[RADIATOR] Radiator+Mikrotik

sergio sergio at inbox.com
Thu Jan 22 20:41:49 CST 2015


hello

It is possible to create a package for the Mikrotik? MikrotikSessionMIB.pm


> -----Original Message-----
> From: nathana at fsr.com
> Sent: Mon, 8 Dec 2014 05:30:26 -0800
> To: m.abdelsalam at wimd.com.kw, radiator at open.com.au
> Subject: Re: [RADIATOR] Radiator+Mikrotik
> 
> On Monday, December 08, 2014 12:16 AM, Mahmoud Abdelsalam wrote:
> 
>> Hello all,
>> 
>> As Mikrotik doesn't support COA for PPPoE, so I used Disconnect-Request,
>> the hook script will send Disconnect-Request to Mikrotik once the
>> session
>> exceeds the quota, here is how i send Disconnect-Request:
> 
> [snip]
> 
>> This works fine but the problem is that user can't re-authenticate again
>> because it reaches Maxsessions although I have this in my config file:
> 
> [snip]
> 
>> The user would successfully authenticate again when I manually remove
>> the
>> session from RADONLINE by executing the DeleteQuery.
> 
> It has been a while since I have had to look at/think about this, but as
> I recall, this is how it works:
> 
> DeleteQuery doesn't get executed unless the Radiator server receives
> Accounting-Stop from the MikroTik.
> 
> PoD/Disconnect-Request may or may not cause Accounting-Stop to be issued
> by MikroTik RouterOS; I can't remember and I will have to simulate this
> later and run a packet capture to see what happens.  (Maybe if you are
> running an older version of RouterOS, try upgrading?  It could be a bug
> that got fixed later, and they have definitely had their share of RADIUS
> client bugs in the past.)
> 
> In any case, you can work around a problem where Radiator does not
> receive Accounting-Stop by having Radiator verify that any active
> sessions for the user that are recorded in the RADONLINE table are valid
> at the moment that the user tries to authenticate again.  Radiator does
> this by executing an SNMP query to the NAS that is on record for each
> session to see if the Session-ID for that row in the table is still
> valid.  If the NAS does not return anything for the OID, then Radiator
> assumes the session is dead and purges that entry from RADONLINE,
> reducing MaxSessions count by 1.
> 
> To enable this functionality, you need to make sure that SNMP is enabled
> and configured on each MikroTik NAS, you need to make sure that Net-SNMP
> is installed and configured on the Radiator server, and you need to add
> these options to your Client clause in your Radiator config file:
> 
> <Client DEFAULT>
>         [...]
>         # MikroTik supports this MIB
>         NasType CiscoSessionMIB
>         SNMPCommunity public
> </Client>
> 
> Replace 'public' with the SNMP community string that you have configured
> on the MikroTik.
> 
> We also made a slight change to the Radiator code, because by default, if
> Radiator does not get a response back from its SNMP "get" to the
> MikroTik, it gives the benefit of the doubt to RADONLINE.  We have found
> that more often than not, it is better to give the benefit of the doubt
> to the user.  That way, a user is not unfairly punished by problems with
> our NAS or problems on our network that might make it impossible for
> Radiator to communicate with our NAS.  Here is the patch to make that
> change in behavior:
> 
> diff -r -d -u -N Radius/Nas/CiscoSessionMIB.pm
> Radius-patched/Nas/CiscoSessionMIB.pm
> --- Radius/Nas/CiscoSessionMIB.pm	2009-10-26 15:23:55.000000000 -0700
> +++ Radius-patched/Nas/CiscoSessionMIB.pm	2014-12-08 05:20:02.000000000
> -0800
> @@ -39,7 +39,7 @@
>  	 $client->{SNMPCommunity},
>  	 "$Radius::Nas::CiscoMIB.9.150.1.1.3.1.2.$session_id");
> 
> -    return 1 if (!$result || $result =~ /no response/i); # Could not
> SNMP. Assume still there
> +    return 0 if (!$result || $result =~ /no response/i); # Could not
> SNMP. Give benefit of doubt to user.
>      return 0 if $result =~ /no such variable/i;  # Not in the MIB means
> no such session
>      return uc($1) eq uc($name)
>  	if ($result =~ /^.*\"([^"]+)".*$/);
> 
> Hope this helps,
> 
> --
> Nathan Anderson
> First Step Internet, LLC
> nathana at fsr.com
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator

____________________________________________________________
Can't remember your password? Do you need a strong and secure password?
Use Password manager! It stores your passwords & protects your account.
Check it out at http://mysecurelogon.com/password-manager




More information about the radiator mailing list