[RADIATOR] simultaneous logins
Hugh Irvine
hugh at open.com.au
Mon Mar 30 16:19:31 CST 2009
Hello Tim -
I'm not sure what is happening in the debug shown below, so could you
try running Radiator by hand like this and send me the results:
cd /your/Radiator/source/directory
perl radiusd -foreground -log_stdout -trace 4 -config_file /your/
Radiator/configuration/file
.....
You should use your local pathnames of course, and I would like to see
the startup messages and a few requests showing all of the processing.
thanks and regards
Hugh
On 30 Mar 2009, at 23:09, Tim Wolgemuth wrote:
> Here is the config file:
>
>
> # radmin.cfg
> #
> # Example Radiator configuration file to interface to the
> # Radmin user management package from Open System Consultants
> # (http://www.open.com.au/radmin)
> #
> # You can add extra items to your RADUSERS table and make
> # Radiator take note of them with, for example:
> # AuthSelect select PASS_WORD,STATICADDRESS,TIMELEFT,\
> # MAXLOGINS, SERVICENAME, BADLOGINS, VALIDFROM, VALIDTO,\
> # FRAMED_NETMASK,FRAMED_FILTER_ID,MAXIDLETIME \
> # from RADUSERS where \
> # USERNAME='%n' and BADLOGINS < 5 and \
> # VALIDFROM < %t and VALIDTO > %t
> # AuthColumnDef 0,Framed-IP-Netmask,reply
> # AuthColumnDef 1,Filter-Id,reply
> # AuthColumnDef 2,Idle-Timeout,reply
> # note that the numbering of AuthColumnDef starts with the
> # field following the first 4 minumum and required fields.
> #
> # You should consider this file to be a starting point only
> # $Id $
>
> #Foreground
> #LogStdout
> #LogDir .
> #DbDir .
> LogDir /var/log/radius
> DbDir /etc/radiator
>
> # Dont turn this up too high, since all log messages are logged
> # to the RADMESSAGES table in the database. 3 will give you everything
> # except debugging messages
> Trace 5
>
> # You will probably want to change this to suit your site.
> # You should list all the clients you have, and their secrets
> # If you are using the Radmin Clients table, you wil probably
> # want to disable this.
> <Client DEFAULT>
> Secret mysecret
> DupInterval 0
> </Client>
>
> # You can put additonal (or all) client details in your Radmin
> # database table
> # and get their details from there with something like this:
> # You can then use the Radmin 'Add Radius Client' to add new clients.
> <ClientListSQL>
> DBSource dbi:mysql:radmin:<dbserver>
> DBUsername radius
> DBAuth <dbpass>
>
> select
> NASIDENTIFIER
> ,SECRET
> ,IGNOREACCTSIGNATURE
> ,DUPINTERVAL
> ,DEFAULTREALM
> ,NASTYPE
> ,SNMPCOMMUNITY
> ,LIVINGSTONOFFS
> ,LIVINGSTONHOLE
> ,FRAMEDGROUPBASEADDRESS
> ,FRAMEDGROUPMAXPORTSPERCLASSC
> ,REWRITEUSERNAME,NOIGNOREDUPLICATES,PREHANDLERHOOK from RADCLIENTLIST
>
>
> # If RefreshPeriod is set to non-zero, it specifies the period in
> seconds that the client list will
> # be refreshed by rereading the database. Each RefreshPeriod,
> # any Clients previously created by this ClientList are cleared
> # and a new set of clients read from the database.
> # Clients defined in the configuration file will not be clobbered.
> # The same effect can be got by signalling the process with with
> SIGHUP
> #RefreshPeriod 600
> </ClientListSQL>
>
> <AuthLog FILE>
> Identifier myauthlogger
> Filename %L/authlog-%Y-%m-%d.log
> LogSuccess 1
> #SuccessFormat %l:%U:OK
> SuccessFormat %l:%U:%N:OK
> FailureFormat %l:%U:%P:%N:FAIL
> LogFailure 1
> </AuthLog>
>
> # Handle everyone with RADMIN
> <Realm DEFAULT>
> <AuthBy RADMIN>
> # Change DBSource, DBUsername, DBAuth for your database
> # See the reference manual. You will also have to
> # change the one in <SessionDatabse SQL> below
> # so its the same
> DBSource dbi:mysql:radmin:<dbserver>
> DBUsername radius
> DBAuth <dbpass>
>
> # Never look up the DEFAULT user
> NoDefault
>
> DefaultSimultaneousUse 1
>
>
> # You can add to or change these if you want, but you
> # will probably want to change the database schema first
> AccountingTable RADUSAGE
> AcctColumnDef USERNAME,User-Name
> AcctColumnDef TIME_STAMP,Timestamp,integer
> AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type,integer
> AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
> AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
> AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
> AcctColumnDef ACCTSESSIONID,Acct-Session-Id
> AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
> AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer
> AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
> AcctColumnDef NASIDENTIFIER,NAS-IP-Address
> AcctColumnDef NASIDENTIFIER,NAS-Identifier
> AcctColumnDef NASPORT,NAS-Port,integer
> AcctColumnDef DNIS,Called-Station-Id
> # AcctColumnDef CALLINGSTATIONID,Calling-Station-Id
>
> # This updates the time and octets left
> # for this user
> AcctSQLStatement update RADUSERS set TIMELEFT=TIMELEFT-0%{Acct-
> Session-Time}, OCTETSINLEFT=OCTETSINLEFT-0%{Acct-Input-Octets},
> OCTETSOUTLEFT=OCTETSOUTLEFT-0%{Acct-Output-Octets} where USERNAME='%n'
>
> # These are the classic things to add to each users
> # reply to allow a PPP dialup session. It may be
> # different for your NAS. This will add some
> # reply items to everyone's reply
> AddToReply Framed-Protocol = PPP,\
> Framed-IP-Netmask = 255.255.255.255,\
> Framed-Routing = None,\
> Framed-MTU = 1500,\
> Framed-Compression = Van-Jacobson-TCP-IP
>
> # If you intend to use rcrypt reversible encryption
> # for passwords in your Radmin database, you must
> # RcryptKey here to be the same secret key you
> # defined in your Radmin Site.pm, and also set
> # PasswordFormat in your Site.pm.
> # RcryptKey mysecret
>
> # If you intend to use Unix encryption in your database,
> # you will need to set EncryptedPasssword here,
> # as well as setting PasswordFormat in your Site.pm
> EncryptedPassword
>
> # You can change the max bad login count from the default
> # of 5 with something like
> MaxBadLogins 10
>
> # To improve user lookup performance on databases that support
> # placeholders, you can use AuthSelectParam and ? like this:
> # AuthSelect select PASS_WORD, STATICADDRESS,
> TIMELEFT,MAXLOGINS, SERVICENAME, BADLOGINS, VALIDFROM, VALIDTO
> from RADUSERS where USERNAME=?
> # AuthSelectParam %0
> # ServiceAttrQuery select ATTR_ID, VENDOR_ID, IVALUE, SVALUE,
> ITEM_TYPE from RADSTCONFIG where NAME=? order by ITEM_TYPE
> # UserAttrQuery select ATTR_ID, VENDOR_ID, IVALUE, SVALUE,
> ITEM_TYPE from RADCONFIG where NAME=? order by ITEM_TYPE
> # AttrQueryParam %0
>
> <Log FILE>
> Filename /var/log/radius/radius-%Y-%m-%d.log
> Trace 5
> LogFormat %l: %1: %2
> </Log FILE>
> </AuthBy>
>
> # This clause logs all authentication successes and failures to
> the RADAUTHLOG table
> # Suitable for use with RAdmin version 1.6 or later
> <AuthLog SQL>
> # This database spec usually should be exactly the same
> # as in <AuthBy RADMIN> above
> DBSource dbi:mysql:radmin:<dbserver>
> DBUsername radius
> DBAuth <dbpass>
>
> LogSuccess
> SuccessQuery insert into RADAUTHLOG (TIME_STAMP, USERNAME,
> TYPE) values (%t, '%n', 1)
> LogFailure
> FailureQuery insert into RADAUTHLOG (TIME_STAMP, USERNAME,
> TYPE, REASON) values (%t, '%n', 0, %1)
> </AuthLog>
>
> <AuthLog FILE>
> Identifier myauthlogger
> Filename %L/authlog-%Y-%m-%d.log
> LogSuccess 1
> SuccessFormat %l:%U:%N:OK
> FailureFormat %l:%U:%P:%N:FAIL
> LogFailure 1
> </AuthLog>
>
>
> </Realm>
>
> <SessionDatabase SQL>
> # This database spec usually should be exactly the same
> # as in <AuthBy RADMIN> above
> DBSource dbi:mysql:radmin:<dbserver>
> DBUsername radius
> DBAuth <dbpass>
> CountQuery select NASIDENTIFIER, NASPORT, ACCTSESSIONID,
> FRAMEDIPADDRESS from RADONLINE where USERNAME=%u
>
> </SessionDatabase>
>
> # You can also set up an address pool for Radiator to manage.
> # The standard Radmin tables include a RADPOOL address pool table.
> # see the example in addressallocator.cfg
>
>
> One log entry:
>
> Fri Mar 27 16:04:18 2009: DEBUG: Handling with Radius::AuthRADMIN:
> Fri Mar 27 16:04:18 2009: DEBUG: Handling accounting with
> Radius::AuthRADMIN
> Fri Mar 27 16:04:18 2009: DEBUG: do query is: 'update RADUSERS set
> TIMELEFT=TIME
> LEFT-06784, OCTETSINLEFT=OCTETSINLEFT-019922,
> OCTETSOUTLEFT=OCTETSOUTLEFT-022007
> where USERNAME='test1'':
> Fri Mar 27 16:04:18 2009: DEBUG: do query is: 'insert into RADUSAGE
> (ACCTDELAYTI
> ME
> ,ACCTINPUTOCTETS
> ,ACCTOUTPUTOCTETS,ACCTSESSIONID,ACCTSESSIONTIME,ACCTSTATUSTYPE
> ,ACCTTERMINATECAUSE
> ,FRAMEDIPADDRESS,NASIDENTIFIER,NASPORT,TIME_STAMP,USER
> Fri Mar 27 16:04:20 2009: DEBUG: Handling with Radius::AuthRADMIN:
> Fri Mar 27 16:04:20 2009: DEBUG: Handling accounting with
> Radius::AuthRADMIN
> Fri Mar 27 16:04:20 2009: DEBUG: do query is: 'update RADUSERS set
> TIMELEFT=TIME
> LEFT-06733, OCTETSINLEFT=OCTETSINLEFT-016200,
> OCTETSOUTLEFT=OCTETSOUTLEFT-020619
> where USERNAME='test1'':
> Fri Mar 27 16:04:20 2009: DEBUG: do query is: 'insert into RADUSAGE
> (ACCTDELAYTI
> ME
> ,ACCTINPUTOCTETS
> ,ACCTOUTPUTOCTETS,ACCTSESSIONID,ACCTSESSIONTIME,ACCTSTATUSTYPE
> ,ACCTTERMINATECAUSE
> ,FRAMEDIPADDRESS,NASIDENTIFIER,NASPORT,TIME_STAMP,USER
> Fri Mar 27 16:04:42 2009: DEBUG: Handling with Radius::AuthRADMIN:
> Fri Mar 27 16:04:42 2009: DEBUG: Handling with Radius::AuthRADMIN:
> Fri Mar 27 16:04:42 2009: DEBUG: Query is: 'select PASS_WORD,
> STATICADDRESS, TIM
> ELEFT, MAXLOGINS, SERVICENAME, BADLOGINS, VALIDFROM, VALIDTO from
> RADUSERS where
> USERNAME='test1'':
> Fri Mar 27 16:04:42 2009: DEBUG: Query is: 'select ATTR_ID,
> VENDOR_ID, IVALUE, S
> VALUE, ITEM_TYPE from RADSTCONFIG where NAME='dynamic-1' order by
> ITEM_TYPE':
> Fri Mar 27 16:04:42 2009: DEBUG: Query is: 'select ATTR_ID,
> VENDOR_ID, IVALUE, S
> VALUE, ITEM_TYPE from RADCONFIG where NAME='test1' order by
> ITEM_TYPE':
> Fri Mar 27 16:04:42 2009: DEBUG: Radius::AuthRADMIN looks for match
> with test1 [
> test1]
> Fri Mar 27 16:04:42 2009: DEBUG: ValidFrom date converted to:
> 1238156940
> Fri Mar 27 16:04:42 2009: DEBUG: Expiration date converted to:
> 1269662400
> Fri Mar 27 16:04:42 2009: DEBUG: do query is: 'update RADUSERS set
> BADLOGINS=0 w
> here USERNAME='test1'':
> Fri Mar 27 16:04:42 2009: DEBUG: Handling with Radius::AuthRADMIN:
> Fri Mar 27 16:04:42 2009: DEBUG: Handling accounting with
> Radius::AuthRADMIN
> Fri Mar 27 16:04:42 2009: DEBUG: do query is: 'update RADUSERS set
> TIMELEFT=TIME
> LEFT-0, OCTETSINLEFT=OCTETSINLEFT-0, OCTETSOUTLEFT=OCTETSOUTLEFT-0
> where USERNAM
> E='test1'':
> Fri Mar 27 16:04:42 2009: DEBUG: do query is: 'insert into RADUSAGE
> (ACCTDELAYTI
> ME
> ,ACCTSESSIONID
> ,ACCTSTATUSTYPE,FRAMEDIPADDRESS,NASIDENTIFIER,NASPORT,TIME_STAMP
> ,USERNAME) values (0,'00003477',1,'66.216.191.54','66.109.238.133',
> 209715
>
>
> Second log entry:
>
> Fri Mar 27 16:05:32 2009: DEBUG: Handling with Radius::AuthRADMIN:
> Fri Mar 27 16:05:32 2009: DEBUG: Handling with Radius::AuthRADMIN:
> Fri Mar 27 16:05:32 2009: DEBUG: Query is: 'select PASS_WORD,
> STATICADDRESS, TIM
> ELEFT, MAXLOGINS, SERVICENAME, BADLOGINS, VALIDFROM, VALIDTO from
> RADUSERS where
> USERNAME='test1'':
> Fri Mar 27 16:05:32 2009: DEBUG: Query is: 'select ATTR_ID,
> VENDOR_ID, IVALUE, S
> VALUE, ITEM_TYPE from RADSTCONFIG where NAME='dynamic-1' order by
> ITEM_TYPE':
> Fri Mar 27 16:05:32 2009: DEBUG: Query is: 'select ATTR_ID,
> VENDOR_ID, IVALUE, S
> VALUE, ITEM_TYPE from RADCONFIG where NAME='test1' order by
> ITEM_TYPE':
> Fri Mar 27 16:05:32 2009: DEBUG: Radius::AuthRADMIN looks for match
> with test1 [
> test1]
> Fri Mar 27 16:05:32 2009: DEBUG: ValidFrom date converted to:
> 1238156940
> Fri Mar 27 16:05:32 2009: DEBUG: Expiration date converted to:
> 1269662400
> Fri Mar 27 16:05:32 2009: DEBUG: do query is: 'update RADUSERS set
> BADLOGINS=0 w
> here USERNAME='test1'':
> Fri Mar 27 16:05:32 2009: DEBUG: Handling with Radius::AuthRADMIN:
> Fri Mar 27 16:05:32 2009: DEBUG: Handling accounting with
> Radius::AuthRADMIN
> Fri Mar 27 16:05:32 2009: DEBUG: do query is: 'update RADUSERS set
> TIMELEFT=TIME
> LEFT-0, OCTETSINLEFT=OCTETSINLEFT-0, OCTETSOUTLEFT=OCTETSOUTLEFT-0
> where USERNAM
> E='test1'':
> Fri Mar 27 16:05:32 2009: DEBUG: do query is: 'insert into RADUSAGE
> (ACCTDELAYTI
> ME
> ,ACCTSESSIONID
> ,ACCTSTATUSTYPE,FRAMEDIPADDRESS,NASIDENTIFIER,NASPORT,TIME_STAMP
> ,USERNAME) values (0,'00003479',1,'66.216.191.55','66.109.238.133',
> 161080
>
>
> Hugh Irvine wrote:
>>
>> Hello Tim -
>>
>> I will need to see a copy of your configuration file and a trace 4
>> debug from Radiator showing what is happening.
>>
>> regards
>>
>> Hugh
>>
>>
>>
>> On 28 Mar 2009, at 06:14, Tim Wolgemuth wrote:
>>
>>> I am trying to do setup simultaneous logins. I am using Radmin.
>>> Here is what I have for the user:
>>>
>>> mysql> SELECT MAXLOGINS FROM RADUSERS where username = "test1";
>>> +-----------+
>>> | MAXLOGINS |
>>> +-----------+
>>> | 1 |
>>> +-----------+
>>>
>>>
>>> But I can have more connections then that.
>>>
>>> mysql> SELECT * FROM RADONLINE R;
>>> +---------------+------+-----------------+----------------
>>> +------------+--------
>>> -----+--------------+-------------+-------+------------+----------+
>>> | ACCTSESSIONID | DNIS | FRAMEDIPADDRESS | NASIDENTIFIER |
>>> NASPORT | NASPORT
>>> TYPE | ORIGUSERNAME | SERVICETYPE | STATE | TIME_STAMP | USERNAME |
>>> +---------------+------+-----------------+----------------
>>> +------------+--------
>>> -----+--------------+-------------+-------+------------+----------+
>>> | 0000344B | NULL | 66.216.191.49 | 66.109.238.133
>>> | 0 | Virtual
>>> | NULL | Framed | NULL | 1238176730 | test1 |
>>> | 0000346F | NULL | 66.216.191.53 | 66.109.238.133 |
>>> 1610809444 | 31
>>> | NULL | Framed | NULL | 1238177527 | test1 |
>>> | 0000346E | NULL | 66.216.191.52 | 66.109.238.133 |
>>> 2097152 | 32
>>> | NULL | Framed | NULL | 1238177474 | test1 |
>>> +---------------+------+-----------------+----------------
>>> +------------+--------
>>> -----+--------------+-------------+-------+------------+----------+
>>> 3 rows in set (0.00 sec)
>>>
>>>
>>> I am demoing radiator.
>>>
>>> If you need more info let me know.
>>>
>>> Tim
>>>
>>> _______________________________________________
>>> radiator mailing list
>>> radiator at open.com.au
>>> http://www.open.com.au/mailman/listinfo/radiator
>>
>>
>>
>> NB:
>>
>> Have you read the reference manual ("doc/ref.html")?
>> Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
>> Have you had a quick look on Google (www.google.com)?
>> Have you included a copy of your configuration file (no secrets),
>> together with a trace 4 debug showing what is happening?
>> Have you checked the RadiusExpert wiki:
>> http://www.open.com.au/wiki/index.php/Main_Page
>>
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
More information about the radiator
mailing list