[RADIATOR] Handler type Stop/Alive distinguished processing
Michael
ringo at vianet.ca
Thu Apr 4 12:03:57 CDT 2013
it looks to me like your mixing things up making it hard for me
personally to follow. 1 config with 1 log would be easier to follow. Why
does the time go backwards in your log?
but anyways, i think what you want to do is process Alive packets and
Stop packets separately, and ignore Start packets but then you talk
about "Start packets are not processed" so i'm not sure what you want.
Also, if your device is sending start packets and you are ignoring them,
the device (depending on what device it is) may mark your radius servers
dead.
So, it's really quite simple:
<Handler Request-Type = "Accounting-Request", Acct-Status-Type = Alive>
...
</Handler>
<Handler Request-Type = "Accounting-Request", Acct-Status-Type = Stop>
...
</Handler>
Sounds like maybe you're just making it more complicated than it is.
On 04/04/13 06:30 AM, Thomas Kurian wrote:
> Hi Mike and friends,
> As advised by you , i have attached the configuration file & debug
> logs. I want to process both alive and stop packets but with separate
> handlers. What i notice from the logs is that the handler which is
> first positioned is the only handler which is processed the rest of
> the handlers are ignored. Let me explain it.
> If handler stop is positioned first, only stop packets are processed
> , Alive and Start packets are not processed , even if it is received.
> I tried it vice versa also,in this case all accounting packets were
> processed but the handler stop was ignored.
> I also tried replacing Handler-Request-Type=Accounting-Request with
> Handler-Status-Type=Alive , but no luck.
>
> How to resolve this issue , i require both the handlers to process the
> respective packets contents when each of the kind is received by
> radiator from the NAS. Please help me out.
>
>
>
> _Error debug log (Handler Stop is postioned first in the config file)
> _Note:(only stop packets received were processed , Alive packets were
> ignored , since handler-request-type=accounting request could not be
> found)_
> _Thu Apr 4 12:46:57 2013: WARNING: Could not find a handler for
> 99047799: request is ignored
> Thu Apr 4 12:46:57 2013: DEBUG: Packet dump:
> *** Received from 10.50.1.4 port 1646 ....
> Code: Accounting-Request
> Identifier: 222
> Authentic:
> <239><6><165>+<223><146><185><162><255>\<165><24>r<247><255><222>
> Attributes:
> Acct-Session-Id = "002FD66A"
> cisco-Policy-Up = "10Mbps"
> cisco-Policy-Down = "10Mbps"
> Framed-Protocol = PPP
> Framed-IP-Address = 94.187.154.249
> User-Name = "66555525"
> cisco-avpair = "connect-progress=LAN Ses Up"
> cisco-avpair = "nas-tx-speed=1000000000"
> cisco-avpair = "nas-rx-speed=1000000000"
> Acct-Session-Time = 10820
> Acct-Input-Octets = 155877791
> Acct-Output-Octets = 1691878933
> Acct-Input-Packets = 1089024
> Acct-Output-Packets = 1669389
> Acct-Authentic = RADIUS
> Acct-Status-Type = Alive
> NAS-Port-Type = Virtual
> NAS-Port = 0
> NAS-Port-Id = "0/0/0/666"
> cisco-avpair = "client-mac-address=dc9f.db2e.e52f"
> Class =
> "<153>3<1><8>66555525<21><4><132><28>Y<0>3<4><3><0><0><0>3<4><7><0><0><0>3<4><6><0><0><0>1<16>59d88f5c08487260"
> Service-Type = Framed-User
> NAS-IP-Address = 10.50.1.4
> Event-Timestamp = 1365068817
> NAS-Identifier = "DC-ISG2-Flash.wimd.kw"
> Acct-Delay-Time = 0
>
> Thu Apr 4 12:46:57 2013: WARNING: Could not find a handler for
> 66555525: request is ignored
> _Error debug log (Handler Stop is positioned second in the config
> file after Handler-Request-Type=Accounting-Request)_
> (Note: Stop packets were processed with
> Handler-Request-Type=Accounting-Request and not Handler-Status-Type=Stop)
> Thu Apr 4 12:37:31 2013: DEBUG: Packet dump:
> *** Received from 10.50.1.4 port 1646 ....
> Code: Accounting-Request
> Identifier: 29
> Authentic: #<144>`<139><161><219><154><190><0>><<161><252>C<220>T
> Attributes:
> Acct-Session-Id = "002FD585"
> cisco-Policy-Up = "6Mbps"
> cisco-Policy-Down = "6Mbps"
> Framed-Protocol = PPP
> Framed-IP-Address = 94.187.154.236
> cisco-avpair = "ppp-disconnect-cause=Missed too many keepalives"
> User-Name = "65002914"
> Acct-Authentic = RADIUS
> cisco-avpair = "connect-progress=LAN Ses Up"
> cisco-avpair = "nas-tx-speed=1000000000"
> cisco-avpair = "nas-rx-speed=1000000000"
> Acct-Session-Time = 11448
> Acct-Input-Octets = 28654436
> Acct-Output-Octets = 160823960
> Acct-Input-Packets = 88318
> Acct-Output-Packets = 141945
> Acct-Terminate-Cause = Port-Error
> cisco-avpair = "disc-cause-ext=TCP Foreign Host Close"
> Acct-Status-Type = Stop
> NAS-Port-Type = Virtual
> NAS-Port = 0
> NAS-Port-Id = "0/0/0/666"
> cisco-avpair = "client-mac-address=e046.9a3b.c135"
> Class =
> "<153>3<1><8>65002914<21><4><171><144><212><0>3<4><6><0><0><0>3<4><16><0><0><0>3<4><3><0><0><0>1<16>8f9c5c39dc74286f"
> Service-Type = Framed-User
> NAS-IP-Address = 10.50.1.4
> Event-Timestamp = 1365068251
> NAS-Identifier = "DC-ISG2-Flash.wimd.kw"
> Acct-Delay-Time = 0
>
> Thu Apr 4 12:37:31 2013: DEBUG: Handling request with Handler
> 'Request-Type = Accounting-Request', Identifier ''
> Thu Apr 4 12:37:31 2013: DEBUG: tamesql Deleting session for
> 65002914, 10.50.1.4, 0
> Thu Apr 4 12:37:31 2013: DEBUG: do query to 'dbi:ODBC:IRONMAN':
> 'delete from RADONLINE where NASIDENTIFIER='10.50.1.4' and NASPORT=00':
> Thu Apr 4 12:37:31 2013: DEBUG: Handling with Radius::AuthSQL: thomas
> Thu Apr 4 12:37:31 2013: DEBUG: Handling accounting with Radius::AuthSQL
> Thu Apr 4 12:37:31 2013: DEBUG: do query to 'dbi:ODBC:IRONMAN':
> 'update quotasubscribers set monthlycounter = 160823960, totalcounter
> = 160823960, timestamp = 13650682
> 51 where username='65002914' And Type = 'Q'':
> Thu Apr 4 12:37:31 2013: DEBUG: AuthBy SQL result: ACCEPT,
> Thu Apr 4 12:37:31 2013: DEBUG: Running PostAuthHook: Using Identifier
>
> Thu Apr 4 12:37:31 2013: DEBUG: Running PostAuthHook sql query check
> for :
> 65002914
> Thu Apr 4 12:37:31 2013: DEBUG: Query to 'dbi:ODBC:IRONMAN': 'select
> username from quotasubscribers where switched = 0 and type = 'Q' and
> monthlycounter >= maxquota ':
> Thu Apr 4 12:37:31 2013: DEBUG: The user 65002914 either has not yet
> exceeded allocated quota or isnt a quota based user
> Thu Apr 4 12:37:31 2013: DEBUG: Accounting accepted
> Thu Apr 4 12:37:31 2013: DEBUG: Packet dump:
> *** Sending to 10.50.1.4 port 1646 ....
> Code: Accounting-Response
> Identifier: 29
> Authentic: (e<12>Z<183>bS<24>*-_<150><4>'<130><238>
> Attributes:
>
> *_Radiator Config file_*
> LogDir /var/log/radius
> DbDir /etc/radiator
> # Use a low trace level in production systems. Increase
> # it to 4 or 5 for debugging, or use the -trace flag to radiusd
> Trace 4
>
> # You will probably want to add other Clients to suit your work site,
>
> <Client DEFAULT>
> Secret XXXXXXXXXX
> DupInterval 0
> </Client>
>
>
> <Client 10.50.1.4>
> Secret XXXXXXXXXX
> DupInterval 0
> NasType Cisco
> IgnoreAcctSignature
> </Client>
>
> # Accept processing of other accounting requests of the genre Stop
>
> <Handler Acct-Status-Type = Stop>
> <AuthBy SQL>
> Identifier thomas
> DBSource dbi:ODBC:IRONMAN
> DBUsername XXXXXXXX
> DBAuth WXXXXXXXXX
>
>
> AccountingStopsOnly
> AccountingTable ACCOUNTING
> AcctColumnDef USERNAME, User-Name
> AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
> AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
> AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
> AcctColumnDef
> ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
> AcctColumnDef TIME_STAMP,Event-Timestamp,integer-date
> AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
> AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
> AcctColumnDef ACCTSESSIONID,Acct-Session-Id
> AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
> AcctColumnDef NASIDENTIFIER,NAS-Identifier
> AcctColumnDef NASPORT,NAS-Port,integer
> </Handler>
>
> <SessionDatabase SQL>
> # This SessionDatabase clause can be used to insert value of extra
> desired field for future development
>
> Identifier tamesql
> DBSource dbi:ODBC:IRONMAN
> DBUsername XXXXXXXXXXX
> DBAuth XXXXX
>
> </SessionDatabase>
>
>
> # Accept processing of other accounting requests of the genre Alive
> interim updates
> <Handler Request-Type = Accounting-Request>
> <AuthBy SQL>
> Identifier thomas
> DBSource dbi:ODBC:IRONMAN
> DBUsername XXXXXXXXXXX
> DBAuth XXXXXXXXXX
>
>
> AcctSQLStatement update quotasubscribers set
> monthlycounter = %{Acct-Output-Octets}, totalcounter =
> %{Acct-Output-Octets}, timestamp = %{Event-Timestamp} \
> where username='%n' \
> And Type = 'Q'
>
>
>
> </AuthBy>
> PostAuthHook file:"/etc/radiator/rocky.pl"
> #Log accounting to a detail file
> AcctLogFileName %L/detail
>
>
> </Handler>
> Requesting your kind help& cooperation,
>
> Thomas Kurian
> IT Security Engineer (B.Tech. -- Electrical)
> Kuwaiti Canadian Consulting Group (www.kccg.com)
> T: +965 22435566
> F: +965 22415149
> E:thomas at kccg.com
> On 3/27/2013 11:40 PM, Michael wrote:
>>
>>
>> AuthByPolicy is only for what to do when you have multiple authby's.
>> you only have 1 per handler here so it's irrelevant.
>>
>> Best to show some debug log of this in action with a start packet to
>> figure out what's going on. the config looks like it should at least
>> handle the start packet.
>>
>>
>>
>> On 27/03/13 03:32 PM, Thomas Kurian wrote:
>>> Hi Mike,
>>> Thanks for your email. Can you please tell me where exactly i have
>>> to add "AuthByPolicy ContinueWhileIgnore"? Should it go under each
>>> handler clause inside Authby sql?
>>>
>>> _My old config (which didnt work ,Start packets were never getting
>>> processed) (this was the config i had problem a long time ago..
>>> which lead me to ask this question)_
>>>
>>> AcctPort 1813
>>>
>>> AuthPort 1812
>>>
>>>
>>>
>>>
>>> BindAddress 0.0.0.0
>>>
>>>
>>> LogDir /var/log/radius
>>>
>>> DbDir /etc/radiator
>>>
>>> # Use a low trace level in production systems. Increase
>>>
>>> # it to 4 or 5 for debugging, or use the -trace flag to radiusd
>>>
>>> Trace 4
>>>
>>> # You will probably want to add other Clients to suit your work site,
>>>
>>> # one for each NAS you want to work with
>>>
>>>
>>>
>>>
>>>
>>> <Client DEFAULT>
>>>
>>> Secret xxxx
>>>
>>> DupInterval 0
>>>
>>> </Client>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> <Client 10.50.1.4>
>>>
>>> Secret xxx
>>>
>>> DupInterval 0
>>>
>>> NasType Cisco
>>>
>>> IgnoreAcctSignature
>>>
>>> </Client>
>>>
>>>
>>>
>>>
>>> #For strictly processing with Accounting Stop packets
>>>
>>>
>>>
>>>
>>> <Handler Acct-Status-Type = Stop>
>>>
>>>
>>>
>>>
>>> <AuthBy SQL>
>>>
>>> Identifier Block-Quota-SQL
>>>
>>>
>>>
>>>
>>> DBSource dbi:mysql:radius
>>>
>>> DBUsername xxxx
>>>
>>> DBAuth xxxxx
>>>
>>>
>>>
>>>
>>> AccountingStopsOnly
>>>
>>> AccountingTable quotacouunter
>>>
>>> AuthColumnDef username,User-Name,check
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> AuthSelect select monthlycounter from quotacounter \
>>>
>>> where username='%n' \
>>>
>>> And type = 'Q'
>>>
>>> #AuthColumnDef 0, Session-Timeout, reply
>>>
>>>
>>>
>>>
>>> AcctSQLStatement update quotacounter set \
>>>
>>> monthlycounter=monthlycounter+%{Acct-Input-Octets} \
>>>
>>> where username='%n' \
>>>
>>> And Type = 'Q'
>>>
>>>
>>>
>>>
>>> AuthSelect select totalcounter from quotacounter \
>>>
>>> where username='%n' \
>>>
>>> And Type = 'Q'
>>>
>>>
>>>
>>>
>>> AcctSQLStatement update quotacounter set \
>>>
>>> totalcounter=totalcounter+%{Acct-Input-Octets} \
>>>
>>> where username='%n' \
>>>
>>> And Type = 'Q'
>>>
>>>
>>>
>>>
>>> PostAuthHook file:"%D/thomas.pl";
>>>
>>>
>>>
>>>
>>> </AuthBy>
>>>
>>>
>>>
>>>
>>> </Handler>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> # Accept processing of other accounting requests of the genre start
>>> and interim
>>>
>>>
>>>
>>>
>>> <Handler Request-Type = Accounting-Request>
>>>
>>>
>>>
>>> <Realm DEFAULT>
>>>
>>> <AuthBy SQL>
>>>
>>>
>>>
>>>
>>> DBSource dbi:mysql:radius
>>>
>>> DBUsername xxxx
>>>
>>> DBAuth xxxx
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> AccountingTable ACCOUNTING
>>>
>>> AcctColumnDef USERNAME, User-Name
>>>
>>> AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
>>>
>>> AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
>>>
>>> AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets
>>>
>>> AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets
>>>
>>> AcctColumnDef TIME_STAMP,Event-Timestamp
>>>
>>> AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time
>>>
>>> AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time
>>>
>>> AcctColumnDef ACCTSESSIONID,Acct-Session-Id
>>>
>>> AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
>>>
>>> AcctColumnDef NASIDENTIFIER,NAS-Identifier
>>>
>>> AcctColumnDef NASPORT,NAS-Port
>>>
>>> AcctColumnDef ACCTSESSIONID,Acct-Session-Id
>>>
>>>
>>>
>>>
>>> </AuthBy>
>>>
>>> # Log accounting to a detail file
>>>
>>> AcctLogFileName %L/detail
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> </Realm>
>>>
>>> </Handler>
>>>
>>>
>>>
>>>
>>>
>>> Requesting your kind help, Thomas Kurian IT Security Engineer
>>> (B.Tech. -- Electrical) Kuwaiti Canadian Consulting Group
>>> (www.kccg.com) T: +965 22435566 F: +965 22415149 E: thomas at kccg.com
>>> On 3/27/2013 8:00 PM, radiator-request at open.com.au wrote:
>>>> Send radiator mailing list submissions to radiator at open.com.au To
>>>> subscribe or unsubscribe via the World Wide Web, visit
>>>> http://www.open.com.au/mailman/listinfo/radiator or, via email,
>>>> send a message with subject or body 'help' to
>>>> radiator-request at open.com.au You can reach the person managing the
>>>> list at radiator-owner at open.com.au When replying, please edit your
>>>> Subject line so it is more specific than "Re: Contents of radiator
>>>> digest..." Today's Topics: 1. Re: Handler type Stop/Alive
>>>> distinguished processing (Michael Newton)
>>>> ----------------------------------------------------------------------
>>>> Message: 1 Date: Wed, 27 Mar 2013 09:41:40 -0700 From: Michael
>>>> Newton <mnewton at pofp.com> Subject: Re: [RADIATOR] Handler type
>>>> Stop/Alive distinguished processing To: radiator at open.com.au
>>>> Message-ID:
>>>> <CADEoLhCoJHu0vQChsC5-czmG24k+kwsSnw=FzyDoVJi-bH-DCw at mail.gmail.com> Content-Type:
>>>> text/plain; charset="utf-8" On 27 March 2013 09:29,
>>>> <radiator-request at open.com.au> wrote:
>>>>> My requirement is to process and handle ,Alive and Stop packet
>>>>> separately and the configuration must be called/processed
>>>>> separately ,each time the radiator receives it based on the Acct
>>>>> Status type as described above. Please help me out , i could not
>>>>> find an explanation for this anywhere and i am confused. Please
>>>>> let me know, if you need any more specifics to help me out.
>>>> There shouldn't be any problem with using <Handler
>>>> Acct-Status-Type=Start>, <Handler Acct-Status-Type=Alive>, or
>>>> <Handler Acct-Status-Type=Stop>, it is how we do accounting on our
>>>> server. Maybe make sure you you are using "AuthByPolicy
>>>> ContinueWhileIgnore" if you have problems with subsequent handlers
>>>> not getting called? If that doesn't help, I'd suggest posting the
>>>> config that doesn't work instead of the one that does; other people
>>>> may be able to provide more suggestions. Mike -------------- next
>>>> part -------------- An HTML attachment was scrubbed... URL:
>>>> http://www.open.com.au/pipermail/radiator/attachments/20130327/ab98603b/attachment-0001.html
>>>> ------------------------------
>>>> _______________________________________________ radiator mailing
>>>> list radiator at open.com.au
>>>> http://www.open.com.au/mailman/listinfo/radiator End of radiator
>>>> Digest, Vol 46, Issue 24 ****************************************
>>>
>>> _______________________________________________ radiator mailing
>>> list radiator at open.com.au
>>> http://www.open.com.au/mailman/listinfo/radiator
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.open.com.au/pipermail/radiator/attachments/20130404/c4d1259e/attachment-0001.html
More information about the radiator
mailing list