(RADIATOR) "No available addresses" problem
Oliver Insanally
oliver at guyana.net.gy
Thu Mar 15 20:45:30 CST 2007
Hello,
We are experiencing a problem where after a while, some users are not
authenticated and the authentication log gives "No available
addresses" as the cause. Issuing the command "delete from RADPOOL
where POOL like 'pool'%';" clears the problem temporarily. Does
anyone have an idea why? The configuration file is below:
# radmin.cfg
#
# Example Radiator configuration file to interface to the
# Radmin user management package from Open System Consultants
# (http://www.open.com.au/radmin)
#
# You can add extra items to your RADUSERS table and make
# Radiator take note of them with, for example:
# AuthSelect select PASS_WORD,STATICADDRESS,TIMELEFT,\
# MAXLOGINS, SERVICENAME, BADLOGINS, VALIDFROM, VALIDTO,\
# FRAMED_NETMASK,FRAMED_FILTER_ID,MAXIDLETIME \
# from RADUSERS where \
# USERNAME='%n' and BADLOGINS < 5 and \
# VALIDFROM < %t and VALIDTO > %t
# AuthColumnDef 0,Framed-IP-Netmask,reply
# AuthColumnDef 1,Filter-Id,reply
# AuthColumnDef 2,Idle-Timeout,reply
# note that the numbering of AuthColumnDef starts with the
# field following the first 4 minumum and required fields.
#
# You should consider this file to be a starting point only
# $Id $
#Foreground
#LogStdout
LogDir /var/log/radius
DbDir /etc/radiator
# Dont turn this up too high, since all log messages are logged
# to the RADMESSAGES table in the database. 3 will give you everything
# except debugging messages
Trace 4
# You will probably want to change this to suit your site.
# You should list all the clients you have, and their secrets
# If you are using the Radmin Clients table, you wil probably
# want to disable this.
AuthPort 1812
AcctPort 1813
<Client DEFAULT>
Secret
DupInterval 0
</Client>
<Client >
Secret
NasType Cisco
SNMPCommunity
</Client>
<Client >
Secret
NasType Cisco
SNMPCommunity
</Client>
<Client >
Secret
NasType Cisco
SNMPCommunity
</Client>
# You can put additonal (or all) client details in your Radmin
# database table
# and get their details from there with something like this:
# You can then use the Radmin 'Add Radius Client' to add new clients.
<ClientListSQL>
DBSource dbi:mysql:radmin:localhost
DBUsername radmin
DBAuth
</ClientListSQL>
# Handle everyone with RADMIN
<Realm DEFAULT>
#<Realm GNET_Unlimited>
# MaxSessions 1
# <AuthBy INTERNAL>
# AcctHook file:"/etc/radiator/sqlradacct.pl"
# </AuthBy>
AuthByPolicy ContinueWhileAccept
<AuthBy RADMIN>
# Change DBSource, DBUsername, DBAuth for your database
# See the reference manual. You will also have to
# change the one in <SessionDatabse SQL> below
# so its the same:
DBSource dbi:mysql:radmin:localhost
DBUsername radmin
DBAuth
# Never look up the DEFAULT user
NoDefault
MaxBadLogins 10
# You can add to or change these if you want, but you
# will probably want to change the database schema first
AccountingTable RADUSAGE
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type,integer
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
AcctColumnDef NASIDENTIFIER,NAS-IP-Address
AcctColumnDef NASIDENTIFIER,NAS-Identifier
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef DNIS,Called-Station-Id
# AcctColumnDef CALLINGSTATIONID,Calling-Station-Id
AuthSelect select PASS_WORD,STATICADDRESS,TIMELEFT,\
MAXLOGINS, SERVICENAME, BADLOGINS, VALIDFROM, VALIDTO,\
FRAMED_NETMASK,FRAMED_FILTER_ID,MAXIDLETIME \
from RADUSERS where \
USERNAME='%n' and BADLOGINS < 10 and \
VALIDFROM < %t and VALIDTO > %t and STATE = 0
# This updates the time and octets left
# for this user
AcctSQLStatement update RADUSERS set
TIMELEFT=TIMELEFT-0%{Acct-Session-Time},
OCTETSINLEFT=OCTETSINLEFT-0%{Acct-Input-Octets},
OCTETSOUTLEFT=OCTETSOUTLEFT-0%{Acct-Output-Octets} where USERNAME='%n'
# These are the classic things to add to each users
# reply to allow a PPP dialup session. It may be
# different for your NAS. This will add some
# reply items to everyone's reply
AddToReply Framed-Protocol = PPP,\
Framed-IP-Netmask = 255.255.255.255,\
Framed-Routing = None,\
Framed-MTU = 1500,\
Framed-Compression = Van-Jacobson-TCP-IP
# AddToReply Framed-Pool = pool1
# If you intend to use rcrypt reversible encryption
# for passwords in your Radmin database, you must
# RcryptKey here to be the same secret key you
# defined in your Radmin Site.pm, and also set
# PasswordFormat in your Site.pm.
# RcryptKey mysecret
# If you intend to use Unix encryption in your database,
# you will need to set EncryptedPasssword here,
# as well as setting PasswordFormat in your Site.pm
EncryptedPassword
# You can change the max bad login count from the default
# of 5 with something like
# MaxBadLogins 10
</AuthBy>
# This clause logs all authentication successes and failures
to the RADAUTHLOG table
# Suitable for use with RAdmin version 1.6 or later
<AuthLog SQL>
# This database spec usually should be exactly the same
# as in <AuthBy RADMIN> above
DBSource dbi:mysql:radmin:localhost
DBUsername radmin
DBAuth
# LogSuccess
# SuccessQuery insert into RADAUTHLOG (TIME_STAMP,
USERNAME, TYPE) values (%t, '%n', 1)
LogFailure
FailureQuery insert into RADAUTHLOG (TIME_STAMP,
USERNAME, TYPE, REASON) values (%t, '%n', 0, %1)
</AuthLog>
<AddressAllocator SQL>
Identifier gnetip
DBSource dbi:mysql:radmin:localhost
DBUsername radmin
DBAuth
<AddressPool pool1>
Subnetmask 255.255.255.255
Range 190.80.35.0/24
Range 190.80.36.0/24
</AddressPool>
<AddressPool pool2>
Subnetmask 255.255.255.255
Range 172.17.27.0/24
</AddressPoo2>
<AddressPool pool3>
Subnetmask 255.255.255.255
Range 172.20.20.0/24
</AddressPoo2>
</AddressAllocator>
<AuthBy DYNADDRESS>
AddressAllocator gnetip
PoolHint %{Reply:Framed-Pool}
StripFromReply Framed-Pool
</AuthBy>
</Realm>
<SessionDatabase SQL>
# This database spec usually should be exactly the same
# as in <AuthBy RADMIN> above
DBSource dbi:mysql:radmin:localhost
DBUsername radmin
DBAuth
</SessionDatabase>
# You can also set up an address pool for Radiator to manage.
# The standard Radmin tables include a RADPOOL address pool table.
# see the example in addressallocator.cfg
Thanks,
Oliver
Oliver Insanally,
Director,
GuyanaNet, Inc. - Affordable, Reliable Internet Service
http://www.guyana.net.gy
234 Almond & Irving Sts.,Queenstown, Georgetown, Guyana.
Tel: 592-227-8860
Fax: 592-225-6959
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list