(RADIATOR) Nomadix and RAdmin - no SimultaneousUse control
Radu IONESCU
iradu at unitbv.ro
Fri Feb 9 06:56:17 CST 2007
Hello,
I have installed Radiator-3.16-1 and latest Radmin on a Fedora Core 6
platform, first with a flat user file, then MySQL.
I will use 2 clients, both Network Subscriber Gateways; for now, there is
only one, a Nomadix AG5000.
1.
The problem: cannot limit MaxSessions to one, with Nomadix and a (mostly)
default Radiator/RAdmin configuration; there is always only one record left
in Session Database!
Nomadix has only one NAS Port to send, and the default query for delete in
Session Database (where NASIDENTIFIER... and NASPORT...) will always delete
the existing record(s) in RADONLINE; I have always only one record, the one
for the last accepted session; no matter if there were several logins from
the same user on different MAC's or from different users!
Well, I tried to include in the DeleteQuery statement the USERNAME, but with
no better result and I can't move further...
2.
One more problem: is this normal, that in RAdmin web interface, a page (list
users, current sessions etc.) never comes with a listing as default; I have
always to click 'select' to see such a listing.
I have included latest radius.cfg and the listlog for two successive logons
of the same user from different PC's.
Thank you for any help!
Radu
----------- /etc/radiator/radius.cfg: -------------------------
# radius.cfg
#
#
# Radiator configuration file to interface to the
# Radmin user management package
#
Foreground
LogStdout
Trace 4
LogDir /var/log/radius
DbDir /etc/radiator
AuthPort 1812
AcctPort 1813
<ClientListSQL>
DBSource dbi:mysql:radmin:localhost
DBUsername ***
DBAuth ***
</ClientListSQL>
#
# the Mysql DB would have only one realm
# and the user accounts would be written including @...
# Handle everyone with RADMIN
<Realm DEFAULT>
<AuthBy RADMIN>
# Change DBSource, DBUsername, DBAuth for your database
# See the reference manual. You will also have to
# change the one in <SessionDatabse SQL> below
# so its the same
DBSource dbi:mysql:radmin:localhost
DBUsername ***
DBAuth ***
# Never look up the DEFAULT user
NoDefault
# You can add to or change these if you want, but you
# will probably want to change the database schema first
AccountingTable RADUSAGE
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type,integer
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef
ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
# AcctColumnDef NASIDENTIFIER,NAS-IP-Address
AcctColumnDef NASIDENTIFIER,NAS-Identifier
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef DNIS,Called-Station-Id
# AcctColumnDef CALLINGSTATIONID,Calling-Station-Id
# This updates the time and octets left
# for this user
AcctSQLStatement update RADUSERS set
TIMELEFT=TIMELEFT-0%{Acct-Session-Time},
OCTETSINLEFT=OCTETSINLEFT-0%{Acct-Input-Octets},
OCTETSOUTLEFT=OCTETSOUTLEFT-0%{Acct-Output-Octets} where USERNAME='%n'
# These are the things to add to each users
AddToReply Session-Timeout=1000,\
Idle-Timeout=1800,\
Nomadix-Bw-Up=128,\
Nomadix-Bw-Down=256,\
Nomadix-Volume-Based-Session-Timeout=20000
MaxBadLogins 3
</AuthBy>
# This clause logs all authentication successes and failures to the
RADAUTHLOG table
# Suitable for use with RAdmin version 1.6 or later
<AuthLog SQL>
# This database spec usually should be exactly the same
# as in <AuthBy RADMIN> above
DBSource dbi:mysql:radmin:localhost
DBUsername ***
DBAuth ***
LogSuccess
SuccessQuery insert into RADAUTHLOG (TIME_STAMP, USERNAME,
TYPE) values (%t, '%n', 1)
LogFailure
FailureQuery insert into RADAUTHLOG (TIME_STAMP, USERNAME,
TYPE, REASON) values (%t, '%n', 0, %1)
</AuthLog>
#
# DefaultSimultaneousUse 1
MaxSessions 1
</Realm>
<SessionDatabase SQL>
# This database spec usually should be exactly the same
# as in <AuthBy RADMIN> above
Identifier SDB-ndx
DBSource dbi:mysql:radmin:localhost
DBUsername ***
DBAuth ***
# ri - username is %0:
AddQuery insert into RADONLINE (USERNAME, NASIDENTIFIER, NASPORT,
ACCTSESSIONID, TIME_STAMP, FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE) values
(%0, '%1', '%2', %3, %{Timestamp}, '%{Framed-IP-Address}',
'%{NAS-Port-Type}', '%{Service-Type}')
# ri - added USERNAME=%0:
DeleteQuery delete from RADONLINE where USERNAME=%0 and
NASIDENTIFIER='%1' and NASPORT=0%2
ClearNasQuery delete from RADONLINE where NASIDENTIFIER=�%0�
# ri - included USERNAME as 5-th select:
CountQuery select NASIDENTIFIER, NASPORT, ACCTSESSIONID,
FRAMEDIPADDRESS , USERNAME from RADONLINE where USERNAME='%u'
#
</SessionDatabase>
#
------------------ end of radius.cfg ---------------------------------
------------------ two successive logons for the same user -
/var/log/radius/logfile: -----------------------
*** Received from 193.254.231.227 port 1812 ....
Code: Access-Request
Identifier: 188
Authentic: Ax<0><0><194>3<0><0>V<5><0><0><243>d<0><0>
Attributes:
User-Name = "dani at xu.unitbv.ro"
NAS-IP-Address = 193.254.231.227
NAS-Port = 0
Service-Type = Login-User
Acct-Session-Id = "0D00005F"
Called-Station-Id = "00-50-E8-01-80-8E"
Calling-Station-Id = "00-0A-E4-53-54-60"
Nomadix-Logoff-URL = "http://1.1.1.1"
WISPr-Location-ID = "isocc=RO,cc=40,ac=268,network=public"
NAS-Identifier = "AG5000"
NAS-Port-Type = Wireless-IEEE-802-11
Framed-IP-Address = 10.59.21.2
CHAP-Challenge = k<6><0><0>k(<0><0><14>2<0><0><213>r<0><0>
CHAP-Password =
<163><134><198><29><165><224>dZ<28>`9P<181>]9<3><205>
Fri Feb 9 14:25:18 2007: DEBUG: Handling request with Handler
'Realm=DEFAULT'
Fri Feb 9 14:25:18 2007: DEBUG: SDB-ndx Deleting session for
dani at xu.unitbv.ro, 193.254.231.227, 0
Fri Feb 9 14:25:18 2007: DEBUG: do query is: 'delete from RADONLINE where
USERNAME='dani at xu.unitbv.ro' and NASIDENTIFIER='193.254.231.227' and
NASPORT=00':
Fri Feb 9 14:25:18 2007: DEBUG: Query is: 'select NASIDENTIFIER, NASPORT,
ACCTSESSIONID, FRAMEDIPADDRESS , USERNAME from RADONLINE where
USERNAME='dani at xu.unitbv.ro'':
Fri Feb 9 14:25:18 2007: DEBUG: Handling with Radius::AuthRADMIN
Fri Feb 9 14:25:18 2007: DEBUG: Handling with Radius::AuthRADMIN:
Fri Feb 9 14:25:18 2007: DEBUG: Query is: 'select PASS_WORD, STATICADDRESS,
TIMELEFT, MAXLOGINS, SERVICENAME, BADLOGINS, VALIDFROM, VALIDTO from
RADUSERS where USERNAME='dani at xu.unitbv.ro'':
Fri Feb 9 14:25:18 2007: DEBUG: Query is: 'select ATTR_ID, VENDOR_ID,
IVALUE, SVALUE, ITEM_TYPE from RADCONFIG where NAME='dani at xu.unitbv.ro'
order by ITEM_TYPE':
Fri Feb 9 14:25:18 2007: DEBUG: Radius::AuthRADMIN looks for match with
dani at xu.unitbv.ro [dani at xu.unitbv.ro]
Fri Feb 9 14:25:18 2007: DEBUG: Query is: 'select NASIDENTIFIER, NASPORT,
ACCTSESSIONID, FRAMEDIPADDRESS , USERNAME from RADONLINE where
USERNAME='dani at xu.unitbv.ro'':
Fri Feb 9 14:25:18 2007: DEBUG: ValidFrom date converted to: 1167609600
Fri Feb 9 14:25:18 2007: DEBUG: Expiration date converted to: 1262304000
Fri Feb 9 14:25:18 2007: DEBUG: do query is: 'update RADUSERS set
BADLOGINS=0 where USERNAME='dani at xu.unitbv.ro'':
Fri Feb 9 14:25:18 2007: DEBUG: AuthBy RADMIN result: ACCEPT,
Fri Feb 9 14:25:18 2007: DEBUG: Access accepted for dani at xu.unitbv.ro
Fri Feb 9 14:25:18 2007: DEBUG: do query is: 'insert into RADAUTHLOG
(TIME_STAMP, USERNAME, TYPE) values (1171023918, 'dani at xu.unitbv.ro', 1)':
Fri Feb 9 14:25:18 2007: DEBUG: Packet dump:
*** Sending to 193.254.231.227 port 1812 ....
Code: Access-Accept
Identifier: 188
Authentic: Ax<0><0><194>3<0><0>V<5><0><0><243>d<0><0>
Attributes:
Session-Timeout = 1000
Idle-Timeout = 1800
Nomadix-Bw-Up = 128
Nomadix-Bw-Down = 256
Nomadix-Volume-Based-Session-Timeout = 20000
Fri Feb 9 14:25:20 2007: DEBUG: Packet dump:
*** Received from 193.254.231.227 port 1813 ....
Code: Accounting-Request
Identifier: 114
Authentic: q<207><218> $vTt<150><164>!<140><147><227><214>j
Attributes:
User-Name = "dani at xu.unitbv.ro"
NAS-IP-Address = 193.254.231.227
NAS-Port = 0
Acct-Status-Type = Start
Acct-Session-Id = "0D00005F"
Idle-Timeout = 1800
Event-Timestamp = 1171024255
Called-Station-Id = "00-50-E8-01-80-8E"
Calling-Station-Id = "00-0A-E4-53-54-60"
NAS-Identifier = "AG5000"
NAS-Port-Type = Wireless-IEEE-802-11
Framed-IP-Address = 10.59.21.2
Nomadix-Subnet = ""
WISPr-Location-ID = "isocc=RO,cc=40,ac=268,network=public"
Acct-Delay-Time = 0
Fri Feb 9 14:25:20 2007: DEBUG: Handling request with Handler
'Realm=DEFAULT'
Fri Feb 9 14:25:20 2007: DEBUG: SDB-ndx Adding session for
dani at xu.unitbv.ro, 193.254.231.227, 0
Fri Feb 9 14:25:20 2007: DEBUG: do query is: 'delete from RADONLINE where
USERNAME='dani at xu.unitbv.ro' and NASIDENTIFIER='193.254.231.227' and
NASPORT=00':
Fri Feb 9 14:25:20 2007: DEBUG: do query is: 'insert into RADONLINE
(USERNAME, NASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP,
FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE) values ('dani at xu.unitbv.ro',
'193.254.231.227', '0', '0D00005F', 1171023920, '10.59.21.2',
'Wireless-IEEE-802-11', '')':
Fri Feb 9 14:25:20 2007: DEBUG: Handling with Radius::AuthRADMIN
Fri Feb 9 14:25:20 2007: DEBUG: Handling accounting with Radius::AuthRADMIN
Fri Feb 9 14:25:20 2007: DEBUG: do query is: 'update RADUSERS set
TIMELEFT=TIMELEFT-0, OCTETSINLEFT=OCTETSINLEFT-0,
OCTETSOUTLEFT=OCTETSOUTLEFT-0 where USERNAME='dani at xu.unitbv.ro'':
Fri Feb 9 14:25:20 2007: DEBUG: do query is: 'insert into RADUSAGE
(ACCTDELAYTIME,ACCTSESSIONID,ACCTSTATUSTYPE,DNIS,FRAMEDIPADDRESS,NASIDENTIFI
ER,NASPORT,TIME_STAMP,USERNAME) values
(0,'0D00005F',1,'00-50-E8-01-80-8E','10.59.21.2','
Fri Feb 9 14:25:20 2007: DEBUG: AuthBy RADMIN result: ACCEPT,
Fri Feb 9 14:25:20 2007: DEBUG: Accounting accepted
Fri Feb 9 14:25:20 2007: DEBUG: Packet dump:
*** Sending to 193.254.231.227 port 1813 ....
Code: Accounting-Response
Identifier: 114
Authentic: q<207><218> $vTt<150><164>!<140><147><227><214>j
Attributes:
Fri Feb 9 14:25:38 2007: DEBUG: Packet dump:
*** Received from 193.254.231.227 port 1812 ....
Code: Access-Request
Identifier: 190
Authentic: }"<0><0><208>{<0><0><183>z<0><0>y<13><0><0>
Attributes:
User-Name = "dani at xu.unitbv.ro"
NAS-IP-Address = 193.254.231.227
NAS-Port = 0
Service-Type = Login-User
Acct-Session-Id = "0D000060"
Called-Station-Id = "00-50-E8-01-80-8E"
Calling-Station-Id = "00-D0-B7-B8-BA-46"
Nomadix-Logoff-URL = "http://1.1.1.1"
WISPr-Location-ID = "isocc=RO,cc=40,ac=268,network=public"
NAS-Identifier = "AG5000"
NAS-Port-Type = Wireless-IEEE-802-11
Framed-IP-Address = 193.254.230.7
CHAP-Challenge = <176><29><0><0><230><127><0><0><225>_<0><0>(D<0><0>
CHAP-Password = <164>d<17>Liz<174>)<167>d(.I)590
Fri Feb 9 14:25:38 2007: DEBUG: Handling request with Handler
'Realm=DEFAULT'
Fri Feb 9 14:25:38 2007: DEBUG: SDB-ndx Deleting session for
dani at xu.unitbv.ro, 193.254.231.227, 0
Fri Feb 9 14:25:38 2007: DEBUG: do query is: 'delete from RADONLINE where
USERNAME='dani at xu.unitbv.ro' and NASIDENTIFIER='193.254.231.227' and
NASPORT=00':
Fri Feb 9 14:25:38 2007: DEBUG: Query is: 'select NASIDENTIFIER, NASPORT,
ACCTSESSIONID, FRAMEDIPADDRESS , USERNAME from RADONLINE where
USERNAME='dani at xu.unitbv.ro'':
Fri Feb 9 14:25:38 2007: DEBUG: Handling with Radius::AuthRADMIN
Fri Feb 9 14:25:38 2007: DEBUG: Handling with Radius::AuthRADMIN:
Fri Feb 9 14:25:38 2007: DEBUG: Query is: 'select PASS_WORD, STATICADDRESS,
TIMELEFT, MAXLOGINS, SERVICENAME, BADLOGINS, VALIDFROM, VALIDTO from
RADUSERS where USERNAME='dani at xu.unitbv.ro'':
Fri Feb 9 14:25:38 2007: DEBUG: Query is: 'select ATTR_ID, VENDOR_ID,
IVALUE, SVALUE, ITEM_TYPE from RADCONFIG where NAME='dani at xu.unitbv.ro'
order by ITEM_TYPE':
Fri Feb 9 14:25:38 2007: DEBUG: Radius::AuthRADMIN looks for match with
dani at xu.unitbv.ro [dani at xu.unitbv.ro]
Fri Feb 9 14:25:38 2007: DEBUG: Query is: 'select NASIDENTIFIER, NASPORT,
ACCTSESSIONID, FRAMEDIPADDRESS , USERNAME from RADONLINE where
USERNAME='dani at xu.unitbv.ro'':
Fri Feb 9 14:25:38 2007: DEBUG: ValidFrom date converted to: 1167609600
Fri Feb 9 14:25:38 2007: DEBUG: Expiration date converted to: 1262304000
Fri Feb 9 14:25:38 2007: DEBUG: do query is: 'update RADUSERS set
BADLOGINS=0 where USERNAME='dani at xu.unitbv.ro'':
Fri Feb 9 14:25:38 2007: DEBUG: AuthBy RADMIN result: ACCEPT,
Fri Feb 9 14:25:38 2007: DEBUG: Access accepted for dani at xu.unitbv.ro
Fri Feb 9 14:25:38 2007: DEBUG: do query is: 'insert into RADAUTHLOG
(TIME_STAMP, USERNAME, TYPE) values (1171023938, 'dani at xu.unitbv.ro', 1)':
Fri Feb 9 14:25:38 2007: DEBUG: Packet dump:
*** Sending to 193.254.231.227 port 1812 ....
Code: Access-Accept
Identifier: 190
Authentic: }"<0><0><208>{<0><0><183>z<0><0>y<13><0><0>
Attributes:
Session-Timeout = 1000
Idle-Timeout = 1800
Nomadix-Bw-Up = 128
Nomadix-Bw-Down = 256
Nomadix-Volume-Based-Session-Timeout = 20000
Fri Feb 9 14:25:40 2007: DEBUG: Packet dump:
*** Received from 193.254.231.227 port 1813 ....
Code: Accounting-Request
Identifier: 116
Authentic: <155> <28>k<204><239><198><189><16>_<246><28>K<213><169><240>
Attributes:
User-Name = "dani at xu.unitbv.ro"
NAS-IP-Address = 193.254.231.227
NAS-Port = 0
Acct-Status-Type = Start
Acct-Session-Id = "0D000060"
Idle-Timeout = 1800
Event-Timestamp = 1171024275
Called-Station-Id = "00-50-E8-01-80-8E"
Calling-Station-Id = "00-D0-B7-B8-BA-46"
NAS-Identifier = "AG5000"
NAS-Port-Type = Wireless-IEEE-802-11
Framed-IP-Address = 193.254.230.7
Nomadix-Subnet = ""
WISPr-Location-ID = "isocc=RO,cc=40,ac=268,network=public"
Acct-Delay-Time = 0
Fri Feb 9 14:25:40 2007: DEBUG: Handling request with Handler
'Realm=DEFAULT'
Fri Feb 9 14:25:40 2007: DEBUG: SDB-ndx Adding session for
dani at xu.unitbv.ro, 193.254.231.227, 0
Fri Feb 9 14:25:40 2007: DEBUG: do query is: 'delete from RADONLINE where
USERNAME='dani at xu.unitbv.ro' and NASIDENTIFIER='193.254.231.227' and
NASPORT=00':
Fri Feb 9 14:25:40 2007: DEBUG: do query is: 'insert into RADONLINE
(USERNAME, NASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP,
FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE) values ('dani at xu.unitbv.ro',
'193.254.231.227', '0', '0D000060', 1171023940, '193.254.230.7',
'Wireless-IEEE-802-11', '')':
Fri Feb 9 14:25:40 2007: DEBUG: Handling with Radius::AuthRADMIN
Fri Feb 9 14:25:40 2007: DEBUG: Handling accounting with Radius::AuthRADMIN
Fri Feb 9 14:25:40 2007: DEBUG: do query is: 'update RADUSERS set
TIMELEFT=TIMELEFT-0, OCTETSINLEFT=OCTETSINLEFT-0,
OCTETSOUTLEFT=OCTETSOUTLEFT-0 where USERNAME='dani at xu.unitbv.ro'':
Fri Feb 9 14:25:40 2007: DEBUG: do query is: 'insert into RADUSAGE
(ACCTDELAYTIME,ACCTSESSIONID,ACCTSTATUSTYPE,DNIS,FRAMEDIPADDRESS,NASIDENTIFI
ER,NASPORT,TIME_STAMP,USERNAME) values
(0,'0D000060',1,'00-50-E8-01-80-8E','193.254.230.7
Fri Feb 9 14:25:40 2007: DEBUG: AuthBy RADMIN result: ACCEPT,
Fri Feb 9 14:25:40 2007: DEBUG: Accounting accepted
Fri Feb 9 14:25:40 2007: DEBUG: Packet dump:
*** Sending to 193.254.231.227 port 1813 ....
Code: Accounting-Response
Identifier: 116
Authentic: <155> <28>k<204><239><198><189><16>_<246><28>K<213><169><240>
Attributes:
---------------- end of logfile ---------------------------
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list