(RADIATOR) Nomadix and RAdmin - no SimultaneousUse control

Hugh Irvine hugh at open.com.au
Fri Feb 9 14:35:11 CST 2007


Hello Radu -

For problem 1 you can try using the NASIDENTIFIER and ACCTSESSIONID  
in the DeleteQuery.

For problem 2 what you describe is normal, you need to click 'select'  
to see the listing.

regards

Hugh



On 9 Feb 2007, at 23:56, Radu IONESCU wrote:

> Hello,
>
> I have installed Radiator-3.16-1 and latest Radmin on a Fedora Core 6
> platform, first with a flat user file, then MySQL.
> I will use 2 clients, both Network Subscriber Gateways; for now,  
> there is
> only one, a Nomadix AG5000.
>
> 1.
> The problem: cannot limit MaxSessions to one, with Nomadix and a  
> (mostly)
> default Radiator/RAdmin configuration; there is always only one  
> record left
> in Session Database!
>
> Nomadix has only one NAS Port to send, and the default query for  
> delete in
> Session Database (where NASIDENTIFIER... and  NASPORT...) will  
> always delete
> the existing record(s) in RADONLINE; I have always only one record,  
> the one
> for the last accepted session; no matter if there were several  
> logins from
> the same user on different MAC's or from different users!
> Well, I tried to include in the DeleteQuery statement the USERNAME,  
> but with
> no better result and I can't move further...
> 2.
> One more problem: is this normal, that in RAdmin web interface, a  
> page (list
> users, current sessions etc.) never comes with a listing as  
> default; I have
> always to click 'select' to see such a listing.
>
> I have included latest radius.cfg and the listlog for two  
> successive logons
> of the same user from different PC's.
>
> Thank you for any help!
>
> Radu
>
> ----------- /etc/radiator/radius.cfg: -------------------------
>
> # radius.cfg
> #
> #
> # Radiator configuration file to interface to the
> # Radmin user management package
> #
> Foreground
> LogStdout
> Trace 4
> LogDir		/var/log/radius
> DbDir		/etc/radiator
> AuthPort 1812
> AcctPort 1813
> <ClientListSQL>
> 	DBSource	dbi:mysql:radmin:localhost
> 	DBUsername	***
> 	DBAuth	***
> 	
> </ClientListSQL>
>
> #
> # the Mysql DB would have only one realm
> # and the user accounts would be written including @...
>
> # Handle everyone with RADMIN
> <Realm DEFAULT>
> 	<AuthBy RADMIN>
> 		# Change DBSource, DBUsername, DBAuth for your database
> 		# See the reference manual. You will also have to
> 		# change the one in <SessionDatabse SQL> below
> 		# so its the same
> 		DBSource	dbi:mysql:radmin:localhost
> 		DBUsername	***
> 		DBAuth	***
>
> 		# Never look up the DEFAULT user
> 		NoDefault
>
> 		# You can add to or change these if you want, but you
> 		# will probably want to change the database schema first
> 		AccountingTable	RADUSAGE
> 		AcctColumnDef	USERNAME,User-Name
> 		AcctColumnDef	TIME_STAMP,Timestamp,integer
> 		AcctColumnDef	ACCTSTATUSTYPE,Acct-Status-Type,integer
> 		AcctColumnDef	ACCTDELAYTIME,Acct-Delay-Time,integer
> 		AcctColumnDef	ACCTINPUTOCTETS,Acct-Input-Octets,integer
> 		AcctColumnDef	ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
> 		AcctColumnDef	ACCTSESSIONID,Acct-Session-Id
> 		AcctColumnDef	ACCTSESSIONTIME,Acct-Session-Time,integer
> 		AcctColumnDef
> ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer
> 		AcctColumnDef	FRAMEDIPADDRESS,Framed-IP-Address
> #		AcctColumnDef	NASIDENTIFIER,NAS-IP-Address
> 		AcctColumnDef	NASIDENTIFIER,NAS-Identifier
> 		AcctColumnDef	NASPORT,NAS-Port,integer
> 		AcctColumnDef	DNIS,Called-Station-Id
> #		AcctColumnDef	CALLINGSTATIONID,Calling-Station-Id
>
> 		# This updates the time and octets left
> 		# for this user
> 		AcctSQLStatement update RADUSERS set
> TIMELEFT=TIMELEFT-0%{Acct-Session-Time},
> OCTETSINLEFT=OCTETSINLEFT-0%{Acct-Input-Octets},
> OCTETSOUTLEFT=OCTETSOUTLEFT-0%{Acct-Output-Octets} where USERNAME='%n'
>
> 		# These are the things to add to each users
> 		AddToReply Session-Timeout=1000,\
> 			Idle-Timeout=1800,\
> 			Nomadix-Bw-Up=128,\
> 			Nomadix-Bw-Down=256,\
> 			Nomadix-Volume-Based-Session-Timeout=20000
> 		
> 		MaxBadLogins 3
> 	</AuthBy>
>
> 	# This clause logs all authentication successes and failures to the
> RADAUTHLOG table
> 	# Suitable for use with RAdmin version 1.6 or later
> 	<AuthLog SQL>
> 		# This database spec usually should be exactly the same
> 		# as in <AuthBy RADMIN> above
> 		DBSource	dbi:mysql:radmin:localhost
> 		DBUsername	***
> 		DBAuth	***
>
> 		LogSuccess
> 		SuccessQuery insert into RADAUTHLOG (TIME_STAMP, USERNAME,
> TYPE) values (%t, '%n', 1)
> 		LogFailure
> 		FailureQuery insert into RADAUTHLOG (TIME_STAMP, USERNAME,
> TYPE, REASON) values (%t, '%n', 0, %1)
> 	</AuthLog>
> #
> #		DefaultSimultaneousUse 1
> 		MaxSessions	1
>
> </Realm>
>
> <SessionDatabase SQL>
> 	# This database spec usually should be exactly the same
> 	# as in <AuthBy RADMIN> above
> 	Identifier SDB-ndx
> 	DBSource	dbi:mysql:radmin:localhost
> 	DBUsername	***
> 	DBAuth	***
> 	# ri - username is %0:
> 	AddQuery insert into RADONLINE (USERNAME, NASIDENTIFIER, NASPORT,
> ACCTSESSIONID, TIME_STAMP, FRAMEDIPADDRESS, NASPORTTYPE,  
> SERVICETYPE) values
> (%0, '%1', '%2', %3, %{Timestamp}, '%{Framed-IP-Address}',
> '%{NAS-Port-Type}', '%{Service-Type}')
> 	# ri - added USERNAME=%0:
> 	DeleteQuery delete from RADONLINE where USERNAME=%0 and
> NASIDENTIFIER='%1' and NASPORT=0%2
> 	ClearNasQuery delete from RADONLINE where NASIDENTIFIER=%0
> 	# ri - included USERNAME as 5-th select:
> 	CountQuery select NASIDENTIFIER, NASPORT, ACCTSESSIONID,
> FRAMEDIPADDRESS , USERNAME from RADONLINE where USERNAME='%u'
>
> 	#
> </SessionDatabase>
>
> #
> ------------------ end of radius.cfg ---------------------------------
>
>
> ------------------ two successive logons for the same user -
> /var/log/radius/logfile: -----------------------
>
> *** Received from 193.254.231.227 port 1812 ....
> Code:       Access-Request
> Identifier: 188
> Authentic:  Ax<0><0><194>3<0><0>V<5><0><0><243>d<0><0>
> Attributes:
> 	User-Name = "dani at xu.unitbv.ro"
> 	NAS-IP-Address = 193.254.231.227
> 	NAS-Port = 0
> 	Service-Type = Login-User
> 	Acct-Session-Id = "0D00005F"
> 	Called-Station-Id = "00-50-E8-01-80-8E"
> 	Calling-Station-Id = "00-0A-E4-53-54-60"
> 	Nomadix-Logoff-URL = "http://1.1.1.1"
> 	WISPr-Location-ID = "isocc=RO,cc=40,ac=268,network=public"
> 	NAS-Identifier = "AG5000"
> 	NAS-Port-Type = Wireless-IEEE-802-11
> 	Framed-IP-Address = 10.59.21.2
> 	CHAP-Challenge = k<6><0><0>k(<0><0><14>2<0><0><213>r<0><0>
> 	CHAP-Password =
> <163><134><198><29><165><224>dZ<28>`9P<181>]9<3><205>
>
> Fri Feb  9 14:25:18 2007: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Fri Feb  9 14:25:18 2007: DEBUG: SDB-ndx Deleting session for
> dani at xu.unitbv.ro, 193.254.231.227, 0
> Fri Feb  9 14:25:18 2007: DEBUG: do query is: 'delete from  
> RADONLINE where
> USERNAME='dani at xu.unitbv.ro' and NASIDENTIFIER='193.254.231.227' and
> NASPORT=00':
> Fri Feb  9 14:25:18 2007: DEBUG: Query is: 'select NASIDENTIFIER,  
> NASPORT,
> ACCTSESSIONID, FRAMEDIPADDRESS , USERNAME from RADONLINE where
> USERNAME='dani at xu.unitbv.ro'':
> Fri Feb  9 14:25:18 2007: DEBUG: Handling with Radius::AuthRADMIN
> Fri Feb  9 14:25:18 2007: DEBUG: Handling with Radius::AuthRADMIN:
> Fri Feb  9 14:25:18 2007: DEBUG: Query is: 'select PASS_WORD,  
> STATICADDRESS,
> TIMELEFT, MAXLOGINS, SERVICENAME, BADLOGINS, VALIDFROM, VALIDTO from
> RADUSERS where USERNAME='dani at xu.unitbv.ro'':
> Fri Feb  9 14:25:18 2007: DEBUG: Query is: 'select ATTR_ID, VENDOR_ID,
> IVALUE, SVALUE, ITEM_TYPE from RADCONFIG where  
> NAME='dani at xu.unitbv.ro'
> order by ITEM_TYPE':
> Fri Feb  9 14:25:18 2007: DEBUG: Radius::AuthRADMIN looks for match  
> with
> dani at xu.unitbv.ro [dani at xu.unitbv.ro]
> Fri Feb  9 14:25:18 2007: DEBUG: Query is: 'select NASIDENTIFIER,  
> NASPORT,
> ACCTSESSIONID, FRAMEDIPADDRESS , USERNAME from RADONLINE where
> USERNAME='dani at xu.unitbv.ro'':
> Fri Feb  9 14:25:18 2007: DEBUG: ValidFrom date converted to:  
> 1167609600
> Fri Feb  9 14:25:18 2007: DEBUG: Expiration date converted to:  
> 1262304000
> Fri Feb  9 14:25:18 2007: DEBUG: do query is: 'update RADUSERS set
> BADLOGINS=0 where USERNAME='dani at xu.unitbv.ro'':
> Fri Feb  9 14:25:18 2007: DEBUG: AuthBy RADMIN result: ACCEPT,
> Fri Feb  9 14:25:18 2007: DEBUG: Access accepted for dani at xu.unitbv.ro
> Fri Feb  9 14:25:18 2007: DEBUG: do query is: 'insert into RADAUTHLOG
> (TIME_STAMP, USERNAME, TYPE) values (1171023918,  
> 'dani at xu.unitbv.ro', 1)':
> Fri Feb  9 14:25:18 2007: DEBUG: Packet dump:
> *** Sending to 193.254.231.227 port 1812 ....
> Code:       Access-Accept
> Identifier: 188
> Authentic:  Ax<0><0><194>3<0><0>V<5><0><0><243>d<0><0>
> Attributes:
> 	Session-Timeout = 1000
> 	Idle-Timeout = 1800
> 	Nomadix-Bw-Up = 128
> 	Nomadix-Bw-Down = 256
> 	Nomadix-Volume-Based-Session-Timeout = 20000
>
> Fri Feb  9 14:25:20 2007: DEBUG: Packet dump:
> *** Received from 193.254.231.227 port 1813 ....
> Code:       Accounting-Request
> Identifier: 114
> Authentic:  q<207><218> $vTt<150><164>!<140><147><227><214>j
> Attributes:
> 	User-Name = "dani at xu.unitbv.ro"
> 	NAS-IP-Address = 193.254.231.227
> 	NAS-Port = 0
> 	Acct-Status-Type = Start
> 	Acct-Session-Id = "0D00005F"
> 	Idle-Timeout = 1800
> 	Event-Timestamp = 1171024255
> 	Called-Station-Id = "00-50-E8-01-80-8E"
> 	Calling-Station-Id = "00-0A-E4-53-54-60"
> 	NAS-Identifier = "AG5000"
> 	NAS-Port-Type = Wireless-IEEE-802-11
> 	Framed-IP-Address = 10.59.21.2
> 	Nomadix-Subnet = ""
> 	WISPr-Location-ID = "isocc=RO,cc=40,ac=268,network=public"
> 	Acct-Delay-Time = 0
>
> Fri Feb  9 14:25:20 2007: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Fri Feb  9 14:25:20 2007: DEBUG: SDB-ndx Adding session for
> dani at xu.unitbv.ro, 193.254.231.227, 0
> Fri Feb  9 14:25:20 2007: DEBUG: do query is: 'delete from  
> RADONLINE where
> USERNAME='dani at xu.unitbv.ro' and NASIDENTIFIER='193.254.231.227' and
> NASPORT=00':
> Fri Feb  9 14:25:20 2007: DEBUG: do query is: 'insert into RADONLINE
> (USERNAME, NASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP,
> FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE) values  
> ('dani at xu.unitbv.ro',
> '193.254.231.227', '0', '0D00005F', 1171023920, '10.59.21.2',
> 'Wireless-IEEE-802-11', '')':
> Fri Feb  9 14:25:20 2007: DEBUG: Handling with Radius::AuthRADMIN
> Fri Feb  9 14:25:20 2007: DEBUG: Handling accounting with  
> Radius::AuthRADMIN
> Fri Feb  9 14:25:20 2007: DEBUG: do query is: 'update RADUSERS set
> TIMELEFT=TIMELEFT-0, OCTETSINLEFT=OCTETSINLEFT-0,
> OCTETSOUTLEFT=OCTETSOUTLEFT-0 where USERNAME='dani at xu.unitbv.ro'':
> Fri Feb  9 14:25:20 2007: DEBUG: do query is: 'insert into RADUSAGE
> (ACCTDELAYTIME,ACCTSESSIONID,ACCTSTATUSTYPE,DNIS,FRAMEDIPADDRESS,NASID 
> ENTIFI
> ER,NASPORT,TIME_STAMP,USERNAME) values
> (0,'0D00005F',1,'00-50-E8-01-80-8E','10.59.21.2','
> Fri Feb  9 14:25:20 2007: DEBUG: AuthBy RADMIN result: ACCEPT,
> Fri Feb  9 14:25:20 2007: DEBUG: Accounting accepted
> Fri Feb  9 14:25:20 2007: DEBUG: Packet dump:
> *** Sending to 193.254.231.227 port 1813 ....
> Code:       Accounting-Response
> Identifier: 114
> Authentic:  q<207><218> $vTt<150><164>!<140><147><227><214>j
> Attributes:
>
> Fri Feb  9 14:25:38 2007: DEBUG: Packet dump:
> *** Received from 193.254.231.227 port 1812 ....
> Code:       Access-Request
> Identifier: 190
> Authentic:  }"<0><0><208>{<0><0><183>z<0><0>y<13><0><0>
> Attributes:
> 	User-Name = "dani at xu.unitbv.ro"
> 	NAS-IP-Address = 193.254.231.227
> 	NAS-Port = 0
> 	Service-Type = Login-User
> 	Acct-Session-Id = "0D000060"
> 	Called-Station-Id = "00-50-E8-01-80-8E"
> 	Calling-Station-Id = "00-D0-B7-B8-BA-46"
> 	Nomadix-Logoff-URL = "http://1.1.1.1"
> 	WISPr-Location-ID = "isocc=RO,cc=40,ac=268,network=public"
> 	NAS-Identifier = "AG5000"
> 	NAS-Port-Type = Wireless-IEEE-802-11
> 	Framed-IP-Address = 193.254.230.7
> 	CHAP-Challenge = <176><29><0><0><230><127><0><0><225>_<0><0>(D<0><0>
> 	CHAP-Password = <164>d<17>Liz<174>)<167>d(.I)590
>
> Fri Feb  9 14:25:38 2007: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Fri Feb  9 14:25:38 2007: DEBUG: SDB-ndx Deleting session for
> dani at xu.unitbv.ro, 193.254.231.227, 0
> Fri Feb  9 14:25:38 2007: DEBUG: do query is: 'delete from  
> RADONLINE where
> USERNAME='dani at xu.unitbv.ro' and NASIDENTIFIER='193.254.231.227' and
> NASPORT=00':
> Fri Feb  9 14:25:38 2007: DEBUG: Query is: 'select NASIDENTIFIER,  
> NASPORT,
> ACCTSESSIONID, FRAMEDIPADDRESS , USERNAME from RADONLINE where
> USERNAME='dani at xu.unitbv.ro'':
> Fri Feb  9 14:25:38 2007: DEBUG: Handling with Radius::AuthRADMIN
> Fri Feb  9 14:25:38 2007: DEBUG: Handling with Radius::AuthRADMIN:
> Fri Feb  9 14:25:38 2007: DEBUG: Query is: 'select PASS_WORD,  
> STATICADDRESS,
> TIMELEFT, MAXLOGINS, SERVICENAME, BADLOGINS, VALIDFROM, VALIDTO from
> RADUSERS where USERNAME='dani at xu.unitbv.ro'':
> Fri Feb  9 14:25:38 2007: DEBUG: Query is: 'select ATTR_ID, VENDOR_ID,
> IVALUE, SVALUE, ITEM_TYPE from RADCONFIG where  
> NAME='dani at xu.unitbv.ro'
> order by ITEM_TYPE':
> Fri Feb  9 14:25:38 2007: DEBUG: Radius::AuthRADMIN looks for match  
> with
> dani at xu.unitbv.ro [dani at xu.unitbv.ro]
> Fri Feb  9 14:25:38 2007: DEBUG: Query is: 'select NASIDENTIFIER,  
> NASPORT,
> ACCTSESSIONID, FRAMEDIPADDRESS , USERNAME from RADONLINE where
> USERNAME='dani at xu.unitbv.ro'':
> Fri Feb  9 14:25:38 2007: DEBUG: ValidFrom date converted to:  
> 1167609600
> Fri Feb  9 14:25:38 2007: DEBUG: Expiration date converted to:  
> 1262304000
> Fri Feb  9 14:25:38 2007: DEBUG: do query is: 'update RADUSERS set
> BADLOGINS=0 where USERNAME='dani at xu.unitbv.ro'':
> Fri Feb  9 14:25:38 2007: DEBUG: AuthBy RADMIN result: ACCEPT,
> Fri Feb  9 14:25:38 2007: DEBUG: Access accepted for dani at xu.unitbv.ro
> Fri Feb  9 14:25:38 2007: DEBUG: do query is: 'insert into RADAUTHLOG
> (TIME_STAMP, USERNAME, TYPE) values (1171023938,  
> 'dani at xu.unitbv.ro', 1)':
> Fri Feb  9 14:25:38 2007: DEBUG: Packet dump:
> *** Sending to 193.254.231.227 port 1812 ....
> Code:       Access-Accept
> Identifier: 190
> Authentic:  }"<0><0><208>{<0><0><183>z<0><0>y<13><0><0>
> Attributes:
> 	Session-Timeout = 1000
> 	Idle-Timeout = 1800
> 	Nomadix-Bw-Up = 128
> 	Nomadix-Bw-Down = 256
> 	Nomadix-Volume-Based-Session-Timeout = 20000
>
> Fri Feb  9 14:25:40 2007: DEBUG: Packet dump:
> *** Received from 193.254.231.227 port 1813 ....
> Code:       Accounting-Request
> Identifier: 116
> Authentic:  <155>  
> <28>k<204><239><198><189><16>_<246><28>K<213><169><240>
> Attributes:
> 	User-Name = "dani at xu.unitbv.ro"
> 	NAS-IP-Address = 193.254.231.227
> 	NAS-Port = 0
> 	Acct-Status-Type = Start
> 	Acct-Session-Id = "0D000060"
> 	Idle-Timeout = 1800
> 	Event-Timestamp = 1171024275
> 	Called-Station-Id = "00-50-E8-01-80-8E"
> 	Calling-Station-Id = "00-D0-B7-B8-BA-46"
> 	NAS-Identifier = "AG5000"
> 	NAS-Port-Type = Wireless-IEEE-802-11
> 	Framed-IP-Address = 193.254.230.7
> 	Nomadix-Subnet = ""
> 	WISPr-Location-ID = "isocc=RO,cc=40,ac=268,network=public"
> 	Acct-Delay-Time = 0
>
> Fri Feb  9 14:25:40 2007: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Fri Feb  9 14:25:40 2007: DEBUG: SDB-ndx Adding session for
> dani at xu.unitbv.ro, 193.254.231.227, 0
> Fri Feb  9 14:25:40 2007: DEBUG: do query is: 'delete from  
> RADONLINE where
> USERNAME='dani at xu.unitbv.ro' and NASIDENTIFIER='193.254.231.227' and
> NASPORT=00':
> Fri Feb  9 14:25:40 2007: DEBUG: do query is: 'insert into RADONLINE
> (USERNAME, NASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP,
> FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE) values  
> ('dani at xu.unitbv.ro',
> '193.254.231.227', '0', '0D000060', 1171023940, '193.254.230.7',
> 'Wireless-IEEE-802-11', '')':
> Fri Feb  9 14:25:40 2007: DEBUG: Handling with Radius::AuthRADMIN
> Fri Feb  9 14:25:40 2007: DEBUG: Handling accounting with  
> Radius::AuthRADMIN
> Fri Feb  9 14:25:40 2007: DEBUG: do query is: 'update RADUSERS set
> TIMELEFT=TIMELEFT-0, OCTETSINLEFT=OCTETSINLEFT-0,
> OCTETSOUTLEFT=OCTETSOUTLEFT-0 where USERNAME='dani at xu.unitbv.ro'':
> Fri Feb  9 14:25:40 2007: DEBUG: do query is: 'insert into RADUSAGE
> (ACCTDELAYTIME,ACCTSESSIONID,ACCTSTATUSTYPE,DNIS,FRAMEDIPADDRESS,NASID 
> ENTIFI
> ER,NASPORT,TIME_STAMP,USERNAME) values
> (0,'0D000060',1,'00-50-E8-01-80-8E','193.254.230.7
> Fri Feb  9 14:25:40 2007: DEBUG: AuthBy RADMIN result: ACCEPT,
> Fri Feb  9 14:25:40 2007: DEBUG: Accounting accepted
> Fri Feb  9 14:25:40 2007: DEBUG: Packet dump:
> *** Sending to 193.254.231.227 port 1813 ....
> Code:       Accounting-Response
> Identifier: 116
> Authentic:  <155>  
> <28>k<204><239><198><189><16>_<246><28>K<213><169><240>
> Attributes:
> ---------------- end of logfile ---------------------------
>
>
>
>
>
>
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.



NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.



--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list