[RADIATOR] when accounting server reject the connection?

Wallner Martin Martin.Wallner at etel.at
Tue Jan 27 02:12:04 CST 2009 

I agree with Hugh, recording alive would bring a buttload of more deletes/updates of RADONLINE, but it would also show a lot more info on the customer in the table (since - at least with cisco - the first alive packet can be sent immeditly after the start packet), it then contains IP-Adress, how much data transfered and so on, all info you don't have in a 'Start Only' environment... so, you have to check this too...

=mw=
 

-----Ursprüngliche Nachricht-----
Von: radiator-bounces at open.com.au [mailto:radiator-bounces at open.com.au] Im Auftrag von Hugh Irvine
Gesendet: Dienstag, 27. Jänner 2009 08:46
An: Alfred Alinazar
Cc: radiator at open.com.au
Betreff: Re: [RADIATOR] when accounting server reject the connection?


Hello Alfred -

As you correctly say, it is the accounting start that is used to insert the session record into the RADONLINE table.

If Radiator does not receive the accounting start it therefore follows that the RADONLINE table will not show the session.

The only option may be to enable accounting alives on your NAS equipment, but this will increase the accounting load considerably.

regards

Hugh


On 27 Jan 2009, at 18:27, Alfred Alinazar wrote:

>
> Hello Irvine,
>
> We already have SQL database on a separate high-avaibility backend.
> There was a virus on the network attacking the network.
> It seems that some accounting-request from NAS were missing so that 
> the Log didn't record the accounting-request = start.
>
> Since "insert into RADONLINE" are exected by start event, some 
> authenticated users were not shown on the RADONLINE.
> How to anticipate this problem?
>
> Regards,
>
> -Alfred-
>
> -----Original Message-----
> From: Hugh Irvine [mailto:hugh at open.com.au]
> Sent: Tuesday, January 27, 2009 10:12 AM
> To: Alfred Alinazar
> Cc: radiator at open.com.au
> Subject: Re: [RADIATOR] when accounting server reject the connection?
>
>
> Hello Alfred -
>
> You should run your SQL database on a separate high-availability 
> backend database server.
>
> regards
>
> Hugh
>
>
>
> On 26 Jan 2009, at 00:04, Alfred Alinazar wrote:
>
>> Dear All,
>>
>> I have 2 radius radiator.
>> Both of the configuration are the same.
>> And here is the configuration for the handler:
>> ------------------------------- start config --------- <Handler 
>> NAS-Port-Type=xDSL|Ethernet>
>> 	MaxSessions 1
>> 	AuthByPolicy ContinueWhileReject
>> 	<AuthBy SQL>
>> 		NoDefault
>> 		Identifier ASQL_DSL_encrypt_DSL
>> 		DBSource	dbi:ODBC:radiusodbc
>> 		DBUsername	****
>> 		DBAuth		****
>> 		AuthSelect select radpassword,timeleft,AddToReply from vw_pospauth 
>> where username='%n' and servicetype='DSL'
>> 		AuthColumnDef	0,Encrypted-Password,check
>> 		AuthColumnDef	1,Session-Timeout,reply
>> 		AuthColumnDef  2,GENERIC,reply
>>
>> 		AccountingStopsOnly
>> 		AccountingTable PospAccountingTable2
>> 		AcctColumnDef	USERNAME,User-Name
>> 		AcctColumnDef	logofftime,Timestamp,integer-date
>> 		AcctColumnDef  logofftime_stamp,Timestamp
>> 		AcctColumnDef	Acctsessiontime,Acct-Session-Time,integer
>> 		AcctColumnDef	AcctDelayTime,Acct-Delay-Time,integer
>> 		AcctColumnDef	AcctTerminateCause,Acct-Terminate-Cause
>> 		AcctColumnDef	EventTimeStamp,Event-Timestamp,integer
>> 		AcctColumnDef	NASIDENTIFIER,NAS-Identifier
>> 		AcctColumnDef  AcctSessionID,Acct-Session-Id
>> 		AcctColumnDef  NASIPAddress,NAS-IP-Address
>> 		AcctColumnDef  PPPoEDescription,Unisphere-Pppoe-Description
>> 		AcctColumnDef	FRAMEDIPADDRESS,Framed-IP-Address
>> 		AcctColumnDef
>> IngressPolicyName,Unisphere-Ingress-Policy-Name
>> 		AcctColumnDef  EgressPolicyName,Unisphere-Egress-Policy-Name
>> 		AcctColumnDef	CallingStationID,Calling-Station-Id
>> 		AcctColumnDef
>> AcctInputGigawords,Acct-Input-Gigawords,integer
>> 		AcctColumnDef	AcctInputOctets,Acct-Input-Octets,integer
>> 		AcctColumnDef
>> AcctOutputGigawords,Acct-Output-Gigawords,integer
>> 		AcctColumnDef 	AcctOutputOctets,Acct-Output-Octets,integer
>> 		AcctColumnDef
>> UnisphereInputGigapkts,Unisphere-Input-Gigapkts,integer
>> 		AcctColumnDef
>> AcctOutputPackets,Acct-Output-Packets,integer
>> 		AcctColumnDef	NASPortType,NAS-Port-Type
>> 		AcctColumnDef	NASPORT,NAS-Port,integer
>> 		AcctColumnDef  NASPortID,NAS-Port-Id
>> 		AcctColumnDef  SERVER,'rd02'
>> 	</AuthBy>
>> </Handler>
>> ------------------------------- end config
>>
>> However, I'm using the server1 as primary authentication and 
>> secondary accounting.
>> The server2 is for primary accounting and secondary authentication.
>>
>> A few day ago, the server2 was unable to connect to the SQL server 
>> due to virus attack.
>> It gave an error:
>> ---------------------
>> Jan 19 15:05:02 2009: ERR: Could not connect to SQL database with
>> DBI->connect dbiDBC:radiusodbc, a3_00, a3_00: [Microsoft][ODBC SQL
>> Server
>> Driver][TCP/IP Sockets]SQL Server does not exist or access denied.
>> (SQL-08001)
>> ----------------------
>>
>> Because of that, all users authenticated is not appear on radonline 
>> table.
>> How to prevent this to be happening in the future?
>>
>> Thanks in advance for your help.
>>
>> Regards,
>>
>> -Alfred-
>>
>>
>> _______________________________________________
>> radiator mailing list
>> radiator at open.com.au
>> http://www.open.com.au/mailman/listinfo/radiator
>
>
>
> NB:
>
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive 
> (www.open.com.au/archives/radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets), 
> together with a trace 4 debug showing what is happening?
> Have you checked the RadiusExpert wiki:
> http://www.open.com.au/wiki/index.php/Main_Page
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server 
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> Includes support for reliable RADIUS transport (RadSec), and DIAMETER 
> translation agent.
> -
> Nets: internetwork inventory and management - graphical, extensible, 
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
>
>



NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page

--
Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec), and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.


_______________________________________________
radiator mailing list
radiator at open.com.au
http://www.open.com.au/mailman/listinfo/radiator

More information about the radiator mailing list