(RADIATOR) "No available addresses" problem
Hugh Irvine
hugh at open.com.au
Thu Mar 15 23:11:07 CST 2007
Hello Oliver -
I will need to see a trace 4 debug showing what is happening.
I am guessing that you are not receiving some or all accounting stops.
regards
Hugh
On 16 Mar 2007, at 13:45, Oliver Insanally wrote:
>
>
> Hello,
>
> We are experiencing a problem where after a while, some users are
> not authenticated and the authentication log gives "No available
> addresses" as the cause. Issuing the command "delete from RADPOOL
> where POOL like 'pool'%';" clears the problem temporarily. Does
> anyone have an idea why? The configuration file is below:
>
>
> # radmin.cfg
> #
> # Example Radiator configuration file to interface to the
> # Radmin user management package from Open System Consultants
> # (http://www.open.com.au/radmin)
> #
> # You can add extra items to your RADUSERS table and make
> # Radiator take note of them with, for example:
> # AuthSelect select PASS_WORD,STATICADDRESS,TIMELEFT,\
> # MAXLOGINS, SERVICENAME, BADLOGINS, VALIDFROM, VALIDTO,\
> # FRAMED_NETMASK,FRAMED_FILTER_ID,MAXIDLETIME \
> # from RADUSERS where \
> # USERNAME='%n' and BADLOGINS < 5 and \
> # VALIDFROM < %t and VALIDTO > %t
> # AuthColumnDef 0,Framed-IP-Netmask,reply
> # AuthColumnDef 1,Filter-Id,reply
> # AuthColumnDef 2,Idle-Timeout,reply
> # note that the numbering of AuthColumnDef starts with the
> # field following the first 4 minumum and required fields.
> #
> # You should consider this file to be a starting point only
> # $Id $
>
> #Foreground
> #LogStdout
> LogDir /var/log/radius
> DbDir /etc/radiator
>
> # Dont turn this up too high, since all log messages are logged
> # to the RADMESSAGES table in the database. 3 will give you everything
> # except debugging messages
> Trace 4
>
> # You will probably want to change this to suit your site.
> # You should list all the clients you have, and their secrets
> # If you are using the Radmin Clients table, you wil probably
> # want to disable this.
>
> AuthPort 1812
> AcctPort 1813
>
> <Client DEFAULT>
> Secret
> DupInterval 0
> </Client>
>
> <Client >
> Secret
> NasType Cisco
> SNMPCommunity
> </Client>
> <Client >
> Secret
> NasType Cisco
> SNMPCommunity
> </Client>
> <Client >
> Secret
> NasType Cisco
> SNMPCommunity
> </Client>
>
> # You can put additonal (or all) client details in your Radmin
> # database table
> # and get their details from there with something like this:
> # You can then use the Radmin 'Add Radius Client' to add new clients.
>
> <ClientListSQL>
> DBSource dbi:mysql:radmin:localhost
> DBUsername radmin
> DBAuth
> </ClientListSQL>
>
> # Handle everyone with RADMIN
> <Realm DEFAULT>
> #<Realm GNET_Unlimited>
>
> # MaxSessions 1
>
> # <AuthBy INTERNAL>
> # AcctHook file:"/etc/radiator/sqlradacct.pl"
> # </AuthBy>
>
> AuthByPolicy ContinueWhileAccept
>
> <AuthBy RADMIN>
> # Change DBSource, DBUsername, DBAuth for your database
> # See the reference manual. You will also have to
> # change the one in <SessionDatabse SQL> below
> # so its the same:
> DBSource dbi:mysql:radmin:localhost
> DBUsername radmin
> DBAuth
>
> # Never look up the DEFAULT user
> NoDefault
> MaxBadLogins 10
>
> # You can add to or change these if you want, but you
> # will probably want to change the database schema
> first
> AccountingTable RADUSAGE
> AcctColumnDef USERNAME,User-Name
> AcctColumnDef TIME_STAMP,Timestamp,integer
> AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type,integer
> AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
> AcctColumnDef ACCTINPUTOCTETS,Acct-Input-
> Octets,integer
> AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-
> Octets,integer
> AcctColumnDef ACCTSESSIONID,Acct-Session-Id
> AcctColumnDef ACCTSESSIONTIME,Acct-Session-
> Time,integer
> AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-
> Cause,integer
> AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
> AcctColumnDef NASIDENTIFIER,NAS-IP-Address
> AcctColumnDef NASIDENTIFIER,NAS-Identifier
> AcctColumnDef NASPORT,NAS-Port,integer
> AcctColumnDef DNIS,Called-Station-Id
> # AcctColumnDef CALLINGSTATIONID,Calling-Station-Id
>
> AuthSelect select PASS_WORD,STATICADDRESS,TIMELEFT,\
> MAXLOGINS, SERVICENAME, BADLOGINS, VALIDFROM, VALIDTO,\
> FRAMED_NETMASK,FRAMED_FILTER_ID,MAXIDLETIME \
> from RADUSERS where \
> USERNAME='%n' and BADLOGINS < 10 and \
> VALIDFROM < %t and VALIDTO > %t and STATE = 0
>
> # This updates the time and octets left
> # for this user
> AcctSQLStatement update RADUSERS set
> TIMELEFT=TIMELEFT-0%{Acct-Session-Time},
> OCTETSINLEFT=OCTETSINLEFT-0%{Acct-Input-Octets},
> OCTETSOUTLEFT=OCTETSOUTLEFT-0%{Acct-Output-Octets} where USERNAME='%n'
>
> # These are the classic things to add to each users
> # reply to allow a PPP dialup session. It may be
> # different for your NAS. This will add some
> # reply items to everyone's reply
> AddToReply Framed-Protocol = PPP,\
> Framed-IP-Netmask = 255.255.255.255,\
> Framed-Routing = None,\
> Framed-MTU = 1500,\
> Framed-Compression = Van-Jacobson-TCP-IP
>
> # AddToReply Framed-Pool = pool1
>
> # If you intend to use rcrypt reversible encryption
> # for passwords in your Radmin database, you must
> # RcryptKey here to be the same secret key you
> # defined in your Radmin Site.pm, and also set
> # PasswordFormat in your Site.pm.
> # RcryptKey mysecret
>
> # If you intend to use Unix encryption in your
> database,
> # you will need to set EncryptedPasssword here,
> # as well as setting PasswordFormat in your Site.pm
> EncryptedPassword
>
> # You can change the max bad login count from the
> default
> # of 5 with something like
> # MaxBadLogins 10
>
> </AuthBy>
>
>
> # This clause logs all authentication successes and failures
> to the RADAUTHLOG table
> # Suitable for use with RAdmin version 1.6 or later
> <AuthLog SQL>
> # This database spec usually should be exactly the same
> # as in <AuthBy RADMIN> above
> DBSource dbi:mysql:radmin:localhost
> DBUsername radmin
> DBAuth
>
> # LogSuccess
> # SuccessQuery insert into RADAUTHLOG (TIME_STAMP,
> USERNAME, TYPE) values (%t, '%n', 1)
> LogFailure
> FailureQuery insert into RADAUTHLOG (TIME_STAMP,
> USERNAME, TYPE, REASON) values (%t, '%n', 0, %1)
> </AuthLog>
>
> <AddressAllocator SQL>
> Identifier gnetip
> DBSource dbi:mysql:radmin:localhost
> DBUsername radmin
> DBAuth
>
> <AddressPool pool1>
> Subnetmask 255.255.255.255
> Range 190.80.35.0/24
> Range 190.80.36.0/24
> </AddressPool>
>
> <AddressPool pool2>
> Subnetmask 255.255.255.255
> Range 172.17.27.0/24
> </AddressPoo2>
>
> <AddressPool pool3>
> Subnetmask 255.255.255.255
> Range 172.20.20.0/24
> </AddressPoo2>
> </AddressAllocator>
>
> <AuthBy DYNADDRESS>
> AddressAllocator gnetip
> PoolHint %{Reply:Framed-Pool}
> StripFromReply Framed-Pool
> </AuthBy>
>
> </Realm>
>
> <SessionDatabase SQL>
> # This database spec usually should be exactly the same
> # as in <AuthBy RADMIN> above
> DBSource dbi:mysql:radmin:localhost
> DBUsername radmin
> DBAuth
>
> </SessionDatabase>
>
> # You can also set up an address pool for Radiator to manage.
> # The standard Radmin tables include a RADPOOL address pool table.
> # see the example in addressallocator.cfg
>
> Thanks,
> Oliver
>
> Oliver Insanally,
> Director,
> GuyanaNet, Inc. - Affordable, Reliable Internet Service
> http://www.guyana.net.gy
> 234 Almond & Irving Sts.,Queenstown, Georgetown, Guyana.
> Tel: 592-227-8860
> Fax: 592-225-6959
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list