(RADIATOR) Cisco session-id and Simultaneous-Use problem

Hugh Irvine hugh at open.com.au
Tue Jan 9 23:41:34 CST 2007 

Hello Joe -

I wonder if you could send me a trace 4 debug showing both the access  
request and the subsequent accounting requests for one session,  
together with the contents of the session database for the session  
and the result of running the correct SNMP query against the NAS for  
the session in question?

It may be necessary for you to add some hook code (PreClientHook) to  
rewrite the NAS-Port attribute so things work correctly (we have  
other customers who are doing this).

You will find some example hooks in "goodies/hooks.txt".

regards

Hugh


On 9 Jan 2007, at 23:07, Joe (Mobile) wrote:

> Hello,
>
> While implementing Simultaneous-Use checking, I've noticed a strange
> problem in the handling of session-id checking with our Cisco NAS.
>
> We're using a Cisco 2850 Router (IOS Version 12.3) as a NAS. The NAS
> port format is set via "nas-port format d" to be quite extensive. With
> this format the Acct-Session-Id gets a format like
> "slot/subslot/port/VPI.VCI_acct-session-id" (see
> http://www.cisco.com/univercd/cc/td/doc/product/software/ios113ed/ 
> 113db/113db_9/rad_log.htm#xtocid1528910).
>
> Unfortunately Radiator doesn't seem to recognize that format when
> doing the CiscoSessionMIB snmp check, since it wrongly translates the
> session into integer values. Here are the relevant lines in the
> logfile showing an example:
>
> Tue Jan  9 11:21:27 2007: DEBUG: CiscoSessionMIB: Checking
> 0/0/0/305_000A4C0B->192.168.x.x:305:username at testrealm
> Tue Jan  9 11:21:27 2007: DEBUG: Running command `/usr/bin/snmpget -c
> "xxxx" 192.168.x.x
> .iso.org.dod.internet.private.enterprises. 
> 9.9.150.1.1.3.1.2.3320010394635
> 2>&1`
> Tue Jan  9 11:21:27 2007: INFO: RADsessionDB Session for
> username at testrealm at 192.168.x.x:305 has gone away
>
> As you can see the session-id "0/0/0/305_000A4C0B" is translated into
> 3320010394635, while the correct value would be the integer
> representation of just the "000A4C0B" part (which is 674827). Thus the
> session always seems to have gone away.A namual snmpget yields "No
> Such Instance currently exists at this OID" for the wrong value, while
> the use of the correct value results into STRING:
> "username at testrealm". I'm quite at a loss what I could do about that,
> since everything else works fine and the NasType is set to
> CiscoSessionMIB. Do I have misconfigured some part of my radiator
> settings?
>
> BTW, We are using version 3.9 of radiator, since everything works fine
> for quite some time now and we didn't want to "touch a running
> system". :)
>
> Thanks for any advice,
>
> Joe
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.



NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list