(RADIATOR) Stuck in RADONLINE
Jason Haltom
jasonh at ideateksystems.com
Fri Aug 11 14:44:26 CDT 2006
Hey Mike,
We have the same problem... I wrote a script that is run every 15 min on
our server via cron job to do cross checking and cleanup.
What this script does is first check to see if the user is over their
max log time (set in the subscribers table)... If so then they are
removed. If they are not over time then we run a check to see if we
have received a stop accounting, if so then they are removed as the
radonline table was not updated properly.
The last thing this script does is clear out old entries from our failed
logins table. You may want to remove that part of the script.
Hope this helps.
Holler if you need more info or have questions,
Jason
Here is the script:
radonline-cleanup.pl
#!/usr/bin/perl -X
#---------------
# USES
#---------------
use DBI;
#---------------
# VARS
#---------------
my $database = {
server => "db-host",
port => "3306",
dbname => "radius",
username => "user-name",
pass => "user-pass"
}; #the mysql database that all
info is stored in
my $dsn =
"DBI:mysql:database=$database->{dbname};host=$database->{server};port=$d
atabase->{port}"; #the DB connect info
my $q1 = ""; #the query to the DB
my $faillogtime = 604800; #how long to keep the failed login
entries
my $curtime = time; #the current time
#---------------
# INIT DBIs
#---------------
my $dbi = DBI->connect($dsn, $database->{username}, $database->{pass})
or die "Can't connect!!\n<br>";
my $dbi2 = DBI->connect($dsn, $database->{username}, $database->{pass})
or die "Can't connect!!\n<br>";
my $dbi3 = DBI->connect($dsn, $database->{username}, $database->{pass})
or die "Can't connect!!\n<br>";
#----------------------------Start of Main Program-------------------
$q1 = "select ACCTSESSIONID, USERNAME, TIME_STAMP, NASIDENTIFIER,
NASPORT from radonline";
my $dbh = $dbi->prepare($q1);
my $dbh->execute();
while(my @row = $dbh->fetchrow_array)
{
$q2 = "select MAXLOGTIME from subscribers WHERE USERNAME =
'$row[1]'";
$dbh2 = $dbi2->prepare($q2);
$dbh2->execute();
my @maxtime;
if(@maxtime = $dbh2->fetchrow_array)
{
#max log time is set so dont do anything to it
}
else
{
#the user does not have a max log time so lets set it.
$maxtime[0] = 18000 if($maxtime[0] == "");
}
$dbh2->finish();
my $onlinetime = $curtime - $row[2];
#lets check to see if they are logged in for more time than they
are allowed, and remove them as we have a time limit and we probably did
not get a stop accounting
if($onlinetime >= $maxtime[0] )
{
#user is over time and they are not a dsl so lets remove
them from the online database.
#let someone know we removed an entry.
print "Removing user $row[1] from radonline connected
for(sec): $onlinetime with a session ID of: $row[0].\n";
#do the removal
$q2 = "delete from radonline WHERE ACCTSESSIONID =
'$row[0]' AND USERNAME = '$row[1]'";
$dbh2 = $dbi2->prepare($q2);
$dbh2->execute();
}
else
{
#lets check to see if we recieved a stop accounting but
they were just not cleared out of the whos online DB
$q2 = "select NASIDENTIFIER, NASPORT from accounting
where ACCTSESSIONID = '$row[0]'AND USERNAME = '$row[1]' AND
ACCTSTATUSTYPE = 'Stop' AND NASPORT ='$row[4]' ";
$dbh2 = $dbi2->prepare($q2);
$dbh2->execute();
while(my @result = $dbh2->fetchrow())
{
#let someone know we removed an entry.
print "Removing user $row[1] from radonline
connected on NAS: $result[0] Port: $result[1] with a session ID of:
$row[0].\n";
#do the removal
$q3 = "delete from radonline WHERE NASIDENTIFIER
= '$result[0]' AND ACCTSESSIONID = '$row[0]' AND NASPORT =
'$result[1]'";
$dbh3 = $dbi3->prepare($q3);
$dbh3->execute();
$dbh3->finish();
}
$dbh2->finish();
}
}
#lets cleanup the failed logins database. We are going to remove
anything older than $faillogtime.
$q1 = "select TIME_STAMP, USERNAME from radauthlogfail ORDER BY
TIME_STAMP DESC";
$dbh = $dbi->prepare($q1);
$dbh->execute();
$curtime = time;
while(my @row = $dbh->fetchrow_array)
{
my $timeout = $curtime - $row[0];
if($timeout >= $faillogtime)
{
#The entry is older than we want so lets remove it.
$q2 = "delete from radauthlogfail WHERE TIME_STAMP =
$row[0]";
$dbh2 = $dbi2->prepare($q2);
$dbh2->execute();
}
}
#----------------------------End of Main Program---------------------
#---------------
# CLOSE DBIs
#--------------
$dbh->finish();
$dbh2->finish();
$dbi->disconnect();
$dbi2->disconnect();
$dbi3->disconnect();
#============================EOF=====================================
-----Original Message-----
From: owner-radiator at open.com.au [mailto:owner-radiator at open.com.au] On
Behalf Of Mike Gomez
Sent: Friday, August 11, 2006 8:39 AM
To: radiator at open.com.au
Subject: (RADIATOR) Stuck in RADONLINE
Hiya,
I've got a bit of an issue, and I'm hoping that Radiator's wonderful
configurability can help me out. :) The situation I'm in is that we buy
dialup modem ports from a company that gets them through Level3. Radius
requests for our users go from Level3's modem pools to a radius server
at the
company we purchase them from and then get forwarded to our Radiator
server.
The problem that I run into is that we don't always get stop records for
our
users that come in via this route (I've done a Trace 4 and see nothing
come
through in the logs for a stop record), and since we have
Simultaneous-Use=1
in their records, they can't authenticate next time because they're
still in
the RADONLINE table.
We *do* get callerid info when users get connected, so what I wanted to
try
figuring out is this. Is there some way to tell Radiator that if a user
tries
to authenticate, and the callerid info that is passed matches the
callerid
info in the RADONLINE table for that user, to delete the old entry from
RADONLINE and allow them access? Or is there a better way, like passing
the
info to a script?
Thanks!
--
Mike Gomez
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.394 / Virus Database: 268.10.7/410 - Release Date: 8/5/2006
--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.394 / Virus Database: 268.10.7/410 - Release Date: 8/5/2006
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list