(RADIATOR) Problem with the username that is used for online confirmation

Vangelis Kyriakakis vkyriak at forthnet.gr
Fri Apr 7 02:50:07 CDT 2006


Hello Hugh,

       I changed the CountQuery to

 CountQuery select NASIDENTIFIER, NASPORT, hextoint(ACCTSESSIONID), 
FRAMEDIPADDRESS, USERNAME from netman..RADONLINE where USERNAME='%U'

     and it has the same behaviour:

Fri Apr  7 10:40:44 2006: DEBUG: Radius::AuthLDAP2 looks for match with 
grakkos.ath.forthnet.gr [grakkos.ath.forthnet.gr at forth
net.gr]
Fri Apr  7 10:40:44 2006: DEBUG: Query is: 'select NASIDENTIFIER, 
NASPORT, hextoint(ACCTSESSIONID), FRAMEDIPADDRESS, USERNAME
from netman..RADONLINE where USERNAME='grakkos.ath.forthnet.gr'':
Fri Apr  7 10:40:44 2006: DEBUG: Checking if user is still online: 
CiscoDSL, grakkos.ath.forthnet.gr at forthnet.gr, 194.219.252.
147, 966, 5849343 62.1.247.103
Fri Apr  7 10:40:44 2006: DEBUG: Cisco: Checking ADSL 5849343-> 
194.219.252.147:966:grakkos.ath.forthnet.gr at forthnet.gr
Fri Apr  7 10:40:44 2006: DEBUG: Running command 
`/opt/ucd-snmp/bin/snmpget -c "FORTHNET" 194.219.252.147 
.iso.org.dod.interne
t.private.enterprises.9.9.150.1.1.3.1.2.5849343 2>&1`
Fri Apr  7 10:40:44 2006: DEBUG: Radius::AuthLDAP2 REJECT: 
DefaultSimultaneousUse of 1 exceeded: grakkos.ath.forthnet.gr [grak
kos.ath.forthnet.gr at forthnet.gr]

     The username in the access request is 
grakkos.ath.forthnet.gr at forthnet.gr, I rewrite it into 
grakkos.ath.forthnet.gr and store it in the RADONLINE.

                              Regards
                                   Vangelis

Hugh Irvine wrote:

>
> Hello Vangelis -
>
> It doesn't look like the CountQuery is configured correctly:
>
>
> Thu Apr  6 12:03:10 2006: DEBUG: Query is: 'select NASIDENTIFIER,  
> NASPORT, hextoint(ACCTSESSIONID) from netman..RADONLINE where  
> USERNAME='biqiqo.ath.forthnet.gr'':
>
>
> regards
>
> Hugh
>
>
> On 6 Apr 2006, at 19:17, Vangelis Kyriakakis wrote:
>
>> Hello Hugh,
>>
>>       We upgraded to version 3.14 with latest patches.  Unfortunately 
>> we get the same results:
>>
>> Thu Apr  6 12:03:10 2006: DEBUG: Radius::AuthLDAP2 looks for match  
>> with biqiqo.ath.forthnet.gr [biqiqo.ath.forthnet.gr at forthnet.gr]
>> Thu Apr  6 12:03:10 2006: DEBUG: Query is: 'select NASIDENTIFIER,  
>> NASPORT, hextoint(ACCTSESSIONID) from netman..RADONLINE where  
>> USERNAME='biqiqo.ath.forthnet.gr'':
>> Thu Apr  6 12:03:10 2006: DEBUG: Checking if user is still online:  
>> CiscoDSL, biqiqo.ath.forthnet.gr at forthnet.gr, 194.219.252.148,  2056, 
>> 4203759
>> Thu Apr  6 12:03:10 2006: DEBUG: Cisco: Checking ADSL 4203759->  
>> 194.219.252.148:2056:biqiqo.ath.forthnet.gr at forthnet.gr
>> Thu Apr  6 12:03:10 2006: DEBUG: Running command `/opt/ucd-snmp/bin/ 
>> snmpget -c "FORTHNET"  194.219.252.148 
>> .iso.org.dod.internet.private.enterprises. 9.9.150.1.1.3.1.2.4203759 
>> 2>&1`
>> Thu Apr  6 12:03:10 2006: DEBUG: Radius::AuthLDAP2 REJECT:  
>> DefaultSimultaneousUse of 1 exceeded: biqiqo.ath.forthnet.gr  
>> [biqiqo.ath.forthnet.gr at forthnet.gr]
>> Thu Apr  6 12:03:10 2006: DEBUG: AuthBy LDAP2 result: REJECT,  
>> DefaultSimultaneousUse of 1 exceeded
>>
>> The line
>> Thu Apr  6 12:03:10 2006: DEBUG: Cisco: Checking ADSL 4203759->  
>> 194.219.252.148:2056:biqiqo.ath.forthnet.gr at forthnet.gr
>> is produced by a line we added to the Cisco.pm:
>>
>> &main::log($main::LOG_DEBUG, "Cisco: Checking ADSL $session_id->  
>> $nas_id:$nas_port:$name" );
>>
>> So, it seems that username that is passed to Cisco.pm is the  
>> original username with the realm, and not the one that %U should give.
>>
>>          Regards
>>              Vangelis
>>
>> Hugh Irvine wrote:
>>
>>>
>>> Hello Vangelis -
>>>
>>> According to the history file this functionality was introduced  in  
>>> Radiator 3.6.
>>>
>>> Could you download and install Radiator 3.14 on a clean test  
>>> server  and test it?
>>>
>>> Please let me know what you discover.
>>>
>>> thanks and regards
>>>
>>> Hugh
>>>
>>>
>>> On 31 Mar 2006, at 18:06, Vangelis Kyriakakis wrote:
>>>
>>>> Hello Hugh,
>>>>
>>>>         We are running 3.7.1. We are a little behind from the   
>>>> current version. If it is something that was fixed in a later   
>>>> version we'll upgrade.
>>>>
>>>>                               Regards
>>>>                                   Vangelis
>>>>
>>>> Hugh Irvine wrote:
>>>>
>>>>>
>>>>> Hello Vangelis -
>>>>>
>>>>> What version of Radiator are you running?
>>>>>
>>>>> regards
>>>>>
>>>>> Hugh
>>>>>
>>>>>
>>>>> On 30 Mar 2006, at 21:56, Vangelis Kyriakakis wrote:
>>>>>
>>>>>> Hello Hugh,
>>>>>>
>>>>>>      Thanks for the answer. The username that I want to get  
>>>>>> back  is  the rewritten one, that is the one I allready store  in 
>>>>>> the   RADONLINE. But What I get is the full original  username. I 
>>>>>> guess   what you told me to do will give me the  original 
>>>>>> username, or am  I  wrong?
>>>>>>
>>>>>>            Regards
>>>>>>                 Vangelis Kyriakakis
>>>>>>
>>>>>> Hugh Irvine wrote:
>>>>>>
>>>>>>>
>>>>>>> Hello Vangelis -
>>>>>>>
>>>>>>> You must extend the RADONLINE table to include a field to   
>>>>>>> contain  the  original username and modify the AddQuery so it   
>>>>>>> adds both  the  rewritten username and the original username  
>>>>>>> to  the table.  Then the  fifth field in the CountQuery must  be 
>>>>>>> the  original  username.
>>>>>>>
>>>>>>> hope that helps
>>>>>>>
>>>>>>> regards
>>>>>>>
>>>>>>> Hugh
>>>>>>>
>>>>>>>
>>>>>>> On 30 Mar 2006, at 20:43, Vangelis Kyriakakis wrote:
>>>>>>>
>>>>>>>> Hello,
>>>>>>>>
>>>>>>>>     I see from the logfiles that Radiator always uses the   
>>>>>>>> whole   username that is being authenticated as the username   
>>>>>>>> that is  used  for online confirmation via SNMP.
>>>>>>>>     The manual says in CountQuery "If a user name is present   
>>>>>>>> as  the  fifth field returned by the query, that is the user   
>>>>>>>> name  that will  be used to confirm the user is still on line.".
>>>>>>>>     Using the following configuration:
>>>>>>>>
>>>>>>>> <Handler Client-Identifier=adsl>
>>>>>>>>        RejectHasReason
>>>>>>>>        RewriteUsername s/^([^@]+).*/$1/
>>>>>>>>        AuthBy adsl
>>>>>>>>        SessionDatabase Session-dsl
>>>>>>>>        AuthLog logger
>>>>>>>> </Handler>
>>>>>>>>
>>>>>>>> <SessionDatabase SQL>
>>>>>>>>        Identifier Session-dsl
>>>>>>>>        DBSource dbi:Sybase:RADIUS
>>>>>>>>        DBUsername tacacs
>>>>>>>>        DBAuth xxxxxxx
>>>>>>>>        Timeout 5
>>>>>>>>        FailureBackoffTime 5
>>>>>>>>        AddQuery insert into netman..RADONLINE     
>>>>>>>> (USERNAME,NASIDENTIFIER,NASPORT,\
>>>>>>>>                 
>>>>>>>> ACCTSESSIONID,TIME_STAMP,FRAMEDIPADDRESS,NASPORTTYPE,\
>>>>>>>>               SERVICETYPE) values ('%U','%N',0%{NAS-Port},'%   
>>>>>>>> {Acct- Session-Id}',\
>>>>>>>>               %{Timestamp},'%{Framed-IP-Address}','%{NAS- 
>>>>>>>> Port-  Type}',\
>>>>>>>>               '%{Service-Type}')
>>>>>>>>        DeleteQuery delete from netman..RADONLINE where     
>>>>>>>> NASIDENTIFIER='%1' and NASPORT=0%2
>>>>>>>>        ClearNasQuery delete from netman..RADONLINE where     
>>>>>>>> NASIDENTIFIER='%N'
>>>>>>>>        CountQuery select NASIDENTIFIER, NASPORT, hextoint    
>>>>>>>> (ACCTSESSIONID), FRAMEDIPADDRESS, USERNAME from   
>>>>>>>> netman..RADONLINE wh
>>>>>>>> ere USERNAME='%U'
>>>>>>>> </SessionDatabase>
>>>>>>>> If the user that is being authenticated is user at domain  then    
>>>>>>>> Radiator always uses user at domain as the username that  is  
>>>>>>>> checked   against the snmpget result although the  RADONLINE  
>>>>>>>> database keeps   only user in the USERNAME field.
>>>>>>>>
>>>>>>>>     Am I doing something wrong, or is this a bug?
>>>>>>>>
>>>>>>>>                   Regards
>>>>>>>>                        Vangelis Kyriakakis
>>>>>>>>
>>>>>>>> -- 
>>>>>>>> Archive at http://www.open.com.au/archives/radiator/
>>>>>>>> Announcements on radiator-announce at open.com.au
>>>>>>>> To unsubscribe, email 'majordomo at open.com.au' with
>>>>>>>> 'unsubscribe radiator' in the body of the message.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> NB:
>>>>>>>
>>>>>>> Have you read the reference manual ("doc/ref.html")?
>>>>>>> Have you searched the mailing list archive (www.open.com.au/   
>>>>>>> archives/ radiator)?
>>>>>>> Have you had a quick look on Google (www.google.com)?
>>>>>>> Have you included a copy of your configuration file (no secrets),
>>>>>>> together with a trace 4 debug showing what is happening?
>>>>>>>
>>>>>>
>>>>>> -- 
>>>>>> Archive at http://www.open.com.au/archives/radiator/
>>>>>> Announcements on radiator-announce at open.com.au
>>>>>> To unsubscribe, email 'majordomo at open.com.au' with
>>>>>> 'unsubscribe radiator' in the body of the message.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> NB:
>>>>>
>>>>> Have you read the reference manual ("doc/ref.html")?
>>>>> Have you searched the mailing list archive (www.open.com.au/  
>>>>> archives/ radiator)?
>>>>> Have you had a quick look on Google (www.google.com)?
>>>>> Have you included a copy of your configuration file (no secrets),
>>>>> together with a trace 4 debug showing what is happening?
>>>>>
>>>>
>>>> -- 
>>>> Archive at http://www.open.com.au/archives/radiator/
>>>> Announcements on radiator-announce at open.com.au
>>>> To unsubscribe, email 'majordomo at open.com.au' with
>>>> 'unsubscribe radiator' in the body of the message.
>>>
>>>
>>>
>>>
>>> NB:
>>>
>>> Have you read the reference manual ("doc/ref.html")?
>>> Have you searched the mailing list archive (www.open.com.au/ 
>>> archives/ radiator)?
>>> Have you had a quick look on Google (www.google.com)?
>>> Have you included a copy of your configuration file (no secrets),
>>> together with a trace 4 debug showing what is happening?
>>>
>>
>> -- 
>> Archive at http://www.open.com.au/archives/radiator/
>> Announcements on radiator-announce at open.com.au
>> To unsubscribe, email 'majordomo at open.com.au' with
>> 'unsubscribe radiator' in the body of the message.
>
>
>
> NB:
>
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive (www.open.com.au/archives/ 
> radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
>

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list