(RADIATOR) No Available addresses & Bad password

Hugh Irvine hugh at open.com.au
Mon Nov 20 20:38:23 CST 2006 

Hello Steve -

According to the debug log there are no available addresses in the  
address pool you are trying to allocate from.

The possible causes are: insufficient number of addresses in the  
address pool, or IP addresses in the address pool(s) not being  
deallocated correctly.

I don't have enough information to know which is the case.

Can you give me any more detail on what is happening?

regards

Hugh


On 21 Nov 2006, at 09:23, Steve Bluck wrote:

> Hi All,
> I've been thrust into looking after Radiator ver 3.7.1, running on  
> a Win
> 2k box & MySQL ver 4.0.23, and talking to an Ericsson/ACC Tigris NAS
> running S/W ver 11.5.4.29.div05
> <rant> Zip Knowledge or training and meant to solve a problem the  
> expert
> who installed it couldn't...</rant>
> I've seen http://www.open.com.au/archives/radiator/2006-11/ 
> msg00028.html
> which pretty well describes what I'm experiencing and tried to  
> apply it
> yet still get the above messages.
> At trace level 3 I see periods of "Access rejected for [username]: No
> available addresses" or "Access rejected for [username]: Bad Password
> *******************************************************************
> The cfg:
>
> Foreground
> LogStdout
> LogDir		c:\Program Files\Radiator\Logs
> # %L = Logfile directory	
> # %d = 2 digit current day of month
> # %m = 2 digit current month
> # %Y = 4 digit current year
> LogFile		%L\%d-%m-%Y-logfile
> DbDir		c:/Program Files/Radiator
>
> # Listen for authentication requests on ports 1645 and 1812 as per RFC
> 2138
> AuthPort 1812
>
> # Listen for accounting requests on port 1646 and 1813 as per RFC 2139
> AcctPort 1813
>
> # This will log at DEBUG level: very verbose
> Trace 		4
>
> # Clients for each NAS.
> # Tigris NAS
> <Client xxx.xxx.xxx.xxx>
> 	SNMPCommunity PUBLIC
>       NasType TigrisNew
> 	Secret	xxxxxx
> 	DupInterval 60
> </Client>
> # Nationwide Dialup Virtual Addresses
> <Client xxx.xxx.xxx.xxx>
> 	Secret	xxxxxx
> 	DupInterval 60
> </Client>
>
> <AddressAllocator SQL>
> 	Identifier myallocator
>
> 	DBSource	DBI:mysql:radius:xxx.xxx.xxx.xxx:3306
> 	DBUsername	xxxx
> 	DBAuth	xxxxxx
>
> 	# DefaultLeasePeriod (in seconds) is.
> 	DefaultLeasePeriod	86400
>
> 	# How often we check the database for expired leases
> 	LeaseReclaimInterval 86400
>
> 	# Tigris NAS Realworld IP's
> 	<AddressPool xxx.xxx.xxx.xxx>
> 		# Subnetmask	255.255.255.192
> 		Range	xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
> 	</AddressPool>
> 	# Nationwide Dialup Virtual Address
> 	<AddressPool xxx.xxx.xxx.xxx>
> 		# Subnetmask	255.255.255.192
> 		Range	10.250.1.1 10.250.1.254
> 	</AddressPool>
> 	# Test pool for Radio PPPoE	
> 	<AddressPool xxx.xxx.xxx.xxx>
> 		# Subnetmask	255.255.255.192
> 		Range	xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
> 		DNSServer pppoe.inhb.co.nz
> 	</AddressPool>
>
> # USE THIS IF YOU WANT TO USE ADRESSED FROM THE SQL SUBSCRIBER  
> POOLNAME
> #	FindQuery select TIME_STAMP, YIADDR, SUBNETMASK, DNSSERVER from
> RADPOOL where POOL=? and STATE=0 order by TIME_STAMP
> #	FindQueryBindVar %0
> # OR USE THE ACTIVE LINE BELOW TO SELECT ANIP ADDRESS FORM THE POOL
> ASSIGNED TO THE NAS
> 	FindQuery select TIME_STAMP, YIADDR, SUBNETMASK, DNSSERVER from
> RADPOOL where POOL='%N' AND DNSSERVER='%R' and STATE=0 order by
> TIME_STAMP
> 	AllocateQuery update RADPOOL set STATE=1,TIME_STAMP=?,EXPIRY=?,
> USERNAME=? where YIADDR=? and TIME_STAMP =?
> 	AllocateQueryBindVar %0
> 	AllocateQueryBindVar %1
> 	AllocateQueryBindVar %2
> 	AllocateQueryBindVar %3
> 	AllocateQueryBindVar %4
> 	DeallocateQuery update RADPOOL set STATE=0, TIME_STAMP=? where
> YIADDR=?
> 	DeallocateQueryBindVar %t
> 	DeallocateQueryBindVar %0
> 	CheckPoolQuery select STATE from RADPOOL where YIADDR=?
> 	CheckPoolQueryBindVar %0
> 	AddAddressQuery insert into RADPOOL (STATE, TIME_STAMP, POOL,
> YIADDR, SUBNETMASK, DNSSERVER) values (0, ?, ?, ?, ?, ?)
> 	AddAddressQueryBindVar %t
> 	AddAddressQueryBindVar %0
> 	AddAddressQueryBindVar %1
> 	AddAddressQueryBindVar %2
> 	AddAddressQueryBindVar %3
> 	ReclaimQuery update RADPOOL set STATE=0 where STATE!=0 and
> EXPIRY < ?
> 	ReclaimQueryBindVar %0
> </AddressAllocator>
>
> # Authenticate all realms with this
> <Realm DEFAULT>
> 	AuthByPolicy ContinueWhileAccept
> 	<AuthBy SQL>
> 		DBSource	DBI:mysql:radius:xxx.xxx.xxx.xxx:3306
> 		DBUsername	xxxx
> 		DBAuth	xxxx
> 		NoDefault
> 		AuthSelect select PASSWORD, CHECKATTR, REPLYATTR,
> CONCAT('PoolHint = ',IPPOOL) AS IPPOOL, IPADDRESS, TIMELEFT,  
> MAXLOGINS,
> VALIDFROM, EXPIRATION from SUBSCRIBERS where USERNAME=%0 AND  
> ( TIMELEFT
> IS NULL OR TIMELEFT <> 0) AND STOPCREDIT = 0
> 			AuthColumnDef 0, User-Password, check
> 			AuthColumnDef 1, GENERIC, check
> 			AuthColumnDef 2, GENERIC, reply
> 			AuthColumnDef 3, GENERIC, reply
> 			AuthColumnDef 4, Framed-IP-Address,reply
> 			AuthColumnDef 5, Session-Timeout, reply
> 			AuthColumnDef 6, Port-Limit,reply
> 			AuthColumnDef 7, ValidFrom,check
> 			AuthColumnDef 8, Expiration,check
> 				AcctColumnDef  USERNAME,User-Name
> 				AcctColumnDef
> TIME_STAMP,Timestamp,integer
> 				AcctColumnDef
> ACCTSTATUSTYPE,Acct-Status-Type
> 				AcctColumnDef
> ACCTDELAYTIME,Acct-Delay-Time,integer
> 				AcctColumnDef
> ACCTINPUTOCTETS,Acct-Input-Octets,integer
> 				AcctColumnDef
> ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
> 				AcctColumnDef
> ACCTSESSIONID,Acct-Session-Id
> 				AcctColumnDef
> ACCTSESSIONTIME,Acct-Session-Time,integer
> 				AcctColumnDef
> ACCTTERMINATECAUSE,Acct_Terminate-Cause
> 				AcctColumnDef
> NASIDENTIFIER,NAS-Identifier
> 				AcctColumnDef  NASPORT,NAS-Port,integer
> 				AcctColumnDef
> FRAMEDIPADDRESS,Framed-IP-Address
> 				AcctColumnDef
> CALLEDSTATIONID,Called-Station-Id
> 				AcctColumnDef
> CALLINGSTATIONID,Calling-Station-Id
> 				AcctColumnDef
> ACCTMULTISESSIONID,Acct-Multi-Session-Id
> 				AcctColumnDef
> ACCTLINKCOUNT,Acct-Link-Count,integer
> 				AcctColumnDef
> ACCERRORMESSAGE,Acc-Error-Message,integer
> 					AcctSQLStatement update
> SUBSCRIBERS set TIMELEFT=TIMELEFT-0%{Acct-Session-Time} where
> USERNAME='%n' AND TIMELEFT > 0
>
> 		DateFormat %b %e, %Y %H:%M:%S	
> 		AcctFailedLogFileName %L/%Y%M%d.act
> 	</AuthBy>
>
>   <AuthBy FILE>
> 		Filename %D/users
> 	</AuthBy>
>
> 	# Log accounting to a detail file. %D is replaced by DbDir above
> 	AcctLogFileName	%D/detail
> 	
> 	<AuthBy DYNADDRESS>
> 		AddressAllocator myallocator
> 		PoolHint %{Reply:PoolHint}
> 		MapAttribute	yiaddr, Framed-IP-Address
> 		MapAttribute	subnetmask, Framed-IP-Netmask
> 		StripFromReply PoolHint
> 	</AuthBy>
> 	<Log SQL>
> 		# Defines how to connect to the database. See examples
> above
> 		DBSource	DBI:mysql:radius:xxx.xxx.xxx.xxx:3306
> 		DBUsername	xxxx
> 		DBAuth	xxxx
> 		# Trace level to use (allows same values as the global
> Trace level)
> 		Trace 3
> 	</Log>
> </Realm>
>
> <SessionDatabase SQL>
> 	DBSource	DBI:mysql:radius:xxx.xxx.xxx.xxx:3306
> 	DBUsername	xxxx
> 	DBAuth	xxxxxxx
> 	AddQuery insert into RADONLINE (USERNAME, NASIDENTIFIER,
> NASPORT, ACCTSESSIONID, TIME_STAMP, FRAMEDIPADDRESS, NASPORTTYPE,
> SERVICETYPE) values ('%u', '%1', %2, %3, %{Timestamp},
> '%{Framed-IP-Address}', '%{NAS-Port-Type}', '%{Service-Type}')
> 	DeleteQuery delete from RADONLINE where NASIDENTIFIER='%1' and
> NASPORT=%2
> 	ClearNasQuery delete from RADONLINE where NASIDENTIFIER='%0'
> 	CountQuery select NASIDENTIFIER, NASPORT, ACCTSESSIONID,
> FRAMEDIPADDRESS from RADONLINE where USERNAME='%u'
>  </SessionDatabase>
> ********************************************************************** 
> **
> *
> Level 4 Trace example:
> *** Received from xxx.xxx.xxx.xxx port 7000 ....
> Code:       Access-Request
> Identifier: 101
> Authentic:  !<211><178>x;6<190><249>r|!<6><156><222><24>w
> Attributes:
> 	User-Name = "xxxx"
> 	User-Password =
> "<131><204><216>a~A2<175><191><180><252><149>}I<191><178>"
> 	NAS-Port = 7
> 	NAS-Port-Type = Async
> 	Acc-Request-Type = User-Authentication
> 	Service-Type = Framed-User
> 	Framed-Protocol = PPP
> 	Called-Station-Id = "0xxxxxxx"
> 	Calling-Station-Id = "xxxxxx"
> 	NAS-Identifier = "xxx.xxx.xxx.xxx"
>
> Tue Nov 21 07:45:32 2006: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Tue Nov 21 07:45:32 2006: DEBUG:  Deleting session for blanche,
> 203.167.254.5, 7
> Tue Nov 21 07:45:32 2006: DEBUG: do query is: 'delete from RADONLINE
> where NASIDENTIFIER='xxx.xxx.xxx.xxx' and NASPORT=7':
>
> Tue Nov 21 07:45:32 2006: DEBUG: Handling with Radius::AuthSQL
> Tue Nov 21 07:45:32 2006: DEBUG: Handling with Radius::AuthSQL:
> Tue Nov 21 07:45:32 2006: DEBUG: Query is: 'select PASSWORD,  
> CHECKATTR,
> REPLYATTR, CONCAT('PoolHint = ',IPPOOL) AS IPPOOL, IPADDRESS,  
> TIMELEFT,
> MAXLOGINS, VALIDFROM, EXPIRATION from SUBSCRIBERS where  
> USERNAME='xxxx'
> AND ( TIMELEFT IS NULL OR TIMELEFT <> 0) AND STOPCREDIT = 0':
>
> Tue Nov 21 07:45:32 2006: DEBUG: Radius::AuthSQL looks for match with
> xxxx
> Tue Nov 21 07:45:32 2006: DEBUG: ValidFrom date converted to:  
> 946638000
> Tue Nov 21 07:45:32 2006: DEBUG: Expiration date converted to:
> 2145783600
> Tue Nov 21 07:45:32 2006: DEBUG: Radius::AuthSQL ACCEPT:
> Tue Nov 21 07:45:32 2006: DEBUG: Handling with Radius::AuthFILE:
> Tue Nov 21 07:45:32 2006: DEBUG: Radius::AuthFILE looks for match with
> xxxx
> Tue Nov 21 07:45:32 2006: DEBUG: Radius::AuthFILE looks for match with
> DEFAULT
> Tue Nov 21 07:45:32 2006: DEBUG: Radius::AuthFILE ACCEPT:
> Tue Nov 21 07:45:32 2006: DEBUG: Handling with Radius::AuthDYNADDRESS
> Tue Nov 21 07:45:32 2006: DEBUG: Query is: 'select TIME_STAMP, YIADDR,
> SUBNETMASK, DNSSERVER from RADPOOL where POOL='xxx.xxx.xxx.xxx' AND
> DNSSERVER='' and STATE=0 order by TIME_STAMP':
>
> Tue Nov 21 07:45:32 2006: INFO: Access rejected for xxxx: No available
> addresses
> Tue Nov 21 07:45:32 2006: WARNING: No such attribute PoolHint
> Tue Nov 21 07:45:32 2006: DEBUG: Packet dump:
> *** Sending to xxx.xxx.xxx.xxx port 7000 ....
> Code:       Access-Reject
> Identifier: 101
> Authentic:  !<211><178>x;6<190><249>r|!<6><156><222><24>w
> Attributes:
> 	PoolHint = AS5200
> 	Port-Limit = 1
> 	Framed-Protocol = PPP
> 	Framed-IP-Netmask = 255.255.255.0
> 	Framed-Routing = None
> 	Framed-MTU = 1500
> 	Framed-Compression = Van-Jacobson-TCP-IP
> 	Reply-Message = "Request Denied"
> **********************************************************************
> The only changes I have made are (apart from xxx Ip's Usernames &
> Passwords) are to the <CLIENT> section, and to LogDir & LogFile (as  
> the
> file was 1.63Gig..)
>
> Cheers
>
> Steve Bluck
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.



NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list