Hello,
Is it possible to prevent executing AuthBy clauses when MaxSessions exceeds (within a Handler).
When radiator receives Access-Request, it determine an appropriate handler to process request.
Then it checks whether the user has reach MaxSessions.
In this case user has reach MaxSessions, therefore it should send Access-Reject to NAS and stop executing AuthBy clauses.
However radiator still go through the clauses and eventually send out Access-Accept to NAS.
At the same time, our NAS takes in Access-Accept and open a PPP session.
Pls find attached trace 4 capture and extracts of our radius.cfg.
Can anyone give us a hint.
Harrison
SmarTone BroadBand Services Limited
<<MaxSession.txt>> <<radius.cfg>>
Wed Aug 29 16:19:49 2001: DEBUG: Packet dump: *** Received from 202.140.97.153 port 1812 .... Code: Access-Request Identifier: 0 Authentic: )<222><174><255>o<233>6<245><137>.<163>:<215>6<225><244> Attributes: User-Name = "[EMAIL PROTECTED]" User-Password = "<29>3FVW{V<30><27>5k<249><151><1><207>[" NAS-Identifier = "LAPB01" NAS-IP-Address = 202.140.97.153 Service-Type = Framed-User Framed-Protocol = PPP NAS-Port = 100663738 Wed Aug 29 16:19:49 2001: DEBUG: Check if Handler User-Name = /(?![\w\.\-@])+/ should be used to handle this request Wed Aug 29 16:19:49 2001: DEBUG: Check if Handler Client-Id = 202.67.215.60 should be used to handle this request Wed Aug 29 16:19:49 2001: DEBUG: Check if Handler Client-Id = 202.67.215.240 should be used to handle this request Wed Aug 29 16:19:49 2001: DEBUG: Check if Handler Client-Id = 10.20.2.2 should be used to handle this request Wed Aug 29 16:19:49 2001: DEBUG: Check if Handler Client-Id = 202.140.97.152 should be used to handle this request Wed Aug 29 16:19:49 2001: DEBUG: Check if Handler Client-Id = 202.140.97.153 should be used to handle this request Wed Aug 29 16:19:49 2001: DEBUG: Handling request with Handler 'Client-Id = 202.140.97.153' Wed Aug 29 16:19:49 2001: DEBUG: Rewrote user name to fieldsvc Wed Aug 29 16:19:49 2001: DEBUG: bras Deleting session for [EMAIL PROTECTED], 202.140.97.153, 100663738 Wed Aug 29 16:19:49 2001: DEBUG: do query is: delete from BBONLINE where NASIDENTIFIER='202.140.97.153' and NASPORT=100663738 Wed Aug 29 16:19:49 2001: DEBUG: Query is: select NASIDENTIFIER,NASPORT from BBONLINE where USERNAME='[EMAIL PROTECTED] ' Wed Aug 29 16:19:49 2001: DEBUG: Checking if user is still online: unknown, [EMAIL PROTECTED], 202.140.97.153, 10066400 0, Wed Aug 29 16:19:49 2001: INFO: Access rejected for fieldsvc: MaxSessions exceeded Wed Aug 29 16:19:49 2001: DEBUG: Packet dump: *** Sending to 202.140.97.153 port 1812 .... Code: Access-Reject Identifier: 0 Authentic: )<222><174><255>o<233>6<245><137>.<163>:<215>6<225><244> Attributes: Reply-Message = "Request Denied" Reply-Message = "MaxSessions exceeded" Wed Aug 29 16:19:49 2001: DEBUG: Handling with Radius::AuthGROUP Wed Aug 29 16:19:49 2001: DEBUG: Handling with Radius::AuthLDAPwOBJ Wed Aug 29 16:19:49 2001: DEBUG: Connecting to 202.140.96.53, port 389 Wed Aug 29 16:19:49 2001: DEBUG: LDAP got result for cn=fieldsvc,ou=People,o=SmarTone,c=hk Wed Aug 29 16:19:49 2001: DEBUG: LDAP got authserviceprotocol: Framed-User Wed Aug 29 16:19:49 2001: DEBUG: LDAP got framedprotocol: PPP Wed Aug 29 16:19:49 2001: DEBUG: LDAP got sessiontimeoutnumber: 86000 Wed Aug 29 16:19:49 2001: DEBUG: LDAP got userpassword: {crypt}vt3QIHUqVTcGE Wed Aug 29 16:19:49 2001: DEBUG: Radius::AuthLDAPwOBJ looks for match with fieldsvc Wed Aug 29 16:19:49 2001: DEBUG: Radius::AuthLDAPwOBJ ACCEPT: Wed Aug 29 16:19:49 2001: DEBUG: Handling with Radius::AuthGROUP Wed Aug 29 16:19:49 2001: DEBUG: Handling with Radius::AuthSQL Wed Aug 29 16:19:49 2001: DEBUG: Handling with Radius::AuthSQL Wed Aug 29 16:19:49 2001: DEBUG: Query is: select FRAMEDIPADDRESS from SUBSCRIBERS where USERNAME='fieldsvc' Wed Aug 29 16:19:49 2001: DEBUG: Radius::AuthSQL looks for match with fieldsvc Wed Aug 29 16:19:49 2001: DEBUG: Radius::AuthSQL ACCEPT: Wed Aug 29 16:19:49 2001: DEBUG: Access accepted for fieldsvc Wed Aug 29 16:19:49 2001: DEBUG: Packet dump: *** Sending to 202.140.97.153 port 1812 .... Code: Access-Accept Identifier: 0 Authentic: )<222><174><255>o<233>6<245><137>.<163>:<215>6<225><244> Attributes: Reply-Message = "Request Denied" Reply-Message = "MaxSessions exceeded" Service-Type = Framed-User Framed-Protocol = PPP Session-Timeout = 86000 Framed-IP-Address = 203.133.144.3 Wed Aug 29 16:19:51 2001: DEBUG: Packet dump: *** Received from 202.140.97.153 port 1812 .... Code: Accounting-Request Identifier: 0 Authentic: ?'<6><192>m?<193><16><4>?Op<255><206>s@ Attributes: User-Name = "[EMAIL PROTECTED]" NAS-Identifier = "LAPB01" NAS-IP-Address = 202.140.97.153 Service-Type = Framed-User Framed-Protocol = PPP NAS-Port = 100663738 LAC-Port = 117446876 LAC-Real-Port = 403638128 LAC-Port-Type = NAS_PORT_TYPE_PPPOE LAC-Real-Port-Type = NAS_PORT_TYPE_OC3 Acct-Session-Id = "060001BA-3B8CAA54" Acct-Authentic = RADIUS Acct-Status-Type = Start Wed Aug 29 16:19:51 2001: DEBUG: Check if Handler User-Name = /(?![\w\.\-@])+/ should be used to handle this request Acct-Authentic = RADIUS Acct-Status-Type = Start Wed Aug 29 16:19:51 2001: DEBUG: Check if Handler User-Name = /(?![\w\.\-@])+/ should be used to handle this request Wed Aug 29 16:19:51 2001: DEBUG: Check if Handler Client-Id = 202.67.215.60 should be used to handle this request Wed Aug 29 16:19:51 2001: DEBUG: Check if Handler Client-Id = 202.67.215.240 should be used to handle this request Wed Aug 29 16:19:51 2001: DEBUG: Check if Handler Client-Id = 10.20.2.2 should be used to handle this request Wed Aug 29 16:19:51 2001: DEBUG: Check if Handler Client-Id = 202.140.97.152 should be used to handle this request Wed Aug 29 16:19:51 2001: DEBUG: Check if Handler Client-Id = 202.140.97.153 should be used to handle this request Wed Aug 29 16:19:51 2001: DEBUG: Handling request with Handler 'Client-Id = 202.140.97.153' Wed Aug 29 16:19:51 2001: DEBUG: Rewrote user name to fieldsvc Wed Aug 29 16:19:51 2001: DEBUG: bras Adding session for [EMAIL PROTECTED], 202.140.97.153, 100663738 Wed Aug 29 16:19:51 2001: DEBUG: do query is: delete from BBONLINE where NASIDENTIFIER='202.140.97.153' and NASPORT=100663738 Wed Aug 29 16:19:51 2001: DEBUG: do query is: insert into BBONLINE (USERNAME,NASIDENTIFIER,NASPORT,ACCTSESSIONID,TIME_STAMP,FRAMEDIP ADDRESS,NASPORTTYPE,SERVICETYPE,DIALUP) values ('[EMAIL PROTECTED]','202.140.97.153',100663738,'060001BA-3B8CAA54',9990 73191,'','','Framed-User','bras') Wed Aug 29 16:19:51 2001: DEBUG: Handling with Radius::AuthGROUP Wed Aug 29 16:19:51 2001: DEBUG: Handling with Radius::AuthLDAPwOBJ Wed Aug 29 16:19:51 2001: DEBUG: Handling with Radius::AuthGROUP Wed Aug 29 16:19:51 2001: DEBUG: Handling with Radius::AuthSQL Wed Aug 29 16:19:51 2001: DEBUG: Handling accounting with Radius::AuthSQL Wed Aug 29 16:19:51 2001: DEBUG: Accounting accepted Wed Aug 29 16:19:51 2001: DEBUG: Packet dump: *** Sending to 202.140.97.153 port 1812 .... Code: Accounting-Response Identifier: 0 Authentic: ?'<6><192>m?<193><16><4>?Op<255><206>s@ Attributes: