User a lower trace level in production systems:
> Trace 6
>
> # You will probably want to add other Clients to suit your site,
> # one for each NAS you want to work with
> <Client DEFAULT>
> Secret ****
> DupInterval 0
> </Client>
>
> <SessionDatabase SQL>
> DBSource dbi:mysql:RADIATOR
> DBUsername root
> DBAuth ****
>
> AddQuery insert into RADONLINE (USERNAME, NASIDENTIFIER,
> NASPORT,
> ACCTSESSIONID, TIME_STAMP, FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE)
> values
> ('%u', '%1', %2, %3, %{Timestamp}, '%{Framed-IP-Address}',
> '%{NAS-Port-Type}', '%{Service-Type}')
>
> DeleteQuery delete from RADONLINE where NASIDENTIFIER='%1' and
> NASPORT=0%2
> ClearNasQuery delete from RADONLINE where USERNAME='%0'
> CountQuery select NASIDENTIFIER, NASPORT, ACCTSESSIONID,
> FRAMEDIPADDRESS from RADONLINE where USERNAME='%u'
> </SessionDatabase>
>
> <Realm DEFAULT>
>
> <AuthBy SQL>
> # Adjust DBSource, DBUsername, DBAuth to suit your DB
> DBSource dbi:mysql:RADIATOR
> DBUsername root
> DBAuth ****
>
> # Only one session per user at a time
> DefaultSimultaneousUse 1
>
> # Let the user in if they have any time left, set
> # the Session-timeout to the time left
> AuthSelect select PASSWORD, TIMELEFT from SUBSCRIBERS where
> USERNAME=%0 and TIMELEFT > 0
> AuthColumnDef 0,User-Password,check
> AuthColumnDef 1,Session-Timeout,reply
>
> # Adjust the time left when they log out
> AccountingStopsOnly
> AcctSQLStatement update SUBSCRIBERS set
> TIMELEFT=TIMELEFT-0%{Acct-Session-Time} where USERNAME='%n'
>
> </AuthBy>
> </Realm>
>
>
> This is the last section of my logfile.
>
> Packet length = 153
> 01 3e 00 99 22 97 bc 86 c8 41 2b b9 28 d9 57 8a
> f0 72 e7 b1 01 06 6d 61 72 6b 3c 12 22 97 bc 86
> c8 41 2b b9 28 d9 57 8a f0 72 e7 b1 03 13 01 e6
> 30 d1 e9 3e 21 25 42 82 ef 34 5e 45 89 ec 90 04
> 06 ac 1f 01 03 20 06 69 62 6f 78 08 06 0a 64 01
> 0a 1e 13 30 30 2d 39 30 2d 30 45 2d 30 30 2d 33
> 42 2d 36 45 1f 13 30 30 2d 35 30 2d 46 43 2d 44
> 30 2d 30 44 2d 31 33 1a 0a 00 00 1c 35 01 02 02
> 02 3d 06 00 00 00 0f 06 06 00 00 00 02 05 06 00
> 00 00 00 57 06 69 62 6f 78
> Code: Access-Request
> Identifier: 62
> Authentic: "<151><188><134><200>A+<185>(<217>W<138><240>r<231><177>
> Attributes:
> User-Name = "mark"
> CHAP-Challenge =
> "<151><188><134><200>A+<185>(<217>W<138><240>r<231><177>
> CHAP-Password =
> <1><230>0<209><233>>!%B<130><239>4^E<137><236><144>
> NAS-IP-Address = 172.31.1.3
> NAS-Identifier = "ibox"
> Framed-IP-Address = 10.100.1.10
> Called-Station-Id = "00-90-0E-00-3B-6E"
> Calling-Station-Id = "00-50-FC-D0-0D-13"
> NAS-Port-Type = Ethernet
> Service-Type = Framed-User
> NAS-Port = 0
> NAS-Port-Id = "ibox"
>
> Mon Jan 17 15:06:02 2005: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Mon Jan 17 15:06:02 2005: DEBUG: Deleting session for mark,
> 172.31.1.3, 0
> Mon Jan 17 15:06:02 2005: DEBUG: do query is: 'delete from RADONLINE
> where
> NASIDENTIFIER='172.31.1.3' and NASPORT=00':
> Mon Jan 17 15:06:02 2005: DEBUG: Handling with Radius::AuthSQL
> Mon Jan 17 15:06:02 2005: DEBUG: Handling with Radius::AuthSQL:
> Mon Jan 17 15:06:02 2005: DEBUG: Query is: 'select PASSWORD, TIMELEFT
> from
> SUBSCRIBERS where USERNAME='mark' and TIMELEFT > 0':
> Mon Jan 17 15:06:02 2005: DEBUG: Radius::AuthSQL looks for match with
> mark
> Mon Jan 17 15:06:02 2005: DEBUG: Query is: 'select NASIDENTIFIER,
> NASPORT,
> ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where USERNAME='mark'':
> Mon Jan 17 15:06:02 2005: DEBUG: Radius::AuthSQL ACCEPT:
> Mon Jan 17 15:06:02 2005: DEBUG: Access accepted for mark
> Mon Jan 17 15:06:02 2005: DEBUG: Packet dump:
> *** Sending to 172.31.1.3 port 10276 ....
>
> Packet length = 26
> 02 3e 00 1a 3f 71 11 d4 62 63 23 07 2b 1f 4e ac
> 21 50 da d5 1b 06 00 00 05 a8
> Code: Access-Accept
> Identifier: 62
> Authentic: "<151><188><134><200>A+<185>(<217>W<138><240>r<231><177>
> Attributes:
> Session-Timeout = 1448
>
> Mon Jan 17 15:06:02 2005: DEBUG: Packet dump:
> *** Received from 172.31.1.3 port 10277 ....
>
> Packet length = 152
> 04 00 00 98 c0 64 49 ed 00 20 a1 cf 92 20 e1 a6
> b7 71 6a 03 01 06 6d 61 72 6b 28 06 00 00 00 01
> 29 06 00 00 00 00 2c 16 30 30 35 30 66 63 64 30
> 30 64 31 33 31 61 30 30 30 30 32 66 04 06 ac 1f
> 01 03 20 06 69 62 6f 78 08 06 0a 64 01 0a 1f 13
> 30 30 2d 35 30 2d 46 43 2d 44 30 2d 30 44 2d 31
> 33 1e 13 30 30 2d 39 30 2d 30 45 2d 30 30 2d 33
> 42 2d 36 45 3d 06 00 00 00 0f 05 06 00 00 00 00
> 57 06 69 62 6f 78 2d 06 00 00 00 01 34 06 00 00
> 00 00 35 06 00 00 00 00
> Code: Accounting-Request
> Identifier: 0
> Authentic: <192>dI<237><0> <161><207><146> <225><166><183>qj<3>
> Attributes:
> User-Name = "mark"
> Acct-Status-Type = Start
> Acct-Delay-Time = 0
> Acct-Session-Id = "0050fcd00d131a00002f"
> NAS-IP-Address = 172.31.1.3
> NAS-Identifier = "ibox"
> Framed-IP-Address = 10.100.1.10
> Calling-Station-Id = "00-50-FC-D0-0D-13"
> Called-Station-Id = "00-90-0E-00-3B-6E"
> NAS-Port-Type = Ethernet
> NAS-Port = 0
> NAS-Port-Id = "ibox"
> Acct-Authentic = RADIUS
> Acct-Input-Gigawords = 0
> Acct-Output-Gigawords = 0
>
> Mon Jan 17 15:06:02 2005: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Mon Jan 17 15:06:02 2005: DEBUG: Adding session for mark, 172.31.1.3,
> 0
> Mon Jan 17 15:06:02 2005: DEBUG: do query is: 'delete from RADONLINE
> where
> NASIDENTIFIER='172.31.1.3' and NASPORT=00':
> Mon Jan 17 15:06:02 2005: DEBUG: do query is: 'insert into RADONLINE
> (USERNAME, NASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP,
> FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE) values ('mark',
> '172.31.1.3', 0,
> '0050fcd00d131a00002f', 1105974362, '10.100.1.10', 'Ethernet', '')':
> Mon Jan 17 15:06:02 2005: DEBUG: Handling with Radius::AuthSQL
> Mon Jan 17 15:06:02 2005: DEBUG: Handling accounting with
> Radius::AuthSQL
> Mon Jan 17 15:06:02 2005: DEBUG: Accounting accepted
> Mon Jan 17 15:06:02 2005: DEBUG: Packet dump:
> *** Sending to 172.31.1.3 port 10277 ....
>
> Packet length = 20
> 05 00 00 14 6c fe 28 85 aa 9d c2 a9 ed 41 d3 74
> 1e 4e b3 96
> Code: Accounting-Response
> Identifier: 0
> Authentic: <192>dI<237><0> <161><207><146> <225><166><183>qj<3>
> Attributes:
>
> Mon Jan 17 15:06:11 2005: ERR: Attribute number 1 (vendor 7221) is not
> defined in your dictionary
> Mon Jan 17 15:06:11 2005: ERR: Attribute number 2 (vendor 7221) is not
> defined in your dictionary
> Mon Jan 17 15:06:11 2005: DEBUG: Packet dump:
> *** Received from 172.31.1.3 port 10278 ....
>
> Packet length = 153
> 01 3f 00 99 98 30 20 25 66 39 7a e9 b0 3b 16 54
> c0 36 98 f8 01 06 6d 61 72 6b 3c 12 98 30 20 25
> 66 39 7a e9 b0 3b 16 54 c0 36 98 f8 03 13 01 0d
> 8c 37 44 08 5f d1 78 f2 89 e0 46 dc 40 d5 e4 04
> 06 ac 1f 01 03 20 06 69 62 6f 78 08 06 0a 64 01
> 0b 1e 13 30 30 2d 39 30 2d 30 45 2d 30 30 2d 33
> 42 2d 36 45 1f 13 30 30 2d 30 39 2d 30 41 2d 30
> 31 2d 38 39 2d 31 38 1a 0a 00 00 1c 35 01 02 02
> 02 3d 06 00 00 00 0f 06 06 00 00 00 02 05 06 00
> 00 00 00 57 06 69 62 6f 78
> Code: Access-Request
> Identifier: 63
> Authentic: <152>0 %f9z<233><176>;<22>T<192>6<152><248>
> Attributes:
> User-Name = "mark"
> CHAP-Challenge = <152>0 %f9z<233><176>;<22>T<192>6<152><248>
> CHAP-Password =
> <1><13><140>7D<8>_<209>x<242><137><224>F<220>@<213><228>
> NAS-IP-Address = 172.31.1.3
> NAS-Identifier = "ibox"
> Framed-IP-Address = 10.100.1.11
> Called-Station-Id = "00-90-0E-00-3B-6E"
> Calling-Station-Id = "00-09-0A-01-89-18"
> NAS-Port-Type = Ethernet
> Service-Type = Framed-User
> NAS-Port = 0
> NAS-Port-Id = "ibox"
>
> Mon Jan 17 15:06:11 2005: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Mon Jan 17 15:06:11 2005: DEBUG: Deleting session for mark,
> 172.31.1.3, 0
> Mon Jan 17 15:06:11 2005: DEBUG: do query is: 'delete from RADONLINE
> where
> NASIDENTIFIER='172.31.1.3' and NASPORT=00':
> Mon Jan 17 15:06:11 2005: DEBUG: Handling with Radius::AuthSQL
> Mon Jan 17 15:06:11 2005: DEBUG: Handling with Radius::AuthSQL:
> Mon Jan 17 15:06:11 2005: DEBUG: Query is: 'select PASSWORD, TIMELEFT
> from
> SUBSCRIBERS where USERNAME='mark' and TIMELEFT > 0':
> Mon Jan 17 15:06:11 2005: DEBUG: Radius::AuthSQL looks for match with
> mark
> Mon Jan 17 15:06:11 2005: DEBUG: Query is: 'select NASIDENTIFIER,
> NASPORT,
> ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where USERNAME='mark'':
> Mon Jan 17 15:06:11 2005: DEBUG: Radius::AuthSQL ACCEPT:
> Mon Jan 17 15:06:11 2005: DEBUG: Access accepted for mark
> Mon Jan 17 15:06:11 2005: DEBUG: Packet dump:
> *** Sending to 172.31.1.3 port 10278 ....
>
> Packet length = 26
> 02 3f 00 1a ad 02 d0 ac d0 39 20 4d 2f 09 44 f1
> 9b 1b 13 90 1b 06 00 00 05 a8
> Code: Access-Accept
> Identifier: 63
> Authentic: <152>0 %f9z<233><176>;<22>T<192>6<152><248>
> Attributes:
> Session-Timeout = 1448
>
> Mon Jan 17 15:06:11 2005: DEBUG: Packet dump:
> *** Received from 172.31.1.3 port 10279 ....
>
> Packet length = 152
> 04 00 00 98 3a c2 95 f8 4d d5 cb 89 0a 0e eb 41
> c2 9e 43 ed 01 06 6d 61 72 6b 28 06 00 00 00 01
> 29 06 00 00 00 00 2c 16 30 30 30 39 30 61 30 31
> 38 39 31 38 31 61 30 30 30 30 33 30 04 06 ac 1f
> 01 03 20 06 69 62 6f 78 08 06 0a 64 01 0b 1f 13
> 30 30 2d 30 39 2d 30 41 2d 30 31 2d 38 39 2d 31
> 38 1e 13 30 30 2d 39 30 2d 30 45 2d 30 30 2d 33
> 42 2d 36 45 3d 06 00 00 00 0f 05 06 00 00 00 00
> 57 06 69 62 6f 78 2d 06 00 00 00 01 34 06 00 00
> 00 00 35 06 00 00 00 00
> Code: Accounting-Request
> Identifier: 0
> Authentic:
> :<194><149><248>M<213><203><137><10><14><235>A<194><158>C<237>
> Attributes:
> User-Name = "mark"
> Acct-Status-Type = Start
> Acct-Delay-Time = 0
> Acct-Session-Id = "00090a0189181a000030"
> NAS-IP-Address = 172.31.1.3
> NAS-Identifier = "ibox"
> Framed-IP-Address = 10.100.1.11
> Calling-Station-Id = "00-09-0A-01-89-18"
> Called-Station-Id = "00-90-0E-00-3B-6E"
> NAS-Port-Type = Ethernet
> NAS-Port = 0
> NAS-Port-Id = "ibox"
> Acct-Authentic = RADIUS
> Acct-Input-Gigawords = 0
> Acct-Output-Gigawords = 0
>
> Mon Jan 17 15:06:11 2005: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Mon Jan 17 15:06:11 2005: DEBUG: Adding session for mark, 172.31.1.3,
> 0
> Mon Jan 17 15:06:11 2005: DEBUG: do query is: 'delete from RADONLINE
> where
> NASIDENTIFIER='172.31.1.3' and NASPORT=00':
> Mon Jan 17 15:06:11 2005: DEBUG: do query is: 'insert into RADONLINE
> (USERNAME, NASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP,
> FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE) values ('mark',
> '172.31.1.3', 0,
> '00090a0189181a000030', 1105974371, '10.100.1.11', 'Ethernet', '')':
> Mon Jan 17 15:06:11 2005: DEBUG: Handling with Radius::AuthSQL
> Mon Jan 17 15:06:11 2005: DEBUG: Handling accounting with
> Radius::AuthSQL
> Mon Jan 17 15:06:11 2005: DEBUG: Accounting accepted
> Mon Jan 17 15:06:11 2005: DEBUG: Packet dump:
> *** Sending to 172.31.1.3 port 10279 ....
>
> Packet length = 20
> 05 00 00 14 96 db d6 78 f5 a9 5e 2e 26 25 fa 1c
> b3 5a 50 ee
> Code: Accounting-Response
> Identifier: 0
> Authentic:
> :<194><149><248>M<213><203><137><10><14><235>A<194><158>C<237>
> Attributes:
>
>
> Thanks for any help,
> Mark
>
> --
> No virus found in this outgoing message.
> Checked by AVG Anti-Virus.
> Version: 7.0.300 / Virus Database: 265.6.13 - Release Date: 16/01/2005
>
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive
(www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list