(RADIATOR) Problem with the username that is used for online confirmation

Hugh Irvine hugh at open.com.au
Tue Apr 18 00:55:16 CDT 2006


Hello Vangelis -

Thanks for letting me know.

regards

Hugh


On 17 Apr 2006, at 17:18, Vangelis Kyriakakis wrote:

> Hello Hugh,
>
>       Thanks for your answer. I had already found the problem  
> myself and had posted the fix, but it seemed that the post didn't  
> reach the email list and also I was unsubscribed and didn't get the  
> list mails.
>       Anyway I guess the problem was the missing $user_name in line  
> 171. I had fixed that and tested it. It's working.
>
>               Thanks again
>                         Vangelis
>
> Hugh Irvine wrote:
>
>>
>> Hello again Vangelis -
>>
>> Thanks for your patience.
>>
>> We have now posted a patch which should fix this issue - many  
>> thanks  for reporting it.
>>
>> The affected module is Radius/SessSQL.pm which is included in the   
>> latest patch set.
>>
>> Please test it and let me know if the problem is resolved.
>>
>> Apologies for the delay in getting this resolved.
>>
>> regards
>>
>> Hugh
>>
>>
>> On 15 Apr 2006, at 14:43, Hugh Irvine wrote:
>>
>>>
>>> Hello Vangelis -
>>>
>>> I'm sorry this has taken so long, but I think I have found the   
>>> problem.
>>>
>>> I will check with Mike and we'll try to have a patch for you  
>>> early  next week.
>>>
>>> regards
>>>
>>> Hugh
>>>
>>>
>>> On 7 Apr 2006, at 17:50, Vangelis Kyriakakis wrote:
>>>
>>>> Hello Hugh,
>>>>
>>>>       I changed the CountQuery to
>>>>
>>>> CountQuery select NASIDENTIFIER, NASPORT, hextoint 
>>>> (ACCTSESSIONID),  FRAMEDIPADDRESS, USERNAME from  
>>>> netman..RADONLINE where USERNAME='%U'
>>>>
>>>>     and it has the same behaviour:
>>>>
>>>> Fri Apr  7 10:40:44 2006: DEBUG: Radius::AuthLDAP2 looks for  
>>>> match  with grakkos.ath.forthnet.gr [grakkos.ath.forthnet.gr at forth
>>>> net.gr]
>>>> Fri Apr  7 10:40:44 2006: DEBUG: Query is: 'select  
>>>> NASIDENTIFIER,  NASPORT, hextoint(ACCTSESSIONID),  
>>>> FRAMEDIPADDRESS, USERNAME
>>>> from netman..RADONLINE where USERNAME='grakkos.ath.forthnet.gr'':
>>>> Fri Apr  7 10:40:44 2006: DEBUG: Checking if user is still  
>>>> online:  CiscoDSL, grakkos.ath.forthnet.gr at forthnet.gr,  
>>>> 194.219.252.
>>>> 147, 966, 5849343 62.1.247.103
>>>> Fri Apr  7 10:40:44 2006: DEBUG: Cisco: Checking ADSL 5849343->   
>>>> 194.219.252.147:966:grakkos.ath.forthnet.gr at forthnet.gr
>>>> Fri Apr  7 10:40:44 2006: DEBUG: Running command `/opt/ucd-snmp/  
>>>> bin/snmpget -c "FORTHNET" 194.219.252.147 .iso.org.dod.interne
>>>> t.private.enterprises.9.9.150.1.1.3.1.2.5849343 2>&1`
>>>> Fri Apr  7 10:40:44 2006: DEBUG: Radius::AuthLDAP2 REJECT:   
>>>> DefaultSimultaneousUse of 1 exceeded: grakkos.ath.forthnet.gr [grak
>>>> kos.ath.forthnet.gr at forthnet.gr]
>>>>
>>>>     The username in the access request is   
>>>> grakkos.ath.forthnet.gr at forthnet.gr, I rewrite it into   
>>>> grakkos.ath.forthnet.gr and store it in the RADONLINE.
>>>>
>>>>                              Regards
>>>>                                   Vangelis
>>>>
>>>> Hugh Irvine wrote:
>>>>
>>>>>
>>>>> Hello Vangelis -
>>>>>
>>>>> It doesn't look like the CountQuery is configured correctly:
>>>>>
>>>>>
>>>>> Thu Apr  6 12:03:10 2006: DEBUG: Query is: 'select   
>>>>> NASIDENTIFIER,  NASPORT, hextoint(ACCTSESSIONID) from   
>>>>> netman..RADONLINE where  USERNAME='biqiqo.ath.forthnet.gr'':
>>>>>
>>>>>
>>>>> regards
>>>>>
>>>>> Hugh
>>>>>
>>>>>
>>>>> On 6 Apr 2006, at 19:17, Vangelis Kyriakakis wrote:
>>>>>
>>>>>> Hello Hugh,
>>>>>>
>>>>>>       We upgraded to version 3.14 with latest patches.    
>>>>>> Unfortunately we get the same results:
>>>>>>
>>>>>> Thu Apr  6 12:03:10 2006: DEBUG: Radius::AuthLDAP2 looks for   
>>>>>> match  with biqiqo.ath.forthnet.gr   
>>>>>> [biqiqo.ath.forthnet.gr at forthnet.gr]
>>>>>> Thu Apr  6 12:03:10 2006: DEBUG: Query is: 'select   
>>>>>> NASIDENTIFIER,  NASPORT, hextoint(ACCTSESSIONID) from   
>>>>>> netman..RADONLINE where  USERNAME='biqiqo.ath.forthnet.gr'':
>>>>>> Thu Apr  6 12:03:10 2006: DEBUG: Checking if user is still   
>>>>>> online:  CiscoDSL, biqiqo.ath.forthnet.gr at forthnet.gr,   
>>>>>> 194.219.252.148,  2056, 4203759
>>>>>> Thu Apr  6 12:03:10 2006: DEBUG: Cisco: Checking ADSL 4203759- 
>>>>>> >   194.219.252.148:2056:biqiqo.ath.forthnet.gr at forthnet.gr
>>>>>> Thu Apr  6 12:03:10 2006: DEBUG: Running command `/opt/ucd- 
>>>>>> snmp/ bin/ snmpget -c "FORTHNET"    
>>>>>> 194.219.252.148 .iso.org.dod.internet.private.enterprises.   
>>>>>> 9.9.150.1.1.3.1.2.4203759 2>&1`
>>>>>> Thu Apr  6 12:03:10 2006: DEBUG: Radius::AuthLDAP2 REJECT:    
>>>>>> DefaultSimultaneousUse of 1 exceeded: biqiqo.ath.forthnet.gr    
>>>>>> [biqiqo.ath.forthnet.gr at forthnet.gr]
>>>>>> Thu Apr  6 12:03:10 2006: DEBUG: AuthBy LDAP2 result:  
>>>>>> REJECT,   DefaultSimultaneousUse of 1 exceeded
>>>>>>
>>>>>> The line
>>>>>> Thu Apr  6 12:03:10 2006: DEBUG: Cisco: Checking ADSL 4203759- 
>>>>>> >   194.219.252.148:2056:biqiqo.ath.forthnet.gr at forthnet.gr
>>>>>> is produced by a line we added to the Cisco.pm:
>>>>>>
>>>>>> &main::log($main::LOG_DEBUG, "Cisco: Checking ADSL  
>>>>>> $session_id- >  $nas_id:$nas_port:$name" );
>>>>>>
>>>>>> So, it seems that username that is passed to Cisco.pm is the    
>>>>>> original username with the realm, and not the one that %U  
>>>>>> should  give.
>>>>>>
>>>>>>          Regards
>>>>>>              Vangelis
>>>>>>
>>>>>> Hugh Irvine wrote:
>>>>>>
>>>>>>>
>>>>>>> Hello Vangelis -
>>>>>>>
>>>>>>> According to the history file this functionality was   
>>>>>>> introduced  in  Radiator 3.6.
>>>>>>>
>>>>>>> Could you download and install Radiator 3.14 on a clean  
>>>>>>> test   server  and test it?
>>>>>>>
>>>>>>> Please let me know what you discover.
>>>>>>>
>>>>>>> thanks and regards
>>>>>>>
>>>>>>> Hugh
>>>>>>>
>>>>>>>
>>>>>>> On 31 Mar 2006, at 18:06, Vangelis Kyriakakis wrote:
>>>>>>>
>>>>>>>> Hello Hugh,
>>>>>>>>
>>>>>>>>         We are running 3.7.1. We are a little behind from   
>>>>>>>> the   current version. If it is something that was fixed in  
>>>>>>>> a  later   version we'll upgrade.
>>>>>>>>
>>>>>>>>                               Regards
>>>>>>>>                                   Vangelis
>>>>>>>>
>>>>>>>> Hugh Irvine wrote:
>>>>>>>>
>>>>>>>>>
>>>>>>>>> Hello Vangelis -
>>>>>>>>>
>>>>>>>>> What version of Radiator are you running?
>>>>>>>>>
>>>>>>>>> regards
>>>>>>>>>
>>>>>>>>> Hugh
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On 30 Mar 2006, at 21:56, Vangelis Kyriakakis wrote:
>>>>>>>>>
>>>>>>>>>> Hello Hugh,
>>>>>>>>>>
>>>>>>>>>>      Thanks for the answer. The username that I want to  
>>>>>>>>>> get   back  is  the rewritten one, that is the one I  
>>>>>>>>>> allready  store  in the   RADONLINE. But What I get is the  
>>>>>>>>>> full  original  username. I guess   what you told me to do  
>>>>>>>>>> will  give me the  original username, or am  I  wrong?
>>>>>>>>>>
>>>>>>>>>>            Regards
>>>>>>>>>>                 Vangelis Kyriakakis
>>>>>>>>>>
>>>>>>>>>> Hugh Irvine wrote:
>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Hello Vangelis -
>>>>>>>>>>>
>>>>>>>>>>> You must extend the RADONLINE table to include a field  
>>>>>>>>>>> to    contain  the  original username and modify the  
>>>>>>>>>>> AddQuery so  it   adds both  the  rewritten username and  
>>>>>>>>>>> the original  username  to  the table.  Then the  fifth  
>>>>>>>>>>> field in the  CountQuery must  be the  original  username.
>>>>>>>>>>>
>>>>>>>>>>> hope that helps
>>>>>>>>>>>
>>>>>>>>>>> regards
>>>>>>>>>>>
>>>>>>>>>>> Hugh
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> On 30 Mar 2006, at 20:43, Vangelis Kyriakakis wrote:
>>>>>>>>>>>
>>>>>>>>>>>> Hello,
>>>>>>>>>>>>
>>>>>>>>>>>>     I see from the logfiles that Radiator always uses   
>>>>>>>>>>>> the   whole   username that is being authenticated as  
>>>>>>>>>>>> the  username   that is  used  for online confirmation  
>>>>>>>>>>>> via SNMP.
>>>>>>>>>>>>     The manual says in CountQuery "If a user name is   
>>>>>>>>>>>> present   as  the  fifth field returned by the query,  
>>>>>>>>>>>> that  is the user   name  that will  be used to confirm  
>>>>>>>>>>>> the user  is still on line.".
>>>>>>>>>>>>     Using the following configuration:
>>>>>>>>>>>>
>>>>>>>>>>>> <Handler Client-Identifier=adsl>
>>>>>>>>>>>>        RejectHasReason
>>>>>>>>>>>>        RewriteUsername s/^([^@]+).*/$1/
>>>>>>>>>>>>        AuthBy adsl
>>>>>>>>>>>>        SessionDatabase Session-dsl
>>>>>>>>>>>>        AuthLog logger
>>>>>>>>>>>> </Handler>
>>>>>>>>>>>>
>>>>>>>>>>>> <SessionDatabase SQL>
>>>>>>>>>>>>        Identifier Session-dsl
>>>>>>>>>>>>        DBSource dbi:Sybase:RADIUS
>>>>>>>>>>>>        DBUsername tacacs
>>>>>>>>>>>>        DBAuth xxxxxxx
>>>>>>>>>>>>        Timeout 5
>>>>>>>>>>>>        FailureBackoffTime 5
>>>>>>>>>>>>        AddQuery insert into netman..RADONLINE       
>>>>>>>>>>>> (USERNAME,NASIDENTIFIER,NASPORT,\
>>>>>>>>>>>>                   
>>>>>>>>>>>> ACCTSESSIONID,TIME_STAMP,FRAMEDIPADDRESS,NASPORTTYPE,\
>>>>>>>>>>>>               SERVICETYPE) values ('%U','%N',0%{NAS-  
>>>>>>>>>>>> Port},'%   {Acct- Session-Id}',\
>>>>>>>>>>>>               %{Timestamp},'%{Framed-IP-Address}','% 
>>>>>>>>>>>> {NAS-  Port-  Type}',\
>>>>>>>>>>>>               '%{Service-Type}')
>>>>>>>>>>>>        DeleteQuery delete from netman..RADONLINE  
>>>>>>>>>>>> where      NASIDENTIFIER='%1' and NASPORT=0%2
>>>>>>>>>>>>        ClearNasQuery delete from netman..RADONLINE   
>>>>>>>>>>>> where     NASIDENTIFIER='%N'
>>>>>>>>>>>>        CountQuery select NASIDENTIFIER, NASPORT,   
>>>>>>>>>>>> hextoint    (ACCTSESSIONID), FRAMEDIPADDRESS, USERNAME   
>>>>>>>>>>>> from   netman..RADONLINE wh
>>>>>>>>>>>> ere USERNAME='%U'
>>>>>>>>>>>> </SessionDatabase>
>>>>>>>>>>>> If the user that is being authenticated is user at domain    
>>>>>>>>>>>> then    Radiator always uses user at domain as the  
>>>>>>>>>>>> username  that  is  checked   against the snmpget result  
>>>>>>>>>>>> although  the  RADONLINE  database keeps   only user in  
>>>>>>>>>>>> the USERNAME  field.
>>>>>>>>>>>>
>>>>>>>>>>>>     Am I doing something wrong, or is this a bug?
>>>>>>>>>>>>
>>>>>>>>>>>>                   Regards
>>>>>>>>>>>>                        Vangelis Kyriakakis
>>>>>>>>>>>>
>>>>>>>>>>>> -- 
>>>>>>>>>>>> Archive at http://www.open.com.au/archives/radiator/
>>>>>>>>>>>> Announcements on radiator-announce at open.com.au
>>>>>>>>>>>> To unsubscribe, email 'majordomo at open.com.au' with
>>>>>>>>>>>> 'unsubscribe radiator' in the body of the message.
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> NB:
>>>>>>>>>>>
>>>>>>>>>>> Have you read the reference manual ("doc/ref.html")?
>>>>>>>>>>> Have you searched the mailing list archive   
>>>>>>>>>>> (www.open.com.au/   archives/ radiator)?
>>>>>>>>>>> Have you had a quick look on Google (www.google.com)?
>>>>>>>>>>> Have you included a copy of your configuration file (no   
>>>>>>>>>>> secrets),
>>>>>>>>>>> together with a trace 4 debug showing what is happening?
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> -- 
>>>>>>>>>> Archive at http://www.open.com.au/archives/radiator/
>>>>>>>>>> Announcements on radiator-announce at open.com.au
>>>>>>>>>> To unsubscribe, email 'majordomo at open.com.au' with
>>>>>>>>>> 'unsubscribe radiator' in the body of the message.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> NB:
>>>>>>>>>
>>>>>>>>> Have you read the reference manual ("doc/ref.html")?
>>>>>>>>> Have you searched the mailing list archive  
>>>>>>>>> (www.open.com.au/   archives/ radiator)?
>>>>>>>>> Have you had a quick look on Google (www.google.com)?
>>>>>>>>> Have you included a copy of your configuration file (no   
>>>>>>>>> secrets),
>>>>>>>>> together with a trace 4 debug showing what is happening?
>>>>>>>>>
>>>>>>>>
>>>>>>>> -- 
>>>>>>>> Archive at http://www.open.com.au/archives/radiator/
>>>>>>>> Announcements on radiator-announce at open.com.au
>>>>>>>> To unsubscribe, email 'majordomo at open.com.au' with
>>>>>>>> 'unsubscribe radiator' in the body of the message.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> NB:
>>>>>>>
>>>>>>> Have you read the reference manual ("doc/ref.html")?
>>>>>>> Have you searched the mailing list archive (www.open.com.au/   
>>>>>>> archives/ radiator)?
>>>>>>> Have you had a quick look on Google (www.google.com)?
>>>>>>> Have you included a copy of your configuration file (no  
>>>>>>> secrets),
>>>>>>> together with a trace 4 debug showing what is happening?
>>>>>>>
>>>>>>
>>>>>> -- 
>>>>>> Archive at http://www.open.com.au/archives/radiator/
>>>>>> Announcements on radiator-announce at open.com.au
>>>>>> To unsubscribe, email 'majordomo at open.com.au' with
>>>>>> 'unsubscribe radiator' in the body of the message.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> NB:
>>>>>
>>>>> Have you read the reference manual ("doc/ref.html")?
>>>>> Have you searched the mailing list archive (www.open.com.au/  
>>>>> archives/ radiator)?
>>>>> Have you had a quick look on Google (www.google.com)?
>>>>> Have you included a copy of your configuration file (no secrets),
>>>>> together with a trace 4 debug showing what is happening?
>>>>>
>>>
>>>
>>> NB:
>>>
>>> Have you read the reference manual ("doc/ref.html")?
>>> Have you searched the mailing list archive (www.open.com.au/  
>>> archives/radiator)?
>>> Have you had a quick look on Google (www.google.com)?
>>> Have you included a copy of your configuration file (no secrets),
>>> together with a trace 4 debug showing what is happening?
>>>
>>> -- 
>>> Radiator: the most portable, flexible and configurable RADIUS server
>>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>>> -
>>> Nets: internetwork inventory and management - graphical, extensible,
>>> flexible with hardware, software, platform and database  
>>> independence.
>>> -
>>> CATool: Private Certificate Authority for Unix and Unix-like  
>>> systems.
>>>
>>>
>>> -- 
>>> Archive at http://www.open.com.au/archives/radiator/
>>> Announcements on radiator-announce at open.com.au
>>> To unsubscribe, email 'majordomo at open.com.au' with
>>> 'unsubscribe radiator' in the body of the message.
>>
>>
>>
>> NB:
>>
>> Have you read the reference manual ("doc/ref.html")?
>> Have you searched the mailing list archive (www.open.com.au/ 
>> archives/ radiator)?
>> Have you had a quick look on Google (www.google.com)?
>> Have you included a copy of your configuration file (no secrets),
>> together with a trace 4 debug showing what is happening?
>>


NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list