(RADIATOR) Nomadix and RAdmin - no SimultaneousUse control
Hugh Irvine
hugh at open.com.au
Fri Feb 9 14:35:11 CST 2007
Hello Radu -
For problem 1 you can try using the NASIDENTIFIER and ACCTSESSIONID
in the DeleteQuery.
For problem 2 what you describe is normal, you need to click 'select'
to see the listing.
regards
Hugh
On 9 Feb 2007, at 23:56, Radu IONESCU wrote:
> Hello,
>
> I have installed Radiator-3.16-1 and latest Radmin on a Fedora Core 6
> platform, first with a flat user file, then MySQL.
> I will use 2 clients, both Network Subscriber Gateways; for now,
> there is
> only one, a Nomadix AG5000.
>
> 1.
> The problem: cannot limit MaxSessions to one, with Nomadix and a
> (mostly)
> default Radiator/RAdmin configuration; there is always only one
> record left
> in Session Database!
>
> Nomadix has only one NAS Port to send, and the default query for
> delete in
> Session Database (where NASIDENTIFIER... and NASPORT...) will
> always delete
> the existing record(s) in RADONLINE; I have always only one record,
> the one
> for the last accepted session; no matter if there were several
> logins from
> the same user on different MAC's or from different users!
> Well, I tried to include in the DeleteQuery statement the USERNAME,
> but with
> no better result and I can't move further...
> 2.
> One more problem: is this normal, that in RAdmin web interface, a
> page (list
> users, current sessions etc.) never comes with a listing as
> default; I have
> always to click 'select' to see such a listing.
>
> I have included latest radius.cfg and the listlog for two
> successive logons
> of the same user from different PC's.
>
> Thank you for any help!
>
> Radu
>
> ----------- /etc/radiator/radius.cfg: -------------------------
>
> # radius.cfg
> #
> #
> # Radiator configuration file to interface to the
> # Radmin user management package
> #
> Foreground
> LogStdout
> Trace 4
> LogDir /var/log/radius
> DbDir /etc/radiator
> AuthPort 1812
> AcctPort 1813
> <ClientListSQL>
> DBSource dbi:mysql:radmin:localhost
> DBUsername ***
> DBAuth ***
>
> </ClientListSQL>
>
> #
> # the Mysql DB would have only one realm
> # and the user accounts would be written including @...
>
> # Handle everyone with RADMIN
> <Realm DEFAULT>
> <AuthBy RADMIN>
> # Change DBSource, DBUsername, DBAuth for your database
> # See the reference manual. You will also have to
> # change the one in <SessionDatabse SQL> below
> # so its the same
> DBSource dbi:mysql:radmin:localhost
> DBUsername ***
> DBAuth ***
>
> # Never look up the DEFAULT user
> NoDefault
>
> # You can add to or change these if you want, but you
> # will probably want to change the database schema first
> AccountingTable RADUSAGE
> AcctColumnDef USERNAME,User-Name
> AcctColumnDef TIME_STAMP,Timestamp,integer
> AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type,integer
> AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
> AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
> AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
> AcctColumnDef ACCTSESSIONID,Acct-Session-Id
> AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
> AcctColumnDef
> ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer
> AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
> # AcctColumnDef NASIDENTIFIER,NAS-IP-Address
> AcctColumnDef NASIDENTIFIER,NAS-Identifier
> AcctColumnDef NASPORT,NAS-Port,integer
> AcctColumnDef DNIS,Called-Station-Id
> # AcctColumnDef CALLINGSTATIONID,Calling-Station-Id
>
> # This updates the time and octets left
> # for this user
> AcctSQLStatement update RADUSERS set
> TIMELEFT=TIMELEFT-0%{Acct-Session-Time},
> OCTETSINLEFT=OCTETSINLEFT-0%{Acct-Input-Octets},
> OCTETSOUTLEFT=OCTETSOUTLEFT-0%{Acct-Output-Octets} where USERNAME='%n'
>
> # These are the things to add to each users
> AddToReply Session-Timeout=1000,\
> Idle-Timeout=1800,\
> Nomadix-Bw-Up=128,\
> Nomadix-Bw-Down=256,\
> Nomadix-Volume-Based-Session-Timeout=20000
>
> MaxBadLogins 3
> </AuthBy>
>
> # This clause logs all authentication successes and failures to the
> RADAUTHLOG table
> # Suitable for use with RAdmin version 1.6 or later
> <AuthLog SQL>
> # This database spec usually should be exactly the same
> # as in <AuthBy RADMIN> above
> DBSource dbi:mysql:radmin:localhost
> DBUsername ***
> DBAuth ***
>
> LogSuccess
> SuccessQuery insert into RADAUTHLOG (TIME_STAMP, USERNAME,
> TYPE) values (%t, '%n', 1)
> LogFailure
> FailureQuery insert into RADAUTHLOG (TIME_STAMP, USERNAME,
> TYPE, REASON) values (%t, '%n', 0, %1)
> </AuthLog>
> #
> # DefaultSimultaneousUse 1
> MaxSessions 1
>
> </Realm>
>
> <SessionDatabase SQL>
> # This database spec usually should be exactly the same
> # as in <AuthBy RADMIN> above
> Identifier SDB-ndx
> DBSource dbi:mysql:radmin:localhost
> DBUsername ***
> DBAuth ***
> # ri - username is %0:
> AddQuery insert into RADONLINE (USERNAME, NASIDENTIFIER, NASPORT,
> ACCTSESSIONID, TIME_STAMP, FRAMEDIPADDRESS, NASPORTTYPE,
> SERVICETYPE) values
> (%0, '%1', '%2', %3, %{Timestamp}, '%{Framed-IP-Address}',
> '%{NAS-Port-Type}', '%{Service-Type}')
> # ri - added USERNAME=%0:
> DeleteQuery delete from RADONLINE where USERNAME=%0 and
> NASIDENTIFIER='%1' and NASPORT=0%2
> ClearNasQuery delete from RADONLINE where NASIDENTIFIER=�%0�
> # ri - included USERNAME as 5-th select:
> CountQuery select NASIDENTIFIER, NASPORT, ACCTSESSIONID,
> FRAMEDIPADDRESS , USERNAME from RADONLINE where USERNAME='%u'
>
> #
> </SessionDatabase>
>
> #
> ------------------ end of radius.cfg ---------------------------------
>
>
> ------------------ two successive logons for the same user -
> /var/log/radius/logfile: -----------------------
>
> *** Received from 193.254.231.227 port 1812 ....
> Code: Access-Request
> Identifier: 188
> Authentic: Ax<0><0><194>3<0><0>V<5><0><0><243>d<0><0>
> Attributes:
> User-Name = "dani at xu.unitbv.ro"
> NAS-IP-Address = 193.254.231.227
> NAS-Port = 0
> Service-Type = Login-User
> Acct-Session-Id = "0D00005F"
> Called-Station-Id = "00-50-E8-01-80-8E"
> Calling-Station-Id = "00-0A-E4-53-54-60"
> Nomadix-Logoff-URL = "http://1.1.1.1"
> WISPr-Location-ID = "isocc=RO,cc=40,ac=268,network=public"
> NAS-Identifier = "AG5000"
> NAS-Port-Type = Wireless-IEEE-802-11
> Framed-IP-Address = 10.59.21.2
> CHAP-Challenge = k<6><0><0>k(<0><0><14>2<0><0><213>r<0><0>
> CHAP-Password =
> <163><134><198><29><165><224>dZ<28>`9P<181>]9<3><205>
>
> Fri Feb 9 14:25:18 2007: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Fri Feb 9 14:25:18 2007: DEBUG: SDB-ndx Deleting session for
> dani at xu.unitbv.ro, 193.254.231.227, 0
> Fri Feb 9 14:25:18 2007: DEBUG: do query is: 'delete from
> RADONLINE where
> USERNAME='dani at xu.unitbv.ro' and NASIDENTIFIER='193.254.231.227' and
> NASPORT=00':
> Fri Feb 9 14:25:18 2007: DEBUG: Query is: 'select NASIDENTIFIER,
> NASPORT,
> ACCTSESSIONID, FRAMEDIPADDRESS , USERNAME from RADONLINE where
> USERNAME='dani at xu.unitbv.ro'':
> Fri Feb 9 14:25:18 2007: DEBUG: Handling with Radius::AuthRADMIN
> Fri Feb 9 14:25:18 2007: DEBUG: Handling with Radius::AuthRADMIN:
> Fri Feb 9 14:25:18 2007: DEBUG: Query is: 'select PASS_WORD,
> STATICADDRESS,
> TIMELEFT, MAXLOGINS, SERVICENAME, BADLOGINS, VALIDFROM, VALIDTO from
> RADUSERS where USERNAME='dani at xu.unitbv.ro'':
> Fri Feb 9 14:25:18 2007: DEBUG: Query is: 'select ATTR_ID, VENDOR_ID,
> IVALUE, SVALUE, ITEM_TYPE from RADCONFIG where
> NAME='dani at xu.unitbv.ro'
> order by ITEM_TYPE':
> Fri Feb 9 14:25:18 2007: DEBUG: Radius::AuthRADMIN looks for match
> with
> dani at xu.unitbv.ro [dani at xu.unitbv.ro]
> Fri Feb 9 14:25:18 2007: DEBUG: Query is: 'select NASIDENTIFIER,
> NASPORT,
> ACCTSESSIONID, FRAMEDIPADDRESS , USERNAME from RADONLINE where
> USERNAME='dani at xu.unitbv.ro'':
> Fri Feb 9 14:25:18 2007: DEBUG: ValidFrom date converted to:
> 1167609600
> Fri Feb 9 14:25:18 2007: DEBUG: Expiration date converted to:
> 1262304000
> Fri Feb 9 14:25:18 2007: DEBUG: do query is: 'update RADUSERS set
> BADLOGINS=0 where USERNAME='dani at xu.unitbv.ro'':
> Fri Feb 9 14:25:18 2007: DEBUG: AuthBy RADMIN result: ACCEPT,
> Fri Feb 9 14:25:18 2007: DEBUG: Access accepted for dani at xu.unitbv.ro
> Fri Feb 9 14:25:18 2007: DEBUG: do query is: 'insert into RADAUTHLOG
> (TIME_STAMP, USERNAME, TYPE) values (1171023918,
> 'dani at xu.unitbv.ro', 1)':
> Fri Feb 9 14:25:18 2007: DEBUG: Packet dump:
> *** Sending to 193.254.231.227 port 1812 ....
> Code: Access-Accept
> Identifier: 188
> Authentic: Ax<0><0><194>3<0><0>V<5><0><0><243>d<0><0>
> Attributes:
> Session-Timeout = 1000
> Idle-Timeout = 1800
> Nomadix-Bw-Up = 128
> Nomadix-Bw-Down = 256
> Nomadix-Volume-Based-Session-Timeout = 20000
>
> Fri Feb 9 14:25:20 2007: DEBUG: Packet dump:
> *** Received from 193.254.231.227 port 1813 ....
> Code: Accounting-Request
> Identifier: 114
> Authentic: q<207><218> $vTt<150><164>!<140><147><227><214>j
> Attributes:
> User-Name = "dani at xu.unitbv.ro"
> NAS-IP-Address = 193.254.231.227
> NAS-Port = 0
> Acct-Status-Type = Start
> Acct-Session-Id = "0D00005F"
> Idle-Timeout = 1800
> Event-Timestamp = 1171024255
> Called-Station-Id = "00-50-E8-01-80-8E"
> Calling-Station-Id = "00-0A-E4-53-54-60"
> NAS-Identifier = "AG5000"
> NAS-Port-Type = Wireless-IEEE-802-11
> Framed-IP-Address = 10.59.21.2
> Nomadix-Subnet = ""
> WISPr-Location-ID = "isocc=RO,cc=40,ac=268,network=public"
> Acct-Delay-Time = 0
>
> Fri Feb 9 14:25:20 2007: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Fri Feb 9 14:25:20 2007: DEBUG: SDB-ndx Adding session for
> dani at xu.unitbv.ro, 193.254.231.227, 0
> Fri Feb 9 14:25:20 2007: DEBUG: do query is: 'delete from
> RADONLINE where
> USERNAME='dani at xu.unitbv.ro' and NASIDENTIFIER='193.254.231.227' and
> NASPORT=00':
> Fri Feb 9 14:25:20 2007: DEBUG: do query is: 'insert into RADONLINE
> (USERNAME, NASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP,
> FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE) values
> ('dani at xu.unitbv.ro',
> '193.254.231.227', '0', '0D00005F', 1171023920, '10.59.21.2',
> 'Wireless-IEEE-802-11', '')':
> Fri Feb 9 14:25:20 2007: DEBUG: Handling with Radius::AuthRADMIN
> Fri Feb 9 14:25:20 2007: DEBUG: Handling accounting with
> Radius::AuthRADMIN
> Fri Feb 9 14:25:20 2007: DEBUG: do query is: 'update RADUSERS set
> TIMELEFT=TIMELEFT-0, OCTETSINLEFT=OCTETSINLEFT-0,
> OCTETSOUTLEFT=OCTETSOUTLEFT-0 where USERNAME='dani at xu.unitbv.ro'':
> Fri Feb 9 14:25:20 2007: DEBUG: do query is: 'insert into RADUSAGE
> (ACCTDELAYTIME,ACCTSESSIONID,ACCTSTATUSTYPE,DNIS,FRAMEDIPADDRESS,NASID
> ENTIFI
> ER,NASPORT,TIME_STAMP,USERNAME) values
> (0,'0D00005F',1,'00-50-E8-01-80-8E','10.59.21.2','
> Fri Feb 9 14:25:20 2007: DEBUG: AuthBy RADMIN result: ACCEPT,
> Fri Feb 9 14:25:20 2007: DEBUG: Accounting accepted
> Fri Feb 9 14:25:20 2007: DEBUG: Packet dump:
> *** Sending to 193.254.231.227 port 1813 ....
> Code: Accounting-Response
> Identifier: 114
> Authentic: q<207><218> $vTt<150><164>!<140><147><227><214>j
> Attributes:
>
> Fri Feb 9 14:25:38 2007: DEBUG: Packet dump:
> *** Received from 193.254.231.227 port 1812 ....
> Code: Access-Request
> Identifier: 190
> Authentic: }"<0><0><208>{<0><0><183>z<0><0>y<13><0><0>
> Attributes:
> User-Name = "dani at xu.unitbv.ro"
> NAS-IP-Address = 193.254.231.227
> NAS-Port = 0
> Service-Type = Login-User
> Acct-Session-Id = "0D000060"
> Called-Station-Id = "00-50-E8-01-80-8E"
> Calling-Station-Id = "00-D0-B7-B8-BA-46"
> Nomadix-Logoff-URL = "http://1.1.1.1"
> WISPr-Location-ID = "isocc=RO,cc=40,ac=268,network=public"
> NAS-Identifier = "AG5000"
> NAS-Port-Type = Wireless-IEEE-802-11
> Framed-IP-Address = 193.254.230.7
> CHAP-Challenge = <176><29><0><0><230><127><0><0><225>_<0><0>(D<0><0>
> CHAP-Password = <164>d<17>Liz<174>)<167>d(.I)590
>
> Fri Feb 9 14:25:38 2007: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Fri Feb 9 14:25:38 2007: DEBUG: SDB-ndx Deleting session for
> dani at xu.unitbv.ro, 193.254.231.227, 0
> Fri Feb 9 14:25:38 2007: DEBUG: do query is: 'delete from
> RADONLINE where
> USERNAME='dani at xu.unitbv.ro' and NASIDENTIFIER='193.254.231.227' and
> NASPORT=00':
> Fri Feb 9 14:25:38 2007: DEBUG: Query is: 'select NASIDENTIFIER,
> NASPORT,
> ACCTSESSIONID, FRAMEDIPADDRESS , USERNAME from RADONLINE where
> USERNAME='dani at xu.unitbv.ro'':
> Fri Feb 9 14:25:38 2007: DEBUG: Handling with Radius::AuthRADMIN
> Fri Feb 9 14:25:38 2007: DEBUG: Handling with Radius::AuthRADMIN:
> Fri Feb 9 14:25:38 2007: DEBUG: Query is: 'select PASS_WORD,
> STATICADDRESS,
> TIMELEFT, MAXLOGINS, SERVICENAME, BADLOGINS, VALIDFROM, VALIDTO from
> RADUSERS where USERNAME='dani at xu.unitbv.ro'':
> Fri Feb 9 14:25:38 2007: DEBUG: Query is: 'select ATTR_ID, VENDOR_ID,
> IVALUE, SVALUE, ITEM_TYPE from RADCONFIG where
> NAME='dani at xu.unitbv.ro'
> order by ITEM_TYPE':
> Fri Feb 9 14:25:38 2007: DEBUG: Radius::AuthRADMIN looks for match
> with
> dani at xu.unitbv.ro [dani at xu.unitbv.ro]
> Fri Feb 9 14:25:38 2007: DEBUG: Query is: 'select NASIDENTIFIER,
> NASPORT,
> ACCTSESSIONID, FRAMEDIPADDRESS , USERNAME from RADONLINE where
> USERNAME='dani at xu.unitbv.ro'':
> Fri Feb 9 14:25:38 2007: DEBUG: ValidFrom date converted to:
> 1167609600
> Fri Feb 9 14:25:38 2007: DEBUG: Expiration date converted to:
> 1262304000
> Fri Feb 9 14:25:38 2007: DEBUG: do query is: 'update RADUSERS set
> BADLOGINS=0 where USERNAME='dani at xu.unitbv.ro'':
> Fri Feb 9 14:25:38 2007: DEBUG: AuthBy RADMIN result: ACCEPT,
> Fri Feb 9 14:25:38 2007: DEBUG: Access accepted for dani at xu.unitbv.ro
> Fri Feb 9 14:25:38 2007: DEBUG: do query is: 'insert into RADAUTHLOG
> (TIME_STAMP, USERNAME, TYPE) values (1171023938,
> 'dani at xu.unitbv.ro', 1)':
> Fri Feb 9 14:25:38 2007: DEBUG: Packet dump:
> *** Sending to 193.254.231.227 port 1812 ....
> Code: Access-Accept
> Identifier: 190
> Authentic: }"<0><0><208>{<0><0><183>z<0><0>y<13><0><0>
> Attributes:
> Session-Timeout = 1000
> Idle-Timeout = 1800
> Nomadix-Bw-Up = 128
> Nomadix-Bw-Down = 256
> Nomadix-Volume-Based-Session-Timeout = 20000
>
> Fri Feb 9 14:25:40 2007: DEBUG: Packet dump:
> *** Received from 193.254.231.227 port 1813 ....
> Code: Accounting-Request
> Identifier: 116
> Authentic: <155>
> <28>k<204><239><198><189><16>_<246><28>K<213><169><240>
> Attributes:
> User-Name = "dani at xu.unitbv.ro"
> NAS-IP-Address = 193.254.231.227
> NAS-Port = 0
> Acct-Status-Type = Start
> Acct-Session-Id = "0D000060"
> Idle-Timeout = 1800
> Event-Timestamp = 1171024275
> Called-Station-Id = "00-50-E8-01-80-8E"
> Calling-Station-Id = "00-D0-B7-B8-BA-46"
> NAS-Identifier = "AG5000"
> NAS-Port-Type = Wireless-IEEE-802-11
> Framed-IP-Address = 193.254.230.7
> Nomadix-Subnet = ""
> WISPr-Location-ID = "isocc=RO,cc=40,ac=268,network=public"
> Acct-Delay-Time = 0
>
> Fri Feb 9 14:25:40 2007: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Fri Feb 9 14:25:40 2007: DEBUG: SDB-ndx Adding session for
> dani at xu.unitbv.ro, 193.254.231.227, 0
> Fri Feb 9 14:25:40 2007: DEBUG: do query is: 'delete from
> RADONLINE where
> USERNAME='dani at xu.unitbv.ro' and NASIDENTIFIER='193.254.231.227' and
> NASPORT=00':
> Fri Feb 9 14:25:40 2007: DEBUG: do query is: 'insert into RADONLINE
> (USERNAME, NASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP,
> FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE) values
> ('dani at xu.unitbv.ro',
> '193.254.231.227', '0', '0D000060', 1171023940, '193.254.230.7',
> 'Wireless-IEEE-802-11', '')':
> Fri Feb 9 14:25:40 2007: DEBUG: Handling with Radius::AuthRADMIN
> Fri Feb 9 14:25:40 2007: DEBUG: Handling accounting with
> Radius::AuthRADMIN
> Fri Feb 9 14:25:40 2007: DEBUG: do query is: 'update RADUSERS set
> TIMELEFT=TIMELEFT-0, OCTETSINLEFT=OCTETSINLEFT-0,
> OCTETSOUTLEFT=OCTETSOUTLEFT-0 where USERNAME='dani at xu.unitbv.ro'':
> Fri Feb 9 14:25:40 2007: DEBUG: do query is: 'insert into RADUSAGE
> (ACCTDELAYTIME,ACCTSESSIONID,ACCTSTATUSTYPE,DNIS,FRAMEDIPADDRESS,NASID
> ENTIFI
> ER,NASPORT,TIME_STAMP,USERNAME) values
> (0,'0D000060',1,'00-50-E8-01-80-8E','193.254.230.7
> Fri Feb 9 14:25:40 2007: DEBUG: AuthBy RADMIN result: ACCEPT,
> Fri Feb 9 14:25:40 2007: DEBUG: Accounting accepted
> Fri Feb 9 14:25:40 2007: DEBUG: Packet dump:
> *** Sending to 193.254.231.227 port 1813 ....
> Code: Accounting-Response
> Identifier: 116
> Authentic: <155>
> <28>k<204><239><198><189><16>_<246><28>K<213><169><240>
> Attributes:
> ---------------- end of logfile ---------------------------
>
>
>
>
>
>
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list