[RADIATOR] simultaneous logins

Tim Wolgemuth tim-radiator at wolgemuth.cc
Mon Mar 30 06:09:57 CST 2009


Here is the config file:


# radmin.cfg
#
# Example Radiator configuration file to interface to the
# Radmin user management package from Open System Consultants
# (http://www.open.com.au/radmin)
#
# You can add extra items to your RADUSERS table and make
# Radiator take note of them with, for example:
# AuthSelect select PASS_WORD,STATICADDRESS,TIMELEFT,\
#            MAXLOGINS, SERVICENAME, BADLOGINS, VALIDFROM, VALIDTO,\
#            FRAMED_NETMASK,FRAMED_FILTER_ID,MAXIDLETIME \
#            from RADUSERS where \
#            USERNAME='%n' and BADLOGINS < 5 and \
#            VALIDFROM < %t and VALIDTO > %t
# AuthColumnDef   0,Framed-IP-Netmask,reply
# AuthColumnDef   1,Filter-Id,reply
# AuthColumnDef   2,Idle-Timeout,reply
# note that the numbering of AuthColumnDef starts with the
# field following the first 4 minumum and required fields.
#
# You should consider this file to be a starting point only
# $Id $

#Foreground
#LogStdout
#LogDir        .
#DbDir        .
LogDir          /var/log/radius
DbDir           /etc/radiator

# Dont turn this up too high, since all log messages are logged
# to the RADMESSAGES table in the database. 3 will give you everything
# except debugging messages
Trace 5

# You will probably want to change this to suit your site.
# You should list all the clients you have, and their secrets
# If you are using the Radmin Clients table, you wil probably
# want to disable this.
<Client DEFAULT>
    Secret    mysecret
    DupInterval 0
</Client>

# You can put additonal (or all) client details in your Radmin
# database table
# and get their details from there with something like this:
# You can then use the Radmin 'Add Radius Client' to add new clients.
<ClientListSQL>
    DBSource    dbi:mysql:radmin:<dbserver>
    DBUsername    radius
    DBAuth        <dbpass>

    select 
NASIDENTIFIER,SECRET,IGNOREACCTSIGNATURE,DUPINTERVAL,DEFAULTREALM,NASTYPE,SNMPCOMMUNITY,LIVINGSTONOFFS,LIVINGSTONHOLE,FRAMEDGROUPBASEADDRESS,FRAMEDGROUPMAXPORTSPERCLASSC,REWRITEUSERNAME,NOIGNOREDUPLICATES,PREHANDLERHOOK 
from RADCLIENTLIST


    # If RefreshPeriod is set to non-zero, it specifies the period in 
seconds that the client list will
    # be refreshed by rereading the database. Each RefreshPeriod,
    # any Clients previously created by this ClientList are cleared
    # and a new set of clients read from the database.
    # Clients defined in the configuration file will not be clobbered.
    # The same effect can be got by signalling the process with with SIGHUP
    #RefreshPeriod 600
</ClientListSQL>

<AuthLog FILE>
        Identifier myauthlogger
        Filename %L/authlog-%Y-%m-%d.log
        LogSuccess 1
        #SuccessFormat %l:%U:OK
    SuccessFormat %l:%U:%N:OK
    FailureFormat %l:%U:%P:%N:FAIL
        LogFailure 1
</AuthLog>

# Handle everyone with RADMIN
<Realm DEFAULT>
    <AuthBy RADMIN>
        # Change DBSource, DBUsername, DBAuth for your database
        # See the reference manual. You will also have to
        # change the one in <SessionDatabse SQL> below
        # so its the same
        DBSource    dbi:mysql:radmin:<dbserver>
        DBUsername    radius
        DBAuth        <dbpass>

        # Never look up the DEFAULT user
        NoDefault

        DefaultSimultaneousUse 1


        # You can add to or change these if you want, but you
        # will probably want to change the database schema first
        AccountingTable    RADUSAGE
        AcctColumnDef    USERNAME,User-Name
        AcctColumnDef    TIME_STAMP,Timestamp,integer
        AcctColumnDef    ACCTSTATUSTYPE,Acct-Status-Type,integer
        AcctColumnDef    ACCTDELAYTIME,Acct-Delay-Time,integer
        AcctColumnDef    ACCTINPUTOCTETS,Acct-Input-Octets,integer
        AcctColumnDef    ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
        AcctColumnDef    ACCTSESSIONID,Acct-Session-Id
        AcctColumnDef    ACCTSESSIONTIME,Acct-Session-Time,integer
        AcctColumnDef    ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer
        AcctColumnDef    FRAMEDIPADDRESS,Framed-IP-Address
        AcctColumnDef    NASIDENTIFIER,NAS-IP-Address
        AcctColumnDef    NASIDENTIFIER,NAS-Identifier
        AcctColumnDef    NASPORT,NAS-Port,integer
        AcctColumnDef    DNIS,Called-Station-Id
#        AcctColumnDef    CALLINGSTATIONID,Calling-Station-Id

        # This updates the time and octets left
        # for this user
        AcctSQLStatement update RADUSERS set 
TIMELEFT=TIMELEFT-0%{Acct-Session-Time}, 
OCTETSINLEFT=OCTETSINLEFT-0%{Acct-Input-Octets}, 
OCTETSOUTLEFT=OCTETSOUTLEFT-0%{Acct-Output-Octets} where USERNAME='%n'

        # These are the classic things to add to each users
        # reply to allow a PPP dialup session. It may be
        # different for your NAS. This will add some
        # reply items to everyone's reply
        AddToReply Framed-Protocol = PPP,\
                Framed-IP-Netmask = 255.255.255.255,\
                Framed-Routing = None,\
                Framed-MTU = 1500,\
            Framed-Compression = Van-Jacobson-TCP-IP

        # If you intend to use rcrypt reversible encryption
        # for passwords in your Radmin database, you must
        # RcryptKey here to be the same secret key you
        # defined in your Radmin Site.pm, and also set
        # PasswordFormat in your Site.pm.
        # RcryptKey mysecret

        # If you intend to use Unix encryption in your database,
        # you will need to set EncryptedPasssword here,
        # as well as setting PasswordFormat in your Site.pm
        EncryptedPassword

        # You can change the max bad login count from the default
        # of 5 with something like
        MaxBadLogins 10

        # To improve user lookup performance on databases that support
        # placeholders, you can use AuthSelectParam and ? like this:
#        AuthSelect select PASS_WORD, STATICADDRESS, TIMELEFT,MAXLOGINS, 
SERVICENAME, BADLOGINS, VALIDFROM, VALIDTO from    RADUSERS where USERNAME=?
#        AuthSelectParam %0
#        ServiceAttrQuery select ATTR_ID, VENDOR_ID, IVALUE, SVALUE, 
ITEM_TYPE from RADSTCONFIG where NAME=? order by ITEM_TYPE
#        UserAttrQuery select ATTR_ID, VENDOR_ID, IVALUE, SVALUE, 
ITEM_TYPE from RADCONFIG where NAME=? order by ITEM_TYPE
#        AttrQueryParam %0

    <Log FILE>
                Filename /var/log/radius/radius-%Y-%m-%d.log
                Trace 5
                LogFormat %l: %1: %2
        </Log FILE>
    </AuthBy>

    # This clause logs all authentication successes and failures to the 
RADAUTHLOG table
    # Suitable for use with RAdmin version 1.6 or later
    <AuthLog SQL>
        # This database spec usually should be exactly the same
        # as in <AuthBy RADMIN> above
        DBSource    dbi:mysql:radmin:<dbserver>
        DBUsername    radius
        DBAuth        <dbpass>

        LogSuccess
        SuccessQuery insert into RADAUTHLOG (TIME_STAMP, USERNAME, TYPE) 
values (%t, '%n', 1)
        LogFailure
        FailureQuery insert into RADAUTHLOG (TIME_STAMP, USERNAME, TYPE, 
REASON) values (%t, '%n', 0, %1)
    </AuthLog>

    <AuthLog FILE>
        Identifier myauthlogger
        Filename %L/authlog-%Y-%m-%d.log
               LogSuccess 1
        SuccessFormat %l:%U:%N:OK
        FailureFormat %l:%U:%P:%N:FAIL
        LogFailure 1
    </AuthLog>


</Realm>

<SessionDatabase SQL>
    # This database spec usually should be exactly the same
    # as in <AuthBy RADMIN> above
    DBSource    dbi:mysql:radmin:<dbserver>
    DBUsername    radius
    DBAuth        <dbpass>
    CountQuery    select NASIDENTIFIER, NASPORT, ACCTSESSIONID, 
FRAMEDIPADDRESS from RADONLINE where USERNAME=%u

</SessionDatabase>

# You can also set up an address pool for Radiator to manage.
# The standard Radmin tables include a RADPOOL address pool table.
# see the example in addressallocator.cfg


One log entry:

Fri Mar 27 16:04:18 2009: DEBUG: Handling with Radius::AuthRADMIN:
Fri Mar 27 16:04:18 2009: DEBUG: Handling accounting with Radius::AuthRADMIN
Fri Mar 27 16:04:18 2009: DEBUG: do query is: 'update RADUSERS set 
TIMELEFT=TIME
LEFT-06784, OCTETSINLEFT=OCTETSINLEFT-019922, 
OCTETSOUTLEFT=OCTETSOUTLEFT-022007
 where USERNAME='test1'':
Fri Mar 27 16:04:18 2009: DEBUG: do query is: 'insert into RADUSAGE 
(ACCTDELAYTI
ME,ACCTINPUTOCTETS,ACCTOUTPUTOCTETS,ACCTSESSIONID,ACCTSESSIONTIME,ACCTSTATUSTYPE
,ACCTTERMINATECAUSE,FRAMEDIPADDRESS,NASIDENTIFIER,NASPORT,TIME_STAMP,USER
Fri Mar 27 16:04:20 2009: DEBUG: Handling with Radius::AuthRADMIN:
Fri Mar 27 16:04:20 2009: DEBUG: Handling accounting with Radius::AuthRADMIN
Fri Mar 27 16:04:20 2009: DEBUG: do query is: 'update RADUSERS set 
TIMELEFT=TIME
LEFT-06733, OCTETSINLEFT=OCTETSINLEFT-016200, 
OCTETSOUTLEFT=OCTETSOUTLEFT-020619
 where USERNAME='test1'':
Fri Mar 27 16:04:20 2009: DEBUG: do query is: 'insert into RADUSAGE 
(ACCTDELAYTI
ME,ACCTINPUTOCTETS,ACCTOUTPUTOCTETS,ACCTSESSIONID,ACCTSESSIONTIME,ACCTSTATUSTYPE
,ACCTTERMINATECAUSE,FRAMEDIPADDRESS,NASIDENTIFIER,NASPORT,TIME_STAMP,USER
Fri Mar 27 16:04:42 2009: DEBUG: Handling with Radius::AuthRADMIN:
Fri Mar 27 16:04:42 2009: DEBUG: Handling with Radius::AuthRADMIN:
Fri Mar 27 16:04:42 2009: DEBUG: Query is: 'select PASS_WORD, 
STATICADDRESS, TIM
ELEFT, MAXLOGINS, SERVICENAME, BADLOGINS, VALIDFROM, VALIDTO from 
RADUSERS where
 USERNAME='test1'':
Fri Mar 27 16:04:42 2009: DEBUG: Query is: 'select ATTR_ID, VENDOR_ID, 
IVALUE, S
VALUE, ITEM_TYPE from RADSTCONFIG where NAME='dynamic-1' order by 
ITEM_TYPE':
Fri Mar 27 16:04:42 2009: DEBUG: Query is: 'select ATTR_ID, VENDOR_ID, 
IVALUE, S
VALUE, ITEM_TYPE from RADCONFIG where NAME='test1' order by ITEM_TYPE':
Fri Mar 27 16:04:42 2009: DEBUG: Radius::AuthRADMIN looks for match with 
test1 [
test1]
Fri Mar 27 16:04:42 2009: DEBUG: ValidFrom date converted to: 1238156940
Fri Mar 27 16:04:42 2009: DEBUG: Expiration date converted to: 1269662400
Fri Mar 27 16:04:42 2009: DEBUG: do query is: 'update RADUSERS set 
BADLOGINS=0 w
here USERNAME='test1'':
Fri Mar 27 16:04:42 2009: DEBUG: Handling with Radius::AuthRADMIN:
Fri Mar 27 16:04:42 2009: DEBUG: Handling accounting with Radius::AuthRADMIN
Fri Mar 27 16:04:42 2009: DEBUG: do query is: 'update RADUSERS set 
TIMELEFT=TIME
LEFT-0, OCTETSINLEFT=OCTETSINLEFT-0, OCTETSOUTLEFT=OCTETSOUTLEFT-0 where 
USERNAM
E='test1'':
Fri Mar 27 16:04:42 2009: DEBUG: do query is: 'insert into RADUSAGE 
(ACCTDELAYTI
ME,ACCTSESSIONID,ACCTSTATUSTYPE,FRAMEDIPADDRESS,NASIDENTIFIER,NASPORT,TIME_STAMP
,USERNAME) values (0,'00003477',1,'66.216.191.54','66.109.238.133',209715


Second log entry:

Fri Mar 27 16:05:32 2009: DEBUG: Handling with Radius::AuthRADMIN:
Fri Mar 27 16:05:32 2009: DEBUG: Handling with Radius::AuthRADMIN:
Fri Mar 27 16:05:32 2009: DEBUG: Query is: 'select PASS_WORD, 
STATICADDRESS, TIM
ELEFT, MAXLOGINS, SERVICENAME, BADLOGINS, VALIDFROM, VALIDTO from 
RADUSERS where
 USERNAME='test1'':
Fri Mar 27 16:05:32 2009: DEBUG: Query is: 'select ATTR_ID, VENDOR_ID, 
IVALUE, S
VALUE, ITEM_TYPE from RADSTCONFIG where NAME='dynamic-1' order by 
ITEM_TYPE':
Fri Mar 27 16:05:32 2009: DEBUG: Query is: 'select ATTR_ID, VENDOR_ID, 
IVALUE, S
VALUE, ITEM_TYPE from RADCONFIG where NAME='test1' order by ITEM_TYPE':
Fri Mar 27 16:05:32 2009: DEBUG: Radius::AuthRADMIN looks for match with 
test1 [
test1]
Fri Mar 27 16:05:32 2009: DEBUG: ValidFrom date converted to: 1238156940
Fri Mar 27 16:05:32 2009: DEBUG: Expiration date converted to: 1269662400
Fri Mar 27 16:05:32 2009: DEBUG: do query is: 'update RADUSERS set 
BADLOGINS=0 w
here USERNAME='test1'':
Fri Mar 27 16:05:32 2009: DEBUG: Handling with Radius::AuthRADMIN:
Fri Mar 27 16:05:32 2009: DEBUG: Handling accounting with Radius::AuthRADMIN
Fri Mar 27 16:05:32 2009: DEBUG: do query is: 'update RADUSERS set 
TIMELEFT=TIME
LEFT-0, OCTETSINLEFT=OCTETSINLEFT-0, OCTETSOUTLEFT=OCTETSOUTLEFT-0 where 
USERNAM
E='test1'':
Fri Mar 27 16:05:32 2009: DEBUG: do query is: 'insert into RADUSAGE 
(ACCTDELAYTI
ME,ACCTSESSIONID,ACCTSTATUSTYPE,FRAMEDIPADDRESS,NASIDENTIFIER,NASPORT,TIME_STAMP
,USERNAME) values (0,'00003479',1,'66.216.191.55','66.109.238.133',161080


Hugh Irvine wrote:
>
> Hello Tim -
>
> I will need to see a copy of your configuration file and a trace 4 
> debug from Radiator showing what is happening.
>
> regards
>
> Hugh
>
>
>
> On 28 Mar 2009, at 06:14, Tim Wolgemuth wrote:
>
>> I am trying to do setup simultaneous logins.  I am using Radmin.  
>> Here is what I have for the user:
>>
>> mysql> SELECT MAXLOGINS FROM RADUSERS where username = "test1";
>> +-----------+
>> | MAXLOGINS |
>> +-----------+
>> |         1 |
>> +-----------+
>>
>>
>> But I can have more connections then that.
>>
>> mysql> SELECT * FROM RADONLINE R;
>> +---------------+------+-----------------+----------------+------------+-------- 
>>
>> -----+--------------+-------------+-------+------------+----------+
>> | ACCTSESSIONID | DNIS | FRAMEDIPADDRESS | NASIDENTIFIER  | 
>> NASPORT    | NASPORT
>> TYPE | ORIGUSERNAME | SERVICETYPE | STATE | TIME_STAMP | USERNAME |
>> +---------------+------+-----------------+----------------+------------+-------- 
>>
>> -----+--------------+-------------+-------+------------+----------+
>> | 0000344B      | NULL | 66.216.191.49   | 66.109.238.133 |          
>> 0 | Virtual
>>    | NULL         | Framed      |  NULL | 1238176730 | test1    |
>> | 0000346F      | NULL | 66.216.191.53   | 66.109.238.133 | 
>> 1610809444 | 31
>>    | NULL         | Framed      |  NULL | 1238177527 | test1    |
>> | 0000346E      | NULL | 66.216.191.52   | 66.109.238.133 |    
>> 2097152 | 32
>>    | NULL         | Framed      |  NULL | 1238177474 | test1    |
>> +---------------+------+-----------------+----------------+------------+-------- 
>>
>> -----+--------------+-------------+-------+------------+----------+
>> 3 rows in set (0.00 sec)
>>
>>
>> I am demoing  radiator.
>>
>> If you need more info let me know.
>>
>> Tim
>>
>> _______________________________________________
>> radiator mailing list
>> radiator at open.com.au
>> http://www.open.com.au/mailman/listinfo/radiator
>
>
>
> NB:
>
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive 
> (www.open.com.au/archives/radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
> Have you checked the RadiusExpert wiki:
> http://www.open.com.au/wiki/index.php/Main_Page
>



More information about the radiator mailing list