[RADIATOR] Alive\Update handlers with proxy
eliran shlomo
eliranshlomo at gmail.com
Tue Dec 17 02:51:48 CST 2013
Hi Heikki,
This is the trace
Correct attributes mark in blue , wrong in red.
please advise and many thanks!
Eliran
Tue Dec 17 09:27:23 2013: DEBUG: Packet dump:
*** Received from ********** port 1812 ....
Code: Access-Request
Identifier: 104
Authentic:
<191><244>\<241><27><135><242><251>A^<197><247><164><237><150><250>
Attributes:
User-Name = "bdynamic_test1"
User-Password =
;<133><181>}<24><228>E<248><19>><198>G<202><253>U<199>
Service-Type = Authorize-Only
Framed-Protocol = PPP
NAS-Identifier = "SE600-LAB"
NAS-IP-Address = ********
NAS-Port = 2432705629
NAS-Port-Type = Virtual
NAS-Port-Id = "L2TP LNS 9309"
RB-Medium-Type = DSL
Connect-Info = "1000000000/1000000000"
RB-NAS-Port = "<0><0><0><3>"
RB-Platform-Type = "<0><0><0><6>"
RB-OS-Version = "11.1.2.5"
Acct-Session-Id = "FF10FFFF5800245D-52B00D63"
Tunnel-Type = 0:L2TP
Tunnel-Medium-Type = 0:IP
Tunnel-Server-Endpoint = *****
Tunnel-Client-Endpoint = *****
Tunnel-Server-Auth-ID = SE600-LAB
Tunnel-Client-Auth-ID = big-se-2-600-ptk
RB-Tunnel-Max-Sessions = 0:65535
RB-Tunnel-Max-Tunnels = 0:32767
RB-Tunnel-Function = 0:LNS-Only
Tunnel-ID = big-se-2-600-ptk:31113:11486
RB-LAC-Port = 1744830812
Tue Dec 17 09:27:23 2013: DEBUG: Handling request with Handler
'NAS-Port-Type=ADSL', Identifier ''
Tue Dec 17 09:27:23 2013: DEBUG: RewriteFunction rewrote user name to
bdynamic_test1
Tue Dec 17 09:27:23 2013: DEBUG: Handling with Radius::AuthLDAP2: LDAP_User
Tue Dec 17 09:27:23 2013: DEBUG: LDAP got result for
uid=bdynamic_test1,ou=People,o=*****,c=****
Tue Dec 17 09:27:23 2013: DEBUG: LDAP got chapPassword: ******
Tue Dec 17 09:27:23 2013: DEBUG: LDAP got authServiceProtocol: Framed-User
Tue Dec 17 09:27:23 2013: DEBUG: LDAP got authPortLimit: 2
Tue Dec 17 09:27:23 2013: DEBUG: LDAP got authhostporttype:
/^(ISDN|Async|Virtual|Sync|ADSL|CABLE|HOTSPOT)$/
Tue Dec 17 09:27:23 2013: DEBUG: LDAP got RateLimitRate: 100000
Tue Dec 17 09:27:23 2013: DEBUG: LDAP got PoliceRate: 2360
Tue Dec 17 09:27:23 2013: DEBUG: LDAP got PoliceBurst: 12000000
Tue Dec 17 09:27:23 2013: DEBUG: LDAP got RateLimitBurst: 30000
Tue Dec 17 09:27:23 2013: DEBUG: LDAP got RedbackContextname: ngn
Tue Dec 17 09:27:23 2013: DEBUG: request packet
TEST-SE
Tue Dec 17 09:27:23 2013: ERR: user: bdynamic_test1 Pool is empty: adding
default to pool , set class to ngn
Tue Dec 17 09:27:23 2013: DEBUG: Radius::AuthLDAP2 looks for match with
bdynamic_test1 [bdynamic_test1]
Tue Dec 17 09:27:23 2013: DEBUG: Query is: 'select NASIDENTIFIER, NASPORT,
ACCTSESSIONID from RADONLINE where USERNAME='bdynamic_test1' and ACTIVE =
TRUE and NASIDENTIFIER != '*********' and NASPORT != '9309'':
Tue Dec 17 09:27:23 2013: DEBUG: Radius::AuthLDAP2 ACCEPT: : bdynamic_test1
[bdynamic_test1]
Tue Dec 17 09:27:23 2013: DEBUG: AuthBy LDAP2 result: ACCEPT,
Tue Dec 17 09:27:23 2013: DEBUG: Access accepted for bdynamic_test1
Tue Dec 17 09:27:23 2013: DEBUG: do query is: 'insert into RADAUTHLOG
(HOSTNAME, NASID, TIME_STAMP, USERNAME, TYPE) values ('test4','********',
1387265243, 'bdynamic_test1', 1)':
Tue Dec 17 09:27:23 2013: INFO: process
Tue Dec 17 09:27:23 2013: DEBUG: Packet dump:
*** Sending to ********** port 1812 ....
Code: Access-Accept
Identifier: 104
Authentic: LA<187><223>J<194><4><208><135><174>x<232><181><148><220><189>
Attributes:
Service-Type = Framed-User
Port-Limit = 2
Ascend-Maximum-Channels = 2
Class = "ngn"
RB-Police-Rate = 2360
RB-Context-Name = "ngn"
RB-QoS-Metering-Profile-Name = "100000"
RB-Ip-Address-Pool-Name = "default"
Tue Dec 17 09:27:23 2013: DEBUG: Packet dump:
*** Received from ************** port 1812 ....
Code: Accounting-Request
Identifier: 76
Authentic: p<167><15><12><168><212><144><12>7<223><218>%?<208><164><193>
Attributes:
User-Name = "bdynamic_test1"
Acct-Status-Type = Alive
Acct-Session-Id = "FF10FFFF5800245D-52B00D63"
Service-Type = Framed-User
Framed-Protocol = PPP
RB-Acct-Update-Reason = AAA-Load-Acct-Subscriber-Reauth
NAS-Identifier = "SE600-LAB"
NAS-IP-Address = **********
NAS-Port = 2432705629
NAS-Port-Type = Virtual
NAS-Port-Id = "L2TP LNS 9309"
RB-Medium-Type = DSL
Connect-Info = "1000000000/1000000000"
RB-Platform-Type = "<0><0><0><6>"
RB-OS-Version = "11.1.2.5"
Acct-Authentic = RADIUS
Port-Limit = 2
RB-Context-Name = "safe"
RB-Ip-Address-Pool-Name = "default"
RB-Client-DNS-Pri = ******
RB-Client-DNS-Sec = *****
Framed-IP-Address = *******
Framed-IP-Netmask = 255.255.255.255
Tunnel-Type = 0:L2TP
Tunnel-Medium-Type = 0:IP
Tunnel-Server-Endpoint = *******
Tunnel-Client-Endpoint = ********
Tunnel-Server-Auth-ID = SE600-LAB
Tunnel-Client-Auth-ID = big-se-2-600-ptk
RB-Tunnel-Max-Sessions = 0:65535
RB-Tunnel-Max-Tunnels = 0:32767
RB-Tunnel-Function = 0:LNS-Only
Tunnel-ID = big-se-2-600-ptk:31113:11486
RB-LAC-Port = 1744830812
Acct-Session-Time = 14
Acct-Input-Packets = 16
Acct-Output-Packets = 11
Acct-Input-Octets = 1727
Acct-Output-Octets = 1081
Acct-Input-Gigawords = 0
Acct-Output-Gigawords = 0
RB-Acct-Input-Packets-64 = 0x10
RB-Acct-Output-Packets-64 = 0xb
RB-Acct-Input-Octets-64 = 0x6bf
RB-Acct-Output-Octets-64 = 0x439
RB-Acct-Mcast-In-Packets = 0
RB-Acct-Mcast-Out-Packet = 0
RB-Acct-Mcast-In-Octets = 0
RB-Acct-Mcast-Out-Octets = 0
RB-Acct-Mcast-In-Packets-64 = 0x0
RB-Acct-Mcast-Out-Packets-64 = 0x0
RB-Acct-Mcast-In-Octets-64 = 0x0
RB-Acct-Mcast-Out-Octets-64 = 0x0
RB-QoS-Metering-Profile-Name = "100000"
Class = "ngn"
Event-Timestamp = 1387269490
Tue Dec 17 09:27:23 2013: DEBUG: Handling request with Handler
'NAS-IP-Address=*****, Request-Type=Accounting-Request, Acct-Status-Type =
/^Alive/', Identifier ''
Tue Dec 17 09:27:23 2013: DEBUG: RewriteFunction rewrote user name to
bdynamic_test1
Tue Dec 17 09:27:23 2013: ERR: DA: user: bdynamic_test1 Context safe:
setting class to safe . '_' . 'ngn'
Tue Dec 17 09:27:23 2013: DEBUG: Handling with Radius::AuthRADIUS
Tue Dec 17 09:27:23 2013: ERR: There is no value named ADSL for attribute
NAS-Port-Type. Using 0.
Tue Dec 17 09:27:23 2013: DEBUG: Packet dump:
*** Sending to proxyserver port 1813 ....
Code: Accounting-Request
Identifier: 6
Authentic: 4<252><29><17>z<4>}<151><21>I'fvv<153><150>
Attributes:
User-Name = "bdynamic_test1"
Acct-Status-Type = Alive
Acct-Session-Id = "FF10FFFF5800245D-52B00D63"
Service-Type = Framed-User
Framed-Protocol = PPP
RB-Acct-Update-Reason = AAA-Load-Acct-Subscriber-Reauth
NAS-Identifier = "SE600-LAB"
NAS-IP-Address = ********
NAS-Port = 9309
NAS-Port-Id = "L2TP LNS 9309"
RB-Medium-Type = DSL
Connect-Info = "1000000000/1000000000"
RB-Platform-Type = "<0><0><0><6>"
RB-OS-Version = "11.1.2.5"
Acct-Authentic = RADIUS
Port-Limit = 2
RB-Context-Name = "safe"
RB-Ip-Address-Pool-Name = "default"
RB-Client-DNS-Pri = **********
RB-Client-DNS-Sec = *********
Framed-IP-Address = **********
Framed-IP-Netmask = 255.255.255.255
Tunnel-Type = 0:L2TP
Tunnel-Medium-Type = 0:IP
Tunnel-Server-Endpoint = ******
Tunnel-Client-Endpoint = ********
Tunnel-Server-Auth-ID = SE600-LAB
Tunnel-Client-Auth-ID = big-se-2-600-ptk
RB-Tunnel-Max-Sessions = 0:65535
RB-Tunnel-Max-Tunnels = 0:32767
RB-Tunnel-Function = 0:LNS-Only
Tunnel-ID = big-se-2-600-ptk:31113:11486
RB-LAC-Port = 1744830812
Acct-Session-Time = 14
Acct-Input-Packets = 16
Acct-Output-Packets = 11
Acct-Input-Octets = 1727
Acct-Output-Octets = 1081
Acct-Input-Gigawords = 0
Acct-Output-Gigawords = 0
RB-Acct-Input-Packets-64 = 0x10
RB-Acct-Output-Packets-64 = 0xb
RB-Acct-Input-Octets-64 = 0x6bf
RB-Acct-Output-Octets-64 = 0x439
RB-Acct-Mcast-In-Packets = 0
RB-Acct-Mcast-Out-Packet = 0
RB-Acct-Mcast-In-Octets = 0
RB-Acct-Mcast-Out-Octets = 0
RB-Acct-Mcast-In-Packets-64 = 0x0
RB-Acct-Mcast-Out-Packets-64 = 0x0
RB-Acct-Mcast-In-Octets-64 = 0x0
RB-Acct-Mcast-Out-Octets-64 = 0x0
RB-QoS-Metering-Profile-Name = "100000"
Class = "safe_ngn"
Event-Timestamp = 1387269490
NAS-Port-Type = ADSL
Timestamp = 1387265243
Acct-Delay-Time = 0
Tue Dec 17 09:27:23 2013: DEBUG: AuthBy RADIUS result: IGNORE,
Tue Dec 17 09:27:23 2013: DEBUG: Accounting accepted
Tue Dec 17 09:27:23 2013: DEBUG: Packet dump:
*** Sending to *********** port 1812 ....
Code: Accounting-Response
Identifier: 76
Authentic: <15>v<16><224>`<211><179>2<153>=<154><218><10><147>+<219>
Attributes:
Tue Dec 17 09:27:23 2013: DEBUG: Received reply in AuthRADIUS for req 6
from ********:1813
Tue Dec 17 09:27:23 2013: DEBUG: Packet dump:
*** Received from ******** port 1813 ....
Code: Accounting-Response
Identifier: 6
Authentic: r<206><143>zr<5><170><5>L<12><30><227>B<214><210><13>
Attributes:
proxyhook.pl
sub {
my $p = ${$_[0]}; # proxy reply packet
my $context = lc($p->get_attr('RB-Context-Name'));
my $class = lc($p->get_attr('Class'));
my $pool = lc($p->get_attr('RB-Ip-Address-Pool-Name'));
my $usern=$p->get_attr('User-Name');
if ( $context =~ /^(gamer|safe|ngn|big)$/ ) {
if ( $pool =~ /^(ngn|xngn|NGN|XNGN)$/ ) {
if ( $context =~ /^(gamer)$/ ) {
$p->change_attr('Class', $context . '_' . 'ngn');
## Logs ##
&main::log($main::LOG_ERR, "DA: user: $usern Context gamer: setting
class to $context . '_' . 'ngn'");
}
} elsif ( $class =~ /^(ngn|xngn|NGN|XNGN)$/ ) {
if ( $context =~ /^(gamer)$/ ) {
$p->change_attr('Class', $context . '_' . 'ngn');
## Logs ##
&main::log($main::LOG_ERR, "DA: user: $usern Context gamer:
setting class to $context . '_' . 'ngn'");
} elsif ( $context =~ /^(safe)$/ ) {
$p->change_attr('Class', $context . '_' . 'ngn');
&main::log($main::LOG_ERR, "DA: user: $usern Context safe: setting
class to $context . '_' . 'ngn'");
}
} elsif ( $class =~ /^(default|safe)$/ ) {
$p->change_attr('Class', $context);
&main::log($main::LOG_ERR, "DA: user: $usern Context $class pool
default: setting class to $context ");
} elsif ( $class =~ /^(ngn)$/ ) {
$p->change_attr('Class', 'ngn');
&main::log($main::LOG_ERR, "DA: user: $usern Context $class pool
default: setting class to $context ");
} elsif ( $context =~ /^(gamer)$/ ) {
$p->change_attr('Class', $context);
## Logs ##
&main::log($main::LOG_ERR, "DA: user: $usern Context&pool gamer:
setting class to $context ");
} elsif ( $context =~ /^(big)$/ ) {
$p->change_attr('Class', 'gamer');
## Logs ##
&main::log($main::LOG_ERR, "DA: user: $usern Context big: setting
class to gamer ");
}
}
}
On Dec 16, 2013 5:08 PM, "Heikki Vatiainen" <hvn at open.com.au> wrote:
> On 12/16/2013 03:44 PM, eliran shlomo wrote:
>
> > I have proxy radius that receive a different attributes then the NAS.
> >
> > When i change an attribute in the LDAP and tell the NAS to get an update
> > the NAS receive all updated values
> > But the values that are sent to the proxy contain old data.
>
> Hello Eliran,
>
> are you changing $p (the current request) in the hook? $p is what the
> outgoing request in AuthBy RADIUS is based on.
>
> It's a bit hard to say more without Trace 4 logs and the hook.
>
> Thanks,
> Heikki
>
>
> > please advise.
> >
> > Thanks,
> >
> > Eliran
> >
> > The AuthBy look like this
> >
> > <AuthBy RADIUS>
> > Identifier ProxyAccounting
> > Host x.x.x.x
> > NoForwardAuthentication
> > IgnoreAccountingResponse
> > AcctPort 1813
> > FailureBackoffTime 0
> > Retries 1
> > RetryTimeout 3
> > Secret ******
> > </AuthBy>
> >
> > And the handler looks like this
> >
> > <Handler NAS-IP-Address=x.x.x.x, Request-Type=Accounting-Request,
> > Acct-Status-Type = /^Alive/>
> > include %{GlobalVar:CONFIGROOT}/include/RewriteUsername.inc
> > PreAuthHook file:"%{GlobalVar:CONFIGROOT}/include/proxyupdate.pl
> > <http://proxyupdate.pl>"
> > AuthBy ProxyAccounting
> > SessionDatabase NULL
> > AccountingHandled
> > AcctLogFileName %{GlobalVar:DETAILDIR}/%c/detail-%Y%m%d.csv
> > AcctLogFileFormat \
> > %{User-Name},%{Acct-Session-Id},%{Framed-IP-Address},\
> >
> > %{Calling-Station-Id},%{Called-Station-Id},%{NAS-IP-Address},\
> > %{NAS-Port-Type},%{NAS-Port},%{Acct-Status-Type},\
> > %{Tunnel-Server-Endpoint},%{Tunnel-Client-Endpoint},\
> > %{Tunnel-Server-Auth-ID},%{Tunnel-Client-Auth-ID},\
> >
> > %{RB-Context-Name},%{Acct-Input-Octets},%{Acct-Output-Octets},\
> > %{Acct-Input-Gigawords},%{Acct-Output-Gigawords},\
> > %{RB-QoS-Metering-Profile-Name},%{Acct-Terminate-Cause},\
> > %{Acct-Session-Time},%{Event-Timestamp},\
> > %{Acct-Authentic},%{Acct-Delay-Time},\
> > %{Acct-Input-Packets},%{Acct-Output-Packets},\
> > %{Framed-Protocol},%{Service-Type}
> > </Handler>
> >
> >
> >
> >
> >
> > _______________________________________________
> > radiator mailing list
> > radiator at open.com.au
> > http://www.open.com.au/mailman/listinfo/radiator
> >
>
>
> --
> Heikki Vatiainen <hvn at open.com.au>
>
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
> DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
> NetWare etc.
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.open.com.au/pipermail/radiator/attachments/20131217/a6b5d630/attachment-0001.html
More information about the radiator
mailing list