[RADIATOR] Handler type Stop/Alive distinguished processing
Michael
ringo at vianet.ca
Thu Apr 4 14:36:01 CDT 2013
perfect. You're welcome. I wasn't sure if i was interpreting your
request properly.
On 04/04/13 02:12 PM, Thomas Kurian wrote:
> Thanks Michael,
> It is working now. Thank you very much for your advice.
> Best Regards,
>
> Thomas Kurian
> IT Security Engineer (B.Tech. -- Electrical)
> Kuwaiti Canadian Consulting Group (www.kccg.com)
> T: +965 22435566
> F: +965 22415149
> E:thomas at kccg.com
> On 4/4/2013 8:03 PM, Michael wrote:
>> it looks to me like your mixing things up making it hard for me
>> personally to follow. 1 config with 1 log would be easier to follow.
>> Why does the time go backwards in your log?
>>
>> but anyways, i think what you want to do is process Alive packets and
>> Stop packets separately, and ignore Start packets but then you talk
>> about "Start packets are not processed" so i'm not sure what you
>> want. Also, if your device is sending start packets and you are
>> ignoring them, the device (depending on what device it is) may mark
>> your radius servers dead.
>>
>> So, it's really quite simple:
>> <Handler Request-Type = "Accounting-Request", Acct-Status-Type = Alive>
>> ...
>> </Handler>
>> <Handler Request-Type = "Accounting-Request", Acct-Status-Type = Stop>
>> ...
>> </Handler>
>>
>> Sounds like maybe you're just making it more complicated than it is.
>>
>>
>>
>> On 04/04/13 06:30 AM, Thomas Kurian wrote:
>>> Hi Mike and friends,
>>> As advised by you , i have attached the configuration file & debug
>>> logs. I want to process both alive and stop packets but with
>>> separate handlers. What i notice from the logs is that the handler
>>> which is first positioned is the only handler which is processed the
>>> rest of the handlers are ignored. Let me explain it.
>>> If handler stop is positioned first, only stop packets are
>>> processed , Alive and Start packets are not processed , even if it
>>> is received.
>>> I tried it vice versa also,in this case all accounting packets were
>>> processed but the handler stop was ignored.
>>> I also tried replacing Handler-Request-Type=Accounting-Request with
>>> Handler-Status-Type=Alive , but no luck.
>>>
>>> How to resolve this issue , i require both the handlers to process
>>> the respective packets contents when each of the kind is received by
>>> radiator from the NAS. Please help me out.
>>>
>>>
>>>
>>> _Error debug log (Handler Stop is postioned first in the config file)
>>> _Note:(only stop packets received were processed , Alive packets
>>> were ignored , since handler-request-type=accounting request could
>>> not be found)_
>>> _Thu Apr 4 12:46:57 2013: WARNING: Could not find a handler for
>>> 99047799: request is ignored
>>> Thu Apr 4 12:46:57 2013: DEBUG: Packet dump:
>>> *** Received from 10.50.1.4 port 1646 ....
>>> Code: Accounting-Request
>>> Identifier: 222
>>> Authentic:
>>> <239><6><165>+<223><146><185><162><255>\<165><24>r<247><255><222>
>>> Attributes:
>>> Acct-Session-Id = "002FD66A"
>>> cisco-Policy-Up = "10Mbps"
>>> cisco-Policy-Down = "10Mbps"
>>> Framed-Protocol = PPP
>>> Framed-IP-Address = 94.187.154.249
>>> User-Name = "66555525"
>>> cisco-avpair = "connect-progress=LAN Ses Up"
>>> cisco-avpair = "nas-tx-speed=1000000000"
>>> cisco-avpair = "nas-rx-speed=1000000000"
>>> Acct-Session-Time = 10820
>>> Acct-Input-Octets = 155877791
>>> Acct-Output-Octets = 1691878933
>>> Acct-Input-Packets = 1089024
>>> Acct-Output-Packets = 1669389
>>> Acct-Authentic = RADIUS
>>> Acct-Status-Type = Alive
>>> NAS-Port-Type = Virtual
>>> NAS-Port = 0
>>> NAS-Port-Id = "0/0/0/666"
>>> cisco-avpair = "client-mac-address=dc9f.db2e.e52f"
>>> Class =
>>> "<153>3<1><8>66555525<21><4><132><28>Y<0>3<4><3><0><0><0>3<4><7><0><0><0>3<4><6><0><0><0>1<16>59d88f5c08487260"
>>> Service-Type = Framed-User
>>> NAS-IP-Address = 10.50.1.4
>>> Event-Timestamp = 1365068817
>>> NAS-Identifier = "DC-ISG2-Flash.wimd.kw"
>>> Acct-Delay-Time = 0
>>>
>>> Thu Apr 4 12:46:57 2013: WARNING: Could not find a handler for
>>> 66555525: request is ignored
>>> _Error debug log (Handler Stop is positioned second in the config
>>> file after Handler-Request-Type=Accounting-Request)_
>>> (Note: Stop packets were processed with
>>> Handler-Request-Type=Accounting-Request and not
>>> Handler-Status-Type=Stop)
>>> Thu Apr 4 12:37:31 2013: DEBUG: Packet dump:
>>> *** Received from 10.50.1.4 port 1646 ....
>>> Code: Accounting-Request
>>> Identifier: 29
>>> Authentic: #<144>`<139><161><219><154><190><0>><<161><252>C<220>T
>>> Attributes:
>>> Acct-Session-Id = "002FD585"
>>> cisco-Policy-Up = "6Mbps"
>>> cisco-Policy-Down = "6Mbps"
>>> Framed-Protocol = PPP
>>> Framed-IP-Address = 94.187.154.236
>>> cisco-avpair = "ppp-disconnect-cause=Missed too many keepalives"
>>> User-Name = "65002914"
>>> Acct-Authentic = RADIUS
>>> cisco-avpair = "connect-progress=LAN Ses Up"
>>> cisco-avpair = "nas-tx-speed=1000000000"
>>> cisco-avpair = "nas-rx-speed=1000000000"
>>> Acct-Session-Time = 11448
>>> Acct-Input-Octets = 28654436
>>> Acct-Output-Octets = 160823960
>>> Acct-Input-Packets = 88318
>>> Acct-Output-Packets = 141945
>>> Acct-Terminate-Cause = Port-Error
>>> cisco-avpair = "disc-cause-ext=TCP Foreign Host Close"
>>> Acct-Status-Type = Stop
>>> NAS-Port-Type = Virtual
>>> NAS-Port = 0
>>> NAS-Port-Id = "0/0/0/666"
>>> cisco-avpair = "client-mac-address=e046.9a3b.c135"
>>> Class =
>>> "<153>3<1><8>65002914<21><4><171><144><212><0>3<4><6><0><0><0>3<4><16><0><0><0>3<4><3><0><0><0>1<16>8f9c5c39dc74286f"
>>> Service-Type = Framed-User
>>> NAS-IP-Address = 10.50.1.4
>>> Event-Timestamp = 1365068251
>>> NAS-Identifier = "DC-ISG2-Flash.wimd.kw"
>>> Acct-Delay-Time = 0
>>>
>>> Thu Apr 4 12:37:31 2013: DEBUG: Handling request with Handler
>>> 'Request-Type = Accounting-Request', Identifier ''
>>> Thu Apr 4 12:37:31 2013: DEBUG: tamesql Deleting session for
>>> 65002914, 10.50.1.4, 0
>>> Thu Apr 4 12:37:31 2013: DEBUG: do query to 'dbi:ODBC:IRONMAN':
>>> 'delete from RADONLINE where NASIDENTIFIER='10.50.1.4' and NASPORT=00':
>>> Thu Apr 4 12:37:31 2013: DEBUG: Handling with Radius::AuthSQL: thomas
>>> Thu Apr 4 12:37:31 2013: DEBUG: Handling accounting with
>>> Radius::AuthSQL
>>> Thu Apr 4 12:37:31 2013: DEBUG: do query to 'dbi:ODBC:IRONMAN':
>>> 'update quotasubscribers set monthlycounter = 160823960,
>>> totalcounter = 160823960, timestamp = 13650682
>>> 51 where username='65002914' And Type = 'Q'':
>>> Thu Apr 4 12:37:31 2013: DEBUG: AuthBy SQL result: ACCEPT,
>>> Thu Apr 4 12:37:31 2013: DEBUG: Running PostAuthHook: Using Identifier
>>>
>>> Thu Apr 4 12:37:31 2013: DEBUG: Running PostAuthHook sql query
>>> check for :
>>> 65002914
>>> Thu Apr 4 12:37:31 2013: DEBUG: Query to 'dbi:ODBC:IRONMAN':
>>> 'select username from quotasubscribers where switched = 0 and type =
>>> 'Q' and monthlycounter >= maxquota ':
>>> Thu Apr 4 12:37:31 2013: DEBUG: The user 65002914 either has not
>>> yet exceeded allocated quota or isnt a quota based user
>>> Thu Apr 4 12:37:31 2013: DEBUG: Accounting accepted
>>> Thu Apr 4 12:37:31 2013: DEBUG: Packet dump:
>>> *** Sending to 10.50.1.4 port 1646 ....
>>> Code: Accounting-Response
>>> Identifier: 29
>>> Authentic: (e<12>Z<183>bS<24>*-_<150><4>'<130><238>
>>> Attributes:
>>>
>>> *_Radiator Config file_*
>>> LogDir /var/log/radius
>>> DbDir /etc/radiator
>>> # Use a low trace level in production systems. Increase
>>> # it to 4 or 5 for debugging, or use the -trace flag to radiusd
>>> Trace 4
>>>
>>> # You will probably want to add other Clients to suit your work site,
>>>
>>> <Client DEFAULT>
>>> Secret XXXXXXXXXX
>>> DupInterval 0
>>> </Client>
>>>
>>>
>>> <Client 10.50.1.4>
>>> Secret XXXXXXXXXX
>>> DupInterval 0
>>> NasType Cisco
>>> IgnoreAcctSignature
>>> </Client>
>>>
>>> # Accept processing of other accounting requests of the genre Stop
>>>
>>> <Handler Acct-Status-Type = Stop>
>>> <AuthBy SQL>
>>> Identifier thomas
>>> DBSource dbi:ODBC:IRONMAN
>>> DBUsername XXXXXXXX
>>> DBAuth WXXXXXXXXX
>>>
>>>
>>> AccountingStopsOnly
>>> AccountingTable ACCOUNTING
>>> AcctColumnDef USERNAME, User-Name
>>> AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
>>> AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
>>> AcctColumnDef
>>> ACCTINPUTOCTETS,Acct-Input-Octets,integer
>>> AcctColumnDef
>>> ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
>>> AcctColumnDef TIME_STAMP,Event-Timestamp,integer-date
>>> AcctColumnDef
>>> ACCTSESSIONTIME,Acct-Session-Time,integer
>>> AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
>>> AcctColumnDef ACCTSESSIONID,Acct-Session-Id
>>> AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
>>> AcctColumnDef NASIDENTIFIER,NAS-Identifier
>>> AcctColumnDef NASPORT,NAS-Port,integer
>>> </Handler>
>>>
>>> <SessionDatabase SQL>
>>> # This SessionDatabase clause can be used to insert value of extra
>>> desired field for future development
>>>
>>> Identifier tamesql
>>> DBSource dbi:ODBC:IRONMAN
>>> DBUsername XXXXXXXXXXX
>>> DBAuth XXXXX
>>>
>>> </SessionDatabase>
>>>
>>>
>>> # Accept processing of other accounting requests of the genre Alive
>>> interim updates
>>> <Handler Request-Type = Accounting-Request>
>>> <AuthBy SQL>
>>> Identifier thomas
>>> DBSource dbi:ODBC:IRONMAN
>>> DBUsername XXXXXXXXXXX
>>> DBAuth XXXXXXXXXX
>>>
>>>
>>> AcctSQLStatement update quotasubscribers set
>>> monthlycounter = %{Acct-Output-Octets}, totalcounter =
>>> %{Acct-Output-Octets}, timestamp = %{Event-Timestamp} \
>>> where username='%n' \
>>> And Type = 'Q'
>>>
>>>
>>>
>>> </AuthBy>
>>> PostAuthHook file:"/etc/radiator/rocky.pl"
>>> #Log accounting to a detail file
>>> AcctLogFileName %L/detail
>>>
>>>
>>> </Handler>
>>> Requesting your kind help& cooperation,
>>>
>>> Thomas Kurian
>>> IT Security Engineer (B.Tech. -- Electrical)
>>> Kuwaiti Canadian Consulting Group (www.kccg.com)
>>> T: +965 22435566
>>> F: +965 22415149
>>> E:thomas at kccg.com
>>> On 3/27/2013 11:40 PM, Michael wrote:
>>>>
>>>>
>>>> AuthByPolicy is only for what to do when you have multiple
>>>> authby's. you only have 1 per handler here so it's irrelevant.
>>>>
>>>> Best to show some debug log of this in action with a start packet
>>>> to figure out what's going on. the config looks like it should at
>>>> least handle the start packet.
>>>>
>>>>
>>>>
>>>> On 27/03/13 03:32 PM, Thomas Kurian wrote:
>>>>> Hi Mike,
>>>>> Thanks for your email. Can you please tell me where exactly i have
>>>>> to add "AuthByPolicy ContinueWhileIgnore"? Should it go under each
>>>>> handler clause inside Authby sql?
>>>>>
>>>>> _My old config (which didnt work ,Start packets were never getting
>>>>> processed) (this was the config i had problem a long time ago..
>>>>> which lead me to ask this question)_
>>>>>
>>>>> AcctPort 1813
>>>>>
>>>>> AuthPort 1812
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> BindAddress 0.0.0.0
>>>>>
>>>>>
>>>>> LogDir /var/log/radius
>>>>>
>>>>> DbDir /etc/radiator
>>>>>
>>>>> # Use a low trace level in production systems. Increase
>>>>>
>>>>> # it to 4 or 5 for debugging, or use the -trace flag to radiusd
>>>>>
>>>>> Trace 4
>>>>>
>>>>> # You will probably want to add other Clients to suit your work site,
>>>>>
>>>>> # one for each NAS you want to work with
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> <Client DEFAULT>
>>>>>
>>>>> Secret xxxx
>>>>>
>>>>> DupInterval 0
>>>>>
>>>>> </Client>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> <Client 10.50.1.4>
>>>>>
>>>>> Secret xxx
>>>>>
>>>>> DupInterval 0
>>>>>
>>>>> NasType Cisco
>>>>>
>>>>> IgnoreAcctSignature
>>>>>
>>>>> </Client>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> #For strictly processing with Accounting Stop packets
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> <Handler Acct-Status-Type = Stop>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> <AuthBy SQL>
>>>>>
>>>>> Identifier Block-Quota-SQL
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> DBSource dbi:mysql:radius
>>>>>
>>>>> DBUsername xxxx
>>>>>
>>>>> DBAuth xxxxx
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> AccountingStopsOnly
>>>>>
>>>>> AccountingTable quotacouunter
>>>>>
>>>>> AuthColumnDef username,User-Name,check
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> AuthSelect select monthlycounter from quotacounter \
>>>>>
>>>>> where username='%n' \
>>>>>
>>>>> And type = 'Q'
>>>>>
>>>>> #AuthColumnDef 0, Session-Timeout, reply
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> AcctSQLStatement update quotacounter set \
>>>>>
>>>>> monthlycounter=monthlycounter+%{Acct-Input-Octets} \
>>>>>
>>>>> where username='%n' \
>>>>>
>>>>> And Type = 'Q'
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> AuthSelect select totalcounter from quotacounter \
>>>>>
>>>>> where username='%n' \
>>>>>
>>>>> And Type = 'Q'
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> AcctSQLStatement update quotacounter set \
>>>>>
>>>>> totalcounter=totalcounter+%{Acct-Input-Octets} \
>>>>>
>>>>> where username='%n' \
>>>>>
>>>>> And Type = 'Q'
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> PostAuthHook file:"%D/thomas.pl";
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> </AuthBy>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> </Handler>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> # Accept processing of other accounting requests of the genre
>>>>> start and interim
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> <Handler Request-Type = Accounting-Request>
>>>>>
>>>>>
>>>>>
>>>>> <Realm DEFAULT>
>>>>>
>>>>> <AuthBy SQL>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> DBSource dbi:mysql:radius
>>>>>
>>>>> DBUsername xxxx
>>>>>
>>>>> DBAuth xxxx
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> AccountingTable ACCOUNTING
>>>>>
>>>>> AcctColumnDef USERNAME, User-Name
>>>>>
>>>>> AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
>>>>>
>>>>> AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
>>>>>
>>>>> AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets
>>>>>
>>>>> AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets
>>>>>
>>>>> AcctColumnDef TIME_STAMP,Event-Timestamp
>>>>>
>>>>> AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time
>>>>>
>>>>> AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time
>>>>>
>>>>> AcctColumnDef ACCTSESSIONID,Acct-Session-Id
>>>>>
>>>>> AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
>>>>>
>>>>> AcctColumnDef NASIDENTIFIER,NAS-Identifier
>>>>>
>>>>> AcctColumnDef NASPORT,NAS-Port
>>>>>
>>>>> AcctColumnDef ACCTSESSIONID,Acct-Session-Id
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> </AuthBy>
>>>>>
>>>>> # Log accounting to a detail file
>>>>>
>>>>> AcctLogFileName %L/detail
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> </Realm>
>>>>>
>>>>> </Handler>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Requesting your kind help, Thomas Kurian IT Security Engineer
>>>>> (B.Tech. -- Electrical) Kuwaiti Canadian Consulting Group
>>>>> (www.kccg.com) T: +965 22435566 F: +965 22415149 E: thomas at kccg.com
>>>>> On 3/27/2013 8:00 PM, radiator-request at open.com.au wrote:
>>>>>> Send radiator mailing list submissions to radiator at open.com.au To
>>>>>> subscribe or unsubscribe via the World Wide Web, visit
>>>>>> http://www.open.com.au/mailman/listinfo/radiator or, via email,
>>>>>> send a message with subject or body 'help' to
>>>>>> radiator-request at open.com.au You can reach the person managing
>>>>>> the list at radiator-owner at open.com.au When replying, please edit
>>>>>> your Subject line so it is more specific than "Re: Contents of
>>>>>> radiator digest..." Today's Topics: 1. Re: Handler type
>>>>>> Stop/Alive distinguished processing (Michael Newton)
>>>>>> ----------------------------------------------------------------------
>>>>>> Message: 1 Date: Wed, 27 Mar 2013 09:41:40 -0700 From: Michael
>>>>>> Newton <mnewton at pofp.com> Subject: Re: [RADIATOR] Handler type
>>>>>> Stop/Alive distinguished processing To: radiator at open.com.au
>>>>>> Message-ID:
>>>>>> <CADEoLhCoJHu0vQChsC5-czmG24k+kwsSnw=FzyDoVJi-bH-DCw at mail.gmail.com>
>>>>>> Content-Type: text/plain; charset="utf-8" On 27 March 2013 09:29,
>>>>>> <radiator-request at open.com.au> wrote:
>>>>>>> My requirement is to process and handle ,Alive and Stop packet
>>>>>>> separately and the configuration must be called/processed
>>>>>>> separately ,each time the radiator receives it based on the Acct
>>>>>>> Status type as described above. Please help me out , i could not
>>>>>>> find an explanation for this anywhere and i am confused. Please
>>>>>>> let me know, if you need any more specifics to help me out.
>>>>>> There shouldn't be any problem with using <Handler
>>>>>> Acct-Status-Type=Start>, <Handler Acct-Status-Type=Alive>, or
>>>>>> <Handler Acct-Status-Type=Stop>, it is how we do accounting on
>>>>>> our server. Maybe make sure you you are using "AuthByPolicy
>>>>>> ContinueWhileIgnore" if you have problems with subsequent
>>>>>> handlers not getting called? If that doesn't help, I'd suggest
>>>>>> posting the config that doesn't work instead of the one that
>>>>>> does; other people may be able to provide more suggestions. Mike
>>>>>> -------------- next part -------------- An HTML attachment was
>>>>>> scrubbed... URL:
>>>>>> http://www.open.com.au/pipermail/radiator/attachments/20130327/ab98603b/attachment-0001.html
>>>>>> ------------------------------
>>>>>> _______________________________________________ radiator mailing
>>>>>> list radiator at open.com.au
>>>>>> http://www.open.com.au/mailman/listinfo/radiator End of radiator
>>>>>> Digest, Vol 46, Issue 24 ****************************************
>>>>>
>>>>> _______________________________________________ radiator mailing
>>>>> list radiator at open.com.au
>>>>> http://www.open.com.au/mailman/listinfo/radiator
>>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.open.com.au/pipermail/radiator/attachments/20130404/398a04ff/attachment-0001.html
More information about the radiator
mailing list