No subject
Tue Jun 24 01:19:57 CDT 2008
the request has been forwarded to the remote radius server. It will not wait
for a reply before moving on to other AuthBy clauses, or handling new
requests. You can change this behaviour with the Synchronous flag, but make
sure you understand what you are doing before enabling the Synchronous flag.
It can have a significant impact on performance."
If the AuthByPolicy is ContinueWhileAccept the second clause (see my config
example below) will not get processed, because there was no accept from the
radius server.
I was able to get the results I wanted by adding fork and synchronous to the
AutBy RADIUS clause. This behaviour is not fully documented in the manual.
The next question then is, how severe this will impact my radiator's
performance. The Radius log does not indicate where the process spawns off a
child for the auth, so It would be hard to me to measure how many spawns I
get per minute/hour.
Sincerely,
Leon Oosterwijk
ISDN-NET Inc.
www.isdn.net
+1 615-221-4200
> -----Original Message-----
> From: Leon Oosterwijk
> Sent: Tuesday, April 02, 2002 5:57 PM
> To: 'hugh at open.com.au'
> Subject: Goin' Crazy
>
>
> All,
>
> I'm running into a weird problem with my handlers. I think
> I'm going crazy :) .. I might be something really stupid, but
> I cannot get this setup to proceed with the second handler in
> my GROUP. Any help would be appreciated.
>
> For the record:
> Tue Apr 2 17:44:02 2002: INFO: Server started: Radiator
> 2.18.1 on host
>
>
> Concider:
>
> <AuthBy GROUP>
> Identifier ippool-test
> # AuthByPolicy ContinueWhileAccept
> AuthByPolicy ContinueWhileAccept
>
> RewriteUsername s/^([^@]+).*/$1/
>
> <AuthBy RADIUS>
> Host 216.153.69.66
> Secret secret
> Retries 15
> RetryTimeout 4
>
> StripFromReply Proxy-State
> StripFromReply Filter-Id
> StripFromReply Framed-Routing
> AddToReplyIfNotExist Framed-Routing = None
>
> AddToReplyIfNotExist Service-Type = Framed,
> Framed-Protocol = PPP, Ascend-Idle-Limit = 1800, \
> Ascend-Maximum-Call-Duration
> = 180, Ascend-Maximum-Channels = 2
> </AuthBy>
>
> <AuthBy DYNADDRESS>
> Allocator PoolAllocator
> #PoolHint %{Reply:PoolHint}
> # hard code the pool hint.
> PoolHint 36
> #MapAttribute yiaddr, Framed-IP-Address
> #MapAttribute subnetmask, Framed-IP-Netmask
> #StripFromReply PoolHint
> # do not need to strip. we never
> added the poolhint
> </AuthBy>
>
> </AuthBy>
>
> <Handler Realm=ippool.isdn.net>
> RewriteUsername s/^([^@]+).*/$1/
> RewriteUsername tr/A-Z/a-z/
>
> AuthBy ippool-test
> </Handler>
>
> When I Try to set this, I'm expecting the DYnAddress to
> attach my IP information, but what happens:
>
> [root at memrad04 raddb]# radpwtst -user john at ippool.isdn.net
> -password clv2526 -noacct -trace
> Code: Access-Request
> Identifier: 145
> Authentic: 1234567890123456
> Attributes:
> User-Name = "john at ippool.isdn.net"
> Service-Type = Framed-User
> NAS-IP-Address = 203.63.154.1
> NAS-Port = 1234
> Called-Station-Id = "123456789"
> Calling-Station-Id = "987654321"
> NAS-Port-Type = Async
> User-Password =
> "<154><231>)<159><154>n2<246><188>8<9><160><216>}x<153>"
> sending Access-Request...
> OK
> Code: Access-Accept
> Identifier: 145
> Authentic:
> <227><148><189><3><235>|hD<188><194><20><252><235><240>{<3>
> Attributes:
> Ascend-Maximum-Channels = 2
> Service-Type = Framed
> Framed-Protocol = PPP
> Ascend-Idle-Limit = 1800
> Ascend-Maximum-Call-Duration = 180
>
> NO IP Information. The Trace 4 in the logs:
>
>
>
> Tue Apr 2 17:44:40 2002: DEBUG: Packet dump:
> *** Received from 127.0.0.1 port 1114 ....
> Code: Access-Request
> Identifier: 145
> Authentic: 1234567890123456
> Attributes:
> User-Name = "john at ippool.isdn.net"
> Service-Type = Framed-User
> NAS-IP-Address = 203.63.154.1
> NAS-Port = 1234
> Called-Station-Id = "123456789"
> Calling-Station-Id = "987654321"
> NAS-Port-Type = Async
> User-Password =
> "<154><231>)<159><154>n2<246><188>8<9><160><216>}x<153>"
>
> Tue Apr 2 17:44:40 2002: DEBUG: Check if Handler
> Realm=ippool.isdn.net should be used to handle this request
> Tue Apr 2 17:44:40 2002: DEBUG: Handling request with
> Handler 'Realm=ippool.isdn.net' Tue Apr 2 17:44:40 2002:
> DEBUG: Rewrote user name to john Tue Apr 2 17:44:40 2002:
> DEBUG: Rewrote user name to john Tue Apr 2 17:44:40 2002:
> DEBUG: sessiondb Deleting session for john at ippool.isdn.net,
> 203.63.154.1, 1234 Tue Apr 2 17:44:40 2002: DEBUG: do query
> is: delete from RADONLINE where
> USERNAME='john at ippool.isdn.net' and
> NASIDENTIFIER='203.63.154.1' and NASPORT='1234'
>
> Tue Apr 2 17:44:40 2002: DEBUG: Handling with
> Radius::AuthGROUP Tue Apr 2 17:44:40 2002: DEBUG: Rewrote
> user name to john Tue Apr 2 17:44:40 2002: DEBUG: Handling
> with Radius::AuthRADIUS Tue Apr 2 17:44:40 2002: DEBUG: Packet dump:
> *** Sending to 216.153.69.66 port 1645 ....
> Code: Access-Request
> Identifier: 2
> Authentic: 1234567890123456
> Attributes:
> User-Name = "john"
> Service-Type = Framed-User
> NAS-IP-Address = 203.63.154.1
> NAS-Port = 1234
> Called-Station-Id = "123456789"
> Calling-Station-Id = "987654321"
> NAS-Port-Type = Async
> User-Password =
> "L<177>,<163><242>7<223>U<143><175><25><224><6>u<251>9"
>
> Tue Apr 2 17:44:40 2002: DEBUG: Packet dump:
> *** Received from 216.153.69.66 port 1645 ....
> Code: Access-Accept
> Identifier: 2
> Authentic: <227><190><177><3><238><21>W<153>\<145>!b,<151><154><172>
> Attributes:
> Ascend-Maximum-Channels = 2
>
> Tue Apr 2 17:44:40 2002: DEBUG: Received reply in AuthRADIUS
> for req 2 from 216.153.69.66:1645 Tue Apr 2 17:44:40 2002:
> DEBUG: Access accepted for john Tue Apr 2 17:44:40 2002:
> DEBUG: Packet dump:
> *** Sending to 127.0.0.1 port 1114 ....
> Code: Access-Accept
> Identifier: 145
> Authentic: 1234567890123456
> Attributes:
> Ascend-Maximum-Channels = 2
> Service-Type = Framed
> Framed-Protocol = PPP
> Ascend-Idle-Limit = 1800
> Ascend-Maximum-Call-Duration = 180
>
>
> Sincerely,
>
> Leon Oosterwijk
> ISDN-NET Inc.
> www.isdn.net
> +1 615-221-4200
>
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list