[RADIATOR] when accounting server reject the connection?

Alfred Alinazar alfred at kccg.com
Tue Jan 27 01:27:13 CST 2009


Hello Irvine,

We already have SQL database on a separate high-avaibility backend.
There was a virus on the network attacking the network.
It seems that some accounting-request from NAS were missing so that the Log
didn't record the accounting-request = start.

Since "insert into RADONLINE" are exected by start event, some authenticated
users were not shown on the RADONLINE.
How to anticipate this problem?

Regards,

-Alfred-

-----Original Message-----
From: Hugh Irvine [mailto:hugh at open.com.au] 
Sent: Tuesday, January 27, 2009 10:12 AM
To: Alfred Alinazar
Cc: radiator at open.com.au
Subject: Re: [RADIATOR] when accounting server reject the connection?


Hello Alfred -

You should run your SQL database on a separate high-availability  
backend database server.

regards

Hugh



On 26 Jan 2009, at 00:04, Alfred Alinazar wrote:

> Dear All,
>
> I have 2 radius radiator.
> Both of the configuration are the same.
> And here is the configuration for the handler:
> ------------------------------- start config ---------
> <Handler NAS-Port-Type=xDSL|Ethernet>
> 	MaxSessions 1
> 	AuthByPolicy ContinueWhileReject
> 	<AuthBy SQL>
> 		NoDefault
> 		Identifier ASQL_DSL_encrypt_DSL
> 		DBSource	dbi:ODBC:radiusodbc
> 		DBUsername	****
> 		DBAuth		****
> 		AuthSelect select radpassword,timeleft,AddToReply from
> vw_pospauth where username='%n' and servicetype='DSL'
> 		AuthColumnDef	0,Encrypted-Password,check
> 		AuthColumnDef	1,Session-Timeout,reply
> 		AuthColumnDef  2,GENERIC,reply
>
> 		AccountingStopsOnly
> 		AccountingTable PospAccountingTable2
> 		AcctColumnDef	USERNAME,User-Name
> 		AcctColumnDef	logofftime,Timestamp,integer-date
> 		AcctColumnDef  logofftime_stamp,Timestamp
> 		AcctColumnDef	Acctsessiontime,Acct-Session-Time,integer
> 		AcctColumnDef	AcctDelayTime,Acct-Delay-Time,integer
> 		AcctColumnDef	AcctTerminateCause,Acct-Terminate-Cause
> 		AcctColumnDef	EventTimeStamp,Event-Timestamp,integer
> 		AcctColumnDef	NASIDENTIFIER,NAS-Identifier
> 		AcctColumnDef  AcctSessionID,Acct-Session-Id
> 		AcctColumnDef  NASIPAddress,NAS-IP-Address
> 		AcctColumnDef  PPPoEDescription,Unisphere-Pppoe-Description
> 		AcctColumnDef	FRAMEDIPADDRESS,Framed-IP-Address
> 		AcctColumnDef
> IngressPolicyName,Unisphere-Ingress-Policy-Name
> 		AcctColumnDef  EgressPolicyName,Unisphere-Egress-Policy-Name
> 		AcctColumnDef	CallingStationID,Calling-Station-Id
> 		AcctColumnDef
> AcctInputGigawords,Acct-Input-Gigawords,integer
> 		AcctColumnDef	AcctInputOctets,Acct-Input-Octets,integer
> 		AcctColumnDef
> AcctOutputGigawords,Acct-Output-Gigawords,integer
> 		AcctColumnDef 	AcctOutputOctets,Acct-Output-Octets,integer
> 		AcctColumnDef
> UnisphereInputGigapkts,Unisphere-Input-Gigapkts,integer
> 		AcctColumnDef
> AcctOutputPackets,Acct-Output-Packets,integer
> 		AcctColumnDef	NASPortType,NAS-Port-Type
> 		AcctColumnDef	NASPORT,NAS-Port,integer
> 		AcctColumnDef  NASPortID,NAS-Port-Id
> 		AcctColumnDef  SERVER,'rd02'
> 	</AuthBy>
> </Handler>
> ------------------------------- end config
>
> However, I'm using the server1 as primary authentication and secondary
> accounting.
> The server2 is for primary accounting and secondary authentication.
>
> A few day ago, the server2 was unable to connect to the SQL server  
> due to
> virus attack.
> It gave an error:
> ---------------------
> Jan 19 15:05:02 2009: ERR: Could not connect to SQL database with
> DBI->connect dbiDBC:radiusodbc, a3_00, a3_00: [Microsoft][ODBC SQL  
> Server
> Driver][TCP/IP Sockets]SQL Server does not exist or access denied.
> (SQL-08001)
> ----------------------
>
> Because of that, all users authenticated is not appear on radonline  
> table.
> How to prevent this to be happening in the future?
>
> Thanks in advance for your help.
>
> Regards,
>
> -Alfred-
>
>
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator



NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive
(www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.





More information about the radiator mailing list