[RADIATOR] when accounting server reject the connection?
Hugh Irvine
hugh at open.com.au
Tue Jan 27 01:45:35 CST 2009
Hello Alfred -
As you correctly say, it is the accounting start that is used to
insert the session record into the RADONLINE table.
If Radiator does not receive the accounting start it therefore follows
that the RADONLINE table will not show the session.
The only option may be to enable accounting alives on your NAS
equipment, but this will increase the accounting load considerably.
regards
Hugh
On 27 Jan 2009, at 18:27, Alfred Alinazar wrote:
>
> Hello Irvine,
>
> We already have SQL database on a separate high-avaibility backend.
> There was a virus on the network attacking the network.
> It seems that some accounting-request from NAS were missing so that
> the Log
> didn't record the accounting-request = start.
>
> Since "insert into RADONLINE" are exected by start event, some
> authenticated
> users were not shown on the RADONLINE.
> How to anticipate this problem?
>
> Regards,
>
> -Alfred-
>
> -----Original Message-----
> From: Hugh Irvine [mailto:hugh at open.com.au]
> Sent: Tuesday, January 27, 2009 10:12 AM
> To: Alfred Alinazar
> Cc: radiator at open.com.au
> Subject: Re: [RADIATOR] when accounting server reject the connection?
>
>
> Hello Alfred -
>
> You should run your SQL database on a separate high-availability
> backend database server.
>
> regards
>
> Hugh
>
>
>
> On 26 Jan 2009, at 00:04, Alfred Alinazar wrote:
>
>> Dear All,
>>
>> I have 2 radius radiator.
>> Both of the configuration are the same.
>> And here is the configuration for the handler:
>> ------------------------------- start config ---------
>> <Handler NAS-Port-Type=xDSL|Ethernet>
>> MaxSessions 1
>> AuthByPolicy ContinueWhileReject
>> <AuthBy SQL>
>> NoDefault
>> Identifier ASQL_DSL_encrypt_DSL
>> DBSource dbi:ODBC:radiusodbc
>> DBUsername ****
>> DBAuth ****
>> AuthSelect select radpassword,timeleft,AddToReply from
>> vw_pospauth where username='%n' and servicetype='DSL'
>> AuthColumnDef 0,Encrypted-Password,check
>> AuthColumnDef 1,Session-Timeout,reply
>> AuthColumnDef 2,GENERIC,reply
>>
>> AccountingStopsOnly
>> AccountingTable PospAccountingTable2
>> AcctColumnDef USERNAME,User-Name
>> AcctColumnDef logofftime,Timestamp,integer-date
>> AcctColumnDef logofftime_stamp,Timestamp
>> AcctColumnDef Acctsessiontime,Acct-Session-Time,integer
>> AcctColumnDef AcctDelayTime,Acct-Delay-Time,integer
>> AcctColumnDef AcctTerminateCause,Acct-Terminate-Cause
>> AcctColumnDef EventTimeStamp,Event-Timestamp,integer
>> AcctColumnDef NASIDENTIFIER,NAS-Identifier
>> AcctColumnDef AcctSessionID,Acct-Session-Id
>> AcctColumnDef NASIPAddress,NAS-IP-Address
>> AcctColumnDef PPPoEDescription,Unisphere-Pppoe-Description
>> AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
>> AcctColumnDef
>> IngressPolicyName,Unisphere-Ingress-Policy-Name
>> AcctColumnDef EgressPolicyName,Unisphere-Egress-Policy-Name
>> AcctColumnDef CallingStationID,Calling-Station-Id
>> AcctColumnDef
>> AcctInputGigawords,Acct-Input-Gigawords,integer
>> AcctColumnDef AcctInputOctets,Acct-Input-Octets,integer
>> AcctColumnDef
>> AcctOutputGigawords,Acct-Output-Gigawords,integer
>> AcctColumnDef AcctOutputOctets,Acct-Output-Octets,integer
>> AcctColumnDef
>> UnisphereInputGigapkts,Unisphere-Input-Gigapkts,integer
>> AcctColumnDef
>> AcctOutputPackets,Acct-Output-Packets,integer
>> AcctColumnDef NASPortType,NAS-Port-Type
>> AcctColumnDef NASPORT,NAS-Port,integer
>> AcctColumnDef NASPortID,NAS-Port-Id
>> AcctColumnDef SERVER,'rd02'
>> </AuthBy>
>> </Handler>
>> ------------------------------- end config
>>
>> However, I'm using the server1 as primary authentication and
>> secondary
>> accounting.
>> The server2 is for primary accounting and secondary authentication.
>>
>> A few day ago, the server2 was unable to connect to the SQL server
>> due to
>> virus attack.
>> It gave an error:
>> ---------------------
>> Jan 19 15:05:02 2009: ERR: Could not connect to SQL database with
>> DBI->connect dbiDBC:radiusodbc, a3_00, a3_00: [Microsoft][ODBC SQL
>> Server
>> Driver][TCP/IP Sockets]SQL Server does not exist or access denied.
>> (SQL-08001)
>> ----------------------
>>
>> Because of that, all users authenticated is not appear on radonline
>> table.
>> How to prevent this to be happening in the future?
>>
>> Thanks in advance for your help.
>>
>> Regards,
>>
>> -Alfred-
>>
>>
>> _______________________________________________
>> radiator mailing list
>> radiator at open.com.au
>> http://www.open.com.au/mailman/listinfo/radiator
>
>
>
> NB:
>
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive
> (www.open.com.au/archives/radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
> Have you checked the RadiusExpert wiki:
> http://www.open.com.au/wiki/index.php/Main_Page
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> Includes support for reliable RADIUS transport (RadSec),
> and DIAMETER translation agent.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
>
>
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
More information about the radiator
mailing list