[RADIATOR] when accounting server reject the connection?
Alfred Alinazar
alfred at kccg.com
Tue Jan 27 01:27:13 CST 2009
Hello Irvine,
We already have SQL database on a separate high-avaibility backend.
There was a virus on the network attacking the network.
It seems that some accounting-request from NAS were missing so that the Log
didn't record the accounting-request = start.
Since "insert into RADONLINE" are exected by start event, some authenticated
users were not shown on the RADONLINE.
How to anticipate this problem?
Regards,
-Alfred-
-----Original Message-----
From: Hugh Irvine [mailto:hugh at open.com.au]
Sent: Tuesday, January 27, 2009 10:12 AM
To: Alfred Alinazar
Cc: radiator at open.com.au
Subject: Re: [RADIATOR] when accounting server reject the connection?
Hello Alfred -
You should run your SQL database on a separate high-availability
backend database server.
regards
Hugh
On 26 Jan 2009, at 00:04, Alfred Alinazar wrote:
> Dear All,
>
> I have 2 radius radiator.
> Both of the configuration are the same.
> And here is the configuration for the handler:
> ------------------------------- start config ---------
> <Handler NAS-Port-Type=xDSL|Ethernet>
> MaxSessions 1
> AuthByPolicy ContinueWhileReject
> <AuthBy SQL>
> NoDefault
> Identifier ASQL_DSL_encrypt_DSL
> DBSource dbi:ODBC:radiusodbc
> DBUsername ****
> DBAuth ****
> AuthSelect select radpassword,timeleft,AddToReply from
> vw_pospauth where username='%n' and servicetype='DSL'
> AuthColumnDef 0,Encrypted-Password,check
> AuthColumnDef 1,Session-Timeout,reply
> AuthColumnDef 2,GENERIC,reply
>
> AccountingStopsOnly
> AccountingTable PospAccountingTable2
> AcctColumnDef USERNAME,User-Name
> AcctColumnDef logofftime,Timestamp,integer-date
> AcctColumnDef logofftime_stamp,Timestamp
> AcctColumnDef Acctsessiontime,Acct-Session-Time,integer
> AcctColumnDef AcctDelayTime,Acct-Delay-Time,integer
> AcctColumnDef AcctTerminateCause,Acct-Terminate-Cause
> AcctColumnDef EventTimeStamp,Event-Timestamp,integer
> AcctColumnDef NASIDENTIFIER,NAS-Identifier
> AcctColumnDef AcctSessionID,Acct-Session-Id
> AcctColumnDef NASIPAddress,NAS-IP-Address
> AcctColumnDef PPPoEDescription,Unisphere-Pppoe-Description
> AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
> AcctColumnDef
> IngressPolicyName,Unisphere-Ingress-Policy-Name
> AcctColumnDef EgressPolicyName,Unisphere-Egress-Policy-Name
> AcctColumnDef CallingStationID,Calling-Station-Id
> AcctColumnDef
> AcctInputGigawords,Acct-Input-Gigawords,integer
> AcctColumnDef AcctInputOctets,Acct-Input-Octets,integer
> AcctColumnDef
> AcctOutputGigawords,Acct-Output-Gigawords,integer
> AcctColumnDef AcctOutputOctets,Acct-Output-Octets,integer
> AcctColumnDef
> UnisphereInputGigapkts,Unisphere-Input-Gigapkts,integer
> AcctColumnDef
> AcctOutputPackets,Acct-Output-Packets,integer
> AcctColumnDef NASPortType,NAS-Port-Type
> AcctColumnDef NASPORT,NAS-Port,integer
> AcctColumnDef NASPortID,NAS-Port-Id
> AcctColumnDef SERVER,'rd02'
> </AuthBy>
> </Handler>
> ------------------------------- end config
>
> However, I'm using the server1 as primary authentication and secondary
> accounting.
> The server2 is for primary accounting and secondary authentication.
>
> A few day ago, the server2 was unable to connect to the SQL server
> due to
> virus attack.
> It gave an error:
> ---------------------
> Jan 19 15:05:02 2009: ERR: Could not connect to SQL database with
> DBI->connect dbiDBC:radiusodbc, a3_00, a3_00: [Microsoft][ODBC SQL
> Server
> Driver][TCP/IP Sockets]SQL Server does not exist or access denied.
> (SQL-08001)
> ----------------------
>
> Because of that, all users authenticated is not appear on radonline
> table.
> How to prevent this to be happening in the future?
>
> Thanks in advance for your help.
>
> Regards,
>
> -Alfred-
>
>
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive
(www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
More information about the radiator
mailing list