No subject


Tue Jun 24 01:19:57 CDT 2008


the request has been forwarded to the remote radius server. It will not wait
for a reply before moving on to other AuthBy clauses, or handling new
requests. You can change this behaviour with the Synchronous flag, but make
sure you understand what you are doing before enabling the Synchronous flag.
It can have a significant impact on performance."

If the AuthByPolicy is ContinueWhileAccept the second clause (see my config
example below) will not get processed, because there was no accept from the
radius server. 

I was able to get the results I wanted by adding fork and synchronous to the
AutBy RADIUS clause. This behaviour is not fully documented in the manual. 
The next question then is, how severe this will impact my radiator's
performance. The Radius log does not indicate where the process spawns off a
child for the auth, so It would be hard to me to measure how many spawns I
get per minute/hour. 



Sincerely,

Leon Oosterwijk
ISDN-NET Inc. 
www.isdn.net
+1 615-221-4200 

> -----Original Message-----
> From: Leon Oosterwijk 
> Sent: Tuesday, April 02, 2002 5:57 PM
> To: 'hugh at open.com.au'
> Subject: Goin' Crazy
> 
> 
> All, 
> 
> I'm running into a weird problem with my handlers. I think 
> I'm going crazy :) .. I might be something really stupid, but 
> I cannot get this setup to proceed with the second handler in 
> my GROUP. Any help would be appreciated. 
> 
> For the record:
> Tue Apr  2 17:44:02 2002: INFO: Server started: Radiator 
> 2.18.1 on host
> 
> 
> Concider:
> 
> <AuthBy GROUP>
>         Identifier ippool-test
> #        AuthByPolicy ContinueWhileAccept
>         AuthByPolicy ContinueWhileAccept
>         
>         RewriteUsername      s/^([^@]+).*/$1/
>         
>         <AuthBy RADIUS>
>                 Host 216.153.69.66
>                 Secret secret
>                 Retries 15
>                 RetryTimeout 4
> 
>                 StripFromReply Proxy-State   
>                 StripFromReply Filter-Id
>                 StripFromReply Framed-Routing
>                 AddToReplyIfNotExist Framed-Routing = None
> 
>                 AddToReplyIfNotExist Service-Type = Framed, 
> Framed-Protocol = PPP, Ascend-Idle-Limit = 1800, \
>                                 Ascend-Maximum-Call-Duration 
> = 180, Ascend-Maximum-Channels = 2
>         </AuthBy>
> 
>                 <AuthBy DYNADDRESS>
>                         Allocator PoolAllocator
>                         #PoolHint %{Reply:PoolHint}
>                         # hard code the pool hint.
>                         PoolHint 36
>                         #MapAttribute   yiaddr, Framed-IP-Address
>                         #MapAttribute   subnetmask, Framed-IP-Netmask
>                         #StripFromReply PoolHint
>                         # do not need to strip. we never 
> added the poolhint
>                 </AuthBy>
>                 
> </AuthBy>
> 
> <Handler Realm=ippool.isdn.net>
>         RewriteUsername      s/^([^@]+).*/$1/
>         RewriteUsername   tr/A-Z/a-z/
> 
>         AuthBy ippool-test
> </Handler>
> 
> When I Try to set this, I'm expecting the DYnAddress to 
> attach my IP information, but what happens:
> 
> [root at memrad04 raddb]# radpwtst  -user john at ippool.isdn.net  
> -password  clv2526  -noacct -trace
> Code:       Access-Request
> Identifier: 145
> Authentic:  1234567890123456
> Attributes:
>         User-Name = "john at ippool.isdn.net"
>         Service-Type = Framed-User
>         NAS-IP-Address = 203.63.154.1
>         NAS-Port = 1234
>         Called-Station-Id = "123456789"
>         Calling-Station-Id = "987654321"
>         NAS-Port-Type = Async
>         User-Password = 
> "<154><231>)<159><154>n2<246><188>8<9><160><216>}x<153>"
> sending Access-Request...
> OK
> Code:       Access-Accept
> Identifier: 145
> Authentic:  
> <227><148><189><3><235>|hD<188><194><20><252><235><240>{<3>
> Attributes:
>         Ascend-Maximum-Channels = 2
>         Service-Type = Framed
>         Framed-Protocol = PPP
>         Ascend-Idle-Limit = 1800
>         Ascend-Maximum-Call-Duration = 180
> 
> NO IP Information. The Trace 4 in the logs:
> 
> 
> 
> Tue Apr  2 17:44:40 2002: DEBUG: Packet dump:
> *** Received from 127.0.0.1 port 1114 ....
> Code:       Access-Request
> Identifier: 145
> Authentic:  1234567890123456
> Attributes:
>         User-Name = "john at ippool.isdn.net"
>         Service-Type = Framed-User
>         NAS-IP-Address = 203.63.154.1
>         NAS-Port = 1234
>         Called-Station-Id = "123456789"
>         Calling-Station-Id = "987654321"
>         NAS-Port-Type = Async
>         User-Password = 
> "<154><231>)<159><154>n2<246><188>8<9><160><216>}x<153>"
> 
> Tue Apr  2 17:44:40 2002: DEBUG: Check if Handler 
> Realm=ippool.isdn.net should be used to handle this request 
> Tue Apr  2 17:44:40 2002: DEBUG: Handling request with 
> Handler 'Realm=ippool.isdn.net' Tue Apr  2 17:44:40 2002: 
> DEBUG: Rewrote user name to john Tue Apr  2 17:44:40 2002: 
> DEBUG: Rewrote user name to john Tue Apr  2 17:44:40 2002: 
> DEBUG: sessiondb Deleting session for john at ippool.isdn.net, 
> 203.63.154.1, 1234 Tue Apr  2 17:44:40 2002: DEBUG: do query 
> is: delete from RADONLINE where 
> USERNAME='john at ippool.isdn.net' and 
> NASIDENTIFIER='203.63.154.1' and NASPORT='1234'
> 
> Tue Apr  2 17:44:40 2002: DEBUG: Handling with 
> Radius::AuthGROUP Tue Apr  2 17:44:40 2002: DEBUG: Rewrote 
> user name to john Tue Apr  2 17:44:40 2002: DEBUG: Handling 
> with Radius::AuthRADIUS Tue Apr  2 17:44:40 2002: DEBUG: Packet dump:
> *** Sending to 216.153.69.66 port 1645 ....
> Code:       Access-Request
> Identifier: 2
> Authentic:  1234567890123456
> Attributes:
>         User-Name = "john"
>         Service-Type = Framed-User
>         NAS-IP-Address = 203.63.154.1
>         NAS-Port = 1234
>         Called-Station-Id = "123456789"
>         Calling-Station-Id = "987654321"
>         NAS-Port-Type = Async
>         User-Password = 
> "L<177>,<163><242>7<223>U<143><175><25><224><6>u<251>9"
> 
> Tue Apr  2 17:44:40 2002: DEBUG: Packet dump:
> *** Received from 216.153.69.66 port 1645 ....
> Code:       Access-Accept
> Identifier: 2
> Authentic:  <227><190><177><3><238><21>W<153>\<145>!b,<151><154><172>
> Attributes:
>         Ascend-Maximum-Channels = 2
> 
> Tue Apr  2 17:44:40 2002: DEBUG: Received reply in AuthRADIUS 
> for req 2 from 216.153.69.66:1645 Tue Apr  2 17:44:40 2002: 
> DEBUG: Access accepted for john Tue Apr  2 17:44:40 2002: 
> DEBUG: Packet dump:
> *** Sending to 127.0.0.1 port 1114 ....
> Code:       Access-Accept
> Identifier: 145
> Authentic:  1234567890123456
> Attributes:
>         Ascend-Maximum-Channels = 2
>         Service-Type = Framed
>         Framed-Protocol = PPP
>         Ascend-Idle-Limit = 1800
>         Ascend-Maximum-Call-Duration = 180
> 
> 
> Sincerely,
> 
> Leon Oosterwijk
> ISDN-NET Inc. 
> www.isdn.net
> +1 615-221-4200
> 
> > -----Original Message-----
> > From: Hugh Irvine [mailto:hugh at open.com.au]
> > Sent: Tuesday, April 02, 2002 5:04 PM
> > To: Paul Black; radiator at open.com.au
> > Subject: Re: (RADIATOR) Rewrite rules
> > 
> > 
> > 
> > Hello Paul -
> > 
> > You should get a copy of the Camel book (Programming Perl
> > from O'Reilly) and 
> > do some experiments with regular expressions to get a feel for them.
> > 
> > A RewriteUsername to strip spaces would look like this:
> > 
> > 	RewriteUsername s/ //g
> > 
> > this one strips the "@some.realm" from a username
> > 
> > 	RewriteUsername s/^([^@]+).*/$1/
> > 
> > so "user at some.realm" becomes "user".
> > 
> > regards
> > 
> > Hugh
> > 
> > 
> > On Tue, 2 Apr 2002 19:41, Paul Black wrote:
> > > I'm still trying to make my rewrite rules do exactly what I
> > want. What
> > > rule would I need to string leading white space from the username?
> > >
> > > Also what does the first rule shown below do?
> > >
> > > Regards.  Paul
> > >
> > > >><Realm DEFAULT>
> > > >>  RewriteUsername s/^([^@]+).*/$1/
> > > >>  RewriteUsername tr/A-Z/a-z/
> > >
> > > ===
> > > Archive at http://www.open.com.au/archives/radiator/
> > > Announcements on radiator-announce at open.com.au
> > > To unsubscribe, email 'majordomo at open.com.au' with 'unsubscribe
> > > radiator' in the body of the message.
> > 
> > --
> > Radiator: the most portable, flexible and configurable RADIUS 
> > server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, 
> > NT, MacOS X.
> > -
> > Nets: internetwork inventory and management - graphical, 
> > extensible, flexible with hardware, software, platform and 
> > database independence. === Archive at 
> > http://www.open.com.au/archives/radiator/
> > Announcements on 
> > radiator-announce at open.com.au
> > To unsubscribe, email 'majordomo at open.com.au' with
> > 'unsubscribe radiator' in the body of the message.
> > 
> 
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list