(RADIATOR) SessionDatabase:DeleteQuery statement in Access-Request

Hugh Irvine hugh at open.com.au
Mon Nov 7 17:00:31 CST 2005


Hello Stephane -

You are correct - Radiator always does a delete when an access  
request is received - this is an attempt to keep the session database  
up to date in case there was an Accounting Stop that was missed  
previously. Obviously this strategy was designed for the more typical  
wired NAS which has physical ports.

One way to avoid this problem is to have separate Handlers for  
authentication and accounting


<SessionDatabase SQL>
	Identifier TEST_SESSION_DB

	DBSource	dbi:mysql:mytestdatabase:192.168.0.2
	DBUsername  radius	
	AddQuery 			insert into ONLINEUSERS (LOGIN, NASIDENTIFIER, NASPORT,  
ACCTSESSIONID, TIME_STAMP, FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE,  
CALLEDSTATIONID) values ('%u', '%1', %2, %3, %{Timestamp}, '%{Calling- 
Station-Id}', '%{NAS-Port-Type}', '%{Service-Type}', '%{Called- 
Station-Id}')
	DeleteQuery 	      delete from ONLINEUSERS where ACCTSESSIONID='% 
{Acct-Session-Id}' and FRAMEDIPADDRESS='%{Calling-Station-Id}'
	CountQuery 			select NASIDENTIFIER, NASPORT, ACCTSESSIONID,  
FRAMEDIPADDRESS from ONLINEUSERS where LOGIN='%u'
	CountNasSessionsQuery 	select ACCTSESSIONID from ONLINEUSERS where  
NASIDENTIFIER='%0'
	ClearNasQuery
	ClearNasSessionQuery	delete from ONLINEUSERS where NASIDENTIFIER='% 
0' \ and ACCTSESSIONID = '%1'

</SessionDatabase>

<SessionDatabase NULL>
	Identifier NULL_SESSION_DB
</SessionDatabase>

.....

<Handler Request-Type = Accounting-Request, Called-Station-Id=/MX_WIFI/>
	SessionDatabase TEST_SESSION_DB
	.....
</Handler>

<Handler Called-Station-Id=/MX_WIFI/>
	SessionDatabase NULL_SESSION_DB
	.....
</Handler>

......

You could also consult Trapeze to see if there is a way to change the  
configuration to add accounting for the reauthentication.

regards

Hugh


On 8 Nov 2005, at 04:18, DELORT Stephane wrote:

> Dear list,
>
> my wireless NAS reauthenticates users after sometimes.
> When it does so, there is no Accounting-Request Start or Alive sent  
> after.
>
> When Radiator receives the Access-Request is does the DeleteQuery  
> and the user is deleted from my table OnlineUsers.
> As there is not Accounting Alive or Start sent after, the user is  
> not logged in the OnlineUsers table. From this point and until  
> there is an Start or Alive, he could be considered as a "ghost user".
>
> Reading the reference manual of Radiator, I saw that the  
> DeleteQuery is done "when an Accounting-Request Stop message is  
> received".
> Is it a feature to have it in Access-request as well ?
>
> You will find my config and logs enclosed below.
>
> Regards,
> Stéphane
>
>
>
>
> ****** Config sample
>
> <SessionDatabase SQL>
> 	Identifier TEST_SESSION_DB
>
> 	DBSource	dbi:mysql:mytestdatabase:192.168.0.2
> 	DBUsername  radius	
> 	AddQuery 			insert into ONLINEUSERS (LOGIN, NASIDENTIFIER,  
> NASPORT, ACCTSESSIONID, TIME_STAMP, FRAMEDIPADDRESS, NASPORTTYPE,  
> SERVICETYPE, CALLEDSTATIONID) values ('%u', '%1', %2, %3, % 
> {Timestamp}, '%{Calling-Station-Id}', '%{NAS-Port-Type}', '% 
> {Service-Type}', '%{Called-Station-Id}')
> 	DeleteQuery 	      delete from ONLINEUSERS where ACCTSESSIONID='% 
> {Acct-Session-Id}' and FRAMEDIPADDRESS='%{Calling-Station-Id}'
> 	CountQuery 			select NASIDENTIFIER, NASPORT, ACCTSESSIONID,  
> FRAMEDIPADDRESS from ONLINEUSERS where LOGIN='%u'
> 	CountNasSessionsQuery 	select ACCTSESSIONID from ONLINEUSERS where  
> NASIDENTIFIER='%0'
> 	ClearNasQuery
> 	ClearNasSessionQuery	delete from ONLINEUSERS where NASIDENTIFIER='% 
> 0' \ and ACCTSESSIONID = '%1'
>
> </SessionDatabase>
>
>
> ****** Logs
>
> Mon Nov  7 12:16:15 2005: DEBUG: Packet dump:
> *** Received from 172.21.16.208 port 20004 ....
> Code:       Access-Request
> Identifier: 35
> Authentic:  )<1><241><9>C:<143><14>*Y]/C<203>/<
> Attributes:
> 	NAS-Port-Id = "2/1"
> 	Calling-Station-Id = "00-90-4B-1B-5C-15"
> 	Called-Station-Id = "00-0B-0E-13-17-40:MX_WIFI"
> 	Service-Type = Framed-User
> 	EAP-Message = <2><1><0><24><1>FR-MUREX-COM\testuser
> 	User-Name = "FR-MUREX-COM\testuser"
> 	NAS-Port-Type = Wireless-IEEE-802-11
> 	NAS-Identifier = "Trapeze"
> 	NAS-IP-Address = 172.21.16.208
> 	Message-Authenticator =  
> <153><211><155>I<157><221><4>`f;<141><15><253><196><184><205>
>
> Mon Nov  7 12:16:15 2005: DEBUG: Rewrote user name to testuser at FR- 
> MUREX-COM
> Mon Nov  7 12:16:15 2005: DEBUG: Handling request with Handler  
> 'Called-Station-Id=/MX_WIFI/ '
> Mon Nov  7 12:16:16 2005: DEBUG: TEST_SESSION_DB Deleting session  
> for FR-MUREX-COM\testuser, 172.21.16.208,
> Mon Nov  7 12:16:16 2005: DEBUG: do query is: 'delete from  
> ONLINEUSERS where ACCTSESSIONID='' and  
> FRAMEDIPADDRESS='00-90-4B-1B-5C-15'':
> Mon Nov  7 12:16:16 2005: DEBUG: Query is: 'select NASIDENTIFIER,  
> NASPORT, ACCTSESSIONID, FRAMEDIPADDRESS from ONLINEUSERS where  
> LOGIN='FR-MUREX-COM\testuser'':
> Mon Nov  7 12:16:16 2005: DEBUG: Handling with Radius::AuthFILE:
> Mon Nov  7 12:16:16 2005: DEBUG: Handling with EAP: code 2, 1, 24
> Mon Nov  7 12:16:16 2005: DEBUG: Response type 1
> Mon Nov  7 12:16:16 2005: DEBUG: EAP result: 3, EAP PEAP Challenge
> Mon Nov  7 12:16:16 2005: DEBUG: AuthBy FILE result: CHALLENGE, EAP  
> PEAP Challenge
> Mon Nov  7 12:16:16 2005: DEBUG: Access challenged for testuser at FR- 
> MUREX-COM: EAP PEAP Challenge
> Mon Nov  7 12:16:16 2005: DEBUG: Packet dump:
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.


NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list