[RADIATOR] simultaneous logins
Tim Wolgemuth
tim-radiator at wolgemuth.cc
Mon Mar 30 06:09:57 CST 2009
Here is the config file:
# radmin.cfg
#
# Example Radiator configuration file to interface to the
# Radmin user management package from Open System Consultants
# (http://www.open.com.au/radmin)
#
# You can add extra items to your RADUSERS table and make
# Radiator take note of them with, for example:
# AuthSelect select PASS_WORD,STATICADDRESS,TIMELEFT,\
# MAXLOGINS, SERVICENAME, BADLOGINS, VALIDFROM, VALIDTO,\
# FRAMED_NETMASK,FRAMED_FILTER_ID,MAXIDLETIME \
# from RADUSERS where \
# USERNAME='%n' and BADLOGINS < 5 and \
# VALIDFROM < %t and VALIDTO > %t
# AuthColumnDef 0,Framed-IP-Netmask,reply
# AuthColumnDef 1,Filter-Id,reply
# AuthColumnDef 2,Idle-Timeout,reply
# note that the numbering of AuthColumnDef starts with the
# field following the first 4 minumum and required fields.
#
# You should consider this file to be a starting point only
# $Id $
#Foreground
#LogStdout
#LogDir .
#DbDir .
LogDir /var/log/radius
DbDir /etc/radiator
# Dont turn this up too high, since all log messages are logged
# to the RADMESSAGES table in the database. 3 will give you everything
# except debugging messages
Trace 5
# You will probably want to change this to suit your site.
# You should list all the clients you have, and their secrets
# If you are using the Radmin Clients table, you wil probably
# want to disable this.
<Client DEFAULT>
Secret mysecret
DupInterval 0
</Client>
# You can put additonal (or all) client details in your Radmin
# database table
# and get their details from there with something like this:
# You can then use the Radmin 'Add Radius Client' to add new clients.
<ClientListSQL>
DBSource dbi:mysql:radmin:<dbserver>
DBUsername radius
DBAuth <dbpass>
select
NASIDENTIFIER,SECRET,IGNOREACCTSIGNATURE,DUPINTERVAL,DEFAULTREALM,NASTYPE,SNMPCOMMUNITY,LIVINGSTONOFFS,LIVINGSTONHOLE,FRAMEDGROUPBASEADDRESS,FRAMEDGROUPMAXPORTSPERCLASSC,REWRITEUSERNAME,NOIGNOREDUPLICATES,PREHANDLERHOOK
from RADCLIENTLIST
# If RefreshPeriod is set to non-zero, it specifies the period in
seconds that the client list will
# be refreshed by rereading the database. Each RefreshPeriod,
# any Clients previously created by this ClientList are cleared
# and a new set of clients read from the database.
# Clients defined in the configuration file will not be clobbered.
# The same effect can be got by signalling the process with with SIGHUP
#RefreshPeriod 600
</ClientListSQL>
<AuthLog FILE>
Identifier myauthlogger
Filename %L/authlog-%Y-%m-%d.log
LogSuccess 1
#SuccessFormat %l:%U:OK
SuccessFormat %l:%U:%N:OK
FailureFormat %l:%U:%P:%N:FAIL
LogFailure 1
</AuthLog>
# Handle everyone with RADMIN
<Realm DEFAULT>
<AuthBy RADMIN>
# Change DBSource, DBUsername, DBAuth for your database
# See the reference manual. You will also have to
# change the one in <SessionDatabse SQL> below
# so its the same
DBSource dbi:mysql:radmin:<dbserver>
DBUsername radius
DBAuth <dbpass>
# Never look up the DEFAULT user
NoDefault
DefaultSimultaneousUse 1
# You can add to or change these if you want, but you
# will probably want to change the database schema first
AccountingTable RADUSAGE
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type,integer
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
AcctColumnDef NASIDENTIFIER,NAS-IP-Address
AcctColumnDef NASIDENTIFIER,NAS-Identifier
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef DNIS,Called-Station-Id
# AcctColumnDef CALLINGSTATIONID,Calling-Station-Id
# This updates the time and octets left
# for this user
AcctSQLStatement update RADUSERS set
TIMELEFT=TIMELEFT-0%{Acct-Session-Time},
OCTETSINLEFT=OCTETSINLEFT-0%{Acct-Input-Octets},
OCTETSOUTLEFT=OCTETSOUTLEFT-0%{Acct-Output-Octets} where USERNAME='%n'
# These are the classic things to add to each users
# reply to allow a PPP dialup session. It may be
# different for your NAS. This will add some
# reply items to everyone's reply
AddToReply Framed-Protocol = PPP,\
Framed-IP-Netmask = 255.255.255.255,\
Framed-Routing = None,\
Framed-MTU = 1500,\
Framed-Compression = Van-Jacobson-TCP-IP
# If you intend to use rcrypt reversible encryption
# for passwords in your Radmin database, you must
# RcryptKey here to be the same secret key you
# defined in your Radmin Site.pm, and also set
# PasswordFormat in your Site.pm.
# RcryptKey mysecret
# If you intend to use Unix encryption in your database,
# you will need to set EncryptedPasssword here,
# as well as setting PasswordFormat in your Site.pm
EncryptedPassword
# You can change the max bad login count from the default
# of 5 with something like
MaxBadLogins 10
# To improve user lookup performance on databases that support
# placeholders, you can use AuthSelectParam and ? like this:
# AuthSelect select PASS_WORD, STATICADDRESS, TIMELEFT,MAXLOGINS,
SERVICENAME, BADLOGINS, VALIDFROM, VALIDTO from RADUSERS where USERNAME=?
# AuthSelectParam %0
# ServiceAttrQuery select ATTR_ID, VENDOR_ID, IVALUE, SVALUE,
ITEM_TYPE from RADSTCONFIG where NAME=? order by ITEM_TYPE
# UserAttrQuery select ATTR_ID, VENDOR_ID, IVALUE, SVALUE,
ITEM_TYPE from RADCONFIG where NAME=? order by ITEM_TYPE
# AttrQueryParam %0
<Log FILE>
Filename /var/log/radius/radius-%Y-%m-%d.log
Trace 5
LogFormat %l: %1: %2
</Log FILE>
</AuthBy>
# This clause logs all authentication successes and failures to the
RADAUTHLOG table
# Suitable for use with RAdmin version 1.6 or later
<AuthLog SQL>
# This database spec usually should be exactly the same
# as in <AuthBy RADMIN> above
DBSource dbi:mysql:radmin:<dbserver>
DBUsername radius
DBAuth <dbpass>
LogSuccess
SuccessQuery insert into RADAUTHLOG (TIME_STAMP, USERNAME, TYPE)
values (%t, '%n', 1)
LogFailure
FailureQuery insert into RADAUTHLOG (TIME_STAMP, USERNAME, TYPE,
REASON) values (%t, '%n', 0, %1)
</AuthLog>
<AuthLog FILE>
Identifier myauthlogger
Filename %L/authlog-%Y-%m-%d.log
LogSuccess 1
SuccessFormat %l:%U:%N:OK
FailureFormat %l:%U:%P:%N:FAIL
LogFailure 1
</AuthLog>
</Realm>
<SessionDatabase SQL>
# This database spec usually should be exactly the same
# as in <AuthBy RADMIN> above
DBSource dbi:mysql:radmin:<dbserver>
DBUsername radius
DBAuth <dbpass>
CountQuery select NASIDENTIFIER, NASPORT, ACCTSESSIONID,
FRAMEDIPADDRESS from RADONLINE where USERNAME=%u
</SessionDatabase>
# You can also set up an address pool for Radiator to manage.
# The standard Radmin tables include a RADPOOL address pool table.
# see the example in addressallocator.cfg
One log entry:
Fri Mar 27 16:04:18 2009: DEBUG: Handling with Radius::AuthRADMIN:
Fri Mar 27 16:04:18 2009: DEBUG: Handling accounting with Radius::AuthRADMIN
Fri Mar 27 16:04:18 2009: DEBUG: do query is: 'update RADUSERS set
TIMELEFT=TIME
LEFT-06784, OCTETSINLEFT=OCTETSINLEFT-019922,
OCTETSOUTLEFT=OCTETSOUTLEFT-022007
where USERNAME='test1'':
Fri Mar 27 16:04:18 2009: DEBUG: do query is: 'insert into RADUSAGE
(ACCTDELAYTI
ME,ACCTINPUTOCTETS,ACCTOUTPUTOCTETS,ACCTSESSIONID,ACCTSESSIONTIME,ACCTSTATUSTYPE
,ACCTTERMINATECAUSE,FRAMEDIPADDRESS,NASIDENTIFIER,NASPORT,TIME_STAMP,USER
Fri Mar 27 16:04:20 2009: DEBUG: Handling with Radius::AuthRADMIN:
Fri Mar 27 16:04:20 2009: DEBUG: Handling accounting with Radius::AuthRADMIN
Fri Mar 27 16:04:20 2009: DEBUG: do query is: 'update RADUSERS set
TIMELEFT=TIME
LEFT-06733, OCTETSINLEFT=OCTETSINLEFT-016200,
OCTETSOUTLEFT=OCTETSOUTLEFT-020619
where USERNAME='test1'':
Fri Mar 27 16:04:20 2009: DEBUG: do query is: 'insert into RADUSAGE
(ACCTDELAYTI
ME,ACCTINPUTOCTETS,ACCTOUTPUTOCTETS,ACCTSESSIONID,ACCTSESSIONTIME,ACCTSTATUSTYPE
,ACCTTERMINATECAUSE,FRAMEDIPADDRESS,NASIDENTIFIER,NASPORT,TIME_STAMP,USER
Fri Mar 27 16:04:42 2009: DEBUG: Handling with Radius::AuthRADMIN:
Fri Mar 27 16:04:42 2009: DEBUG: Handling with Radius::AuthRADMIN:
Fri Mar 27 16:04:42 2009: DEBUG: Query is: 'select PASS_WORD,
STATICADDRESS, TIM
ELEFT, MAXLOGINS, SERVICENAME, BADLOGINS, VALIDFROM, VALIDTO from
RADUSERS where
USERNAME='test1'':
Fri Mar 27 16:04:42 2009: DEBUG: Query is: 'select ATTR_ID, VENDOR_ID,
IVALUE, S
VALUE, ITEM_TYPE from RADSTCONFIG where NAME='dynamic-1' order by
ITEM_TYPE':
Fri Mar 27 16:04:42 2009: DEBUG: Query is: 'select ATTR_ID, VENDOR_ID,
IVALUE, S
VALUE, ITEM_TYPE from RADCONFIG where NAME='test1' order by ITEM_TYPE':
Fri Mar 27 16:04:42 2009: DEBUG: Radius::AuthRADMIN looks for match with
test1 [
test1]
Fri Mar 27 16:04:42 2009: DEBUG: ValidFrom date converted to: 1238156940
Fri Mar 27 16:04:42 2009: DEBUG: Expiration date converted to: 1269662400
Fri Mar 27 16:04:42 2009: DEBUG: do query is: 'update RADUSERS set
BADLOGINS=0 w
here USERNAME='test1'':
Fri Mar 27 16:04:42 2009: DEBUG: Handling with Radius::AuthRADMIN:
Fri Mar 27 16:04:42 2009: DEBUG: Handling accounting with Radius::AuthRADMIN
Fri Mar 27 16:04:42 2009: DEBUG: do query is: 'update RADUSERS set
TIMELEFT=TIME
LEFT-0, OCTETSINLEFT=OCTETSINLEFT-0, OCTETSOUTLEFT=OCTETSOUTLEFT-0 where
USERNAM
E='test1'':
Fri Mar 27 16:04:42 2009: DEBUG: do query is: 'insert into RADUSAGE
(ACCTDELAYTI
ME,ACCTSESSIONID,ACCTSTATUSTYPE,FRAMEDIPADDRESS,NASIDENTIFIER,NASPORT,TIME_STAMP
,USERNAME) values (0,'00003477',1,'66.216.191.54','66.109.238.133',209715
Second log entry:
Fri Mar 27 16:05:32 2009: DEBUG: Handling with Radius::AuthRADMIN:
Fri Mar 27 16:05:32 2009: DEBUG: Handling with Radius::AuthRADMIN:
Fri Mar 27 16:05:32 2009: DEBUG: Query is: 'select PASS_WORD,
STATICADDRESS, TIM
ELEFT, MAXLOGINS, SERVICENAME, BADLOGINS, VALIDFROM, VALIDTO from
RADUSERS where
USERNAME='test1'':
Fri Mar 27 16:05:32 2009: DEBUG: Query is: 'select ATTR_ID, VENDOR_ID,
IVALUE, S
VALUE, ITEM_TYPE from RADSTCONFIG where NAME='dynamic-1' order by
ITEM_TYPE':
Fri Mar 27 16:05:32 2009: DEBUG: Query is: 'select ATTR_ID, VENDOR_ID,
IVALUE, S
VALUE, ITEM_TYPE from RADCONFIG where NAME='test1' order by ITEM_TYPE':
Fri Mar 27 16:05:32 2009: DEBUG: Radius::AuthRADMIN looks for match with
test1 [
test1]
Fri Mar 27 16:05:32 2009: DEBUG: ValidFrom date converted to: 1238156940
Fri Mar 27 16:05:32 2009: DEBUG: Expiration date converted to: 1269662400
Fri Mar 27 16:05:32 2009: DEBUG: do query is: 'update RADUSERS set
BADLOGINS=0 w
here USERNAME='test1'':
Fri Mar 27 16:05:32 2009: DEBUG: Handling with Radius::AuthRADMIN:
Fri Mar 27 16:05:32 2009: DEBUG: Handling accounting with Radius::AuthRADMIN
Fri Mar 27 16:05:32 2009: DEBUG: do query is: 'update RADUSERS set
TIMELEFT=TIME
LEFT-0, OCTETSINLEFT=OCTETSINLEFT-0, OCTETSOUTLEFT=OCTETSOUTLEFT-0 where
USERNAM
E='test1'':
Fri Mar 27 16:05:32 2009: DEBUG: do query is: 'insert into RADUSAGE
(ACCTDELAYTI
ME,ACCTSESSIONID,ACCTSTATUSTYPE,FRAMEDIPADDRESS,NASIDENTIFIER,NASPORT,TIME_STAMP
,USERNAME) values (0,'00003479',1,'66.216.191.55','66.109.238.133',161080
Hugh Irvine wrote:
>
> Hello Tim -
>
> I will need to see a copy of your configuration file and a trace 4
> debug from Radiator showing what is happening.
>
> regards
>
> Hugh
>
>
>
> On 28 Mar 2009, at 06:14, Tim Wolgemuth wrote:
>
>> I am trying to do setup simultaneous logins. I am using Radmin.
>> Here is what I have for the user:
>>
>> mysql> SELECT MAXLOGINS FROM RADUSERS where username = "test1";
>> +-----------+
>> | MAXLOGINS |
>> +-----------+
>> | 1 |
>> +-----------+
>>
>>
>> But I can have more connections then that.
>>
>> mysql> SELECT * FROM RADONLINE R;
>> +---------------+------+-----------------+----------------+------------+--------
>>
>> -----+--------------+-------------+-------+------------+----------+
>> | ACCTSESSIONID | DNIS | FRAMEDIPADDRESS | NASIDENTIFIER |
>> NASPORT | NASPORT
>> TYPE | ORIGUSERNAME | SERVICETYPE | STATE | TIME_STAMP | USERNAME |
>> +---------------+------+-----------------+----------------+------------+--------
>>
>> -----+--------------+-------------+-------+------------+----------+
>> | 0000344B | NULL | 66.216.191.49 | 66.109.238.133 |
>> 0 | Virtual
>> | NULL | Framed | NULL | 1238176730 | test1 |
>> | 0000346F | NULL | 66.216.191.53 | 66.109.238.133 |
>> 1610809444 | 31
>> | NULL | Framed | NULL | 1238177527 | test1 |
>> | 0000346E | NULL | 66.216.191.52 | 66.109.238.133 |
>> 2097152 | 32
>> | NULL | Framed | NULL | 1238177474 | test1 |
>> +---------------+------+-----------------+----------------+------------+--------
>>
>> -----+--------------+-------------+-------+------------+----------+
>> 3 rows in set (0.00 sec)
>>
>>
>> I am demoing radiator.
>>
>> If you need more info let me know.
>>
>> Tim
>>
>> _______________________________________________
>> radiator mailing list
>> radiator at open.com.au
>> http://www.open.com.au/mailman/listinfo/radiator
>
>
>
> NB:
>
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive
> (www.open.com.au/archives/radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
> Have you checked the RadiusExpert wiki:
> http://www.open.com.au/wiki/index.php/Main_Page
>
More information about the radiator
mailing list