Hello Stephane -
You are correct - Radiator always does a delete when an access
request is received - this is an attempt to keep the session database
up to date in case there was an Accounting Stop that was missed
previously. Obviously this strategy was designed for the more typical
wired NAS which has physical ports.
One way to avoid this problem is to have separate Handlers for
authentication and accounting
<SessionDatabase SQL>
Identifier TEST_SESSION_DB
DBSource dbi:mysql:mytestdatabase:192.168.0.2
DBUsername radius
AddQuery insert into ONLINEUSERS (LOGIN, NASIDENTIFIER, NASPORT,
ACCTSESSIONID, TIME_STAMP, FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE,
CALLEDSTATIONID) values ('%u', '%1', %2, %3, %{Timestamp}, '%{Calling-
Station-Id}', '%{NAS-Port-Type}', '%{Service-Type}', '%{Called-
Station-Id}')
DeleteQuery delete from ONLINEUSERS where ACCTSESSIONID='%
{Acct-Session-Id}' and FRAMEDIPADDRESS='%{Calling-Station-Id}'
CountQuery select NASIDENTIFIER, NASPORT, ACCTSESSIONID,
FRAMEDIPADDRESS from ONLINEUSERS where LOGIN='%u'
CountNasSessionsQuery select ACCTSESSIONID from ONLINEUSERS where
NASIDENTIFIER='%0'
ClearNasQuery
ClearNasSessionQuery delete from ONLINEUSERS where NASIDENTIFIER='%
0' \ and ACCTSESSIONID = '%1'
</SessionDatabase>
<SessionDatabase NULL>
Identifier NULL_SESSION_DB
</SessionDatabase>
.....
<Handler Request-Type = Accounting-Request, Called-Station-Id=/MX_WIFI/>
SessionDatabase TEST_SESSION_DB
.....
</Handler>
<Handler Called-Station-Id=/MX_WIFI/>
SessionDatabase NULL_SESSION_DB
.....
</Handler>
......
You could also consult Trapeze to see if there is a way to change the
configuration to add accounting for the reauthentication.
regards
Hugh
On 8 Nov 2005, at 04:18, DELORT Stephane wrote:
> Dear list,
>
> my wireless NAS reauthenticates users after sometimes.
> When it does so, there is no Accounting-Request Start or Alive sent
> after.
>
> When Radiator receives the Access-Request is does the DeleteQuery
> and the user is deleted from my table OnlineUsers.
> As there is not Accounting Alive or Start sent after, the user is
> not logged in the OnlineUsers table. From this point and until
> there is an Start or Alive, he could be considered as a "ghost user".
>
> Reading the reference manual of Radiator, I saw that the
> DeleteQuery is done "when an Accounting-Request Stop message is
> received".
> Is it a feature to have it in Access-request as well ?
>
> You will find my config and logs enclosed below.
>
> Regards,
> Stéphane
>
>
>
>
> ****** Config sample
>
> <SessionDatabase SQL>
> Identifier TEST_SESSION_DB
>
> DBSource dbi:mysql:mytestdatabase:192.168.0.2
> DBUsername radius
> AddQuery insert into ONLINEUSERS (LOGIN, NASIDENTIFIER,
> NASPORT, ACCTSESSIONID, TIME_STAMP, FRAMEDIPADDRESS, NASPORTTYPE,
> SERVICETYPE, CALLEDSTATIONID) values ('%u', '%1', %2, %3, %
> {Timestamp}, '%{Calling-Station-Id}', '%{NAS-Port-Type}', '%
> {Service-Type}', '%{Called-Station-Id}')
> DeleteQuery delete from ONLINEUSERS where ACCTSESSIONID='%
> {Acct-Session-Id}' and FRAMEDIPADDRESS='%{Calling-Station-Id}'
> CountQuery select NASIDENTIFIER, NASPORT, ACCTSESSIONID,
> FRAMEDIPADDRESS from ONLINEUSERS where LOGIN='%u'
> CountNasSessionsQuery select ACCTSESSIONID from ONLINEUSERS where
> NASIDENTIFIER='%0'
> ClearNasQuery
> ClearNasSessionQuery delete from ONLINEUSERS where NASIDENTIFIER='%
> 0' \ and ACCTSESSIONID = '%1'
>
> </SessionDatabase>
>
>
> ****** Logs
>
> Mon Nov 7 12:16:15 2005: DEBUG: Packet dump:
> *** Received from 172.21.16.208 port 20004 ....
> Code: Access-Request
> Identifier: 35
> Authentic: )<1><241><9>C:<143><14>*Y]/C<203>/<
> Attributes:
> NAS-Port-Id = "2/1"
> Calling-Station-Id = "00-90-4B-1B-5C-15"
> Called-Station-Id = "00-0B-0E-13-17-40:MX_WIFI"
> Service-Type = Framed-User
> EAP-Message = <2><1><0><24><1>FR-MUREX-COM\testuser
> User-Name = "FR-MUREX-COM\testuser"
> NAS-Port-Type = Wireless-IEEE-802-11
> NAS-Identifier = "Trapeze"
> NAS-IP-Address = 172.21.16.208
> Message-Authenticator =
> <153><211><155>I<157><221><4>`f;<141><15><253><196><184><205>
>
> Mon Nov 7 12:16:15 2005: DEBUG: Rewrote user name to testuser at FR-
> MUREX-COM
> Mon Nov 7 12:16:15 2005: DEBUG: Handling request with Handler
> 'Called-Station-Id=/MX_WIFI/ '
> Mon Nov 7 12:16:16 2005: DEBUG: TEST_SESSION_DB Deleting session
> for FR-MUREX-COM\testuser, 172.21.16.208,
> Mon Nov 7 12:16:16 2005: DEBUG: do query is: 'delete from
> ONLINEUSERS where ACCTSESSIONID='' and
> FRAMEDIPADDRESS='00-90-4B-1B-5C-15'':
> Mon Nov 7 12:16:16 2005: DEBUG: Query is: 'select NASIDENTIFIER,
> NASPORT, ACCTSESSIONID, FRAMEDIPADDRESS from ONLINEUSERS where
> LOGIN='FR-MUREX-COM\testuser'':
> Mon Nov 7 12:16:16 2005: DEBUG: Handling with Radius::AuthFILE:
> Mon Nov 7 12:16:16 2005: DEBUG: Handling with EAP: code 2, 1, 24
> Mon Nov 7 12:16:16 2005: DEBUG: Response type 1
> Mon Nov 7 12:16:16 2005: DEBUG: EAP result: 3, EAP PEAP Challenge
> Mon Nov 7 12:16:16 2005: DEBUG: AuthBy FILE result: CHALLENGE, EAP
> PEAP Challenge
> Mon Nov 7 12:16:16 2005: DEBUG: Access challenged for testuser at FR-
> MUREX-COM: EAP PEAP Challenge
> Mon Nov 7 12:16:16 2005: DEBUG: Packet dump:
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.