Hello Aaron -
On Wed, 07 Jun 2000, Aaron Holtz wrote:
> With 2.16 I'm seeing two things that don't seem to fit with the docs.
> One is that the last database defined in the config is not
> the one used as the default, it is the first one listed. Second is that
> the SessionDatabase item in the Handler sections are not being
> honored. Here is my config that is relevant:
>
> <Handler Realm=/^mail.comnetohio.com/i>
> SessionDatabase MEMNULL
> </Handler>
>
> <Handler Realm="", User-Name=/^[a-z0-9\-\.]+$/>
> SessionDatabase SQLDB
> AuthByPolicy ContinueWhileReject
> <AuthBy SQL>
> AuthSelect
> AccountingTable detail
> .....
> </Handler>
>
>
> <SessionDatabase SQL>
> Identifier SQLDB
> include %D/connections/sessiondb.remote.connection
> include %D/connections/sessiondb.queries
> </SessionDatabase>
>
> <SessionDatabase NULL>
> Identifier MEMNULL
> </SessionDatabase>
>
> Since NULL is listed last it should be the default. But no matter what
> query I send, it always uses the SQLDB Identifier (at least the debug
> output shows that is so and the query printed shows it is talking to
> the database):
>
>
> Fri Jun 2 10:13:18 2000: DEBUG: Packet dump:
> *** Received from 205.212.1.1 port 1186 ....
> Code: Access-Request
> Identifier: 94
> Authentic: 1234567890123456
> Attributes:
> User-Name = "[EMAIL PROTECTED]"
> Service-Type = Framed-User
> NAS-IP-Address = 205.212.1.1
> NAS-Port = 1234
> NAS-Port-Type = Async
> Framed-IP-Address = 255.255.255.254
> Password =
> "<164>R<196><236>p<150><219><139>Q{<156><237><156><187><234><229>"
>
> Fri Jun 2 10:13:18 2000: DEBUG: Rewrote user name to
> [EMAIL PROTECTED]
> Fri Jun 2 10:13:18 2000: DEBUG: Rewrote user name to
> [EMAIL PROTECTED]
> Fri Jun 2 10:13:18 2000: DEBUG: Check if Handler
> Realm=/^mail.comnetohio.com/i should be used to handle this request
> Fri Jun 2 10:13:18 2000: DEBUG: Handling request with Handler
> 'Realm=/^mail.comnetohio.com/i'
> Fri Jun 2 10:13:18 2000: DEBUG: SQLDB Deleting session for
> [EMAIL PROTECTED], 205.212.1.1, 1234
>
> Fri Jun 2 10:13:18 2000: INFO: Access rejected for
> [EMAIL PROTECTED]:
> Fri Jun 2 10:13:18 2000: DEBUG: do query is: insert into radlog
> (TIME_STAMP, PRIORITY, MESSAGE) values (959955198, 3, 'Access rejected for
> [EMAIL PROTECTED]: ')
>
> Fri Jun 2 10:13:18 2000: DEBUG: Packet dump:
> *** Sending to 205.212.112.1 port 1186 ....
> Code: Access-Reject
> Identifier: 94
> Authentic: 1234567890123456
> Attributes:
> Reply-Message = "Request Denied"
>
>
> Now if I were to switch the position of NULL and SQLDB in the config file,
> then NULL becomes the sole database used by all Handlers. This is a fresh
> unpack of 2.16 in its own directory. I get no errors on startup. But I
> have noticed that order in the configuration file for some clauses is very
> important. For example: I get no debug output from the <Log SQL> clause
> unless it appears BEFORE the <SessionDatabase ...> clauses. Is there
> something I should be watching out for? My <Log SQL> option is as
> follows:
>
>
> <Log SQL>
> Table radlog
> include %D/connections/logsql.remote.connection
> Trace 3
> </Log>
>
>
> In my packet dump above you can see that it shows entering in the error
> message to the sql log, but that line never shows up (nor does the log sql
> query sent at radiusd startup) if <Log SQL> appears after the
> <SessionDatabase ..> clauses in the config file. Any input is
> appreciated.
>
I wonder if you could try placing the SessionDatabase definitions in the
configuration file *before* the Handlers, just to make sure they are defined
before they are used? If you have a look at "sub new" in Radius/SessGeneric.pm,
you will see that the last clause configured is the one that gets stored for
use as the default. This seems very odd.
regards
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
