[RADIATOR] Handler type Stop/Alive distinguished processing
Thomas Kurian
thomas at kccg.com
Thu Apr 4 05:30:18 CDT 2013
Hi Mike and friends,
As advised by you , i have attached the configuration file & debug logs.
I want to process both alive and stop packets but with separate
handlers. What i notice from the logs is that the handler which is first
positioned is the only handler which is processed the rest of the
handlers are ignored. Let me explain it.
If handler stop is positioned first, only stop packets are processed ,
Alive and Start packets are not processed , even if it is received.
I tried it vice versa also,in this case all accounting packets were
processed but the handler stop was ignored.
I also tried replacing Handler-Request-Type=Accounting-Request with
Handler-Status-Type=Alive , but no luck.
How to resolve this issue , i require both the handlers to process the
respective packets contents when each of the kind is received by
radiator from the NAS. Please help me out.
_Error debug log (Handler Stop is postioned first in the config file)
_Note:(only stop packets received were processed , Alive packets were
ignored , since handler-request-type=accounting request could not be found)_
_Thu Apr 4 12:46:57 2013: WARNING: Could not find a handler for
99047799: request is ignored
Thu Apr 4 12:46:57 2013: DEBUG: Packet dump:
*** Received from 10.50.1.4 port 1646 ....
Code: Accounting-Request
Identifier: 222
Authentic: <239><6><165>+<223><146><185><162><255>\<165><24>r<247><255><222>
Attributes:
Acct-Session-Id = "002FD66A"
cisco-Policy-Up = "10Mbps"
cisco-Policy-Down = "10Mbps"
Framed-Protocol = PPP
Framed-IP-Address = 94.187.154.249
User-Name = "66555525"
cisco-avpair = "connect-progress=LAN Ses Up"
cisco-avpair = "nas-tx-speed=1000000000"
cisco-avpair = "nas-rx-speed=1000000000"
Acct-Session-Time = 10820
Acct-Input-Octets = 155877791
Acct-Output-Octets = 1691878933
Acct-Input-Packets = 1089024
Acct-Output-Packets = 1669389
Acct-Authentic = RADIUS
Acct-Status-Type = Alive
NAS-Port-Type = Virtual
NAS-Port = 0
NAS-Port-Id = "0/0/0/666"
cisco-avpair = "client-mac-address=dc9f.db2e.e52f"
Class =
"<153>3<1><8>66555525<21><4><132><28>Y<0>3<4><3><0><0><0>3<4><7><0><0><0>3<4><6><0><0><0>1<16>59d88f5c08487260"
Service-Type = Framed-User
NAS-IP-Address = 10.50.1.4
Event-Timestamp = 1365068817
NAS-Identifier = "DC-ISG2-Flash.wimd.kw"
Acct-Delay-Time = 0
Thu Apr 4 12:46:57 2013: WARNING: Could not find a handler for
66555525: request is ignored
_Error debug log (Handler Stop is positioned second in the config file
after Handler-Request-Type=Accounting-Request)_
(Note: Stop packets were processed with
Handler-Request-Type=Accounting-Request and not Handler-Status-Type=Stop)
Thu Apr 4 12:37:31 2013: DEBUG: Packet dump:
*** Received from 10.50.1.4 port 1646 ....
Code: Accounting-Request
Identifier: 29
Authentic: #<144>`<139><161><219><154><190><0>><<161><252>C<220>T
Attributes:
Acct-Session-Id = "002FD585"
cisco-Policy-Up = "6Mbps"
cisco-Policy-Down = "6Mbps"
Framed-Protocol = PPP
Framed-IP-Address = 94.187.154.236
cisco-avpair = "ppp-disconnect-cause=Missed too many keepalives"
User-Name = "65002914"
Acct-Authentic = RADIUS
cisco-avpair = "connect-progress=LAN Ses Up"
cisco-avpair = "nas-tx-speed=1000000000"
cisco-avpair = "nas-rx-speed=1000000000"
Acct-Session-Time = 11448
Acct-Input-Octets = 28654436
Acct-Output-Octets = 160823960
Acct-Input-Packets = 88318
Acct-Output-Packets = 141945
Acct-Terminate-Cause = Port-Error
cisco-avpair = "disc-cause-ext=TCP Foreign Host Close"
Acct-Status-Type = Stop
NAS-Port-Type = Virtual
NAS-Port = 0
NAS-Port-Id = "0/0/0/666"
cisco-avpair = "client-mac-address=e046.9a3b.c135"
Class =
"<153>3<1><8>65002914<21><4><171><144><212><0>3<4><6><0><0><0>3<4><16><0><0><0>3<4><3><0><0><0>1<16>8f9c5c39dc74286f"
Service-Type = Framed-User
NAS-IP-Address = 10.50.1.4
Event-Timestamp = 1365068251
NAS-Identifier = "DC-ISG2-Flash.wimd.kw"
Acct-Delay-Time = 0
Thu Apr 4 12:37:31 2013: DEBUG: Handling request with Handler
'Request-Type = Accounting-Request', Identifier ''
Thu Apr 4 12:37:31 2013: DEBUG: tamesql Deleting session for 65002914,
10.50.1.4, 0
Thu Apr 4 12:37:31 2013: DEBUG: do query to 'dbi:ODBC:IRONMAN': 'delete
from RADONLINE where NASIDENTIFIER='10.50.1.4' and NASPORT=00':
Thu Apr 4 12:37:31 2013: DEBUG: Handling with Radius::AuthSQL: thomas
Thu Apr 4 12:37:31 2013: DEBUG: Handling accounting with Radius::AuthSQL
Thu Apr 4 12:37:31 2013: DEBUG: do query to 'dbi:ODBC:IRONMAN': 'update
quotasubscribers set monthlycounter = 160823960, totalcounter =
160823960, timestamp = 13650682
51 where username='65002914' And Type = 'Q'':
Thu Apr 4 12:37:31 2013: DEBUG: AuthBy SQL result: ACCEPT,
Thu Apr 4 12:37:31 2013: DEBUG: Running PostAuthHook: Using Identifier
Thu Apr 4 12:37:31 2013: DEBUG: Running PostAuthHook sql query check for :
65002914
Thu Apr 4 12:37:31 2013: DEBUG: Query to 'dbi:ODBC:IRONMAN': 'select
username from quotasubscribers where switched = 0 and type = 'Q' and
monthlycounter >= maxquota ':
Thu Apr 4 12:37:31 2013: DEBUG: The user 65002914 either has not yet
exceeded allocated quota or isnt a quota based user
Thu Apr 4 12:37:31 2013: DEBUG: Accounting accepted
Thu Apr 4 12:37:31 2013: DEBUG: Packet dump:
*** Sending to 10.50.1.4 port 1646 ....
Code: Accounting-Response
Identifier: 29
Authentic: (e<12>Z<183>bS<24>*-_<150><4>'<130><238>
Attributes:
*_Radiator Config file_*
LogDir /var/log/radius
DbDir /etc/radiator
# Use a low trace level in production systems. Increase
# it to 4 or 5 for debugging, or use the -trace flag to radiusd
Trace 4
# You will probably want to add other Clients to suit your work site,
<Client DEFAULT>
Secret XXXXXXXXXX
DupInterval 0
</Client>
<Client 10.50.1.4>
Secret XXXXXXXXXX
DupInterval 0
NasType Cisco
IgnoreAcctSignature
</Client>
# Accept processing of other accounting requests of the genre Stop
<Handler Acct-Status-Type = Stop>
<AuthBy SQL>
Identifier thomas
DBSource dbi:ODBC:IRONMAN
DBUsername XXXXXXXX
DBAuth WXXXXXXXXX
AccountingStopsOnly
AccountingTable ACCOUNTING
AcctColumnDef USERNAME, User-Name
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef TIME_STAMP,Event-Timestamp,integer-date
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
AcctColumnDef NASIDENTIFIER,NAS-Identifier
AcctColumnDef NASPORT,NAS-Port,integer
</Handler>
<SessionDatabase SQL>
# This SessionDatabase clause can be used to insert value of extra
desired field for future development
Identifier tamesql
DBSource dbi:ODBC:IRONMAN
DBUsername XXXXXXXXXXX
DBAuth XXXXX
</SessionDatabase>
# Accept processing of other accounting requests of the genre Alive
interim updates
<Handler Request-Type = Accounting-Request>
<AuthBy SQL>
Identifier thomas
DBSource dbi:ODBC:IRONMAN
DBUsername XXXXXXXXXXX
DBAuth XXXXXXXXXX
AcctSQLStatement update quotasubscribers set monthlycounter
= %{Acct-Output-Octets}, totalcounter = %{Acct-Output-Octets}, timestamp
= %{Event-Timestamp} \
where username='%n' \
And Type = 'Q'
</AuthBy>
PostAuthHook file:"/etc/radiator/rocky.pl"
#Log accounting to a detail file
AcctLogFileName %L/detail
</Handler>
Requesting your kind help & cooperation,
Thomas Kurian
IT Security Engineer (B.Tech. -- Electrical)
Kuwaiti Canadian Consulting Group (www.kccg.com)
T: +965 22435566
F: +965 22415149
E: thomas at kccg.com
On 3/27/2013 11:40 PM, Michael wrote:
>
>
> AuthByPolicy is only for what to do when you have multiple authby's.
> you only have 1 per handler here so it's irrelevant.
>
> Best to show some debug log of this in action with a start packet to
> figure out what's going on. the config looks like it should at least
> handle the start packet.
>
>
>
> On 27/03/13 03:32 PM, Thomas Kurian wrote:
>> Hi Mike,
>> Thanks for your email. Can you please tell me where exactly i have to
>> add "AuthByPolicy ContinueWhileIgnore"? Should it go under each
>> handler clause inside Authby sql?
>>
>> _My old config (which didnt work ,Start packets were never getting
>> processed) (this was the config i had problem a long time ago.. which
>> lead me to ask this question)_
>>
>> AcctPort 1813
>>
>> AuthPort 1812
>>
>>
>>
>>
>> BindAddress 0.0.0.0
>>
>>
>> LogDir /var/log/radius
>>
>> DbDir /etc/radiator
>>
>> # Use a low trace level in production systems. Increase
>>
>> # it to 4 or 5 for debugging, or use the -trace flag to radiusd
>>
>> Trace 4
>>
>> # You will probably want to add other Clients to suit your work site,
>>
>> # one for each NAS you want to work with
>>
>>
>>
>>
>>
>> <Client DEFAULT>
>>
>> Secret xxxx
>>
>> DupInterval 0
>>
>> </Client>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> <Client 10.50.1.4>
>>
>> Secret xxx
>>
>> DupInterval 0
>>
>> NasType Cisco
>>
>> IgnoreAcctSignature
>>
>> </Client>
>>
>>
>>
>>
>> #For strictly processing with Accounting Stop packets
>>
>>
>>
>>
>> <Handler Acct-Status-Type = Stop>
>>
>>
>>
>>
>> <AuthBy SQL>
>>
>> Identifier Block-Quota-SQL
>>
>>
>>
>>
>> DBSource dbi:mysql:radius
>>
>> DBUsername xxxx
>>
>> DBAuth xxxxx
>>
>>
>>
>>
>> AccountingStopsOnly
>>
>> AccountingTable quotacouunter
>>
>> AuthColumnDef username,User-Name,check
>>
>>
>>
>>
>>
>>
>>
>> AuthSelect select monthlycounter from quotacounter \
>>
>> where username='%n' \
>>
>> And type = 'Q'
>>
>> #AuthColumnDef 0, Session-Timeout, reply
>>
>>
>>
>>
>> AcctSQLStatement update quotacounter set \
>>
>> monthlycounter=monthlycounter+%{Acct-Input-Octets} \
>>
>> where username='%n' \
>>
>> And Type = 'Q'
>>
>>
>>
>>
>> AuthSelect select totalcounter from quotacounter \
>>
>> where username='%n' \
>>
>> And Type = 'Q'
>>
>>
>>
>>
>> AcctSQLStatement update quotacounter set \
>>
>> totalcounter=totalcounter+%{Acct-Input-Octets} \
>>
>> where username='%n' \
>>
>> And Type = 'Q'
>>
>>
>>
>>
>> PostAuthHook file:"%D/thomas.pl";
>>
>>
>>
>>
>> </AuthBy>
>>
>>
>>
>>
>> </Handler>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> # Accept processing of other accounting requests of the genre start
>> and interim
>>
>>
>>
>>
>> <Handler Request-Type = Accounting-Request>
>>
>>
>>
>> <Realm DEFAULT>
>>
>> <AuthBy SQL>
>>
>>
>>
>>
>> DBSource dbi:mysql:radius
>>
>> DBUsername xxxx
>>
>> DBAuth xxxx
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> AccountingTable ACCOUNTING
>>
>> AcctColumnDef USERNAME, User-Name
>>
>> AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
>>
>> AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
>>
>> AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets
>>
>> AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets
>>
>> AcctColumnDef TIME_STAMP,Event-Timestamp
>>
>> AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time
>>
>> AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time
>>
>> AcctColumnDef ACCTSESSIONID,Acct-Session-Id
>>
>> AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
>>
>> AcctColumnDef NASIDENTIFIER,NAS-Identifier
>>
>> AcctColumnDef NASPORT,NAS-Port
>>
>> AcctColumnDef ACCTSESSIONID,Acct-Session-Id
>>
>>
>>
>>
>> </AuthBy>
>>
>> # Log accounting to a detail file
>>
>> AcctLogFileName %L/detail
>>
>>
>>
>>
>>
>>
>>
>> </Realm>
>>
>> </Handler>
>>
>>
>>
>>
>>
>> Requesting your kind help, Thomas Kurian IT Security Engineer
>> (B.Tech. -- Electrical) Kuwaiti Canadian Consulting Group
>> (www.kccg.com) T: +965 22435566 F: +965 22415149 E: thomas at kccg.com
>> On 3/27/2013 8:00 PM, radiator-request at open.com.au wrote:
>>> Send radiator mailing list submissions to radiator at open.com.au To
>>> subscribe or unsubscribe via the World Wide Web, visit
>>> http://www.open.com.au/mailman/listinfo/radiator or, via email, send
>>> a message with subject or body 'help' to
>>> radiator-request at open.com.au You can reach the person managing the
>>> list at radiator-owner at open.com.au When replying, please edit your
>>> Subject line so it is more specific than "Re: Contents of radiator
>>> digest..." Today's Topics: 1. Re: Handler type Stop/Alive
>>> distinguished processing (Michael Newton)
>>> ----------------------------------------------------------------------
>>> Message: 1 Date: Wed, 27 Mar 2013 09:41:40 -0700 From: Michael
>>> Newton <mnewton at pofp.com> Subject: Re: [RADIATOR] Handler type
>>> Stop/Alive distinguished processing To: radiator at open.com.au
>>> Message-ID:
>>> <CADEoLhCoJHu0vQChsC5-czmG24k+kwsSnw=FzyDoVJi-bH-DCw at mail.gmail.com>
>>> Content-Type: text/plain; charset="utf-8" On 27 March 2013 09:29,
>>> <radiator-request at open.com.au> wrote:
>>>> My requirement is to process and handle ,Alive and Stop packet
>>>> separately and the configuration must be called/processed
>>>> separately ,each time the radiator receives it based on the Acct
>>>> Status type as described above. Please help me out , i could not
>>>> find an explanation for this anywhere and i am confused. Please let
>>>> me know, if you need any more specifics to help me out.
>>> There shouldn't be any problem with using <Handler
>>> Acct-Status-Type=Start>, <Handler Acct-Status-Type=Alive>, or
>>> <Handler Acct-Status-Type=Stop>, it is how we do accounting on our
>>> server. Maybe make sure you you are using "AuthByPolicy
>>> ContinueWhileIgnore" if you have problems with subsequent handlers
>>> not getting called? If that doesn't help, I'd suggest posting the
>>> config that doesn't work instead of the one that does; other people
>>> may be able to provide more suggestions. Mike -------------- next
>>> part -------------- An HTML attachment was scrubbed... URL:
>>> http://www.open.com.au/pipermail/radiator/attachments/20130327/ab98603b/attachment-0001.html
>>> ------------------------------
>>> _______________________________________________ radiator mailing
>>> list radiator at open.com.au
>>> http://www.open.com.au/mailman/listinfo/radiator End of radiator
>>> Digest, Vol 46, Issue 24 ****************************************
>>
>> _______________________________________________ radiator mailing list
>> radiator at open.com.au http://www.open.com.au/mailman/listinfo/radiator
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.open.com.au/pipermail/radiator/attachments/20130404/73ade5f7/attachment-0001.html
More information about the radiator
mailing list