I am using Radiator 2.18.3 on AIX. I find that even though in my config file I have DefaultSimultaneousUse 1 set, all users are still allowed on. I use an SQL session database, and when I try tests using radpwtst I find something peculiar.
I first run the following command: /usr/local/Radiator-2.18/radpwtst -nostop -user=hamlin -password=XXXX -auth_port=1645 -acct_port=1646 -calling_station_id 9095551212 -nas_ip_address 127.0.0.1 This gives me an accesss accept and place the user information into my sql 'online' table. I purposely do not let radpwtst send a stop packet so that the information will remain in the online table. I then change the phone number (because I have a hook that checks for it) and run the following command from radpwtst. /usr/local/Radiator-2.18/radpwtst -noacct -user=hamlin -password=XXXX -auth_port=1645 -acct_port=1646 -calling_station_id 9495551213 -nas_ip_address 127.0.0.1 Notice that now, I have changed it to -noacct since all I want is the access reply. Strangely enough, it is accepted! Yet I can see the row in the online database. I get the following from the logfile on trace 4. This is the access request after the user is already in the online sql database. ---------logfile output ---------------------------- *** Received from 127.0.0.1 port 46269 .... Code: Access-Request Identifier: 17 Authentic: 1234567890123456 Attributes: User-Name = "hamlin" Service-Type = Framed-User NAS-IP-Address = 127.0.0.1 NAS-Port = 1234 Called-Station-Id = "123456789" Calling-Station-Id = "9491234546" NAS-Port-Type = Async User-Password = "<207><184>f<154><223>5p<246><188>8<9><160><216>}x<153>" Fri Jan 18 05:39:47 2002: INFO: Checking :hamlin: call-id :9491234546: Fri Jan 18 05:39:47 2002: INFO: CallIDHook: returned row ---> 'hamlin', '9095551212' Fri Jan 18 05:39:47 2002: DEBUG: Check if Handler Service-Type = Call-Check should be used to handle this request Fri Jan 18 05:39:47 2002: DEBUG: Check if Handler User-Name = admin should be used to handle this request Fri Jan 18 05:39:47 2002: DEBUG: Check if Handler Request-Type=Accounting-Request should be used to handle this request Fri Jan 18 05:39:47 2002: DEBUG: Check if Handler should be used to handle this request Fri Jan 18 05:39:47 2002: DEBUG: Handling request with Handler '' Fri Jan 18 05:39:47 2002: DEBUG: Rewrote user name to hamlin Fri Jan 18 05:39:47 2002: DEBUG: Deleting session for hamlin, 127.0.0.1, 1234 <-----### This seems odd to me Fri Jan 18 05:39:47 2002: DEBUG: do query is: delete from online where (nasidentifier='127.0.0.1')&&(nasport='1234') Fri Jan 18 05:39:47 2002: DEBUG: Handling with Radius::AuthGROUP Fri Jan 18 05:39:47 2002: DEBUG: Handling with Radius::AuthSQL Fri Jan 18 05:39:47 2002: DEBUG: Handling with Radius::AuthSQL: Fri Jan 18 05:39:47 2002: DEBUG: Query is: select check_items, reply_items, case when (prepay='false') then if(session_timeout,session_timeout,NULL) when ((prepay='true')&&(ISNULL(session_timeout))) then prepaid_timeleft when ((prepay='true')&&(!(ISNULL(session_timeout)))) then if(prepaid_timeleft<session_timeout,prepaid_timeleft,session_timeout) end from users where (username='hamlin' && handler_group='defau') Fri Jan 18 05:39:47 2002: DEBUG: Radius::AuthSQL looks for match with hamlin Fri Jan 18 05:39:47 2002: DEBUG: Query is: select username, acctsessionid from online where username='hamlin' Fri Jan 18 05:39:47 2002: DEBUG: Radius::AuthSQL ACCEPT: Fri Jan 18 05:39:47 2002: DEBUG: Access accepted for hamlin Fri Jan 18 05:39:47 2002::hamlin accepted from 127.0.0.1, called 123456789 from 9491234546 Fri Jan 18 05:39:47 2002: DEBUG: Packet dump: *** Sending to 127.0.0.1 port 46269 .... Code: Access-Accept Identifier: 17 Authentic: 1234567890123456 Attributes: Framed-IP-Address = 255.255.255.254 Framed-Routing = None Framed-Compression = Van-Jacobson-TCP-IP Framed-IP-Netmask = 255.255.255.255 Idle-Timeout = 900 Framed-Protocol = PPP Service-Type = Framed-User ----------end logfile output--------------------------------------------------- I have labelled the line above that seems strange to me. Why would it delete the session from the online sql database before doing anything else? I found the line in Handler.pm that does this and commented it out. When I then tried this test, it works like a champ (It's line 257 in Handler.pm). Perhaps I am doing something wrong. My radius.cfg file is as follows: ---------- radius.cfg -------------- # Values for testing only Trace 4 #Trace 3 #AuthPort 1812 #AcctPort 1813 # Directory where logfile and details file are LogDir /var/adm/radacct # Database directory. Should contain: # users The user database # dictionary The dictionary for your NAS DbDir /etc/raddb AuthPort 1645 AcctPort 1646 # client list include %D/client_list.cfg SnmpgetProg /usr/bin/snmp_aix.pl PreClientHook file:"/etc/raddb/CallIdCheck.hook" # Global parameters LivingstonOffs 29 LivingstonHole 2 LivingstonMIB 1.3.6.1.4.1.307 # Define Global Variables # DbHost should be localhost DefineGlobalVar DbHost ns2.quik.com.au DefineGlobalVar DbServer xxxxxx DefineGlobalVar DbUser xxxxx DefineGlobalVar DbPass xxxxxx # Online Session Database <SessionDatabase SQL> DBSource %{GlobalVar:DbServer} DBUsername %{GlobalVar:DbUser} DBAuth %{GlobalVar:DbPass} AddQuery insert into online (username, nasidentifier, nasport,\ acctsessionid, callingid, framedaddress) values ('%U','%c',\ '%{NAS-Port}','%{Acct-Session-Id}','%{Calling-Station-Id}',\ '%{Framed-IP-Address}') DeleteQuery delete from online where (nasidentifier='%1')&&(nasport='%2') CountQuery select username, acctsessionid from online where username='%n' </SessionDatabase> <AuthLog FILE> Identifier log1 Filename %L/logfile LogSuccess 1 LogFailure 1 @ SuccessFormat %l::%n accepted from %c, called %{Called-Station-Id} from %{Calling-Station-Id} FailureFormat %l::%n rejected from %c, %1, Called %{Called-Station-Id} from %{Calling-Station-Id}, password=%P </AuthLog> # Process call-check requests. <Handler Service-Type = Call-Check> AcctLogFileName %L/callcheck.log <AuthBy SQL> DBSource %{GlobalVar:DbServer} DBUsername %{GlobalVar:DbUser} DBAuth %{GlobalVar:DbPass} Timeout 8 FailureBackoffTime 10 AuthSelect select handler_group from check where \ (dialing_number='%{Calling-Station-Id}')&& \ (handler_group='%{Handler-Group}') AuthColumnDef 0,Handler-Group,check </AuthBy> </Handler> # Get rid of admin accounting requests <Handler User-Name = admin> </Handler> # Handle all accounting here. <Handler Request-Type=Accounting-Request> RewriteUsername s/^([^@]+).*/$1/ # Need a little hook here to determine if this is an accounting packet # whether we use the Livingston or Acct-Terminate-Cause attributes. # This gets the attribute Livingston if it exists, if not, gets # Acct-Terminate-Cause, if not gets Ascend-Disconnect-Cause # Put the correct one in new attribute %{Term-Cause} to be used later PreAuthHook file:"/etc/raddb/accounting.hook" <AuthBy GROUP> AuthByPolicy ContinueWhileAccept <AuthBy SQL> DBSource dbi:mysql:cheetah:ns.quik.com.au DBUsername %{GlobalVar:DbUser} DBAuth %{GlobalVar:DbPass} AccountingTable dialupusage AccountingStopsOnly Timeout 8 FailureBackoffTime 10 AcctColumnDef username, %U, formatted AcctColumnDef session_id, %{Acct-Session-Id}%m-%d, formatted AcctColumnDef router_ip, %c, formatted AcctColumnDef date, %f-%g-%i %j:%k:%p, formatted AcctColumnDef session_time, %{Acct-Session-Time}, formatted AcctColumnDef ip_address, %{Framed-IP-Address}, formatted AcctColumnDef phone, %{Calling-Station-Id}, formatted AcctColumnDef terminate_cause, %{Term-Cause}, formatted </AuthBy> <AuthBy SQL> DBSource %{GlobalVar:DbServer} DBUsername %{GlobalVar:DbUser} DBAuth %{GlobalVar:DbPass} AccountingStopsOnly Timeout 8 FailureBackoffTime 10 AcctSQLStatement update users set prepaid_timeleft=prepaid_timeleft-0%{Acct-Session-Time} where (prepay='true')&&(username='%U') </AuthBy> # SQL </AuthBy> # Group </Handler> # Handle the bulk of the users using our radius:users SQL table <Handler> # remove the realm RewriteUsername s/^([^@]+).*/$1/ <AuthBy GROUP> AuthByPolicy ContinueWhileIgnore <AuthBy SQL> IgnoreAccounting Timeout 8 FailureBackoffTime 10 DBSource %{GlobalVar:DbServer} DBUsername %{GlobalVar:DbUser} DBAuth %{GlobalVar:DbPass} NoDefault DefaultSimultaneousUse 1 # This AuthSelect gets a comma separated list of check items, a comma # separated list of reply items from the radius:users table AuthSelect select check_items, reply_items, case when (prepay='false') then if(session_timeout,session_timeout,NULL) when ((prepay='true')&&(ISNULL(session_timeout))) then prepaid_timeleft when ((prepay='true')&&(!(ISNULL(session_timeout)))) then if(prepaid_timeleft<session_timeout,prepaid_timeleft,session_timeout) end from users where (username='%U' && handler_group='%{Handler-Group}') # As it turns out, an attributename of GENERIC means that it is a # comma separated list of attribute=value pairs. # AuthColumnDef statements define the returned value from the database # AuthColumnDef <position number in select starting with 0>, attribute # name (or GENERIC if list), and whether check, reply, or request (to be # used in later sql statement). AuthColumnDef 0,GENERIC, check AuthColumnDef 1,GENERIC,reply AuthColumnDef 2,Session-Timeout,reply </AuthBy> #SQL # <AuthBy FILE> # # if db fails # Filename %D/users # </AuthBy> </AuthBy> # Group PostAuthHook file:"/etc/raddb/prepay_overuse.hook" AuthLog log1 </Handler> ------- end radius.cfg Any help is greatly appreciated. Griff Hamlin, III === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.