Re: Simultaneous-Use check MySQL

2005-10-17 Thread David M. 
Hello,

El Viernes 14 Octubre  2005 20:35, Alan DeKok escribió:
 David M. [EMAIL PROTECTED] wrote:
  Debug mode does not reveal further information, what I've noticed I
  didn't before :( is checkrad is used to verify if the connection is still
  established, despite simul_verify_query result.

   Yes.  Because the accounting stop packets may have been lost.
That's right, actually I'm experiencing problems related with Stop packets 
that produce errors in MySQL driver I've to check, now I think checkrad is 
the best solution, furthermore in case SNMP timeout allows authorizes the new 
connection which IMO is desiderable.

  My doubt/question is: checkrad is always used to Simultaneous-Use
  checking? Is it not possible to use radacct table instead of SNMP
  polling?
   Yes.  Set the nastype to other.
Great.

Thanks a lot for your help.
-- 
David Manchado
Ing Sistemas EUROCIBER
e: [EMAIL PROTECTED]
t: +34 911830209 / +34902902977
f: +34 911831109

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Simultaneous-Use check MySQL

2005-10-13 Thread David M. 
Hi,

I'm experiencing problems with Simultaneous-Use and MySQL.

Due I have two freeradius servers, I cannot use for accounting radutmp because 
if a radius gets a stop packet and the start one went to the other radius the 
driver fails, so all accounting is based on MySQL.

The MySQL queries that the radius perform are the followings (using standard 
sql.conf file with simul_count_query uncommented, the file is attached)
1- authorize_check_query (gets the Simultaneous-Use := 1)
2- authorize_group_check_query
3- authorize_reply_query
4- authorize_group_reply_query
5- simul_count_query
6- postauth_query
7- accounting_start_query
8- accounting_update_query (updates the radacct table with the IP address from 
the pool)

If I try to connect with the same user and the previous conection still 
established, this is the sequence of queries:
1- authorize_check_query
2- authorize_group_check_query
3- authorize_reply_query
4- authorize_group_reply_query
5- simul_count_query **returns 1**
6- simul_verify_query 
7- accounting stop query **performs a stop in the previously established 
session**
8- postauth_query
9- accounting_start_query
10- accounting_update_query (updates the radacct table with the IP address 
from the pool)

I think either simul_verify_query is wrong or there is something wrong with 
sql.conf. I've attached it.

If I change Simultaneous-Use := 0 the user cannot connect as I should behave 
and the logs reports Auth: Multiple logins (max 0)

Freeradius and freeradius-mysql are etch/testing packages Debian official 
packages (version 1.0.4-2)

Any help would be appreciated, thanks in advance
-- 
David
#
#  Configuration for the SQL module, when using MySQL.
#
#  The database schema is available at:
#
#   src/radiusd/src/modules/rlm_sql/drivers/rlm_sql_mysql/db_mysql.sql
#
#  If you are using PostgreSQL, please use 'postgresql.conf', instead.
#  If you are using Oracle, please use 'oracle.conf', instead.
#  If you are using MS-SQL, please use 'mssql.conf', instead.
#
#   $Id: sql.conf,v 1.41.2.1 2004/06/10 00:45:01 phampson Exp $
#
sql {

# Database type
# Current supported are: rlm_sql_mysql, rlm_sql_postgresql,
# rlm_sql_iodbc, rlm_sql_oracle, rlm_sql_unixodbc, rlm_sql_freetds
driver = rlm_sql_mysql

# Connect info
server = mysql.server.com
login = mysql.user
password = mysql.pass

# Database table configuration
radius_db = radius.table

# If you want both stop and start records logged to the
# same SQL table, leave this as is.  If you want them in
# different tables, put the start table in acct_table1
# and stop table in acct_table2
acct_table1 = radacct
acct_table2 = radacct

# Allow for storing data after authentication
postauth_table = radpostauth

authcheck_table = radcheck
authreply_table = radreply

groupcheck_table = radgroupcheck
groupreply_table = radgroupreply

usergroup_table = usergroup

# Remove stale session if checkrad does not see a double login
deletestalesessions = yes

# Print all SQL statements when in debug mode (-x)
sqltrace = no
sqltracefile = ${logdir}/sqltrace.sql

# number of sql connections to make to server
num_sql_socks = 5

# number of seconds to dely retrying on a failed database
# connection (per_socket)
connect_failure_retry_delay = 60

# Safe characters list for sql queries. Everything else is replaced
# with their mime-encoded equivalents.
# The default list should be ok
#safe-characters = 
@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /

###
#  Query config:  Username
###
# This is the username that will get substituted, escaped, and added 
# as attribute 'SQL-User-Name'.  '%{SQL-User-Name}' should be used 
below 
# everywhere a username substitution is needed so you you can be sure 
# the username passed from the client is escaped properly.  
#
#  Uncomment the next line, if you want the sql_user_name to mean:
#
#Use Stripped-User-Name, if it's there.
#Else use User-Name, if it's there,
#Else use hard-coded string DEFAULT as the user name.
#sql_user_name = %{Stripped-User-Name:-%{User-Name:-DEFAULT}}
#
sql_user_name = %{User-Name}

###
#  Default profile
###
# This is the default profile. It is found in SQL by group membership. 
# That means that this