(RADIATOR) No Available addresses & Bad password

Steve Bluck steve at staff.inhb.co.nz
Mon Nov 20 16:23:44 CST 2006 

Hi All,
I've been thrust into looking after Radiator ver 3.7.1, running on a Win
2k box & MySQL ver 4.0.23, and talking to an Ericsson/ACC Tigris NAS
running S/W ver 11.5.4.29.div05
<rant> Zip Knowledge or training and meant to solve a problem the expert
who installed it couldn't...</rant>
I've seen http://www.open.com.au/archives/radiator/2006-11/msg00028.html
which pretty well describes what I'm experiencing and tried to apply it
yet still get the above messages.
At trace level 3 I see periods of "Access rejected for [username]: No
available addresses" or "Access rejected for [username]: Bad Password
*******************************************************************
The cfg:

Foreground
LogStdout
LogDir		c:\Program Files\Radiator\Logs
# %L = Logfile directory	
# %d = 2 digit current day of month
# %m = 2 digit current month
# %Y = 4 digit current year
LogFile		%L\%d-%m-%Y-logfile
DbDir		c:/Program Files/Radiator

# Listen for authentication requests on ports 1645 and 1812 as per RFC
2138
AuthPort 1812

# Listen for accounting requests on port 1646 and 1813 as per RFC 2139
AcctPort 1813

# This will log at DEBUG level: very verbose
Trace 		4

# Clients for each NAS.
# Tigris NAS
<Client xxx.xxx.xxx.xxx>
	SNMPCommunity PUBLIC
      NasType TigrisNew
	Secret	xxxxxx
	DupInterval 60
</Client>
# Nationwide Dialup Virtual Addresses
<Client xxx.xxx.xxx.xxx>
	Secret	xxxxxx
	DupInterval 60
</Client>

<AddressAllocator SQL>
	Identifier myallocator

	DBSource	DBI:mysql:radius:xxx.xxx.xxx.xxx:3306
	DBUsername	xxxx
	DBAuth	xxxxxx

	# DefaultLeasePeriod (in seconds) is.
	DefaultLeasePeriod	86400

	# How often we check the database for expired leases
	LeaseReclaimInterval 86400

	# Tigris NAS Realworld IP's
	<AddressPool xxx.xxx.xxx.xxx>
		# Subnetmask	255.255.255.192
		Range	xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
	</AddressPool>
	# Nationwide Dialup Virtual Address
	<AddressPool xxx.xxx.xxx.xxx>
		# Subnetmask	255.255.255.192
		Range	10.250.1.1 10.250.1.254
	</AddressPool>
	# Test pool for Radio PPPoE	
	<AddressPool xxx.xxx.xxx.xxx>
		# Subnetmask	255.255.255.192
		Range	xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
		DNSServer pppoe.inhb.co.nz
	</AddressPool>

# USE THIS IF YOU WANT TO USE ADRESSED FROM THE SQL SUBSCRIBER POOLNAME
#	FindQuery select TIME_STAMP, YIADDR, SUBNETMASK, DNSSERVER from
RADPOOL where POOL=? and STATE=0 order by TIME_STAMP
#	FindQueryBindVar %0
# OR USE THE ACTIVE LINE BELOW TO SELECT ANIP ADDRESS FORM THE POOL
ASSIGNED TO THE NAS
	FindQuery select TIME_STAMP, YIADDR, SUBNETMASK, DNSSERVER from
RADPOOL where POOL='%N' AND DNSSERVER='%R' and STATE=0 order by
TIME_STAMP
	AllocateQuery update RADPOOL set STATE=1,TIME_STAMP=?,EXPIRY=?,
USERNAME=? where YIADDR=? and TIME_STAMP =?
	AllocateQueryBindVar %0
	AllocateQueryBindVar %1
	AllocateQueryBindVar %2
	AllocateQueryBindVar %3
	AllocateQueryBindVar %4
	DeallocateQuery update RADPOOL set STATE=0, TIME_STAMP=? where
YIADDR=?
	DeallocateQueryBindVar %t
	DeallocateQueryBindVar %0
	CheckPoolQuery select STATE from RADPOOL where YIADDR=?
	CheckPoolQueryBindVar %0
	AddAddressQuery insert into RADPOOL (STATE, TIME_STAMP, POOL,
YIADDR, SUBNETMASK, DNSSERVER) values (0, ?, ?, ?, ?, ?)
	AddAddressQueryBindVar %t
	AddAddressQueryBindVar %0
	AddAddressQueryBindVar %1
	AddAddressQueryBindVar %2
	AddAddressQueryBindVar %3
	ReclaimQuery update RADPOOL set STATE=0 where STATE!=0 and
EXPIRY < ?
	ReclaimQueryBindVar %0
</AddressAllocator>

# Authenticate all realms with this
<Realm DEFAULT>
	AuthByPolicy ContinueWhileAccept
	<AuthBy SQL>
		DBSource	DBI:mysql:radius:xxx.xxx.xxx.xxx:3306
		DBUsername	xxxx
		DBAuth	xxxx
		NoDefault
		AuthSelect select PASSWORD, CHECKATTR, REPLYATTR,
CONCAT('PoolHint = ',IPPOOL) AS IPPOOL, IPADDRESS, TIMELEFT, MAXLOGINS,
VALIDFROM, EXPIRATION from SUBSCRIBERS where USERNAME=%0 AND ( TIMELEFT
IS NULL OR TIMELEFT <> 0) AND STOPCREDIT = 0
			AuthColumnDef 0, User-Password, check
			AuthColumnDef 1, GENERIC, check
			AuthColumnDef 2, GENERIC, reply
			AuthColumnDef 3, GENERIC, reply
			AuthColumnDef 4, Framed-IP-Address,reply
			AuthColumnDef 5, Session-Timeout, reply
			AuthColumnDef 6, Port-Limit,reply
			AuthColumnDef 7, ValidFrom,check
			AuthColumnDef 8, Expiration,check
				AcctColumnDef  USERNAME,User-Name
				AcctColumnDef
TIME_STAMP,Timestamp,integer
				AcctColumnDef
ACCTSTATUSTYPE,Acct-Status-Type
				AcctColumnDef
ACCTDELAYTIME,Acct-Delay-Time,integer
				AcctColumnDef
ACCTINPUTOCTETS,Acct-Input-Octets,integer
				AcctColumnDef
ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
				AcctColumnDef
ACCTSESSIONID,Acct-Session-Id
				AcctColumnDef
ACCTSESSIONTIME,Acct-Session-Time,integer
				AcctColumnDef
ACCTTERMINATECAUSE,Acct_Terminate-Cause
				AcctColumnDef
NASIDENTIFIER,NAS-Identifier
				AcctColumnDef  NASPORT,NAS-Port,integer
				AcctColumnDef
FRAMEDIPADDRESS,Framed-IP-Address
				AcctColumnDef
CALLEDSTATIONID,Called-Station-Id
				AcctColumnDef
CALLINGSTATIONID,Calling-Station-Id
				AcctColumnDef
ACCTMULTISESSIONID,Acct-Multi-Session-Id
				AcctColumnDef
ACCTLINKCOUNT,Acct-Link-Count,integer
				AcctColumnDef
ACCERRORMESSAGE,Acc-Error-Message,integer
					AcctSQLStatement update
SUBSCRIBERS set TIMELEFT=TIMELEFT-0%{Acct-Session-Time} where
USERNAME='%n' AND TIMELEFT > 0

		DateFormat %b %e, %Y %H:%M:%S	
		AcctFailedLogFileName %L/%Y%M%d.act
	</AuthBy>

  <AuthBy FILE>
		Filename %D/users
	</AuthBy>

	# Log accounting to a detail file. %D is replaced by DbDir above
	AcctLogFileName	%D/detail
	
	<AuthBy DYNADDRESS>
		AddressAllocator myallocator
		PoolHint %{Reply:PoolHint}
		MapAttribute	yiaddr, Framed-IP-Address
		MapAttribute	subnetmask, Framed-IP-Netmask
		StripFromReply PoolHint
	</AuthBy>
	<Log SQL>
		# Defines how to connect to the database. See examples
above
		DBSource	DBI:mysql:radius:xxx.xxx.xxx.xxx:3306
		DBUsername	xxxx
		DBAuth	xxxx
		# Trace level to use (allows same values as the global
Trace level)
		Trace 3
	</Log>
</Realm>

<SessionDatabase SQL>
	DBSource	DBI:mysql:radius:xxx.xxx.xxx.xxx:3306
	DBUsername	xxxx
	DBAuth	xxxxxxx
	AddQuery insert into RADONLINE (USERNAME, NASIDENTIFIER,
NASPORT, ACCTSESSIONID, TIME_STAMP, FRAMEDIPADDRESS, NASPORTTYPE,
SERVICETYPE) values ('%u', '%1', %2, %3, %{Timestamp},
'%{Framed-IP-Address}', '%{NAS-Port-Type}', '%{Service-Type}')
	DeleteQuery delete from RADONLINE where NASIDENTIFIER='%1' and
NASPORT=%2
	ClearNasQuery delete from RADONLINE where NASIDENTIFIER='%0'
	CountQuery select NASIDENTIFIER, NASPORT, ACCTSESSIONID,
FRAMEDIPADDRESS from RADONLINE where USERNAME='%u'
 </SessionDatabase>
************************************************************************
*
Level 4 Trace example:
*** Received from xxx.xxx.xxx.xxx port 7000 ....
Code:       Access-Request
Identifier: 101
Authentic:  !<211><178>x;6<190><249>r|!<6><156><222><24>w
Attributes:
	User-Name = "xxxx"
	User-Password =
"<131><204><216>a~A2<175><191><180><252><149>}I<191><178>"
	NAS-Port = 7
	NAS-Port-Type = Async
	Acc-Request-Type = User-Authentication
	Service-Type = Framed-User
	Framed-Protocol = PPP
	Called-Station-Id = "0xxxxxxx"
	Calling-Station-Id = "xxxxxx"
	NAS-Identifier = "xxx.xxx.xxx.xxx"

Tue Nov 21 07:45:32 2006: DEBUG: Handling request with Handler
'Realm=DEFAULT'
Tue Nov 21 07:45:32 2006: DEBUG:  Deleting session for blanche,
203.167.254.5, 7
Tue Nov 21 07:45:32 2006: DEBUG: do query is: 'delete from RADONLINE
where NASIDENTIFIER='xxx.xxx.xxx.xxx' and NASPORT=7': 

Tue Nov 21 07:45:32 2006: DEBUG: Handling with Radius::AuthSQL
Tue Nov 21 07:45:32 2006: DEBUG: Handling with Radius::AuthSQL: 
Tue Nov 21 07:45:32 2006: DEBUG: Query is: 'select PASSWORD, CHECKATTR,
REPLYATTR, CONCAT('PoolHint = ',IPPOOL) AS IPPOOL, IPADDRESS, TIMELEFT,
MAXLOGINS, VALIDFROM, EXPIRATION from SUBSCRIBERS where USERNAME='xxxx'
AND ( TIMELEFT IS NULL OR TIMELEFT <> 0) AND STOPCREDIT = 0': 

Tue Nov 21 07:45:32 2006: DEBUG: Radius::AuthSQL looks for match with
xxxx
Tue Nov 21 07:45:32 2006: DEBUG: ValidFrom date converted to: 946638000
Tue Nov 21 07:45:32 2006: DEBUG: Expiration date converted to:
2145783600
Tue Nov 21 07:45:32 2006: DEBUG: Radius::AuthSQL ACCEPT: 
Tue Nov 21 07:45:32 2006: DEBUG: Handling with Radius::AuthFILE: 
Tue Nov 21 07:45:32 2006: DEBUG: Radius::AuthFILE looks for match with
xxxx
Tue Nov 21 07:45:32 2006: DEBUG: Radius::AuthFILE looks for match with
DEFAULT
Tue Nov 21 07:45:32 2006: DEBUG: Radius::AuthFILE ACCEPT: 
Tue Nov 21 07:45:32 2006: DEBUG: Handling with Radius::AuthDYNADDRESS
Tue Nov 21 07:45:32 2006: DEBUG: Query is: 'select TIME_STAMP, YIADDR,
SUBNETMASK, DNSSERVER from RADPOOL where POOL='xxx.xxx.xxx.xxx' AND
DNSSERVER='' and STATE=0 order by TIME_STAMP': 

Tue Nov 21 07:45:32 2006: INFO: Access rejected for xxxx: No available
addresses
Tue Nov 21 07:45:32 2006: WARNING: No such attribute PoolHint
Tue Nov 21 07:45:32 2006: DEBUG: Packet dump:
*** Sending to xxx.xxx.xxx.xxx port 7000 ....
Code:       Access-Reject
Identifier: 101
Authentic:  !<211><178>x;6<190><249>r|!<6><156><222><24>w
Attributes:
	PoolHint = AS5200
	Port-Limit = 1
	Framed-Protocol = PPP
	Framed-IP-Netmask = 255.255.255.0
	Framed-Routing = None
	Framed-MTU = 1500
	Framed-Compression = Van-Jacobson-TCP-IP
	Reply-Message = "Request Denied"
**********************************************************************
The only changes I have made are (apart from xxx Ip's Usernames &
Passwords) are to the <CLIENT> section, and to LogDir & LogFile (as the
file was 1.63Gig..)

Cheers

Steve Bluck

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list