Hello Sergio -
Yes - have a look at the current packages in the “Radius/Nas/…” directory of
the Radiator-4.14 distribution.
regards
Hugh
> On 23 Jan 2015, at 13:41, sergio <ser...@inbox.com> wrote:
>
> hello
>
> It is possible to create a package for the Mikrotik? MikrotikSessionMIB.pm
>
>
>> -----Original Message-----
>> From: nath...@fsr.com
>> Sent: Mon, 8 Dec 2014 05:30:26 -0800
>> To: m.abdelsa...@wimd.com.kw, radiator@open.com.au
>> Subject: Re: [RADIATOR] Radiator+Mikrotik
>>
>> On Monday, December 08, 2014 12:16 AM, Mahmoud Abdelsalam wrote:
>>
>>> Hello all,
>>>
>>> As Mikrotik doesn't support COA for PPPoE, so I used Disconnect-Request,
>>> the hook script will send Disconnect-Request to Mikrotik once the
>>> session
>>> exceeds the quota, here is how i send Disconnect-Request:
>>
>> [snip]
>>
>>> This works fine but the problem is that user can't re-authenticate again
>>> because it reaches Maxsessions although I have this in my config file:
>>
>> [snip]
>>
>>> The user would successfully authenticate again when I manually remove
>>> the
>>> session from RADONLINE by executing the DeleteQuery.
>>
>> It has been a while since I have had to look at/think about this, but as
>> I recall, this is how it works:
>>
>> DeleteQuery doesn't get executed unless the Radiator server receives
>> Accounting-Stop from the MikroTik.
>>
>> PoD/Disconnect-Request may or may not cause Accounting-Stop to be issued
>> by MikroTik RouterOS; I can't remember and I will have to simulate this
>> later and run a packet capture to see what happens. (Maybe if you are
>> running an older version of RouterOS, try upgrading? It could be a bug
>> that got fixed later, and they have definitely had their share of RADIUS
>> client bugs in the past.)
>>
>> In any case, you can work around a problem where Radiator does not
>> receive Accounting-Stop by having Radiator verify that any active
>> sessions for the user that are recorded in the RADONLINE table are valid
>> at the moment that the user tries to authenticate again. Radiator does
>> this by executing an SNMP query to the NAS that is on record for each
>> session to see if the Session-ID for that row in the table is still
>> valid. If the NAS does not return anything for the OID, then Radiator
>> assumes the session is dead and purges that entry from RADONLINE,
>> reducing MaxSessions count by 1.
>>
>> To enable this functionality, you need to make sure that SNMP is enabled
>> and configured on each MikroTik NAS, you need to make sure that Net-SNMP
>> is installed and configured on the Radiator server, and you need to add
>> these options to your Client clause in your Radiator config file:
>>
>> <Client DEFAULT>
>> [...]
>> # MikroTik supports this MIB
>> NasType CiscoSessionMIB
>> SNMPCommunity public
>> </Client>
>>
>> Replace 'public' with the SNMP community string that you have configured
>> on the MikroTik.
>>
>> We also made a slight change to the Radiator code, because by default, if
>> Radiator does not get a response back from its SNMP "get" to the
>> MikroTik, it gives the benefit of the doubt to RADONLINE. We have found
>> that more often than not, it is better to give the benefit of the doubt
>> to the user. That way, a user is not unfairly punished by problems with
>> our NAS or problems on our network that might make it impossible for
>> Radiator to communicate with our NAS. Here is the patch to make that
>> change in behavior:
>>
>> diff -r -d -u -N Radius/Nas/CiscoSessionMIB.pm
>> Radius-patched/Nas/CiscoSessionMIB.pm
>> --- Radius/Nas/CiscoSessionMIB.pm 2009-10-26 15:23:55.000000000 -0700
>> +++ Radius-patched/Nas/CiscoSessionMIB.pm 2014-12-08 05:20:02.000000000
>> -0800
>> @@ -39,7 +39,7 @@
>> $client->{SNMPCommunity},
>> "$Radius::Nas::CiscoMIB.9.150.1.1.3.1.2.$session_id");
>>
>> - return 1 if (!$result || $result =~ /no response/i); # Could not
>> SNMP. Assume still there
>> + return 0 if (!$result || $result =~ /no response/i); # Could not
>> SNMP. Give benefit of doubt to user.
>> return 0 if $result =~ /no such variable/i; # Not in the MIB means
>> no such session
>> return uc($1) eq uc($name)
>> if ($result =~ /^.*\"([^"]+)".*$/);
>>
>> Hope this helps,
>>
>> --
>> Nathan Anderson
>> First Step Internet, LLC
>> nath...@fsr.com
>> _______________________________________________
>> radiator mailing list
>> radiator@open.com.au
>> http://www.open.com.au/mailman/listinfo/radiator
>
> ____________________________________________________________
> Can't remember your password? Do you need a strong and secure password?
> Use Password manager! It stores your passwords & protects your account.
> Check it out at http://mysecurelogon.com/password-manager
>
>
> _______________________________________________
> radiator mailing list
> radiator@open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
--
Hugh Irvine
h...@open.com.au
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER, SIM, etc.
Full source on Unix, Linux, Windows, MacOSX, Solaris, VMS, NetWare etc.
_______________________________________________
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
