it looks to me like your mixing things up making it hard for me
personally to follow. 1 config with 1 log would be easier to follow. Why
does the time go backwards in your log?
but anyways, i think what you want to do is process Alive packets and
Stop packets separately, and ignore Start packets but then you talk
about "Start packets are not processed" so i'm not sure what you want.
Also, if your device is sending start packets and you are ignoring them,
the device (depending on what device it is) may mark your radius servers
dead.
So, it's really quite simple:
<Handler Request-Type = "Accounting-Request", Acct-Status-Type = Alive>
...
</Handler>
<Handler Request-Type = "Accounting-Request", Acct-Status-Type = Stop>
...
</Handler>
Sounds like maybe you're just making it more complicated than it is.
On 04/04/13 06:30 AM, Thomas Kurian wrote:
Hi Mike and friends,
As advised by you , i have attached the configuration file & debug
logs. I want to process both alive and stop packets but with separate
handlers. What i notice from the logs is that the handler which is
first positioned is the only handler which is processed the rest of
the handlers are ignored. Let me explain it.
If handler stop is positioned first, only stop packets are processed
, Alive and Start packets are not processed , even if it is received.
I tried it vice versa also,in this case all accounting packets were
processed but the handler stop was ignored.
I also tried replacing Handler-Request-Type=Accounting-Request with
Handler-Status-Type=Alive , but no luck.
How to resolve this issue , i require both the handlers to process the
respective packets contents when each of the kind is received by
radiator from the NAS. Please help me out.
_Error debug log (Handler Stop is postioned first in the config file)
_Note:(only stop packets received were processed , Alive packets were
ignored , since handler-request-type=accounting request could not be
found)_
_Thu Apr 4 12:46:57 2013: WARNING: Could not find a handler for
99047799: request is ignored
Thu Apr 4 12:46:57 2013: DEBUG: Packet dump:
*** Received from 10.50.1.4 port 1646 ....
Code: Accounting-Request
Identifier: 222
Authentic:
<239><6><165>+<223><146><185><162><255>\<165><24>r<247><255><222>
Attributes:
Acct-Session-Id = "002FD66A"
cisco-Policy-Up = "10Mbps"
cisco-Policy-Down = "10Mbps"
Framed-Protocol = PPP
Framed-IP-Address = 94.187.154.249
User-Name = "66555525"
cisco-avpair = "connect-progress=LAN Ses Up"
cisco-avpair = "nas-tx-speed=1000000000"
cisco-avpair = "nas-rx-speed=1000000000"
Acct-Session-Time = 10820
Acct-Input-Octets = 155877791
Acct-Output-Octets = 1691878933
Acct-Input-Packets = 1089024
Acct-Output-Packets = 1669389
Acct-Authentic = RADIUS
Acct-Status-Type = Alive
NAS-Port-Type = Virtual
NAS-Port = 0
NAS-Port-Id = "0/0/0/666"
cisco-avpair = "client-mac-address=dc9f.db2e.e52f"
Class =
"<153>3<1><8>66555525<21><4><132><28>Y<0>3<4><3><0><0><0>3<4><7><0><0><0>3<4><6><0><0><0>1<16>59d88f5c08487260"
Service-Type = Framed-User
NAS-IP-Address = 10.50.1.4
Event-Timestamp = 1365068817
NAS-Identifier = "DC-ISG2-Flash.wimd.kw"
Acct-Delay-Time = 0
Thu Apr 4 12:46:57 2013: WARNING: Could not find a handler for
66555525: request is ignored
_Error debug log (Handler Stop is positioned second in the config
file after Handler-Request-Type=Accounting-Request)_
(Note: Stop packets were processed with
Handler-Request-Type=Accounting-Request and not Handler-Status-Type=Stop)
Thu Apr 4 12:37:31 2013: DEBUG: Packet dump:
*** Received from 10.50.1.4 port 1646 ....
Code: Accounting-Request
Identifier: 29
Authentic: #<144>`<139><161><219><154><190><0>><<161><252>C<220>T
Attributes:
Acct-Session-Id = "002FD585"
cisco-Policy-Up = "6Mbps"
cisco-Policy-Down = "6Mbps"
Framed-Protocol = PPP
Framed-IP-Address = 94.187.154.236
cisco-avpair = "ppp-disconnect-cause=Missed too many keepalives"
User-Name = "65002914"
Acct-Authentic = RADIUS
cisco-avpair = "connect-progress=LAN Ses Up"
cisco-avpair = "nas-tx-speed=1000000000"
cisco-avpair = "nas-rx-speed=1000000000"
Acct-Session-Time = 11448
Acct-Input-Octets = 28654436
Acct-Output-Octets = 160823960
Acct-Input-Packets = 88318
Acct-Output-Packets = 141945
Acct-Terminate-Cause = Port-Error
cisco-avpair = "disc-cause-ext=TCP Foreign Host Close"
Acct-Status-Type = Stop
NAS-Port-Type = Virtual
NAS-Port = 0
NAS-Port-Id = "0/0/0/666"
cisco-avpair = "client-mac-address=e046.9a3b.c135"
Class =
"<153>3<1><8>65002914<21><4><171><144><212><0>3<4><6><0><0><0>3<4><16><0><0><0>3<4><3><0><0><0>1<16>8f9c5c39dc74286f"
Service-Type = Framed-User
NAS-IP-Address = 10.50.1.4
Event-Timestamp = 1365068251
NAS-Identifier = "DC-ISG2-Flash.wimd.kw"
Acct-Delay-Time = 0
Thu Apr 4 12:37:31 2013: DEBUG: Handling request with Handler
'Request-Type = Accounting-Request', Identifier ''
Thu Apr 4 12:37:31 2013: DEBUG: tamesql Deleting session for
65002914, 10.50.1.4, 0
Thu Apr 4 12:37:31 2013: DEBUG: do query to 'dbi:ODBC:IRONMAN':
'delete from RADONLINE where NASIDENTIFIER='10.50.1.4' and NASPORT=00':
Thu Apr 4 12:37:31 2013: DEBUG: Handling with Radius::AuthSQL: thomas
Thu Apr 4 12:37:31 2013: DEBUG: Handling accounting with Radius::AuthSQL
Thu Apr 4 12:37:31 2013: DEBUG: do query to 'dbi:ODBC:IRONMAN':
'update quotasubscribers set monthlycounter = 160823960, totalcounter
= 160823960, timestamp = 13650682
51 where username='65002914' And Type = 'Q'':
Thu Apr 4 12:37:31 2013: DEBUG: AuthBy SQL result: ACCEPT,
Thu Apr 4 12:37:31 2013: DEBUG: Running PostAuthHook: Using Identifier
Thu Apr 4 12:37:31 2013: DEBUG: Running PostAuthHook sql query check
for :
65002914
Thu Apr 4 12:37:31 2013: DEBUG: Query to 'dbi:ODBC:IRONMAN': 'select
username from quotasubscribers where switched = 0 and type = 'Q' and
monthlycounter >= maxquota ':
Thu Apr 4 12:37:31 2013: DEBUG: The user 65002914 either has not yet
exceeded allocated quota or isnt a quota based user
Thu Apr 4 12:37:31 2013: DEBUG: Accounting accepted
Thu Apr 4 12:37:31 2013: DEBUG: Packet dump:
*** Sending to 10.50.1.4 port 1646 ....
Code: Accounting-Response
Identifier: 29
Authentic: (e<12>Z<183>bS<24>*-_<150><4>'<130><238>
Attributes:
*_Radiator Config file_*
LogDir /var/log/radius
DbDir /etc/radiator
# Use a low trace level in production systems. Increase
# it to 4 or 5 for debugging, or use the -trace flag to radiusd
Trace 4
# You will probably want to add other Clients to suit your work site,
<Client DEFAULT>
Secret XXXXXXXXXX
DupInterval 0
</Client>
<Client 10.50.1.4>
Secret XXXXXXXXXX
DupInterval 0
NasType Cisco
IgnoreAcctSignature
</Client>
# Accept processing of other accounting requests of the genre Stop
<Handler Acct-Status-Type = Stop>
<AuthBy SQL>
Identifier thomas
DBSource dbi:ODBC:IRONMAN
DBUsername XXXXXXXX
DBAuth WXXXXXXXXX
AccountingStopsOnly
AccountingTable ACCOUNTING
AcctColumnDef USERNAME, User-Name
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef
ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef TIME_STAMP,Event-Timestamp,integer-date
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
AcctColumnDef NASIDENTIFIER,NAS-Identifier
AcctColumnDef NASPORT,NAS-Port,integer
</Handler>
<SessionDatabase SQL>
# This SessionDatabase clause can be used to insert value of extra
desired field for future development
Identifier tamesql
DBSource dbi:ODBC:IRONMAN
DBUsername XXXXXXXXXXX
DBAuth XXXXX
</SessionDatabase>
# Accept processing of other accounting requests of the genre Alive
interim updates
<Handler Request-Type = Accounting-Request>
<AuthBy SQL>
Identifier thomas
DBSource dbi:ODBC:IRONMAN
DBUsername XXXXXXXXXXX
DBAuth XXXXXXXXXX
AcctSQLStatement update quotasubscribers set
monthlycounter = %{Acct-Output-Octets}, totalcounter =
%{Acct-Output-Octets}, timestamp = %{Event-Timestamp} \
where username='%n' \
And Type = 'Q'
</AuthBy>
PostAuthHook file:"/etc/radiator/rocky.pl"
#Log accounting to a detail file
AcctLogFileName %L/detail
</Handler>
Requesting your kind help& cooperation,
Thomas Kurian
IT Security Engineer (B.Tech. -- Electrical)
Kuwaiti Canadian Consulting Group (www.kccg.com)
T: +965 22435566
F: +965 22415149
E:tho...@kccg.com
On 3/27/2013 11:40 PM, Michael wrote:
AuthByPolicy is only for what to do when you have multiple authby's.
you only have 1 per handler here so it's irrelevant.
Best to show some debug log of this in action with a start packet to
figure out what's going on. the config looks like it should at least
handle the start packet.
On 27/03/13 03:32 PM, Thomas Kurian wrote:
Hi Mike,
Thanks for your email. Can you please tell me where exactly i have
to add "AuthByPolicy ContinueWhileIgnore"? Should it go under each
handler clause inside Authby sql?
_My old config (which didnt work ,Start packets were never getting
processed) (this was the config i had problem a long time ago..
which lead me to ask this question)_
AcctPort 1813
AuthPort 1812
BindAddress 0.0.0.0
LogDir /var/log/radius
DbDir /etc/radiator
# Use a low trace level in production systems. Increase
# it to 4 or 5 for debugging, or use the -trace flag to radiusd
Trace 4
# You will probably want to add other Clients to suit your work site,
# one for each NAS you want to work with
<Client DEFAULT>
Secret xxxx
DupInterval 0
</Client>
<Client 10.50.1.4>
Secret xxx
DupInterval 0
NasType Cisco
IgnoreAcctSignature
</Client>
#For strictly processing with Accounting Stop packets
<Handler Acct-Status-Type = Stop>
<AuthBy SQL>
Identifier Block-Quota-SQL
DBSource dbi:mysql:radius
DBUsername xxxx
DBAuth xxxxx
AccountingStopsOnly
AccountingTable quotacouunter
AuthColumnDef username,User-Name,check
AuthSelect select monthlycounter from quotacounter \
where username='%n' \
And type = 'Q'
#AuthColumnDef 0, Session-Timeout, reply
AcctSQLStatement update quotacounter set \
monthlycounter=monthlycounter+%{Acct-Input-Octets} \
where username='%n' \
And Type = 'Q'
AuthSelect select totalcounter from quotacounter \
where username='%n' \
And Type = 'Q'
AcctSQLStatement update quotacounter set \
totalcounter=totalcounter+%{Acct-Input-Octets} \
where username='%n' \
And Type = 'Q'
PostAuthHook file:"%D/thomas.pl";
</AuthBy>
</Handler>
# Accept processing of other accounting requests of the genre start
and interim
<Handler Request-Type = Accounting-Request>
<Realm DEFAULT>
<AuthBy SQL>
DBSource dbi:mysql:radius
DBUsername xxxx
DBAuth xxxx
AccountingTable ACCOUNTING
AcctColumnDef USERNAME, User-Name
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets
AcctColumnDef TIME_STAMP,Event-Timestamp
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
AcctColumnDef NASIDENTIFIER,NAS-Identifier
AcctColumnDef NASPORT,NAS-Port
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
</AuthBy>
# Log accounting to a detail file
AcctLogFileName %L/detail
</Realm>
</Handler>
Requesting your kind help, Thomas Kurian IT Security Engineer
(B.Tech. -- Electrical) Kuwaiti Canadian Consulting Group
(www.kccg.com) T: +965 22435566 F: +965 22415149 E: tho...@kccg.com
On 3/27/2013 8:00 PM, radiator-requ...@open.com.au wrote:
Send radiator mailing list submissions to radiator@open.com.au To
subscribe or unsubscribe via the World Wide Web, visit
http://www.open.com.au/mailman/listinfo/radiator or, via email,
send a message with subject or body 'help' to
radiator-requ...@open.com.au You can reach the person managing the
list at radiator-ow...@open.com.au When replying, please edit your
Subject line so it is more specific than "Re: Contents of radiator
digest..." Today's Topics: 1. Re: Handler type Stop/Alive
distinguished processing (Michael Newton)
----------------------------------------------------------------------
Message: 1 Date: Wed, 27 Mar 2013 09:41:40 -0700 From: Michael
Newton <mnew...@pofp.com> Subject: Re: [RADIATOR] Handler type
Stop/Alive distinguished processing To: radiator@open.com.au
Message-ID:
<CADEoLhCoJHu0vQChsC5-czmG24k+kwsSnw=fzydovji-bh-...@mail.gmail.com> Content-Type:
text/plain; charset="utf-8" On 27 March 2013 09:29,
<radiator-requ...@open.com.au> wrote:
My requirement is to process and handle ,Alive and Stop packet
separately and the configuration must be called/processed
separately ,each time the radiator receives it based on the Acct
Status type as described above. Please help me out , i could not
find an explanation for this anywhere and i am confused. Please
let me know, if you need any more specifics to help me out.
There shouldn't be any problem with using <Handler
Acct-Status-Type=Start>, <Handler Acct-Status-Type=Alive>, or
<Handler Acct-Status-Type=Stop>, it is how we do accounting on our
server. Maybe make sure you you are using "AuthByPolicy
ContinueWhileIgnore" if you have problems with subsequent handlers
not getting called? If that doesn't help, I'd suggest posting the
config that doesn't work instead of the one that does; other people
may be able to provide more suggestions. Mike -------------- next
part -------------- An HTML attachment was scrubbed... URL:
http://www.open.com.au/pipermail/radiator/attachments/20130327/ab98603b/attachment-0001.html
------------------------------
_______________________________________________ radiator mailing
list radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator End of radiator
Digest, Vol 46, Issue 24 ****************************************
_______________________________________________ radiator mailing
list radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
_______________________________________________
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
