[RADIATOR] Accounting records are not written to database
Hugh Irvine
hugh at open.com.au
Tue Nov 6 17:01:41 CST 2012
Hello Rohan -
The session database and the MaxSessions and/or Simultaneous-Use directives are designed to limit a particular user to some predetermined number of sessions at the same time (typically one).
To do this, Radiator maintains a state table in the session database of all sessions for which an accounting start has been received.
When the session ends, the session entry is removed from the session database, and Radiator also does a delete when a new access request is received as a housekeeping exercise.
You should check your use of the session database by testing using a call from a test user (and leaving it up), checking the entry in the session database, then making another call from the same test user and again checking what happens with the session database.
If simultaeous use is set to one, the first call should result in an entry being added to the session database, and the second call should result in a reject because there is already an entry present for that test user.
hope that helps
regards
Hugh
On 7 Nov 2012, at 01:57, rohan.henry at cwjamaica.com wrote:
> Thanks Hugh. It's working now!
>
> The Socket6.pm module needed to be installed.
>
> Tue Nov 6 09:28:28 2012: DEBUG: Handling request with Handler 'NAS-Identifier="Juniper_E320_2"'
> Tue Nov 6 09:28:28 2012: DEBUG: SQLSDB Deleting session for fritzsamuels1, 208.138.43.125, 805307373
> Tue Nov 6 09:28:28 2012: DEBUG: do query is: 'delete from ACTIVE_SESSIONS where USER_NAME='fritzsamuels1' and NAS_IP_ADDRESS='208.138.43.125' and NAS_PORT_ID='TenGigabitEthernet 3/0/0.941005:94-1005'':
> Tue Nov 6 09:28:28 2012: DEBUG: Query is: 'select NAS_IP_ADDRESS='208.138.43.125',NAS_PORT_ID='TenGigabitEthernet 3/0/0.941005:94-1005',ACCT_SESSION_ID='erx TenGigabitEthernet 3/0/0.941005:94-1005:1831600483' from ACTIVE_SESSIONS where USER_NAME='fritzsamuels1'':
> Tue Nov 6 09:28:28 2012: WARNING: SQLSDB Could not find a Client for NAS 1 to double-check Simultaneous-Use. Perhaps you do not have a reverse DNS for that NAS?
> Tue Nov 6 09:28:28 2012: INFO: Access rejected for fritzsamuels1: MaxSessions exceeded
>
> The CounQuery is like that since I expect only a single entry per user. Simultaneous-Use should be one (1).
>
> Rohan
>
> On Tue, 6 Nov 2012 16:28:01 +1100
> Hugh Irvine <hugh at open.com.au> wrote:
>>
>> Hello Rohan -
>>
>> To see what is happening with the crash you should run radiusd from the command line so you can see the relevant Perl messages.
>>
>> Something like this (with your local pathnames):
>>
>>
>> /usr/bin/perl /usr/local/bin/radiusd -foreground -log_stdout -trace 4 -config_file /etc/radiator/radius.cfg
>>
>>
>> BTW - I don't think your CountQuery is correct as it will never find all existing sessions for that particular user.
>>
>> regards
>>
>> Hugh
>>
>>
>> On 6 Nov 2012, at 09:30, <rohan.henry at cwjamaica.com> wrote:
>>
>>> Hugh,
>>>
>>> re: server crash see config and log files attached.
>>>
>>> Rohan
>>>
>>> On Sat, 3 Nov 2012 09:06:44 +1100
>>> Hugh Irvine <hugh at open.com.au> wrote:
>>>>
>>>> Hello Rohan -
>>>>
>>>> The easiest way to do this is to store only the Stop records, and calculate the start time from the attributes present in the accounting stop request.
>>>>
>>>> Something like this (the value is in epoch seconds):
>>>>
>>>> Timestamp - Acct-Session-Time - Acct-Delay-Time
>>>>
>>>> For the crash I will need to see the logfile that immediately precedes it together with the configuration file you are using.
>>>>
>>>> regards
>>>>
>>>> Hugh
>>>>
>>>>
>>>> On 3 Nov 2012, at 02:24, <rohan.henry at cwjamaica.com> wrote:
>>>>
>>>>> Hugh,
>>>>>
>>>>> Now that records are being written to the database, I want a single record per session that includes both Stop and Start times like below.
>>>>>
>>>>> User_Name, NAS_IP_Address, NAS_Port, Framed_IP_Address, Acct_Start_Time, Acct_Stop_Time, Acct_Session_ID
>>>>> jwilliams12 208.138.43.123 805306450 72.27.33.224 Nov 2, 2012 12:21:04 AM Nov 2, 2012 1:21:16 AM, erx TenGigabitEthernet 3/0/0.37:123-82:1830880926
>>>>>
>>>>> So the record is added to the accounting database at the end of a session and includes both Stop and Start times.
>>>>>
>>>>> Added to that is the issue I have where Radiator crashes when I try to use the Simultaneous-Use features.
>>>>>
>>>>> Thanks.
>>>>>
>>>>> On Fri, 2 Nov 2012 17:46:58 +1100
>>>>> Hugh Irvine <hugh at open.com.au> wrote:
>>>>>>
>>>>>> Hello Rohan -
>>>>>>
>>>>>> Can you please explain exactly what you are trying to do?
>>>>>>
>>>>>> It is normal for you to get two records in your accounting table, as that is what you have configured.
>>>>>>
>>>>>> If you can tell us what you are trying to achieve we will be able to make sensible suggestions.
>>>>>>
>>>>>> regards
>>>>>>
>>>>>> Hugh
>>>>>>
>>>>>>
>>>>>> On 2 Nov 2012, at 09:38, <rohan.henry at cwjamaica.com> wrote:
>>>>>>
>>>>>>> Thanks Michael,
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> I was able to go further with the advice using the AuthByPolicy and AuthBy GROUP under the existing Handler. Only that two records are added to my accounting database for a single session - one at Start and one at Stop.
>>>>>>>
>>>>>>> <Handler NAS-Identifier="Juniper_E320_2">
>>>>>>> AddToRequest SERVICESTATUS = ACTIVE
>>>>>>> SessionDatabase SQLSDB
>>>>>>> # MaxSessions 1
>>>>>>> RejectHasReason
>>>>>>>
>>>>>>> AuthByPolicy ContinueAlways
>>>>>>> AuthBy SQLAccounting
>>>>>>> <AuthBy GROUP>
>>>>>>> AuthByPolicy ContinueWhileIgnore
>>>>>>> AuthBy xDSL
>>>>>>> </AuthBy>
>>>>>>>
>>>>>>>
>>>>>>> Regards,
>>>>>>>
>>>>>>> Rohan
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Thu, 01 Nov 2012 17:45:18 -0400
>>>>>>>
>>>>>>> Michael wrote:
>>>>>>>
>>>>>>>> Looks like your "AuthBy xDSL" is accepting, therefore since the default AuthByPolicy is ContinueWhileIgnore, it will stop at the xDSL authby and the "AuthBy SQLAccounting" is not processed.
>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>> I personally handle accounting in a separate handler. To me, handling accounting and authorization in the same handler is tricky.
>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>> Michael
>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>> On 01/11/12 05:07 PM, rohan.henry at cwjamaica.com wrote:
>>>>>>>
>>>>>>>>> Hugh,
>>>>>>>
>>>>>>>>>
>>>>>>>
>>>>>>>>> Config and logs attached.
>>>>>>>
>>>>>>>>>
>>>>>>>
>>>>>>>>>
>>>>>>>
>>>>>>>>> And the application crashed when testing Simultaneous-Use for both configurations below.
>>>>>>>
>>>>>>>>>
>>>>>>>
>>>>>>>>> In my AuthBy config:
>>>>>>>
>>>>>>>>> "DefaultSimultaneousUse 1" With "AuthAttrDef Simultaneous-Use,Simultaneous-Use,check"
>>>>>>>
>>>>>>>>>
>>>>>>>
>>>>>>>>> Or
>>>>>>>
>>>>>>>>>
>>>>>>>
>>>>>>>>> In my Handler:
>>>>>>>
>>>>>>>>> MaxSessions 1
>>>>>>>
>>>>>>>>>
>>>>>>>
>>>>>>>>>
>>>>>>>
>>>>>>>>>
>>>>>>>
>>>>>>>>> On Fri, 2 Nov 2012 07:19:09 +1100
>>>>>>>
>>>>>>>>> Hugh Irvine wrote:
>>>>>>>
>>>>>>>>>> Hello Rohan -
>>>>>>>
>>>>>>>>>>
>>>>>>>
>>>>>>>>>> We will need to see the configuration file (no secrets) together with a trace 4 debug showing what is happening.
>>>>>>>
>>>>>>>>>>
>>>>>>>
>>>>>>>>>> regards
>>>>>>>
>>>>>>>>>>
>>>>>>>
>>>>>>>>>> Hugh
>>>>>>>
>>>>>>>>>>
>>>>>>>
>>>>>>>>>>
>>>>>>>
>>>>>>>>>> On 2 Nov 2012, at 05:53, wrote:
>>>>>>>
>>>>>>>>>>
>>>>>>>
>>>>>>>>>>> Hello,
>>>>>>>
>>>>>>>>>>>
>>>>>>>
>>>>>>>>>>> Why doesn't the following work?
>>>>>>>
>>>>>>>>>>>
>>>>>>>
>>>>>>>>>>>
>>>>>>>
>>>>>>>>>>> Identifier SQLAccounting
>>>>>>>
>>>>>>>>>>> DBSource dbi:mysql:inetdb_test
>>>>>>>
>>>>>>>>>>> DBUsername inet
>>>>>>>
>>>>>>>>>>> DBAuth inet at inetdb
>>>>>>>
>>>>>>>>>>> #Disable SQL authentication
>>>>>>>
>>>>>>>>>>> AuthSelect
>>>>>>>
>>>>>>>>>>> HandleAcctStatusTypes Start,Stop
>>>>>>>
>>>>>>>>>>> AccountingTable ARCH_ACCOUNTING
>>>>>>>
>>>>>>>>>>> AcctColumnDef USER_NAME,User-Name
>>>>>>>
>>>>>>>>>>> AcctColumnDef ACCT_START_TIME,Timestamp,integer
>>>>>>>
>>>>>>>>>>> AcctColumnDef ACCT_STOP_TIME,Timestamp,integer
>>>>>>>
>>>>>>>>>>> AcctColumnDef ACCT_STATUS_TYPE,Acct-Status-Type,integer
>>>>>>>
>>>>>>>>>>> AcctColumnDef ACCT_DELAY_TIME,Acct-Delay-Time,integer
>>>>>>>
>>>>>>>>>>> AcctColumnDef ACCT_INPUT_OCTETS,Acct-Input-Octets,integer
>>>>>>>
>>>>>>>>>>> AcctColumnDef ACCT_OUTPUT_OCTETS,Acct-Output-Octets,integer
>>>>>>>
>>>>>>>>>>> AcctColumnDef ACCT_SESSION_ID,Acct-Session-Id
>>>>>>>
>>>>>>>>>>> AcctColumnDef ACCT_SESSION_TIME,Acct-Session-Time,integer
>>>>>>>
>>>>>>>>>>> AcctColumnDef ACCT_TERMINATE_CAUSE,Acct-Terminate-Cause,integer
>>>>>>>
>>>>>>>>>>> AcctColumnDef FRAMED_IP_ADDRESS,Framed-IP-Address
>>>>>>>
>>>>>>>>>>> AcctColumnDef NAS_IDENTIFIER,NAS-Identifier
>>>>>>>
>>>>>>>>>>> AcctColumnDef NAS_PORT,NAS-Port,integer
>>>>>>>
>>>>>>>>>>> AcctColumnDef CALLED_STATION_ID,Called-Station-Id
>>>>>>>
>>>>>>>>>>> AcctColumnDef CALLING_STATION_ID,Calling-Station-Id
>>>>>>>
>>>>>>>>>>> SQLRecoveryFile %L/sqlaccounting.sql
>>>>>>>
>>>>>>>>>>>
>>>>>>>
>>>>>>>>>>>
>>>>>>>
>>>>>>>>>>> Specifying the following in my Handler does not work. I don't even see any trace in my logs set at level 4 or 5.
>>>>>>>
>>>>>>>>>>> AuthBy SQLAccounting
>>>>>>>
>>>>>>>>>>>
>>>>>>>
>>>>>>>>>>> However my sessions database work with the following.
>>>>>>>
>>>>>>>>>>> SessionDatabase SQLSDB
>>>>>>>
>>>>>>>>>>>
>>>>>>>
>>>>>>>>>>> Thanks much.
>>>>>>>
>>>>>>>>>>>
>>>>>>>
>>>>>>>>>>> Regards,
>>>>>>>
>>>>>>>>>>> Rohan
>>>>>>>
>>>>>>>>>>> _______________________________________________
>>>>>>>
>>>>>>>>>>> radiator mailing list
>>>>>>>
>>>>>>>>>>> radiator at open.com.au
>>>>>>>
>>>>>>>>>>> http://www.open.com.au/mailman/listinfo/radiator
>>>>>>>
>>>>>>>>>>
>>>>>>>
>>>>>>>>>> --
>>>>>>>
>>>>>>>>>>
>>>>>>>
>>>>>>>>>> Hugh Irvine
>>>>>>>
>>>>>>>>>> hugh at open.com.au
>>>>>>>
>>>>>>>>>>
>>>>>>>
>>>>>>>>>> Radiator: the most portable, flexible and configurable RADIUS server
>>>>>>>
>>>>>>>>>> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
>>>>>>>
>>>>>>>>>> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
>>>>>>>
>>>>>>>>>> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
>>>>>>>
>>>>>>>>>> DIAMETER etc.
>>>>>>>
>>>>>>>>>> Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
>>>>>>>
>>>>>>>>>>
>>>>>>>
>>>>>>>>> Rohan Henry
>>>>>>>
>>>>>>>>> Server Administrator
>>>>>>>
>>>>>>>>> LIME
>>>>>>>
>>>>>>>>> Phone (876) 936-4819
>>>>>>>
>>>>>>>>> Mobile (876) 997-0729
>>>>>>>
>>>>>>>>>
>>>>>>>
>>>>>>>>>
>>>>>>>
>>>>>>>>> _______________________________________________
>>>>>>>
>>>>>>>>> radiator mailing list
>>>>>>>
>>>>>>>>> radiator at open.com.au
>>>>>>>
>>>>>>>>> http://www.open.com.au/mailman/listinfo/radiator
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Rohan Henry
>>>>>>>
>>>>>>> Server Administrator
>>>>>>>
>>>>>>> LIME
>>>>>>>
>>>>>>> Phone (876) 936-4819
>>>>>>>
>>>>>>> Mobile (876) 997-0729
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> radiator mailing list
>>>>>>> radiator at open.com.au
>>>>>>> http://www.open.com.au/mailman/listinfo/radiator
>>>>>>
>>>>>>
>>>>>> --
>>>>>>
>>>>>> Hugh Irvine
>>>>>> hugh at open.com.au
>>>>>>
>>>>>> Radiator: the most portable, flexible and configurable RADIUS server
>>>>>> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
>>>>>> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
>>>>>> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
>>>>>> DIAMETER etc.
>>>>>> Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
>>>>>>
>>>>>
>>>>> Rohan Henry
>>>>> Server Administrator
>>>>> LIME
>>>>> Phone (876) 936-4819
>>>>> Mobile (876) 997-0729
>>>>> _______________________________________________
>>>>> radiator mailing list
>>>>> radiator at open.com.au
>>>>> http://www.open.com.au/mailman/listinfo/radiator
>>>>
>>>>
>>>> --
>>>>
>>>> Hugh Irvine
>>>> hugh at open.com.au
>>>>
>>>> Radiator: the most portable, flexible and configurable RADIUS server
>>>> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
>>>> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
>>>> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
>>>> DIAMETER etc.
>>>> Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
>>>>
>>>
>>> Rohan Henry
>>> Server Administrator
>>> LIME
>>> Phone (876) 936-4819
>>> Mobile (876) 997-0729
>>> <radius.cfg.txt><radius log.txt>_______________________________________________
>>> radiator mailing list
>>> radiator at open.com.au
>>> http://www.open.com.au/mailman/listinfo/radiator
>>
>>
>> --
>>
>> Hugh Irvine
>> hugh at open.com.au
>>
>> Radiator: the most portable, flexible and configurable RADIUS server
>> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
>> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
>> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
>> DIAMETER etc.
>> Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
>>
>
> Rohan Henry
> Server Administrator
> LIME
> Phone (876) 936-4819
> Mobile (876) 997-0729
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
--
Hugh Irvine
hugh at open.com.au
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc.
Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
More information about the radiator
mailing list