Well! I stand corrected. -- Nathan
Hugh Irvine <h...@open.com.au> wrote: Hello Sergio - Yes - have a look at the current packages in the “Radius/Nas/…” directory of the Radiator-4.14 distribution. regards Hugh > On 23 Jan 2015, at 13:41, sergio <ser...@inbox.com> wrote: > > hello > > It is possible to create a package for the Mikrotik? MikrotikSessionMIB.pm > > >> -----Original Message----- >> From: nath...@fsr.com >> Sent: Mon, 8 Dec 2014 05:30:26 -0800 >> To: m.abdelsa...@wimd.com.kw, radiator@open.com.au >> Subject: Re: [RADIATOR] Radiator+Mikrotik >> >> On Monday, December 08, 2014 12:16 AM, Mahmoud Abdelsalam wrote: >> >>> Hello all, >>> >>> As Mikrotik doesn't support COA for PPPoE, so I used Disconnect-Request, >>> the hook script will send Disconnect-Request to Mikrotik once the >>> session >>> exceeds the quota, here is how i send Disconnect-Request: >> >> [snip] >> >>> This works fine but the problem is that user can't re-authenticate again >>> because it reaches Maxsessions although I have this in my config file: >> >> [snip] >> >>> The user would successfully authenticate again when I manually remove >>> the >>> session from RADONLINE by executing the DeleteQuery. >> >> It has been a while since I have had to look at/think about this, but as >> I recall, this is how it works: >> >> DeleteQuery doesn't get executed unless the Radiator server receives >> Accounting-Stop from the MikroTik. >> >> PoD/Disconnect-Request may or may not cause Accounting-Stop to be issued >> by MikroTik RouterOS; I can't remember and I will have to simulate this >> later and run a packet capture to see what happens. (Maybe if you are >> running an older version of RouterOS, try upgrading? It could be a bug >> that got fixed later, and they have definitely had their share of RADIUS >> client bugs in the past.) >> >> In any case, you can work around a problem where Radiator does not >> receive Accounting-Stop by having Radiator verify that any active >> sessions for the user that are recorded in the RADONLINE table are valid >> at the moment that the user tries to authenticate again. Radiator does >> this by executing an SNMP query to the NAS that is on record for each >> session to see if the Session-ID for that row in the table is still >> valid. If the NAS does not return anything for the OID, then Radiator >> assumes the session is dead and purges that entry from RADONLINE, >> reducing MaxSessions count by 1. >> >> To enable this functionality, you need to make sure that SNMP is enabled >> and configured on each MikroTik NAS, you need to make sure that Net-SNMP >> is installed and configured on the Radiator server, and you need to add >> these options to your Client clause in your Radiator config file: >> >> <Client DEFAULT> >> [...] >> # MikroTik supports this MIB >> NasType CiscoSessionMIB >> SNMPCommunity public >> </Client> >> >> Replace 'public' with the SNMP community string that you have configured >> on the MikroTik. >> >> We also made a slight change to the Radiator code, because by default, if >> Radiator does not get a response back from its SNMP "get" to the >> MikroTik, it gives the benefit of the doubt to RADONLINE. We have found >> that more often than not, it is better to give the benefit of the doubt >> to the user. That way, a user is not unfairly punished by problems with >> our NAS or problems on our network that might make it impossible for >> Radiator to communicate with our NAS. Here is the patch to make that >> change in behavior: >> >> diff -r -d -u -N Radius/Nas/CiscoSessionMIB.pm >> Radius-patched/Nas/CiscoSessionMIB.pm >> --- Radius/Nas/CiscoSessionMIB.pm 2009-10-26 15:23:55.000000000 -0700 >> +++ Radius-patched/Nas/CiscoSessionMIB.pm 2014-12-08 05:20:02.000000000 >> -0800 >> @@ -39,7 +39,7 @@ >> $client->{SNMPCommunity}, >> "$Radius::Nas::CiscoMIB.9.150.1.1.3.1.2.$session_id"); >> >> - return 1 if (!$result || $result =~ /no response/i); # Could not >> SNMP. Assume still there >> + return 0 if (!$result || $result =~ /no response/i); # Could not >> SNMP. Give benefit of doubt to user. >> return 0 if $result =~ /no such variable/i; # Not in the MIB means >> no such session >> return uc($1) eq uc($name) >> if ($result =~ /^.*\"([^"]+)".*$/); >> >> Hope this helps, >> >> -- >> Nathan Anderson >> First Step Internet, LLC >> nath...@fsr.com >> _______________________________________________ >> radiator mailing list >> radiator@open.com.au >> http://www.open.com.au/mailman/listinfo/radiator > > ____________________________________________________________ > Can't remember your password? Do you need a strong and secure password? > Use Password manager! It stores your passwords & protects your account. > Check it out at http://mysecurelogon.com/password-manager > > > _______________________________________________ > radiator mailing list > radiator@open.com.au > http://www.open.com.au/mailman/listinfo/radiator -- Hugh Irvine h...@open.com.au Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER, SIM, etc. Full source on Unix, Linux, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator