(RADIATOR) "No available addresses" problem

Oliver Insanally oliver at guyana.net.gy
Thu Mar 15 20:45:30 CST 2007



Hello,

We are experiencing a problem where after a while, some users are not 
authenticated and the authentication log gives "No available 
addresses" as the cause.  Issuing the command "delete from RADPOOL 
where POOL like 'pool'%';" clears the problem temporarily. Does 
anyone have an idea why?  The configuration file is below:


# radmin.cfg
#
# Example Radiator configuration file to interface to the
# Radmin user management package from Open System Consultants
# (http://www.open.com.au/radmin)
#
# You can add extra items to your RADUSERS table and make
# Radiator take note of them with, for example:
# AuthSelect select PASS_WORD,STATICADDRESS,TIMELEFT,\
#            MAXLOGINS, SERVICENAME, BADLOGINS, VALIDFROM, VALIDTO,\
#            FRAMED_NETMASK,FRAMED_FILTER_ID,MAXIDLETIME \
#            from RADUSERS where \
#            USERNAME='%n' and BADLOGINS < 5 and \
#            VALIDFROM < %t and VALIDTO > %t
# AuthColumnDef   0,Framed-IP-Netmask,reply
# AuthColumnDef   1,Filter-Id,reply
# AuthColumnDef   2,Idle-Timeout,reply
# note that the numbering of AuthColumnDef starts with the
# field following the first 4 minumum and required fields.
#
# You should consider this file to be a starting point only
# $Id $

#Foreground
#LogStdout
LogDir  /var/log/radius
DbDir   /etc/radiator

# Dont turn this up too high, since all log messages are logged
# to the RADMESSAGES table in the database. 3 will give you everything
# except debugging messages
Trace 4

# You will probably want to change this to suit your site.
# You should list all the clients you have, and their secrets
# If you are using the Radmin Clients table, you wil probably
# want to disable this.

AuthPort 1812
AcctPort 1813

<Client DEFAULT>
        Secret
        DupInterval 0
</Client>

<Client >
        Secret
        NasType Cisco
        SNMPCommunity
</Client>
<Client >
        Secret
        NasType Cisco
        SNMPCommunity
</Client>
<Client >
        Secret
        NasType Cisco
        SNMPCommunity
</Client>

# You can put additonal (or all) client details in your Radmin
# database table
# and get their details from there with something like this:
# You can then use the Radmin 'Add Radius Client' to add new clients.

<ClientListSQL>
        DBSource        dbi:mysql:radmin:localhost
        DBUsername      radmin
        DBAuth
</ClientListSQL>

# Handle everyone with RADMIN
<Realm DEFAULT>
#<Realm GNET_Unlimited>

#       MaxSessions 1

#       <AuthBy INTERNAL>
#             AcctHook file:"/etc/radiator/sqlradacct.pl"
#       </AuthBy>

        AuthByPolicy ContinueWhileAccept

        <AuthBy RADMIN>
                # Change DBSource, DBUsername, DBAuth for your database
                # See the reference manual. You will also have to
                # change the one in <SessionDatabse SQL> below
                # so its the same:
                DBSource        dbi:mysql:radmin:localhost
                DBUsername      radmin
                DBAuth

                # Never look up the DEFAULT user
                NoDefault
                MaxBadLogins 10

                # You can add to or change these if you want, but you
                # will probably want to change the database schema first
                AccountingTable RADUSAGE
                AcctColumnDef   USERNAME,User-Name
                AcctColumnDef   TIME_STAMP,Timestamp,integer
                AcctColumnDef   ACCTSTATUSTYPE,Acct-Status-Type,integer
                AcctColumnDef   ACCTDELAYTIME,Acct-Delay-Time,integer
                AcctColumnDef   ACCTINPUTOCTETS,Acct-Input-Octets,integer
                AcctColumnDef   ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
                AcctColumnDef   ACCTSESSIONID,Acct-Session-Id
                AcctColumnDef   ACCTSESSIONTIME,Acct-Session-Time,integer
                AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer
                AcctColumnDef   FRAMEDIPADDRESS,Framed-IP-Address
                AcctColumnDef   NASIDENTIFIER,NAS-IP-Address
                AcctColumnDef   NASIDENTIFIER,NAS-Identifier
                AcctColumnDef   NASPORT,NAS-Port,integer
                AcctColumnDef   DNIS,Called-Station-Id
#               AcctColumnDef   CALLINGSTATIONID,Calling-Station-Id

AuthSelect select PASS_WORD,STATICADDRESS,TIMELEFT,\
            MAXLOGINS, SERVICENAME, BADLOGINS, VALIDFROM, VALIDTO,\
            FRAMED_NETMASK,FRAMED_FILTER_ID,MAXIDLETIME \
            from RADUSERS where \
            USERNAME='%n' and BADLOGINS < 10 and \
            VALIDFROM < %t and VALIDTO > %t and STATE = 0

                # This updates the time and octets left
                # for this user
                AcctSQLStatement update RADUSERS set 
TIMELEFT=TIMELEFT-0%{Acct-Session-Time}, 
OCTETSINLEFT=OCTETSINLEFT-0%{Acct-Input-Octets}, 
OCTETSOUTLEFT=OCTETSOUTLEFT-0%{Acct-Output-Octets} where USERNAME='%n'

                # These are the classic things to add to each users
                # reply to allow a PPP dialup session. It may be
                # different for your NAS. This will add some
                # reply items to everyone's reply
                AddToReply Framed-Protocol = PPP,\
                        Framed-IP-Netmask = 255.255.255.255,\
                        Framed-Routing = None,\
                        Framed-MTU = 1500,\
                        Framed-Compression = Van-Jacobson-TCP-IP

#               AddToReply Framed-Pool = pool1

                # If you intend to use rcrypt reversible encryption
                # for passwords in your Radmin database, you must
                # RcryptKey here to be the same secret key you
                # defined in your Radmin Site.pm, and also set
                # PasswordFormat in your Site.pm.
                # RcryptKey mysecret

                # If you intend to use Unix encryption in your database,
                # you will need to set EncryptedPasssword here,
                # as well as setting PasswordFormat in your Site.pm
                EncryptedPassword

                # You can change the max bad login count from the default
                # of 5 with something like
                # MaxBadLogins 10

        </AuthBy>


        # This clause logs all authentication successes and failures 
to the RADAUTHLOG table
        # Suitable for use with RAdmin version 1.6 or later
        <AuthLog SQL>
                # This database spec usually should be exactly the same
                # as in <AuthBy RADMIN> above
                DBSource        dbi:mysql:radmin:localhost
                DBUsername      radmin
                DBAuth

        #       LogSuccess
        #       SuccessQuery insert into RADAUTHLOG (TIME_STAMP, 
USERNAME, TYPE) values (%t, '%n', 1)
                LogFailure
                FailureQuery insert into RADAUTHLOG (TIME_STAMP, 
USERNAME, TYPE, REASON) values (%t, '%n', 0, %1)
        </AuthLog>

<AddressAllocator SQL>
        Identifier gnetip
        DBSource        dbi:mysql:radmin:localhost
        DBUsername      radmin
        DBAuth

        <AddressPool pool1>
                Subnetmask      255.255.255.255
                Range   190.80.35.0/24
                Range   190.80.36.0/24
        </AddressPool>

        <AddressPool pool2>
                Subnetmask      255.255.255.255
                Range  172.17.27.0/24
        </AddressPoo2>

        <AddressPool pool3>
                Subnetmask      255.255.255.255
                Range  172.20.20.0/24
        </AddressPoo2>
</AddressAllocator>

        <AuthBy DYNADDRESS>
                AddressAllocator gnetip
                PoolHint %{Reply:Framed-Pool}
                StripFromReply Framed-Pool
        </AuthBy>

</Realm>

<SessionDatabase SQL>
        # This database spec usually should be exactly the same
        # as in <AuthBy RADMIN> above
        DBSource        dbi:mysql:radmin:localhost
        DBUsername      radmin
        DBAuth

</SessionDatabase>

# You can also set up an address pool for Radiator to manage.
# The standard Radmin tables include a RADPOOL address pool table.
# see the example in addressallocator.cfg

Thanks,
Oliver

Oliver Insanally,
Director,
GuyanaNet, Inc. - Affordable, Reliable Internet Service
http://www.guyana.net.gy
234 Almond & Irving Sts.,Queenstown, Georgetown, Guyana.
Tel: 592-227-8860
Fax: 592-225-6959  


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list