(RADIATOR) "No available addresses" problem

Hugh Irvine hugh at open.com.au
Thu Mar 15 23:11:07 CST 2007


Hello Oliver -

I will need to see a trace 4 debug showing what is happening.

I am guessing that you are not receiving some or all accounting stops.

regards

Hugh


On 16 Mar 2007, at 13:45, Oliver Insanally wrote:

>
>
> Hello,
>
> We are experiencing a problem where after a while, some users are  
> not authenticated and the authentication log gives "No available  
> addresses" as the cause.  Issuing the command "delete from RADPOOL  
> where POOL like 'pool'%';" clears the problem temporarily. Does  
> anyone have an idea why?  The configuration file is below:
>
>
> # radmin.cfg
> #
> # Example Radiator configuration file to interface to the
> # Radmin user management package from Open System Consultants
> # (http://www.open.com.au/radmin)
> #
> # You can add extra items to your RADUSERS table and make
> # Radiator take note of them with, for example:
> # AuthSelect select PASS_WORD,STATICADDRESS,TIMELEFT,\
> #            MAXLOGINS, SERVICENAME, BADLOGINS, VALIDFROM, VALIDTO,\
> #            FRAMED_NETMASK,FRAMED_FILTER_ID,MAXIDLETIME \
> #            from RADUSERS where \
> #            USERNAME='%n' and BADLOGINS < 5 and \
> #            VALIDFROM < %t and VALIDTO > %t
> # AuthColumnDef   0,Framed-IP-Netmask,reply
> # AuthColumnDef   1,Filter-Id,reply
> # AuthColumnDef   2,Idle-Timeout,reply
> # note that the numbering of AuthColumnDef starts with the
> # field following the first 4 minumum and required fields.
> #
> # You should consider this file to be a starting point only
> # $Id $
>
> #Foreground
> #LogStdout
> LogDir  /var/log/radius
> DbDir   /etc/radiator
>
> # Dont turn this up too high, since all log messages are logged
> # to the RADMESSAGES table in the database. 3 will give you everything
> # except debugging messages
> Trace 4
>
> # You will probably want to change this to suit your site.
> # You should list all the clients you have, and their secrets
> # If you are using the Radmin Clients table, you wil probably
> # want to disable this.
>
> AuthPort 1812
> AcctPort 1813
>
> <Client DEFAULT>
>        Secret
>        DupInterval 0
> </Client>
>
> <Client >
>        Secret
>        NasType Cisco
>        SNMPCommunity
> </Client>
> <Client >
>        Secret
>        NasType Cisco
>        SNMPCommunity
> </Client>
> <Client >
>        Secret
>        NasType Cisco
>        SNMPCommunity
> </Client>
>
> # You can put additonal (or all) client details in your Radmin
> # database table
> # and get their details from there with something like this:
> # You can then use the Radmin 'Add Radius Client' to add new clients.
>
> <ClientListSQL>
>        DBSource        dbi:mysql:radmin:localhost
>        DBUsername      radmin
>        DBAuth
> </ClientListSQL>
>
> # Handle everyone with RADMIN
> <Realm DEFAULT>
> #<Realm GNET_Unlimited>
>
> #       MaxSessions 1
>
> #       <AuthBy INTERNAL>
> #             AcctHook file:"/etc/radiator/sqlradacct.pl"
> #       </AuthBy>
>
>        AuthByPolicy ContinueWhileAccept
>
>        <AuthBy RADMIN>
>                # Change DBSource, DBUsername, DBAuth for your database
>                # See the reference manual. You will also have to
>                # change the one in <SessionDatabse SQL> below
>                # so its the same:
>                DBSource        dbi:mysql:radmin:localhost
>                DBUsername      radmin
>                DBAuth
>
>                # Never look up the DEFAULT user
>                NoDefault
>                MaxBadLogins 10
>
>                # You can add to or change these if you want, but you
>                # will probably want to change the database schema  
> first
>                AccountingTable RADUSAGE
>                AcctColumnDef   USERNAME,User-Name
>                AcctColumnDef   TIME_STAMP,Timestamp,integer
>                AcctColumnDef   ACCTSTATUSTYPE,Acct-Status-Type,integer
>                AcctColumnDef   ACCTDELAYTIME,Acct-Delay-Time,integer
>                AcctColumnDef   ACCTINPUTOCTETS,Acct-Input- 
> Octets,integer
>                AcctColumnDef   ACCTOUTPUTOCTETS,Acct-Output- 
> Octets,integer
>                AcctColumnDef   ACCTSESSIONID,Acct-Session-Id
>                AcctColumnDef   ACCTSESSIONTIME,Acct-Session- 
> Time,integer
>                AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate- 
> Cause,integer
>                AcctColumnDef   FRAMEDIPADDRESS,Framed-IP-Address
>                AcctColumnDef   NASIDENTIFIER,NAS-IP-Address
>                AcctColumnDef   NASIDENTIFIER,NAS-Identifier
>                AcctColumnDef   NASPORT,NAS-Port,integer
>                AcctColumnDef   DNIS,Called-Station-Id
> #               AcctColumnDef   CALLINGSTATIONID,Calling-Station-Id
>
> AuthSelect select PASS_WORD,STATICADDRESS,TIMELEFT,\
>            MAXLOGINS, SERVICENAME, BADLOGINS, VALIDFROM, VALIDTO,\
>            FRAMED_NETMASK,FRAMED_FILTER_ID,MAXIDLETIME \
>            from RADUSERS where \
>            USERNAME='%n' and BADLOGINS < 10 and \
>            VALIDFROM < %t and VALIDTO > %t and STATE = 0
>
>                # This updates the time and octets left
>                # for this user
>                AcctSQLStatement update RADUSERS set  
> TIMELEFT=TIMELEFT-0%{Acct-Session-Time},  
> OCTETSINLEFT=OCTETSINLEFT-0%{Acct-Input-Octets},  
> OCTETSOUTLEFT=OCTETSOUTLEFT-0%{Acct-Output-Octets} where USERNAME='%n'
>
>                # These are the classic things to add to each users
>                # reply to allow a PPP dialup session. It may be
>                # different for your NAS. This will add some
>                # reply items to everyone's reply
>                AddToReply Framed-Protocol = PPP,\
>                        Framed-IP-Netmask = 255.255.255.255,\
>                        Framed-Routing = None,\
>                        Framed-MTU = 1500,\
>                        Framed-Compression = Van-Jacobson-TCP-IP
>
> #               AddToReply Framed-Pool = pool1
>
>                # If you intend to use rcrypt reversible encryption
>                # for passwords in your Radmin database, you must
>                # RcryptKey here to be the same secret key you
>                # defined in your Radmin Site.pm, and also set
>                # PasswordFormat in your Site.pm.
>                # RcryptKey mysecret
>
>                # If you intend to use Unix encryption in your  
> database,
>                # you will need to set EncryptedPasssword here,
>                # as well as setting PasswordFormat in your Site.pm
>                EncryptedPassword
>
>                # You can change the max bad login count from the  
> default
>                # of 5 with something like
>                # MaxBadLogins 10
>
>        </AuthBy>
>
>
>        # This clause logs all authentication successes and failures  
> to the RADAUTHLOG table
>        # Suitable for use with RAdmin version 1.6 or later
>        <AuthLog SQL>
>                # This database spec usually should be exactly the same
>                # as in <AuthBy RADMIN> above
>                DBSource        dbi:mysql:radmin:localhost
>                DBUsername      radmin
>                DBAuth
>
>        #       LogSuccess
>        #       SuccessQuery insert into RADAUTHLOG (TIME_STAMP,  
> USERNAME, TYPE) values (%t, '%n', 1)
>                LogFailure
>                FailureQuery insert into RADAUTHLOG (TIME_STAMP,  
> USERNAME, TYPE, REASON) values (%t, '%n', 0, %1)
>        </AuthLog>
>
> <AddressAllocator SQL>
>        Identifier gnetip
>        DBSource        dbi:mysql:radmin:localhost
>        DBUsername      radmin
>        DBAuth
>
>        <AddressPool pool1>
>                Subnetmask      255.255.255.255
>                Range   190.80.35.0/24
>                Range   190.80.36.0/24
>        </AddressPool>
>
>        <AddressPool pool2>
>                Subnetmask      255.255.255.255
>                Range  172.17.27.0/24
>        </AddressPoo2>
>
>        <AddressPool pool3>
>                Subnetmask      255.255.255.255
>                Range  172.20.20.0/24
>        </AddressPoo2>
> </AddressAllocator>
>
>        <AuthBy DYNADDRESS>
>                AddressAllocator gnetip
>                PoolHint %{Reply:Framed-Pool}
>                StripFromReply Framed-Pool
>        </AuthBy>
>
> </Realm>
>
> <SessionDatabase SQL>
>        # This database spec usually should be exactly the same
>        # as in <AuthBy RADMIN> above
>        DBSource        dbi:mysql:radmin:localhost
>        DBUsername      radmin
>        DBAuth
>
> </SessionDatabase>
>
> # You can also set up an address pool for Radiator to manage.
> # The standard Radmin tables include a RADPOOL address pool table.
> # see the example in addressallocator.cfg
>
> Thanks,
> Oliver
>
> Oliver Insanally,
> Director,
> GuyanaNet, Inc. - Affordable, Reliable Internet Service
> http://www.guyana.net.gy
> 234 Almond & Irving Sts.,Queenstown, Georgetown, Guyana.
> Tel: 592-227-8860
> Fax: 592-225-6959
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.



NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list