[RADIATOR] Simultaneous Use, Redback SE

Hugh Irvine hugh at open.com.au
Mon Oct 6 20:40:57 CDT 2008 

Hello Colin -

Apologies for the delay - I have been overseas.

Could you please send me a copy of your configuration file and the  
relevant contents of the session database when you do your test?

thanks and regards

Hugh


On 2 Oct 2008, at 17:43, Horsington, Colin wrote:

> Hi All,
>
> Operating Radiator 4.2 on Debian with RedBack SE400 release 6.1.3.x.
>
> We are performing strict simultaneous use checks, first with the  
> online session table (SQL) then via SNMP.
>
> A few issues:
>
> 1. The isOnline (Nas.pm) hook does not pass the whole packet, which  
> would be desirable.  Redback with their SE series mask the MIB  
> tables based on the context which is encoded into the community  
> string.  For example the SNMP get community string would be:
>
> snmpget -v 2c -c public at context redback1 enterprises.x.y.z
>
> Which would retrieve subscriber information connected to context  
> "context".  This can be worked around by performing a lookup (SQL)  
> on the session and retrieving this attribute %{RB-Context-Name}.
>
>
> 2. When we perform a check via SNMP and the session "has gone away"  
> the delete query is called.  But it appears to be called with the  
> wrong attributes.  Could this be a bug?
>
> For example in the below output there are two sessions in the  
> online table already...refer inline comments (#########)
>
> ====================================================================== 
> =========
> Thu Oct  1 11:11:00 2008: DEBUG: Packet dump:
> *** Received from 192.168.178.122 port 1812 ....
> Code:       Access-Request
> Identifier: 103
> Authentic:  f<188>^vv<226>+<207><169><131> <245>kU<136><145>
> Attributes:
>         User-Name = "test at isp.com"
>         User-Password =  
> "<148><213>dx<136><142><149>B<154>@<213><131><133><216><156><23>"
>         Service-Type = Framed-User
>         Framed-Protocol = PPP
>         NAS-Identifier = "SE400"
>         NAS-Port = 33620032
>         RB-NAS-Real-Port = 554107174
>         NAS-Port-Type = Virtual
>         NAS-Port-Id = "2/1 vpi-vci 7 294 pppoe 266"
>         RB-Medium-Type = DSL
>         RB-MAC-Address = "00-11-24-85-4c-66"
>         RB-Platform-Type = SE-400
>         Acct-Session-Id = "0100003F680000ED-48E41121"
>
> Thu Oct  1 11:11:00 2008: DEBUG: Handling request with Handler  
> 'Realm=isp.com'
> Thu Oct  1 11:11:00 2008: DEBUG: ISP_Generic_Session Deleting  
> session for test at isp.com, 192.168.178.122, 33620032
> Thu Oct  1 11:11:00 2008: DEBUG: do query is: 'delete from online  
> where NASIdentifier='SE400' and  
> AcctSessionId='0100003F680000ED-48E41121' and  
> UserName='test at isp.com'':
> Thu Oct  1 11:11:00 2008: DEBUG: Query is: 'select  
> NASIdentifier,NASPortId,AcctSessionId from isp_online where  
> UserName='test at isp.com'':
> ########## First stale session check
> Thu Oct  1 11:11:00 2008: DEBUG: Checking if user is still online:  
> Redback2, test at isp.com, SE400, 2/1 vpi-vci 7 294 pppoe 241,  
> 0100003F680000D4-48E3CD10
> Thu Oct  1 11:11:00 2008: DEBUG: Running command `/usr/bin/snmpget - 
> v 2c -c "public at test"  
> SE400 .iso.org.dod.internet.private.enterprises. 
> 2352.2.27.1.1.1.1.3.116.101.115.116.64.115.116.97.102.102.46.116.114.9 
> 7.110.115.97.99.116.46.110.101.116.46.97.117.25.48.49.48.48.48.48.51.7 
> 0.54.56.48.48.48.48.68.52.45.52.56.69.51.67.68.49.48 2>&1`
> Thu Oct  1 11:11:00 2008: DEBUG: Result = SNMPv2-SMI::enterprises. 
> 2352.2.27.1.1.1.1.3.116.101.115.116.64.115.116.97.102.102.46.116.114.9 
> 7.110.115.97.99.116.46.110.101.116.46.97.117.25.48.49.48.48.48.48.51.7 
> 0.54.56.48.48.48.48.68.52.45.52.56.69.51.67.68.49.48 = No Such  
> Instance currently exists at this OID
>
> ######### Note that pppoe sesion 241 has gone away, has session id:  
> 0100003F680000D4-48E3CD10
> Thu Oct  1 11:11:00 2008: INFO: ISP_Generic_Session Session for  
> test at isp.com at SE400:2/1 vpi-vci 7 294 pppoe 241 has gone away
> ######### Now deleting session “pppoe 241” that “has gone away”
> Thu Oct  1 11:11:00 2008: DEBUG: ISP_Generic_Session Deleting  
> session for test at isp.com, SE400, 2/1 vpi-vci 7 294 pppoe 241
> ######### The actual SQL delete is different to the debug output  
> above, different session being deleted from the online table!
> Thu Oct  1 11:11:00 2008: DEBUG: do query is: 'delete from online  
> where NASIdentifier='SE400' and  
> AcctSessionId='0100003F680000ED-48E41121' and  
> UserName='test at isp.com'':
> ########## Second stale session check, same occurs.
> Thu Oct  1 11:11:00 2008: DEBUG: Checking if user is still online:  
> Redback2, test at isp.com, SE400, 2/1 vpi-vci 7 294 pppoe 265,  
> 0100003F680000EC-48E4105F
> Thu Oct  1 11:11:00 2008: DEBUG: Running command `/usr/bin/snmpget - 
> v 2c -c "public at test"  
> SE400 .iso.org.dod.internet.private.enterprises. 
> 2352.2.27.1.1.1.1.3.116.101.115.116.64.115.116.97.102.102.46.116.114.9 
> 7.110.115.97.99.116.46.110.101.116.46.97.117.25.48.49.48.48.48.48.51.7 
> 0.54.56.48.48.48.48.69.67.45.52.56.69.52.49.48.53.70 2>&1`
> Thu Oct  1 11:11:00 2008: DEBUG: Result = SNMPv2-SMI::enterprises. 
> 2352.2.27.1.1.1.1.3.116.101.115.116.64.115.116.97.102.102.46.116.114.9 
> 7.110.115.97.99.116.46.110.101.116.46.97.117.25.48.49.48.48.48.48.51.7 
> 0.54.56.48.48.48.48.69.67.45.52.56.69.52.49.48.53.70 = No Such  
> Instance currently exists at this OID
> Thu Oct  1 11:11:00 2008: INFO: ISP_Generic_Session Session for  
> test at isp.com at SE400:2/1 vpi-vci 7 294 pppoe 265 has gone away
> Thu Oct  1 11:11:00 2008: DEBUG: ISP_Generic_Session Deleting  
> session for test at isp.com, SE400, 2/1 vpi-vci 7 294 pppoe 265
> Thu Oct  1 11:11:00 2008: DEBUG: do query is: 'delete from online  
> where NASIdentifier='SE400' and  
> AcctSessionId='0100003F680000ED-48E41121' and  
> UserName='test at isp.com'':
> Thu Oct  1 11:11:00 2008: DEBUG: Handling with Radius::AuthRADIUS
> ====================================================================== 
> =========
>
> The “sub delete” in SessSQL seems to be the culprit, it seems to  
> get the actual delete attributes for the SQL delete from the  
> current packet, which is not always true if the SQL delete is for a  
> stale online session entry.
>
> sub delete
> {
>     my ($self, $name, $nas_id, $nas_port, $p, $session_id,
>         $framed_ip_address) = @_;
>
>     # query is optional
>     return unless $self->{DeleteQuery};
>
>     # $name. $nas_id and $nas_port are ignored: we get them from the
>     # current packet with format_special.
>     $self->log($main::LOG_DEBUG,
>                "$self->{Identifier} Deleting session for $name,  
> $nas_id, $nas_port", $p);
>     return $self->do(&Radius::Util::format_special
>               ($self->{DeleteQuery},
>                $p, undef, $self->quote($name), $nas_id, $nas_port,
>                $self->quote($session_id), $framed_ip_address));
> }
>
> And for those interested the code to perform the SNMP online check  
> for a given context (RedBack2.pm in the Radius/Nas/ directory) is  
> below.  Redback encode the username+deliminater+session in the oid  
> structure which the map does below.
> =================================================================
> package Radius::Nas::Redback2;
> use Radius::SNMP;
> use strict;
>
> # The following OID relates to the Nas-Port
> $Radius::Nas::RedbackMIB =  
> '.iso.org.dod.internet.private.enterprises.2352.2.27.1.1.1.1.3';
>
> sub isOnline
> {
>     my ($name, $nas_id, $nas_port, $session_id, $client) = @_;
>
>     my $oid_user = join(".", map { ord($_) } split(//, $name));
>     my $oid_sess = join(".", map { ord($_) } split(//, $session_id));
>     my $oid = $Radius::Nas::RedbackMIB . "." . $oid_user . ".25." .  
> $oid_sess;
>
>     my $community = $client->{SNMPCommunity} . "\@test"; #Put  
> context here...
>
>     my $result = &Radius::SNMP::snmpget($nas_id,$community,$oid);
>
>     &main::log($main::LOG_DEBUG,"Result = $result\n");
>
>     if ($result =~ /No Such Instance/i) {
>         # This is normal when that session does not exist on NAS
>         return 0;
>     } else {
>         # Session with that Acct-Session-Id exists on NAS
>         return 1;
>     }
> }
> 1;
> =================================================================
>
> Regards,
>
> Colin Horsington
> SENIOR NETWORK SPECIALIST
> TransACT
> +61 2 6229 8052
>
>
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator



NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

More information about the radiator mailing list