(RADIATOR) MaxSessions

Harrison Ng Wed, 29 Aug 2001 18:40:53 -0700

Title: MaxSessions

Hello,

Is it possible to prevent executing AuthBy clauses when MaxSessions exceeds (within a Handler).

When radiator receives Access-Request, it determine an appropriate handler to process request.
Then it checks whether the user has reach MaxSessions.
In this case user has reach MaxSessions, therefore it should send Access-Reject to NAS and stop executing AuthBy clauses.

However radiator still go through the clauses and eventually send out Access-Accept to NAS.
At the same time, our NAS takes in Access-Accept and open a PPP session.

Pls find attached trace 4 capture and extracts of our radius.cfg.
Can anyone give us a hint.

Harrison
SmarTone BroadBand Services Limited

<<MaxSession.txt>> <<radius.cfg>>

Wed Aug 29 16:19:49 2001: DEBUG: Packet dump:
*** Received from 202.140.97.153 port 1812 ....
Code:       Access-Request
Identifier: 0
Authentic:  )<222><174><255>o<233>6<245><137>.<163>:<215>6<225><244>
Attributes:
        User-Name = "[EMAIL PROTECTED]"
        User-Password = "<29>3FVW{V<30><27>5k<249><151><1><207>["
        NAS-Identifier = "LAPB01"
        NAS-IP-Address = 202.140.97.153
        Service-Type = Framed-User
        Framed-Protocol = PPP
        NAS-Port = 100663738

Wed Aug 29 16:19:49 2001: DEBUG: Check if Handler User-Name = /(?![\w\.\-@])+/ should 
be used to handle this request
Wed Aug 29 16:19:49 2001: DEBUG: Check if Handler Client-Id = 202.67.215.60 should be 
used to handle this request
Wed Aug 29 16:19:49 2001: DEBUG: Check if Handler Client-Id = 202.67.215.240 should be 
used to handle this request
Wed Aug 29 16:19:49 2001: DEBUG: Check if Handler Client-Id = 10.20.2.2 should be used 
to handle this request
Wed Aug 29 16:19:49 2001: DEBUG: Check if Handler Client-Id = 202.140.97.152 should be 
used to handle this request
Wed Aug 29 16:19:49 2001: DEBUG: Check if Handler Client-Id = 202.140.97.153 should be 
used to handle this request
Wed Aug 29 16:19:49 2001: DEBUG: Handling request with Handler 'Client-Id = 
202.140.97.153'
Wed Aug 29 16:19:49 2001: DEBUG: Rewrote user name to fieldsvc
Wed Aug 29 16:19:49 2001: DEBUG: bras Deleting session for 
[EMAIL PROTECTED], 202.140.97.153, 100663738
Wed Aug 29 16:19:49 2001: DEBUG: do query is: delete from BBONLINE where 
NASIDENTIFIER='202.140.97.153' and NASPORT=100663738

Wed Aug 29 16:19:49 2001: DEBUG: Query is: select NASIDENTIFIER,NASPORT from BBONLINE 
where USERNAME='[EMAIL PROTECTED]
'

Wed Aug 29 16:19:49 2001: DEBUG: Checking if user is still online: unknown, 
[EMAIL PROTECTED], 202.140.97.153, 10066400
0,
Wed Aug 29 16:19:49 2001: INFO: Access rejected for fieldsvc: MaxSessions exceeded
Wed Aug 29 16:19:49 2001: DEBUG: Packet dump:
*** Sending to 202.140.97.153 port 1812 ....
Code:       Access-Reject
Identifier: 0
Authentic:  )<222><174><255>o<233>6<245><137>.<163>:<215>6<225><244>
Attributes:
        Reply-Message = "Request Denied"
        Reply-Message = "MaxSessions exceeded"

Wed Aug 29 16:19:49 2001: DEBUG: Handling with Radius::AuthGROUP
Wed Aug 29 16:19:49 2001: DEBUG: Handling with Radius::AuthLDAPwOBJ
Wed Aug 29 16:19:49 2001: DEBUG: Connecting to 202.140.96.53, port 389
Wed Aug 29 16:19:49 2001: DEBUG: LDAP got result for 
cn=fieldsvc,ou=People,o=SmarTone,c=hk
Wed Aug 29 16:19:49 2001: DEBUG: LDAP got authserviceprotocol: Framed-User
Wed Aug 29 16:19:49 2001: DEBUG: LDAP got framedprotocol: PPP
Wed Aug 29 16:19:49 2001: DEBUG: LDAP got sessiontimeoutnumber: 86000
Wed Aug 29 16:19:49 2001: DEBUG: LDAP got userpassword: {crypt}vt3QIHUqVTcGE
Wed Aug 29 16:19:49 2001: DEBUG: Radius::AuthLDAPwOBJ looks for match with fieldsvc
Wed Aug 29 16:19:49 2001: DEBUG: Radius::AuthLDAPwOBJ ACCEPT:
Wed Aug 29 16:19:49 2001: DEBUG: Handling with Radius::AuthGROUP
Wed Aug 29 16:19:49 2001: DEBUG: Handling with Radius::AuthSQL
Wed Aug 29 16:19:49 2001: DEBUG: Handling with Radius::AuthSQL
Wed Aug 29 16:19:49 2001: DEBUG: Query is: select FRAMEDIPADDRESS from SUBSCRIBERS 
where USERNAME='fieldsvc'

Wed Aug 29 16:19:49 2001: DEBUG: Radius::AuthSQL looks for match with fieldsvc
Wed Aug 29 16:19:49 2001: DEBUG: Radius::AuthSQL ACCEPT:
Wed Aug 29 16:19:49 2001: DEBUG: Access accepted for fieldsvc
Wed Aug 29 16:19:49 2001: DEBUG: Packet dump:
*** Sending to 202.140.97.153 port 1812 ....
Code:       Access-Accept
Identifier: 0
Authentic:  )<222><174><255>o<233>6<245><137>.<163>:<215>6<225><244>
Attributes:
        Reply-Message = "Request Denied"
        Reply-Message = "MaxSessions exceeded"
        Service-Type = Framed-User
        Framed-Protocol = PPP
        Session-Timeout = 86000
        Framed-IP-Address = 203.133.144.3

Wed Aug 29 16:19:51 2001: DEBUG: Packet dump:
*** Received from 202.140.97.153 port 1812 ....
Code:       Accounting-Request
Identifier: 0
Authentic:  ?'<6><192>m?<193><16><4>?Op<255><206>s@
Attributes:
        User-Name = "[EMAIL PROTECTED]"
        NAS-Identifier = "LAPB01"
        NAS-IP-Address = 202.140.97.153
        Service-Type = Framed-User
        Framed-Protocol = PPP
        NAS-Port = 100663738
        LAC-Port = 117446876
        LAC-Real-Port = 403638128
        LAC-Port-Type = NAS_PORT_TYPE_PPPOE
        LAC-Real-Port-Type = NAS_PORT_TYPE_OC3
        Acct-Session-Id = "060001BA-3B8CAA54"
        Acct-Authentic = RADIUS
        Acct-Status-Type = Start

Wed Aug 29 16:19:51 2001: DEBUG: Check if Handler User-Name = /(?![\w\.\-@])+/ should 
be used to handle this request
        Acct-Authentic = RADIUS
        Acct-Status-Type = Start

Wed Aug 29 16:19:51 2001: DEBUG: Check if Handler User-Name = /(?![\w\.\-@])+/ should 
be used to handle this request
Wed Aug 29 16:19:51 2001: DEBUG: Check if Handler Client-Id = 202.67.215.60 should be 
used to handle this request
Wed Aug 29 16:19:51 2001: DEBUG: Check if Handler Client-Id = 202.67.215.240 should be 
used to handle this request
Wed Aug 29 16:19:51 2001: DEBUG: Check if Handler Client-Id = 10.20.2.2 should be used 
to handle this request
Wed Aug 29 16:19:51 2001: DEBUG: Check if Handler Client-Id = 202.140.97.152 should be 
used to handle this request
Wed Aug 29 16:19:51 2001: DEBUG: Check if Handler Client-Id = 202.140.97.153 should be 
used to handle this request
Wed Aug 29 16:19:51 2001: DEBUG: Handling request with Handler 'Client-Id = 
202.140.97.153'
Wed Aug 29 16:19:51 2001: DEBUG: Rewrote user name to fieldsvc
Wed Aug 29 16:19:51 2001: DEBUG: bras Adding session for 
[EMAIL PROTECTED], 202.140.97.153, 100663738
Wed Aug 29 16:19:51 2001: DEBUG: do query is: delete from BBONLINE where 
NASIDENTIFIER='202.140.97.153' and NASPORT=100663738

Wed Aug 29 16:19:51 2001: DEBUG: do query is: insert into BBONLINE 
(USERNAME,NASIDENTIFIER,NASPORT,ACCTSESSIONID,TIME_STAMP,FRAMEDIP
ADDRESS,NASPORTTYPE,SERVICETYPE,DIALUP) values 
('[EMAIL PROTECTED]','202.140.97.153',100663738,'060001BA-3B8CAA54',9990
73191,'','','Framed-User','bras')

Wed Aug 29 16:19:51 2001: DEBUG: Handling with Radius::AuthGROUP
Wed Aug 29 16:19:51 2001: DEBUG: Handling with Radius::AuthLDAPwOBJ
Wed Aug 29 16:19:51 2001: DEBUG: Handling with Radius::AuthGROUP
Wed Aug 29 16:19:51 2001: DEBUG: Handling with Radius::AuthSQL
Wed Aug 29 16:19:51 2001: DEBUG: Handling accounting with Radius::AuthSQL
Wed Aug 29 16:19:51 2001: DEBUG: Accounting accepted
Wed Aug 29 16:19:51 2001: DEBUG: Packet dump:
*** Sending to 202.140.97.153 port 1812 ....
Code:       Accounting-Response
Identifier: 0
Authentic:  ?'<6><192>m?<193><16><4>?Op<255><206>s@
Attributes:

radius.cfg

(RADIATOR) MaxSessions

Reply via email to