Re: (RADIATOR) ERR: do failed for 'insert into Calls
Hello Philip -
This is a problem with the indexes on your database, not with the
Total Control. The database is refusing to insert a record into the
Calls table because a unique index is being violated. You will need
to check the indexes and change whichever one is causing the problem.
At 5:11 PM -1000 6/27/01, Philip Clever wrote:
Hello,
We are trying to toubleshoot a couple of problems.
#1. We keep getting these error messages (below). We looked through the
archives and went ahead and set the retransmission timeout on our Total
Control 1000 from 3 to 20 seconds.
From error log:
snip
Wed Jun 27 16:34:18 2001: ERR: do failed for 'insert into Calls
(UserName, CallDate, AcctStatusType, AcctInputOctets,
AcctOutputOctets, AcctSessionId, AcctSessionTime, NASIdentifier, NASPort,
CallFromId)
values
('unauthenticated', 'Jun 27, 2001 16:34', 2, 0, 0,
'33554457', 51, '63.72.207.3', 513, '8083238406')': [OpenLink][ODBC][SQL
Server]Violation of UNIQUE KEY constraint 'UNQ_Calls': Attempt to insert
duplicate key in object 'Calls'. (SQL-S1000)(DBD: st_execute/SQLExecute
err=-1)
Wed Jun 27 16:34:21 2001: ERR: do failed for 'insert into Calls
(UserName, CallDate, AcctStatusType, AcctInputOctets,
AcctOutputOctets, AcctSessionId, AcctSessionTime, NASIdentifier, NASPort,
CallFromId)
values
('unauthenticated', 'Jun 27, 2001 16:34', 2, 0, 0,
'33619980', 39, '63.72.207.3', 514, '8089595681')': [OpenLink][ODBC][SQL
Server]Violation of UNIQUE KEY constraint 'UNQ_Calls': Attempt to insert
duplicate key in object 'Calls'. (SQL-S1000)(DBD: st_execute/SQLExecute
err=-1)
Wed Jun 27 16:35:19 2001: ERR: do failed for 'insert into Calls
(UserName, CallDate, AcctStatusType, AcctInputOctets,
AcctOutputOctets, AcctSessionId, AcctSessionTime, NASIdentifier, NASPort,
CallFromId)
values
('unauthenticated', 'Jun 27, 2001 16:35', 2, 0, 0,
'50397207', 4, '63.72.207.3', 770, '8088895755')': [OpenLink][ODBC][SQL
Server]Violation of UNIQUE KEY constraint 'UNQ_Calls': Attempt to insert
duplicate key in object 'Calls'. (SQL-S1000)(DBD: st_execute/SQLExecute
err=-1)
Wed Jun 27 16:35:31 2001: ERR: do failed for 'insert into Calls
(UserName, CallDate, AcctStatusType, AcctInputOctets,
AcctOutputOctets, AcctSessionId, AcctSessionTime, NASIdentifier, NASPort,
CallFromId)
values
('unauthenticated', 'Jun 27, 2001 16:35', 2, 0, 0,
'17956887', 51, '63.72.207.3', 275, '8083238406')': [OpenLink][ODBC][SQL
Server]Violation of UNIQUE KEY constraint 'UNQ_Calls': Attempt to insert
duplicate key in object 'Calls'. (SQL-S1000)(DBD: st_execute/SQLExecute
err=-1)
Wed Jun 27 16:36:44 2001: ERR: do failed for 'insert into Calls
(UserName, CallDate, AcctStatusType, AcctInputOctets,
AcctOutputOctets, AcctSessionId, AcctSessionTime, NASIdentifier, NASPort,
CallFromId)
values
('unauthenticated', 'Jun 27, 2001 16:36', 2, 0, 0,
'51380239', 51, '63.72.207.3', 785, '8083238406')': [OpenLink][ODBC][SQL
Server]Violation of UNIQUE KEY constraint 'UNQ_Calls': Attempt to insert
duplicate key in object 'Calls'. (SQL-S1000)(DBD: st_execute/SQLExecute
err=-1)
/snip
Besides 'unauthenticated' we get actual usernames as well but they aren't
necessarily online which sems really weird. They don't show up on the
pass/fail logs, users online, nor do they show up on the Total control
failure log either.
Problem #2. Our radwho.cgi seems to be working with the exception that the
iPass logons do not go away. We have one that is over 100 days old.
Any ideas?
The only reason that this happens is if you do not receive an
Accounting Stop record for the session. You can also remove the stale
sessions by hand.
regards
Hugh
--
NB: I am travelling this week, so there may be delays in our correspondence.
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) question
Title: Re: (RADIATOR) question Hello Brandon - If UUnet is mandating this, they must have a specification of what they mean. You will have to check with UUnet directly. regards Hugh At 3:09 AM -0700 6/26/01, Brandon wrote: Wish I knew too. I tried emailing the list and know one seemed to know. The only response I got back was that it was possible in PostAuthHooks. UU.net is now requiring this to use their system. Brandon - Original Message - From: admin To: [EMAIL PROTECTED] Sent: Tuesday, June 26, 2001 2:14 PM Subject: (RADIATOR) question I need to reduce my Ascend-Data-Filter from length 28 to 26 Any ideas how? Thanks Eric -- NB: I am travelling this week, so there may be delays in our correspondence. Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
Re: (RADIATOR) Blocktime from a proxy server
Hello Ken - At 10:59 PM +1100 6/28/01, Ken Kirkby wrote: Im just having some difficulty in getting my head around block time from a proxy server, as to how the transfer of variables takes place in order to set a session time. I have the time available returned from the proxy server which I wish to set as a session-limit. While our SQL derived block time works ok, I cant come up with a combination that works. Version is 2.18.2 I have the following AuthBy Radius config in theory anyway, but I keep getting either av-pair errors, or errors on parsing the config file. AuthBy RADIUS Host xxx.xxx.xxx.xxx Secret xx AuthPort 1645 AcctPort 1646 RetryTimeout 10 AddToRequest Session-Time AllowInReply Session-Timeout AcctFailedLogFileName %L/misseddetails.%Y%m%d But would the PostAuthCheckBlockTimeLeft or similar be needed here. /AuthBy Hugh mentioned a request attribute in his reply on Blocktime around 22nd of April, but that was tied up with AuthColumnDef with AuthBy SQL. I cant see any proxy radius configs in the archive that are relevant. Correct. I was discussing an AuthBy SQL specifically. If you are proxying to a remote radius server, and that radius server sends back a Session-Timeout reply attribute, then there is nothing that you have to do on your end. But perhaps I don't understand the problem? regards Hugh -- NB: I am travelling this week, so there may be delays in our correspondence. Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Oracle SQL timeout causing crash
Hello, We are using v2.18.1 on Linux x86. Whenever there is a SQL timeout, the Radiator process just exits. Thu Jun 28 08:57:40 2001: ERR: Execute failed for 'select ...': SQL Timeout It then exits with error code 0. We have the restart_wrapper in place which restarts it, but is there a reason why it would die? I have not placed it in a higher trace level yet because it is in production, getting a large # of requests (about 20-40/sec), and this happens rarely. Though if needed I can do this. Thanks for any help. Viraj. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Session Database
I've got this directive in my Realm DEFAULT. However, when an user
logs onto the system, and is authenticated by Radiator, it fails to put
an entry into the session table. What am I doing wrong? Radiator-2.18.2
with RH-7.0 and mySql-3.23.38.
SessionDatabase SQL
## Set the database Identifier
Identifier SDB1
## Set the database source
DBSource dbi:mysql:**
DBUsername**
DBAuth**
AddQuery insert into RADONLINE (USERNAME, \
NASIDENTIFIER, NASPORT, \
ACCTSESSIONID, TIME_STAMP, FRAMEDADDRESS, PORTTYPE, \
SERVICETYPE) values ('%n','%N',%{NAS-Port}, \
'%{Acct-Session-Id}', %{Timestamp}, \
'%{Framed-Address}','%{Port-Type}','%{Service-Type}')
DeleteQuery delete from RADONLINE where USERNAME='%n' and \
NASIDENTIFIER='%N' and NASPORT=%{NAS-Port}
ClearNasQuery delete from RADONLINE where NASIDENTIFIER=%N'
CountQuery select NASIDENTIFIER,NASPORT,ACCTSESSIONID from \
RADONLINE where USERNAME='%n'
/SessionDatabase
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Session Database
Hello Kyle -
I will also need to see a copy of the configuration file (no secrets).
thanks
Hugh
At 11:56 AM -0400 6/28/01, Kitabjian, Dave wrote:
Hey.
1) Have you tested INSERTing to your DB from the command line to make sure
it's working? Perhaps from a Perl command line?
2) Put Trace 4 in your config file, restart Radiator, try again, and then
let us know what shows up in your logfile. I'd like to know if it's even
TRYING to do the INSERT...
Dave
-Original Message-
From: Kyle [mailto:[EMAIL PROTECTED]]
Sent: Thursday, June 28, 2001 5:51 AM
To: [EMAIL PROTECTED]
Subject: (RADIATOR) Session Database
I've got this directive in my Realm DEFAULT. However, when
an user logs onto the system, and is authenticated by
Radiator, it fails to put an entry into the session table.
What am I doing wrong? Radiator-2.18.2 with RH-7.0 and mySql-3.23.38.
SessionDatabase SQL
## Set the database Identifier
Identifier SDB1
## Set the database source
DBSource dbi:mysql:**
DBUsername**
DBAuth**
AddQuery insert into RADONLINE (USERNAME, \
NASIDENTIFIER, NASPORT, \
ACCTSESSIONID, TIME_STAMP, FRAMEDADDRESS, PORTTYPE, \
SERVICETYPE) values ('%n','%N',%{NAS-Port}, \
'%{Acct-Session-Id}', %{Timestamp}, \
'%{Framed-Address}','%{Port-Type}','%{Service-Type}')
DeleteQuery delete from RADONLINE where USERNAME='%n' and \
NASIDENTIFIER='%N' and NASPORT=%{NAS-Port}
ClearNasQuery delete from RADONLINE where NASIDENTIFIER=%N'
CountQuery select NASIDENTIFIER,NASPORT,ACCTSESSIONID from \
RADONLINE where USERNAME='%n'
/SessionDatabase
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
--
NB: I am travelling this week, so there may be delays in our correspondence.
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
(RADIATOR) Working with Cisco IVR
Title: Message
Hmm. I
don't think there was anything too complicated about setting up the Gateway to
do the IVR part. But I didn't do that part :) I handled the Radius part. That
was a little tricky. For the IVR script that we chose on the Gateway, it works
like this:
1.
Phone call comes in
2.
Before the IVR says ANYTHING, the IVR does PRE-authentication to RADIUS, using
User-Name = CallerId and Password = "".
3.
If that authentication passes, then the IVR asks for the destination number
and the call is placed. But if the authentication fails, the IVR asks for the
Account# and PIN, and then does the SECOND RADIUS authentication, using
User-Name = Account# and Password = PIN. Assuming the second
one passes, then the call is placed.
To
handle both cases, we put the following hook in the main Client
clause:
# Get the
decoded password from the input packet and add an
attribute # to the input packet if
it is blank. Set the decoded password
equal # to the user name
attribute. PreHandlerHook sub {if
(${$_[0]}-decodedPassword() eq '')
\
{${$_[0]}-add_attr('ANI-No-Pass', 'true');
\
${$_[0]}-{DecodedPassword}
=${$_[0]}-get_attr('User-Name');}}
and
then we use two Handlers for the two different cases:
#
Handler for BLANK password Handler ANI-No-Pass =
true
AuthBy
LDAP_AUTH_NO_PASSWORD
/Handler
#
Handler for "catch-all"Handler
AuthBy
LDAP_AUTH
/Handler
Then,
in LDAP_AUTH AuthBy we have:
UsernameAttr
uid
PasswordAttrpass
whereas in the LDAP_AUTH_NO_PASSWORD AuthBy we
use:
UsernameAttr uid
PasswordAttr uid
It
works quite nicely. If there's a smoother solution, I'd love to know of
it!
Dave
-Original Message-From: J. Esteban Saa
Barona. [mailto:[EMAIL PROTECTED]] Sent: Thursday, June 28, 2001
1:37 PMTo: [EMAIL PROTECTED]Subject: prepaid calling
cards with Cisco
Hi Dave,
I'm triying to do prepaid calling cards
using Cisco Gateways, we have many 1750 and I don't know how to make them do
Interactive Voice Responce and check input against a DB. Can you please point
me in the right direction ?
You may want to check my website I
developed I Call Detail Recorder for Cisco Gateways. Usefull for postpaid and
QOS Reports.
Thank you in advance,
Esteban
newagetelco.com
(RADIATOR) Vendor Specific Attributes
I'm getting errors regarding Attribute number # (vendor 5624) not in dictionary. Radiator is receiving packets from an Enterasys SSR8600. Do I need to get a hold of attributes for the SSR8600? Will this aid in receiving info on Accounting-Requests? I am rather new to radiator and have got Authentication working but I need to find out what commands users are making on the SSR8600. The SSR is set up to send every command issued to radiator. thanks Jason === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) md5 encryption
I'm having a problem with authenticating md5 encrypted passwords. Here is my config : AuthBy SQL # Adjust DBSource, DBUsername, DBAuth to suit your DB DBSourcedbi:Pg:dbname=radiusdb DBUsername postgres DBAuth password RejectEmptyPassword AuthSelect select ENCRYPTEDPASSWORD,CHECKATTR,REPLYATTR from SUBSCRIBERS where USERNAME='%U' AuthColumnDef 0, User-Password, check /AuthBy I'm getting the following message - Access rejected for user: Bad Password ENCRYPTEDPASSWORD is $1$md5 encrypted password I don't know what I am missing. Thanks Jason === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) md5 encryption
Hi, I had a similar problem, and then realized that the column I had defined in my db was a couple of bytes too short to hold the entire md5 password. Mickey At 06:08 29-06-01, Separovic, Jason wrote: -Start of Original Message- I'm having a problem with authenticating md5 encrypted passwords. Here is my config : AuthBy SQL # Adjust DBSource, DBUsername, DBAuth to suit your DB DBSourcedbi:Pg:dbname=radiusdb DBUsername postgres DBAuth password RejectEmptyPassword AuthSelect select ENCRYPTEDPASSWORD,CHECKATTR,REPLYATTR from SUBSCRIBERS where USERNAME='%U' AuthColumnDef 0, User-Password, check /AuthBy I'm getting the following message - Access rejected for user: Bad Password ENCRYPTEDPASSWORD is $1$md5 encrypted password I don't know what I am missing. -End of Original Message- === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
