Hello Ronan -
It is a bit difficult to know what to do in this sort of situation, as your configuration file says to keep trying the successive AuthBy clauses, which Radiator does. However, in such a case, the result of the last AuthBy will be the result of the whole sequence - I don't quite see how it could be done otherwise. regards Hugh On Tue, 29 Jan 2002 12:00, Ronan Eckelberry wrote: > Below is the snipit from the log: > > Mon Jan 28 14:33:18 2002: DEBUG: Packet dump: > *** Received from 216.54.217.6 port 1026 .... > Code: Access-Request > Identifier: 194 > Authentic: #<136><142>4Ty<220>5<171><5>6<165>|~<130>k > Attributes: > User-Name = "crystal1" > User-Password = > "<27><201><151><243>!g^b<7><246><248><184><161><235><242><224>" > NAS-IP-Address = 216.54.217.6 > NAS-Port = 30 > NAS-Port-Type = Async > Service-Type = Framed-User > Framed-Protocol = PPP > Connect-Info = "31200 LAPM/V42BIS" > Called-Station-Id = "5271011" > Calling-Station-Id = "3524655491" > > Mon Jan 28 14:33:18 2002: DEBUG: Handling request with Handler > 'Realm=DEFAULT' > Mon Jan 28 14:33:18 2002: DEBUG: Rewrote user name to crystal1 > Mon Jan 28 14:33:18 2002: DEBUG: RADONLINE Deleting session for > crystal1, 216.54.217.6, 30 > Mon Jan 28 14:33:18 2002: DEBUG: do query is: delete from RADONLINE > where NASIDENTIFIER='216.54.217.6' and NASPORT=030 > > Mon Jan 28 14:33:18 2002: DEBUG: Handling with Radius::AuthSQL > Mon Jan 28 14:33:18 2002: DEBUG: Handling with Radius::AuthSQL: > SUBSCRIBERS > Mon Jan 28 14:33:18 2002: DEBUG: Query is: select > PASSWORD,PORTLIMIT,STATICIP,SIMLOGIN from SUBSCRIBERS where > USERNAME='crystal1' AND ACTIVE='Y' > > Mon Jan 28 14:33:18 2002: DEBUG: Radius::AuthSQL looks for match with > crystal1 > Mon Jan 28 14:33:18 2002: DEBUG: Query is: select NASIDENTIFIER, > NASPORT, ACCTSESSIONID from RADONLINE where USERNAME='crystal1' > > Mon Jan 28 14:33:18 2002: DEBUG: Checking if user is still online: > unknown, crystal1, 216.54.217.7, 37, 7B00096D > Mon Jan 28 14:33:18 2002: DEBUG: Radius::AuthSQL REJECT: > Simultaneous-Use of 1 exceeded > Mon Jan 28 14:33:18 2002: DEBUG: Query is: select > PASSWORD,PORTLIMIT,STATICIP,SIMLOGIN from SUBSCRIBERS where > USERNAME='DEFAULT' AND ACTIVE='Y' > > Mon Jan 28 14:33:18 2002: DEBUG: Handling with Radius::AuthSQL > Mon Jan 28 14:33:18 2002: DEBUG: Handling with Radius::AuthSQL: > LIMITED_20HRS > Mon Jan 28 14:33:18 2002: DEBUG: Query is: select > PASSWORD,PORTLIMIT,STATICIP,SIMLOGIN,TIMELEFT from LIMITED_20HRS where > USERNAME='crystal1' AND ACTIVE='Y' > > Mon Jan 28 14:33:18 2002: DEBUG: Radius::AuthSQL looks for match with > crystal1 > Mon Jan 28 14:33:18 2002: DEBUG: Query is: select > PASSWORD,PORTLIMIT,STATICIP,SIMLOGIN,TIMELEFT from LIMITED_20HRS where > USERNAME='DEFAULT' AND ACTIVE='Y' > > Mon Jan 28 14:33:18 2002: DEBUG: Handling with Radius::AuthSQL > Mon Jan 28 14:33:18 2002: DEBUG: Handling with Radius::AuthSQL: > LIMITED_30HRS > Mon Jan 28 14:33:18 2002: DEBUG: Query is: select > PASSWORD,PORTLIMIT,STATICIP,SIMLOGIN,TIMELEFT from LIMITED_30HRS where > USERNAME='crystal1' AND ACTIVE='Y' > > Mon Jan 28 14:33:18 2002: DEBUG: Radius::AuthSQL looks for match with > crystal1 > Mon Jan 28 14:33:18 2002: DEBUG: Query is: select > PASSWORD,PORTLIMIT,STATICIP,SIMLOGIN,TIMELEFT from LIMITED_30HRS where > USERNAME='DEFAULT' AND ACTIVE='Y' > > Mon Jan 28 14:33:18 2002: INFO: Access rejected for crystal1: No such > user > Mon Jan 28 14:33:18 2002: DEBUG: Packet dump: > *** Sending to 216.54.217.6 port 1026 .... > Code: Access-Reject > Identifier: 194 > Authentic: #<136><142>4Ty<220>5<171><5>6<165>|~<130>k > Attributes: > Reply-Message = "No such user" > > Below is the Config File without secrets: > > DbDir /usr/local/Radiator > DictionaryFile %D/dictionary > #FingerProg /usr/bin/finger > #LivingstonHole 2 > #LivingstonOffs 46 > LogDir /usr/log/radius > LogFile %L/radius.log > #PmwhoProg /usr/local/sbin/pmwho > SnmpgetProg /usr/local/bin/snmpget > Trace 3 > #AuthPort 1812 > #AcctPort 1813 > > <Client localhost> > Description Local Test > DupInterval 0 > Secret mysecret > </Client> > > <Client ras1.webcosolutions.com> > Description Lucent PM3 > DupInterval 2 > NasType Livingston > Secret xxxxxx > </Client> > > <Client ras2.webcosolutions.com> > Description Lucent PM3 > DupInterval 2 > NasType Livingston > Secret xxxxxx > </Client> > > <Client ras3.webcosolutions.com> > Description Lucent PM3 > DupInterval 2 > NasType Livingston > Secret xxxxxx > </Client> > > <Client ras5.webcosolutions.com> > Description Lucent PM3 > DupInterval 2 > Secret xxxxxx > </Client> > > <Client webco-5300.webcosolutions.com> > Description Cisco AS5300 Access Server > DupInterval 2 > NasType Cisco > Secret xxxxxx > </Client> > > <Realm DEFAULT> > Description Default Realm for authenticating users > RejectHasReason > RewriteUsername s/^([^@]+).*/$1/ > SessionDatabase RADONLINE > AuthByPolicy ContinueWhileReject > > <AuthBy SQL> > Identifier SUBSCRIBERS > DBSource dbi:mysql:radius:216.54.217.11 > DBUsername xxxxxx > DBAuth xxxxxx > DefaultSimultaneousUse 1 > Description Database to use to authenticate users > FailureBackoffTime 5 > Timeout 10 > AuthSelect select PASSWORD,PORTLIMIT,STATICIP,SIMLOGIN > from SUBSCRIBERS where USERNAME='%n' AND ACTIVE='Y' > # AuthSelect select PASSWORD from SUBSCRIBERS where USERNAME='%n' > AuthColumnDef 0,User-Password,check > AuthColumnDef 1,Port-Limit,reply > AuthColumnDef 2,Framed-IP-Address,reply > AuthColumnDef 3,Simultaneous-Use,check > AccountingTable ACCOUNTING > AcctColumnDef USERNAME,User-Name > AcctColumnDef TIME_STAMP,Timestamp,integer-date > AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type > AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer > AcctColumnDef > ACCTOUTPUTOCTETS,Acct-Output-Octets,integer > AcctColumnDef ACCTSESSIONID,Acct-Session-Id > AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer > AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause > AcctColumnDef NASIDENTIFIER,NAS-IP-Address > AcctColumnDef NASPORT,NAS-Port,integer > AcctColumnDef NASPORTTYPE,NAS-Port-Type,integer > AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address > AcctColumnDef SERVICETYPE,Service-Type,integer > AcctColumnDef CALLINGSTATIONID,Calling-Station-Id > AcctColumnDef CALLEDSTATIONID,Called-Station-Id > AddToReply Service-Type="Framed-User", \ > Framed-Protocol="PPP", \ > Framed-IP-Netmask = 255.255.255.255 > > </AuthBy> > > <AuthBy SQL> > Identifier LIMITED_20HRS > DBSource dbi:mysql:radius:216.54.217.11 > DBUsername xxxxxx > DBAuth xxxxxx > DefaultSimultaneousUse 1 > Description Database to use to authenticate 20 Hour > users > FailureBackoffTime 5 > Timeout 10 > AuthSelect select > PASSWORD,PORTLIMIT,STATICIP,SIMLOGIN,TIMELEFT from LIMITED_20HRS where > USERNAME='%n' AND ACTIVE='Y' > AuthColumnDef 0,User-Password,check > AuthColumnDef 1,Port-Limit,reply > AuthColumnDef 2,Framed-IP-Address,reply > AuthColumnDef 3,Simultaneous-Use,check > AuthColumnDef 4,Session-Timeout,reply > AcctSQLStatement update LIMITED_20HRS set > TIMELEFT=TIMELEFT-0%{Acct-Session-Time} where USERNAME='%n' > AccountingTable ACCOUNTING > AcctColumnDef USERNAME,User-Name > AcctColumnDef TIME_STAMP,Timestamp,integer-date > AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type > AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer > AcctColumnDef > ACCTOUTPUTOCTETS,Acct-Output-Octets,integer > AcctColumnDef ACCTSESSIONID,Acct-Session-Id > AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer > AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause > AcctColumnDef NASIDENTIFIER,NAS-IP-Address > AcctColumnDef NASPORT,NAS-Port,integer > AcctColumnDef NASPORTTYPE,NAS-Port-Type,integer > AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address > AcctColumnDef SERVICETYPE,Service-Type,integer > AcctColumnDef CALLINGSTATIONID,Calling-Station-Id > AcctColumnDef CALLEDSTATIONID,Called-Station-Id > AddToReply Service-Type="Framed-User", \ > Framed-Protocol="PPP", \ > Framed-IP-Netmask = 255.255.255.255 > # PostAuthHook file:"%D/CheckTimeLeft" > > </AuthBy> > > <AuthBy SQL> > Identifier LIMITED_30HRS > DBSource dbi:mysql:radius:216.54.217.11 > DBUsername xxxxxx > DBAuth xxxxxx > DefaultSimultaneousUse 1 > Description Database to use to authenticate 30 Hour > users > FailureBackoffTime 5 > Timeout 10 > AuthSelect select > PASSWORD,PORTLIMIT,STATICIP,SIMLOGIN,TIMELEFT from LIMITED_30HRS where > USERNAME='%n' AND ACTIVE='Y' > AuthColumnDef 0,User-Password,check > AuthColumnDef 1,Port-Limit,reply > AuthColumnDef 2,Framed-IP-Address,reply > AuthColumnDef 3,Simultaneous-Use,check > AuthColumnDef 4,Session-Timeout,reply > AcctSQLStatement update LIMITED_20HRS set > TIMELEFT=TIMELEFT-0%{Acct-Session-Time} where USERNAME='%n' > AccountingTable ACCOUNTING > AcctColumnDef USERNAME,User-Name > AcctColumnDef TIME_STAMP,Timestamp,integer-date > AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type > AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer > AcctColumnDef > ACCTOUTPUTOCTETS,Acct-Output-Octets,integer > AcctColumnDef ACCTSESSIONID,Acct-Session-Id > AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer > AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause > AcctColumnDef NASIDENTIFIER,NAS-IP-Address > AcctColumnDef NASPORT,NAS-Port,integer > AcctColumnDef NASPORTTYPE,NAS-Port-Type,integer > AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address > AcctColumnDef SERVICETYPE,Service-Type,integer > AcctColumnDef CALLINGSTATIONID,Calling-Station-Id > AcctColumnDef CALLEDSTATIONID,Called-Station-Id > AddToReply Service-Type="Framed-User", \ > Framed-Protocol="PPP", \ > Framed-IP-Netmask = 255.255.255.255 > # PostAuthHook file:"%D/CheckTimeLeft" > > </AuthBy> > > <AuthLog FILE> > Identifier AuthLog > Filename %L/authlog > LogSuccess 0 > LogFailure 1 > SuccessFormat %l:%U:%P:OK:%1:%{Calling-Station-Id} > FailureFormat %l:%U:%P:FAIL:%1:%{Calling-Station-Id} > </AuthLog> > > > </Realm> > > <Realm usb.isp> > Description Realm for authenticating Alstateweb.net users > RejectHasReason > RewriteUsername s/^([^@]+).*/$1/ > SessionDatabase RADONLINE > > <AuthBy RADIUS> > Identifier ALSTATE > Host 216.54.217.17 > Secret mysecret > AuthPort 1812 > AcctPort 1813 > Description Database to use to authenticate > Alstateweb.net users > > </AuthBy> > </Realm> > > <Realm isandc.isp> > Description Realm for authenticating isandc.com users > RejectHasReason > RewriteUsername s/^([^@]+).*/$1/ > SessionDatabase RADONLINE > > <AuthBy RADIUS> > Identifier ISANDC > Host 12.108.46.104 > Secret xxxxxx > Description Database to use to authenticate isandc.com > users > > </AuthBy> > </Realm> > > <SessionDatabase SQL> > DateFormat %b %e %Y %H %M > AddQuery insert into RADONLINE (USERNAME, NASIDENTIFIER, NASPORT, > ACCTSESSIONID, TIME_STAMP, FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE, > CALLINGSTATIONID, CALL > EDSTATIONID) values ('%u', '%N', 0%{NAS-Port}, '%{Acct-Session-Id}', > '%{Timestamp}', '%{Framed-IP-Address}', '%{NAS-Port-Type}', > '%{Service-Type}', '%{Calling > -Station-Id}', '%{Called-Station-Id}') > ClearNasQuery delete from RADONLINE where NASIDENTIFIER='%N' > CountNasSessionsQuery select ACCTSESSIONID from RADONLINE where > NASIDENTIFIER='%N' > CountQuery select NASIDENTIFIER, NASPORT, ACCTSESSIONID from RADONLINE > where USERNAME='%u' > DBSource dbi:mysql:radius:216.54.217.11 > DBUsername xxxxxx > DBAuth xxxxxx > DeleteQuery delete from RADONLINE where NASIDENTIFIER='%N' and > NASPORT=0%{NAS-Port} > Description Database of currently online sessions (users) > FailureBackoffTime 5 > Identifier RADONLINE > </SessionDatabase> > > Hope this helps. > > -Ronan > > > -----Original Message----- > From: Hugh Irvine [mailto:[EMAIL PROTECTED]] > Sent: Monday, 28 January, 2002 18:52 > To: Ronan Eckelberry; [EMAIL PROTECTED] > Subject: Re: (RADIATOR) Radiator Log showing "No such user. > > > > Hello Ronan - > > As mentioned in my previous mail, I will need to see a copy of the > configuration file (no secrets) together with a trace 4 debug from > Radiator > showing what is happening. > > regards > > Hugh > > On Tue, 29 Jan 2002 07:00, Ronan Eckelberry wrote: > > I think I see the problem after looking at the trace. It seems > > that the user is disconnecting/being disconnected and not being > > removed > > > from RADONLINE. This doesn't happen all the time, but in the Trace it > > shows that they are being denied for the "Simultaneous Use", but I am > > using an <AuthLog FILE> clause to just write the failed logins to a > > file > > > (Which is what I use to write to a webpage for the technicians to look > > at) that just gives the reason that the login failed as "No such > > user". > > > Is there any way to change the AuthLog to display the real reason and > > not just "No such user"? Below is the AuthLog clause I am using. I > > am > > > not logging Successful logins right now which is why I have it > > disabled. > > > <AuthLog FILE> > > Identifier AuthLog > > Filename %L/authlog > > LogSuccess 0 > > LogFailure 1 > > SuccessFormat %l:%U:%P:OK:%1:%{Calling-Station-Id} > > FailureFormat %l:%U:%P:FAIL:%1:%{Calling-Station-Id} > > </AuthLog> > > > > Any input would be appreciated. Thanks for all the help guys. > > > > :) > > > > -Ronan > > > > > > -----Original Message----- > > From: Hugh Irvine [mailto:[EMAIL PROTECTED]] > > Sent: Thursday, 24 January, 2002 22:51 > > To: Ronan Eckelberry; [EMAIL PROTECTED] > > Subject: Re: (RADIATOR) Radiator Log showing "No such user. > > > > > > > > Hello Ronan - > > > > As usual, the only to tell is to look at a trace 4 debug from Radiator > > in > > conjunction with the configuration file (no secrets). If you send them > > to me > > I will take a look. > > > > regards > > > > Hugh > > > > On Fri, 25 Jan 2002 13:24, Ronan Eckelberry wrote: > > > For some reason Radiator is denying random customers access at > > > random times. It is logging the reason as "No such user". It will > > > usually only do this once, but I have seen it do it a few times. > > The > > > > user does exist in the database. I will try to log in with the > > un/pw > > > > and get rejected, only to try again seconds or minutes later and be > > > > let > > > > > in. The user is not listed in the RADONLINE table, nor are they > > > > listed > > > > > as inactive. Has anyone else had this happen before? Does anyone > > > > have > > > > > any suggestions? It seems kind of weird. > > > > > > The only thing that I can see in the logs are "Duplicate > > > Requests" from the NASs sometimes and sometimes Radiator will die, > > but > > > > INETD restarts it as soon as it receives a request. > > > > > > Any suggestions would be more than helpful. > > > > > > Thanks all, > > > > > > -Ronan > > > > > > Ronan Eckelberry > > > [EMAIL PROTECTED] > > > Network/Systems Engineer > > > Webco Solutions, Inc > > > (352)746-2500 > > > www.webcosolutions.com > > > > > > === > > > Archive at http://www.open.com.au/archives/radiator/ > > > Announcements on [EMAIL PROTECTED] > > > To unsubscribe, email '[EMAIL PROTECTED]' with > > > 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.