[RADIATOR] Accounting records are not written to database

rohan.henry at cwjamaica.com rohan.henry at cwjamaica.com
Tue Nov 6 08:57:01 CST 2012


Thanks Hugh. It's working now!

The Socket6.pm module needed to be installed.

Tue Nov  6 09:28:28 2012: DEBUG: Handling request with Handler 'NAS-Identifier="Juniper_E320_2"'
Tue Nov  6 09:28:28 2012: DEBUG: SQLSDB Deleting session for fritzsamuels1, 208.138.43.125, 805307373
Tue Nov  6 09:28:28 2012: DEBUG: do query is: 'delete from ACTIVE_SESSIONS where USER_NAME='fritzsamuels1' and NAS_IP_ADDRESS='208.138.43.125' and NAS_PORT_ID='TenGigabitEthernet 3/0/0.941005:94-1005'': 
Tue Nov  6 09:28:28 2012: DEBUG: Query is: 'select NAS_IP_ADDRESS='208.138.43.125',NAS_PORT_ID='TenGigabitEthernet 3/0/0.941005:94-1005',ACCT_SESSION_ID='erx TenGigabitEthernet 3/0/0.941005:94-1005:1831600483' from ACTIVE_SESSIONS where USER_NAME='fritzsamuels1'': 
Tue Nov  6 09:28:28 2012: WARNING: SQLSDB Could not find a Client for NAS 1 to double-check Simultaneous-Use. Perhaps you do not have a reverse DNS for that NAS?
Tue Nov  6 09:28:28 2012: INFO: Access rejected for fritzsamuels1: MaxSessions exceeded

The CounQuery is like that since I expect only a single entry per user. Simultaneous-Use should be one (1).

Rohan

On Tue, 6 Nov 2012 16:28:01 +1100
 Hugh Irvine <hugh at open.com.au> wrote:
>
>Hello Rohan -
>
>To see what is happening with the crash you should run radiusd from the command line so you can see the relevant Perl messages.
>
>Something like this (with your local pathnames):
>
>
>	/usr/bin/perl /usr/local/bin/radiusd -foreground -log_stdout -trace 4 -config_file /etc/radiator/radius.cfg
>
>
>BTW - I don't think your CountQuery is correct as it will never find all existing sessions for that particular user.
>
>regards
>
>Hugh
>
>
>On 6 Nov 2012, at 09:30, <rohan.henry at cwjamaica.com> wrote:
>
>> Hugh,
>> 
>> re: server crash see config and log files attached.
>> 
>> Rohan
>> 
>> On Sat, 3 Nov 2012 09:06:44 +1100
>> Hugh Irvine <hugh at open.com.au> wrote:
>>> 
>>> Hello Rohan -
>>> 
>>> The easiest way to do this is to store only the Stop records, and calculate the start time from the attributes present in the accounting stop request.
>>> 
>>> Something like this (the value is in epoch seconds):
>>> 
>>> 	Timestamp - Acct-Session-Time - Acct-Delay-Time
>>> 
>>> For the crash I will need to see the logfile that immediately precedes it together with the configuration file you are using.
>>> 
>>> regards
>>> 
>>> Hugh
>>> 
>>> 
>>> On 3 Nov 2012, at 02:24, <rohan.henry at cwjamaica.com> wrote:
>>> 
>>>> Hugh,
>>>> 
>>>> Now that records are being written to the database, I want a single record per session that includes both Stop and Start times like below.
>>>> 
>>>> User_Name, NAS_IP_Address, NAS_Port, Framed_IP_Address, Acct_Start_Time, Acct_Stop_Time, Acct_Session_ID
>>>> jwilliams12 208.138.43.123 805306450 72.27.33.224 Nov 2, 2012 12:21:04 AM Nov 2, 2012 1:21:16 AM, erx TenGigabitEthernet 3/0/0.37:123-82:1830880926
>>>> 
>>>> So the record is added to the accounting database at the end of a session and includes both Stop and Start times.
>>>> 
>>>> Added to that is the issue I have where Radiator crashes when I try to use the Simultaneous-Use features.
>>>> 
>>>> Thanks.
>>>> 
>>>> On Fri, 2 Nov 2012 17:46:58 +1100
>>>> Hugh Irvine <hugh at open.com.au> wrote:
>>>>> 
>>>>> Hello Rohan -
>>>>> 
>>>>> Can you please explain exactly what you are trying to do?
>>>>> 
>>>>> It is normal for you to get two records in your accounting table, as that is what you have configured.
>>>>> 
>>>>> If you can tell us what you are trying to achieve we will be able to make sensible suggestions.
>>>>> 
>>>>> regards
>>>>> 
>>>>> Hugh
>>>>> 
>>>>> 
>>>>> On 2 Nov 2012, at 09:38, <rohan.henry at cwjamaica.com> wrote:
>>>>> 
>>>>>> Thanks Michael,
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> I was able to go further with the advice using the AuthByPolicy and AuthBy GROUP under the existing Handler. Only that two records are added to my accounting database for a single session - one at Start and one at Stop.
>>>>>> 
>>>>>> <Handler NAS-Identifier="Juniper_E320_2">
>>>>>>      AddToRequest SERVICESTATUS = ACTIVE
>>>>>>      SessionDatabase SQLSDB
>>>>>> #       MaxSessions 1
>>>>>>      RejectHasReason
>>>>>> 
>>>>>> AuthByPolicy ContinueAlways
>>>>>>  AuthBy SQLAccounting
>>>>>>      <AuthBy GROUP>
>>>>>>                      AuthByPolicy ContinueWhileIgnore
>>>>>>                              AuthBy xDSL
>>>>>>              </AuthBy>
>>>>>> 
>>>>>> 
>>>>>> Regards,
>>>>>> 
>>>>>> Rohan
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> On Thu, 01 Nov 2012 17:45:18 -0400
>>>>>> 
>>>>>> Michael  wrote:
>>>>>> 
>>>>>>> Looks like your "AuthBy xDSL" is accepting, therefore since the default AuthByPolicy is ContinueWhileIgnore, it will stop at the xDSL authby and the "AuthBy SQLAccounting" is not processed.
>>>>>> 
>>>>>>> 
>>>>>> 
>>>>>>> I personally handle accounting in a separate handler.  To me, handling accounting and authorization in the same handler is tricky.
>>>>>> 
>>>>>>> 
>>>>>> 
>>>>>>> 
>>>>>> 
>>>>>>> 
>>>>>> 
>>>>>>> Michael
>>>>>> 
>>>>>>> 
>>>>>> 
>>>>>>> 
>>>>>> 
>>>>>>> 
>>>>>> 
>>>>>>> 
>>>>>> 
>>>>>>> On 01/11/12 05:07 PM, rohan.henry at cwjamaica.com wrote:
>>>>>> 
>>>>>>>> Hugh,
>>>>>> 
>>>>>>>> 
>>>>>> 
>>>>>>>> Config and logs attached.
>>>>>> 
>>>>>>>> 
>>>>>> 
>>>>>>>> 
>>>>>> 
>>>>>>>> And the application crashed when testing Simultaneous-Use for both configurations below.
>>>>>> 
>>>>>>>> 
>>>>>> 
>>>>>>>> In my AuthBy config:
>>>>>> 
>>>>>>>> "DefaultSimultaneousUse 1" With "AuthAttrDef     Simultaneous-Use,Simultaneous-Use,check"
>>>>>> 
>>>>>>>> 
>>>>>> 
>>>>>>>> Or
>>>>>> 
>>>>>>>> 
>>>>>> 
>>>>>>>> In my Handler:
>>>>>> 
>>>>>>>> MaxSessions 1
>>>>>> 
>>>>>>>> 
>>>>>> 
>>>>>>>> 
>>>>>> 
>>>>>>>> 
>>>>>> 
>>>>>>>> On Fri, 2 Nov 2012 07:19:09 +1100
>>>>>> 
>>>>>>>> Hugh Irvine  wrote:
>>>>>> 
>>>>>>>>> Hello Rohan -
>>>>>> 
>>>>>>>>> 
>>>>>> 
>>>>>>>>> We will need to see the configuration file (no secrets) together with a trace 4 debug showing what is happening.
>>>>>> 
>>>>>>>>> 
>>>>>> 
>>>>>>>>> regards
>>>>>> 
>>>>>>>>> 
>>>>>> 
>>>>>>>>> Hugh
>>>>>> 
>>>>>>>>> 
>>>>>> 
>>>>>>>>> 
>>>>>> 
>>>>>>>>> On 2 Nov 2012, at 05:53,  wrote:
>>>>>> 
>>>>>>>>> 
>>>>>> 
>>>>>>>>>> Hello,
>>>>>> 
>>>>>>>>>> 
>>>>>> 
>>>>>>>>>> Why doesn't the following work?
>>>>>> 
>>>>>>>>>> 
>>>>>> 
>>>>>>>>>> 
>>>>>> 
>>>>>>>>>> Identifier SQLAccounting
>>>>>> 
>>>>>>>>>> DBSource dbi:mysql:inetdb_test
>>>>>> 
>>>>>>>>>> DBUsername inet
>>>>>> 
>>>>>>>>>> DBAuth inet at inetdb
>>>>>> 
>>>>>>>>>> #Disable SQL authentication
>>>>>> 
>>>>>>>>>> AuthSelect
>>>>>> 
>>>>>>>>>> HandleAcctStatusTypes Start,Stop
>>>>>> 
>>>>>>>>>> AccountingTable ARCH_ACCOUNTING
>>>>>> 
>>>>>>>>>> AcctColumnDef USER_NAME,User-Name
>>>>>> 
>>>>>>>>>> AcctColumnDef ACCT_START_TIME,Timestamp,integer
>>>>>> 
>>>>>>>>>> AcctColumnDef ACCT_STOP_TIME,Timestamp,integer
>>>>>> 
>>>>>>>>>> AcctColumnDef ACCT_STATUS_TYPE,Acct-Status-Type,integer
>>>>>> 
>>>>>>>>>> AcctColumnDef ACCT_DELAY_TIME,Acct-Delay-Time,integer
>>>>>> 
>>>>>>>>>> AcctColumnDef ACCT_INPUT_OCTETS,Acct-Input-Octets,integer
>>>>>> 
>>>>>>>>>> AcctColumnDef ACCT_OUTPUT_OCTETS,Acct-Output-Octets,integer
>>>>>> 
>>>>>>>>>> AcctColumnDef ACCT_SESSION_ID,Acct-Session-Id
>>>>>> 
>>>>>>>>>> AcctColumnDef ACCT_SESSION_TIME,Acct-Session-Time,integer
>>>>>> 
>>>>>>>>>> AcctColumnDef ACCT_TERMINATE_CAUSE,Acct-Terminate-Cause,integer
>>>>>> 
>>>>>>>>>> AcctColumnDef FRAMED_IP_ADDRESS,Framed-IP-Address
>>>>>> 
>>>>>>>>>> AcctColumnDef NAS_IDENTIFIER,NAS-Identifier
>>>>>> 
>>>>>>>>>> AcctColumnDef NAS_PORT,NAS-Port,integer
>>>>>> 
>>>>>>>>>> AcctColumnDef CALLED_STATION_ID,Called-Station-Id
>>>>>> 
>>>>>>>>>> AcctColumnDef CALLING_STATION_ID,Calling-Station-Id
>>>>>> 
>>>>>>>>>> SQLRecoveryFile %L/sqlaccounting.sql
>>>>>> 
>>>>>>>>>> 
>>>>>> 
>>>>>>>>>> 
>>>>>> 
>>>>>>>>>> Specifying the following in my Handler does not work. I don't even see any trace in my logs set at level 4 or 5.
>>>>>> 
>>>>>>>>>> AuthBy SQLAccounting
>>>>>> 
>>>>>>>>>> 
>>>>>> 
>>>>>>>>>> However my sessions database work with the following.
>>>>>> 
>>>>>>>>>> SessionDatabase SQLSDB
>>>>>> 
>>>>>>>>>> 
>>>>>> 
>>>>>>>>>> Thanks much.
>>>>>> 
>>>>>>>>>> 
>>>>>> 
>>>>>>>>>> Regards,
>>>>>> 
>>>>>>>>>> Rohan
>>>>>> 
>>>>>>>>>> _______________________________________________
>>>>>> 
>>>>>>>>>> radiator mailing list
>>>>>> 
>>>>>>>>>> radiator at open.com.au
>>>>>> 
>>>>>>>>>> http://www.open.com.au/mailman/listinfo/radiator
>>>>>> 
>>>>>>>>> 
>>>>>> 
>>>>>>>>> --
>>>>>> 
>>>>>>>>> 
>>>>>> 
>>>>>>>>> Hugh Irvine
>>>>>> 
>>>>>>>>> hugh at open.com.au
>>>>>> 
>>>>>>>>> 
>>>>>> 
>>>>>>>>> Radiator: the most portable, flexible and configurable RADIUS server
>>>>>> 
>>>>>>>>> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
>>>>>> 
>>>>>>>>> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
>>>>>> 
>>>>>>>>> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
>>>>>> 
>>>>>>>>> DIAMETER etc.
>>>>>> 
>>>>>>>>> Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
>>>>>> 
>>>>>>>>> 
>>>>>> 
>>>>>>>> Rohan Henry
>>>>>> 
>>>>>>>> Server Administrator
>>>>>> 
>>>>>>>> LIME
>>>>>> 
>>>>>>>> Phone (876) 936-4819
>>>>>> 
>>>>>>>> Mobile (876) 997-0729
>>>>>> 
>>>>>>>> 
>>>>>> 
>>>>>>>> 
>>>>>> 
>>>>>>>> _______________________________________________
>>>>>> 
>>>>>>>> radiator mailing list
>>>>>> 
>>>>>>>> radiator at open.com.au
>>>>>> 
>>>>>>>> http://www.open.com.au/mailman/listinfo/radiator
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> Rohan Henry
>>>>>> 
>>>>>> Server Administrator
>>>>>> 
>>>>>> LIME
>>>>>> 
>>>>>> Phone (876) 936-4819
>>>>>> 
>>>>>> Mobile (876) 997-0729
>>>>>> 
>>>>>> _______________________________________________
>>>>>> radiator mailing list
>>>>>> radiator at open.com.au
>>>>>> http://www.open.com.au/mailman/listinfo/radiator
>>>>> 
>>>>> 
>>>>> --
>>>>> 
>>>>> Hugh Irvine
>>>>> hugh at open.com.au
>>>>> 
>>>>> Radiator: the most portable, flexible and configurable RADIUS server 
>>>>> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
>>>>> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
>>>>> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
>>>>> DIAMETER etc. 
>>>>> Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
>>>>> 
>>>> 
>>>> Rohan Henry
>>>> Server Administrator
>>>> LIME
>>>> Phone (876) 936-4819
>>>> Mobile (876) 997-0729
>>>> _______________________________________________
>>>> radiator mailing list
>>>> radiator at open.com.au
>>>> http://www.open.com.au/mailman/listinfo/radiator
>>> 
>>> 
>>> --
>>> 
>>> Hugh Irvine
>>> hugh at open.com.au
>>> 
>>> Radiator: the most portable, flexible and configurable RADIUS server 
>>> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
>>> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
>>> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
>>> DIAMETER etc. 
>>> Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
>>> 
>> 
>> Rohan Henry
>> Server Administrator
>> LIME
>> Phone (876) 936-4819
>> Mobile (876) 997-0729
>> <radius.cfg.txt><radius log.txt>_______________________________________________
>> radiator mailing list
>> radiator at open.com.au
>> http://www.open.com.au/mailman/listinfo/radiator
>
>
>--
>
>Hugh Irvine
>hugh at open.com.au
>
>Radiator: the most portable, flexible and configurable RADIUS server 
>anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
>Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
>TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
>DIAMETER etc. 
>Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
>

Rohan Henry
Server Administrator
LIME
Phone (876) 936-4819
Mobile (876) 997-0729


More information about the radiator mailing list