Re: (RADIATOR) packet manipulation
Hello Yoga - On Friday 24 August 2001 16:21, Yoga Nandiwardhana wrote: > hi all > how can i manipulate the timeleft on a sent/received packet? i figured i > would have to add a PreClientHook and another hook when i'm sending the > packet, but which one (PostAuth/Post/PreProcessing?). And what is the > format of the packet sent by radiator? if im trying to manipulate the > packet at least i need to know how it looks.. > thanks all > The answer to your question depends on exactly what you are trying to do. If you give me a bit more detail I will try to help. Note that there are some example hooks in the Radiator distribution in the file "goodies/hooks.txt". When a radius packet is being manipulated inside Radiator it is stored in decoded form in a memory structure that is referenced by a pointer - "$p" is the request packet and "$rp" is the reply packet. These are the parameters that are refered to pretty much everywhere in the source code. You can then use the normal Radiator routines to manipulate the packets (see the module Radius/AttrVal.pm). Again - the example hooks illustrate most of what you need. If you really want to know what is going on inside Radiator, I urge you to read the source code - its the best way to learn! regards Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) packet manipulation
hi all how can i manipulate the timeleft on a sent/received packet? i figured i would have to add a PreClientHook and another hook when i'm sending the packet, but which one (PostAuth/Post/PreProcessing?). And what is the format of the packet sent by radiator? if im trying to manipulate the packet at least i need to know how it looks.. thanks all yoga === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) restartWrapper crashing
Hello Jamie - What does the mail message contain? It should give you the error status plus any error messages from Perl. You can always try running restartWrapper from the command line manually and see what messages you get that way. hth Hugh On Friday 24 August 2001 05:33, Jamie Orzechowski wrote: > Hello .. I am having a strange problem with restartWrapper ... for no > reason the process will terminate > > I call restartWrapper with > > /usr/local/bin/restartWrapper -delay 2 -mail [EMAIL PROTECTED] > "/usr/bin/radiusd -foreground" & > > A "ps ax" shows the following ... > > 26946 pts/1S 0:00 /usr/bin/perl /usr/local/bin/restartWrapper > -mail [EMAIL PROTECTED] "/usr/bin/radiusd -foreground" & > 26968 pts/1S 0:00 sh -c /usr/bin/radiusd -foreground 2>&1 > 1>/dev/null > 26969 pts/1S 0:01 /usr/bin/sybaseperl /usr/bin/radiusd -foreground > > when for no reason restartWrapper will stop leaving the radius process > running ... > > 26969 pts/1S 0:01 /usr/bin/sybaseperl /usr/bin/radiusd -foreground > > any ideas why it would be exiting? > > === > Archive at http://www.open.com.au/archives/radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Windows NT password has troubles
Hello John - Have you checked the shared secrets between the NAS and Radiator? And what user are you running Radiator as? Does that user have administrator priveledges to be able to access the domain controller? regards Hugh On Friday 24 August 2001 01:43, John Edward Kekhan Nino wrote: > Hello > > I have another trouble using radiator in windows NT, when I use the > password the log shows the message, > > Access rejected for e0999626: NT AuthenticateUser failed: Logon failure: > unknown user name or bad password. > > but if I use the parameter NoCheckPassword in AuthBy NT, the user is > success and the Access is granted > > Here is my radisu.cfg file > > # Radiator configuration file. > > AcctPort 1646 > AuthPort 1645 > DbDir E:\Radiator-2.18.2\radius > DictionaryFile %D\dictionary\dictionary > FingerProg C:\WINNT\system32\finger.exe > > LogDir E:\Radiator-2.18.2\log > LogFile %L\logradius.log > PidFile %L\radiusd.pid > Trace 4 > > > DupInterval 0 > Secret mysecret > > > > Description totalcontrol > DupInterval 2 > NasType TotalControl > Secret xx > > > > > > AuthByPolicy ContinueWhileReject > > > DefaultSimultaneousUse 2 > Description domain WinNT > Domain domain1 > DomainController \\domaincontroller1 > Identifier ECP1 > > > > DefaultSimultaneousUse 2 > Description Domain Trans > Domain domain2 > DomainController \\domaincontroller2 > Identifier ECP2 > > > > Description testing > Filename %D\users > > > > Description RASECP > RejectHasReason > SessionDatabase > > > > Community public > Port 161 > > > the users file > > DEFAULT Auth-Type = ECP1, Service-Type = Framed-User > Framed-Protocol = PPP, > Fall-Through = yes > > DEFAULT Auth-Type = ECP2, Service-Type = Framed-User > Framed-Protocol = PPP > Fall-Through = yes > > # I left this user to probe configuration > > fred User-Password = "fred",Service-Type = Framed-User > Framed-Protocol = PPP, > Framed-IP-Netmask = 255.255.255.255, > Framed-Routing = None, > Framed-MTU = 1500, > Framed-Compression = Van-Jacobson-TCP-IP > > and the log from radius server > > Wed Aug 22 17:55:34 2001: INFO: Server started: Radiator 2.18.2 on radecp > Wed Aug 22 17:58:34 2001: DEBUG: Packet dump: > *** Received from 127.0.0.1 port 1244 > Code: Access-Request > Identifier: 19 > Authentic: 1234567890123456 > Attributes: > User-Name = "e0999626" > Service-Type = Framed-User > NAS-IP-Address = 203.63.154.1 > NAS-Port = 1234 > Called-Station-Id = "123456789" > Calling-Station-Id = "987654321" > NAS-Port-Type = Async > User-Password = > "<145><238>*<201><194>9t<155><139><8><9><160><216>}x<153>" > > Wed Aug 22 17:58:34 2001: DEBUG: Handling request with Handler > 'Realm=DEFAULT' > Wed Aug 22 17:58:34 2001: DEBUG: Deleting session for e0999626, > 203.63.154.1, 1234 > Wed Aug 22 17:58:34 2001: DEBUG: Handling with NT > Wed Aug 22 17:58:38 2001: INFO: Access rejected for e0999626: NT > AuthenticateUser failed: Logon failure: unknown user name or bad password. > > > > Wed Aug 22 17:58:38 2001: DEBUG: Packet dump: > *** Sending to 127.0.0.1 port 1244 > Code: Access-Reject > Identifier: 19 > Authentic: 1234567890123456 > Attributes: > Reply-Message = "NT AuthenticateUser failed: Logon failure: unknown > user name or bad password.<13><10>" > > Wed Aug 22 17:58:38 2001: DEBUG: Packet dump: > *** Received from 127.0.0.1 port 1244 > Code: Accounting-Request > Identifier: 20 > Authentic: <217>xq<238><146><187>/$,E<251>:<145><136><176><9> > Attributes: > User-Name = "e0999626" > Service-Type = Framed-User > NAS-IP-Address = 203.63.154.1 > NAS-Port = 1234 > NAS-Port-Type = Async > Acct-Session-Id = "1234" > Acct-Status-Type = Start > Called-Station-Id = "123456789" > Calling-Station-Id = "987654321" > > Wed Aug 22 17:58:38 2001: DEBUG: Handling request with Handler > 'Realm=DEFAULT' > Wed Aug 22 17:58:38 2001: DEBUG: Adding session for e0999626, > 203.63.154.1, 1234 > Wed Aug 22 17:58:38 2001: DEBUG: Handling with NT > Wed Aug 22 17:58:38 2001: DEBUG: Accounting accepted > Wed Aug 22 17:58:38 2001: DEBUG: Packet dump: > *** Sending to 127.0.0.1 port 1244 > Code: Accounting-Response > Identifier: 20 > Authentic: <217>xq<238><146><187>/$,E<251>:<145><136><176><9> > Attributes: > > Wed Aug 22 17:58:38 2001: DEBUG: Packet dump: > *** Received from 127.0.0.1 port 1244 > Code: Accounting-Request > Identifier: 21 > Authentic: >A<178><186>e<179>U<221>LQ<160>_<26>Q<199><127> > Attributes: > User-Name = "e0999626" > Service-Type = Framed-User > NAS-IP-Address = 203.63.154.1 >
Re: (RADIATOR)
Hello Harrison - Having more than one Radiator host will not cause a problem. Note the ReclaimQuery that is run: > Wed Aug 22 19:22:14 2001: DEBUG: do query is: update RADPOOL set STATE=0 > where state!=0 and EXPIRY < 998479334 This will only reclaim leases that have expired, as configured by the DefaultLeasePeriod. This is the correct behaviour. In any case, you can disable the query in the configuration file by specifying an empty string. Ie: ReclaimQuery hth Hugh On Thursday 23 August 2001 20:12, Harrison Ng wrote: > > Hello, > > Is there any way to disable ReclaimQuery during radiator startup. > Using on one radius server with one database should > be fine. > But not in environment. Here is our machine > configuration. > > 1. One Ericsson GSN with 2 radius clients. It send access request, a/c > start, a/c stop to radius proxy using . > 2. The proxy will forward those request to two radius server for enhancing > performance. > 3. The two radius server use to reply ip address to > client. They share a RADPOOL reside in mysql db. > > Serious problem arises when either one radius server restart, it will reset > all ip address STATE to zero. Pls see debug message. > Even though some ip address is already allocated by another health radius > server. > Is anyone have different implementation method. > Can anyone give me some hint. > Pls find attached radius.cfg for your reference. > > > Harrison > SmarTone BroadBand Services Limited > > > > Wed Aug 22 19:22:11 2001: DEBUG: Reading users file > /usr/local/etc/raddb/users.accept > Wed Aug 22 19:22:11 2001: DEBUG: Reading users file > /usr/local/etc/raddb/users.reject > Wed Aug 22 19:22:11 2001: DEBUG: Checking address 202.140.74.2 > Wed Aug 22 19:22:11 2001: DEBUG: Query is: select STATE from RADPOOL where > YIADDR='202.140.74.2' > > > > Wed Aug 22 19:22:14 2001: DEBUG: Reclaiming expired leases > Wed Aug 22 19:22:14 2001: DEBUG: do query is: update RADPOOL set STATE=0 > where state!=0 and EXPIRY < 998479334 > > Wed Aug 22 19:22:14 2001: INFO: Server started: Radiator 2.18.2 on grad1 > Wed Aug 22 19:22:14 2001: DEBUG: Packet dump: > *** Received from 10.25.157.17 port 1033 > Code: Access-Request > > > > > > <> > > <> Content-Type: text/html; charset="iso-8859-1"; name="Attachment: 1" Content-Transfer-Encoding: quoted-printable Content-Description: Content-Type: text/plain; charset="iso-8859-1"; name="radius.proxy.txt" Content-Transfer-Encoding: 7bit Content-Description: Content-Type: text/plain; charset="iso-8859-1"; name="radius.server.txt" Content-Transfer-Encoding: quoted-printable Content-Description: -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Ericsson GSN for GPRS
-- Forwarded Message -- Subject: BOUNCE [EMAIL PROTECTED]:Non-member submission from ["Ingvar Berg (ERA)" <[EMAIL PROTECTED]>] Date: Wed, 22 Aug 2001 23:44:58 -0500 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] >From [EMAIL PROTECTED] Wed Aug 22 23:44:58 2001 Received: from albatross-ext.wise.edt.ericsson.se (albatross-ext.wise.edt.ericsson.se [194.237.142.116]) by server1.open.com.au (8.11.0/8.11.0) with ESMTP id f7N4iv310134 for <[EMAIL PROTECTED]>; Wed, 22 Aug 2001 23:44:57 -0500 Received: from esealnt462.al.sw.ericsson.se (ESEALNT462.al.sw.ericsson.se [153.88.251.62]) by albatross.wise.edt.ericsson.se (8.11.0/8.11.0/WIREfire-1.3) with SMTP id f7N6XlK25909 for <[EMAIL PROTECTED]>; Thu, 23 Aug 2001 08:33:52 +0200 (MEST) Received: FROM esealnt400.al.sw.ericsson.se BY esealnt462.al.sw.ericsson.se ; Thu Aug 23 08:33:46 2001 +0200 Received: by esealnt400 with Internet Mail Service (5.5.2653.19) id ; Thu, 23 Aug 2001 08:33:46 +0200 Message-ID: <8DE93563AC71D311B30400508B5D5D8B017D25A5@ESELINT201> From: "Ingvar Berg (ERA)" <[EMAIL PROTECTED]> To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>, "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]> Subject: RE: (RADIATOR) Ericsson GSN for GPRS Date: Thu, 23 Aug 2001 08:33:44 +0200 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by server1.open.com.au id f7N4iw310135 Hello Harrison, I have a GGSN parameter list from a lab setup we did early this year: APN : ucb.gsn.lkp Number of Configured APNs : 3 First Supported IP Segment : 172.44.220.0 GGSN IP Address : 172.44.220.254 // Not so brilliant choice... Last Supported IP Segment : 172.44.220.0 // More segments in reality Netmask : 255.255.255.0// - " - Authenticate MS Using RADIUS : true // Yes Send MSISDN in Access Req. : true// Yes Send MSISDN in Accounting Req. : true // Yes Primary RADIUS Server Address : 192.168.240.12 Primary Query Time-out [ms] : 3 Primary Query Retries : 10 Primary Encryption Key : thesharedsecret Origin of MS IP Address : RADIUS // Yes Allow Select from SGSN : false Allow Select from Subscription : true Allow Select from User : true Enable Ingress Filter : false Routing Method : IP The RADIUS client in the GGSN has a couple of annoying problems, at least the version we did the work on: - It doesn't include the Framed-IP-Address in accounting stop - It has a binary value for session ID (4 bytes GGSN IP address + 4 bytes Framed-IP-Address) The first one is a serious one, that has to be handled, or your address allocator will run dry. Hugh's suggestion was to use the Class attribute to put a copy of the allocated IP address when you send the access accept (AddToReply...). Then when the acct stop comes, you pick the IP address from the Class attribute if Framed-IP-Address is missing. Sample code: # Handle Accounting-Requests. # Make sure there is a Framed-IP-Address in the request # (from the contents of the Class attribute). elsif ($code eq 'Accounting-Request') { my $address = $p->get_attr('Framed-IP-Address'); if (!defined $address) { # Get the IP address from the Class attribute $address = $p->get_attr('Class'); $p->add_attr('Framed-IP-Address', $address) if (defined $address); } # Print a debug line &main::log($main::LOG_DEBUG, "Framed-IP-Address = $address"); } That's about all I can come to think of right away, pls feel free to come back to me if more questions pop up. Ingvar Berg Software System Engineer Ericsson Radio Systems AB Center for Wireless Internet Integration P.O. Box 1885, Teknikringen 8, SE-581 17 Linköping, Sweden Phone/Mobile: +46 13 322287, Fax +46 13 322025 E-mail: [EMAIL PROTECTED] -Original Message- From: Harrison Ng [mailto:[EMAIL PROTECTED]] Sent: den 23 augusti 2001 03:26 To: '[EMAIL PROTECTED]' Subject: (RADIATOR) Ericsson GSN for GPRS Hello, Is there anyone who can share their experience in using Ericsson GSN with Radiator. Could you tell your GSN version, Radiator version, how to distribute IP address (thru GSN or Radiator). Maybe more! Your help is highly appreciated and perhaps we can share our experience with you too. Harrison SmarTone BroadBand Services Limited --- === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) restartWrapper crashing
Hello .. I am having a strange problem with restartWrapper ... for no reason the process will terminate I call restartWrapper with /usr/local/bin/restartWrapper -delay 2 -mail [EMAIL PROTECTED] "/usr/bin/radiusd -foreground" & A "ps ax" shows the following ... 26946 pts/1S 0:00 /usr/bin/perl /usr/local/bin/restartWrapper -mail [EMAIL PROTECTED] "/usr/bin/radiusd -foreground" & 26968 pts/1S 0:00 sh -c /usr/bin/radiusd -foreground 2>&1 1>/dev/null 26969 pts/1S 0:01 /usr/bin/sybaseperl /usr/bin/radiusd -foreground when for no reason restartWrapper will stop leaving the radius process running ... 26969 pts/1S 0:01 /usr/bin/sybaseperl /usr/bin/radiusd -foreground any ideas why it would be exiting? === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) forget last question.
Hugh, I figured out how to use AuthLog better. Sorry for the additional post. Griff Hamlin, III === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) logging client IP.
Hello, I want to have a PreClientHook that logs the client ip address (%c). How can I get the %c character to translate into my code? PreClientHook sub { &main::log($main::LOG_INFO, "Client IP is %c"); } Thanks. Griff Hamlin, III === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Windows NT password has troubles
Hello I have another trouble using radiator in windows NT, when I use the password the log shows the message, Access rejected for e0999626: NT AuthenticateUser failed: Logon failure: unknown user name or bad password. but if I use the parameter NoCheckPassword in AuthBy NT, the user is success and the Access is granted Here is my radisu.cfg file # Radiator configuration file. AcctPort 1646 AuthPort 1645 DbDir E:\Radiator-2.18.2\radius DictionaryFile %D\dictionary\dictionary FingerProg C:\WINNT\system32\finger.exe LogDir E:\Radiator-2.18.2\log LogFile %L\logradius.log PidFile %L\radiusd.pid Trace 4 DupInterval 0 Secret mysecret Description totalcontrol DupInterval 2 NasType TotalControl Secret xx AuthByPolicy ContinueWhileReject DefaultSimultaneousUse 2 Description domain WinNT Domain domain1 DomainController \\domaincontroller1 Identifier ECP1 DefaultSimultaneousUse 2 Description Domain Trans Domain domain2 DomainController \\domaincontroller2 Identifier ECP2 Description testing Filename %D\users Description RASECP RejectHasReason SessionDatabase Community public Port 161 the users file DEFAULT Auth-Type = ECP1, Service-Type = Framed-User Framed-Protocol = PPP, Fall-Through = yes DEFAULT Auth-Type = ECP2, Service-Type = Framed-User Framed-Protocol = PPP Fall-Through = yes # I left this user to probe configuration fredUser-Password = "fred",Service-Type = Framed-User Framed-Protocol = PPP, Framed-IP-Netmask = 255.255.255.255, Framed-Routing = None, Framed-MTU = 1500, Framed-Compression = Van-Jacobson-TCP-IP and the log from radius server Wed Aug 22 17:55:34 2001: INFO: Server started: Radiator 2.18.2 on radecp Wed Aug 22 17:58:34 2001: DEBUG: Packet dump: *** Received from 127.0.0.1 port 1244 Code: Access-Request Identifier: 19 Authentic: 1234567890123456 Attributes: User-Name = "e0999626" Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 Called-Station-Id = "123456789" Calling-Station-Id = "987654321" NAS-Port-Type = Async User-Password = "<145><238>*<201><194>9t<155><139><8><9><160><216>}x<153>" Wed Aug 22 17:58:34 2001: DEBUG: Handling request with Handler 'Realm=DEFAULT' Wed Aug 22 17:58:34 2001: DEBUG: Deleting session for e0999626, 203.63.154.1, 1234 Wed Aug 22 17:58:34 2001: DEBUG: Handling with NT Wed Aug 22 17:58:38 2001: INFO: Access rejected for e0999626: NT AuthenticateUser failed: Logon failure: unknown user name or bad password. Wed Aug 22 17:58:38 2001: DEBUG: Packet dump: *** Sending to 127.0.0.1 port 1244 Code: Access-Reject Identifier: 19 Authentic: 1234567890123456 Attributes: Reply-Message = "NT AuthenticateUser failed: Logon failure: unknown user name or bad password.<13><10>" Wed Aug 22 17:58:38 2001: DEBUG: Packet dump: *** Received from 127.0.0.1 port 1244 Code: Accounting-Request Identifier: 20 Authentic: <217>xq<238><146><187>/$,E<251>:<145><136><176><9> Attributes: User-Name = "e0999626" Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 NAS-Port-Type = Async Acct-Session-Id = "1234" Acct-Status-Type = Start Called-Station-Id = "123456789" Calling-Station-Id = "987654321" Wed Aug 22 17:58:38 2001: DEBUG: Handling request with Handler 'Realm=DEFAULT' Wed Aug 22 17:58:38 2001: DEBUG: Adding session for e0999626, 203.63.154.1, 1234 Wed Aug 22 17:58:38 2001: DEBUG: Handling with NT Wed Aug 22 17:58:38 2001: DEBUG: Accounting accepted Wed Aug 22 17:58:38 2001: DEBUG: Packet dump: *** Sending to 127.0.0.1 port 1244 Code: Accounting-Response Identifier: 20 Authentic: <217>xq<238><146><187>/$,E<251>:<145><136><176><9> Attributes: Wed Aug 22 17:58:38 2001: DEBUG: Packet dump: *** Received from 127.0.0.1 port 1244 Code: Accounting-Request Identifier: 21 Authentic: >A<178><186>e<179>U<221>LQ<160>_<26>Q<199><127> Attributes: User-Name = "e0999626" Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 NAS-Port-Type = Async Acct-Session-Id = "1234" Acct-Status-Type = Stop Called-Station-Id = "123456789" Calling-Station-Id = "987654321" Acct-Delay-Time = 0 Acct-Session-Time = 1000 Acct-Input-Octets = 2 Acct-Output-Octets = 3 Wed Aug 22 17:58:38 2001: DEBUG: Handling request with Handler 'Realm=DEFAULT' Wed Aug 22 17:58:38 2001: DEBUG: Deleting session for e0999626, 203.63.154.1, 1234 Wed Aug 22 17:58:38 2001: DEBUG: Handli
(RADIATOR)
Title: Hello, Is there any way to disable ReclaimQuery during radiator startup. Using on one radius server with one database should be fine. But not in environment. Here is our machine configuration. 1. One Ericsson GSN with 2 radius clients. It send access request, a/c start, a/c stop to radius proxy using . 2. The proxy will forward those request to two radius server for enhancing performance. 3. The two radius server use to reply ip address to client. They share a RADPOOL reside in mysql db. Serious problem arises when either one radius server restart, it will reset all ip address STATE to zero. Pls see debug message. Even though some ip address is already allocated by another health radius server. Is anyone have different implementation method. Can anyone give me some hint. Pls find attached radius.cfg for your reference. Harrison SmarTone BroadBand Services Limited Wed Aug 22 19:22:11 2001: DEBUG: Reading users file /usr/local/etc/raddb/users.accept Wed Aug 22 19:22:11 2001: DEBUG: Reading users file /usr/local/etc/raddb/users.reject Wed Aug 22 19:22:11 2001: DEBUG: Checking address 202.140.74.2 Wed Aug 22 19:22:11 2001: DEBUG: Query is: select STATE from RADPOOL where YIADDR='202.140.74.2' ... ... Wed Aug 22 19:22:14 2001: DEBUG: Reclaiming expired leases Wed Aug 22 19:22:14 2001: DEBUG: do query is: update RADPOOL set STATE=0 where state!=0 and EXPIRY < 998479334 Wed Aug 22 19:22:14 2001: INFO: Server started: Radiator 2.18.2 on grad1 Wed Aug 22 19:22:14 2001: DEBUG: Packet dump: *** Received from 10.25.157.17 port 1033 Code: Access-Request ... ... <> <> ## Global Parameters ## Trace 4 AuthPort1812 AcctPort1813 LogDir /var/log/radius DbDir /usr/local/etc/raddb LogFile %L/grad3.logfile.%Y%m%d DictionaryFile %D/dictionary PidFile %L/radiusd.pid ### ## NAS Client # Secret xxx Secret xxx Secret mysecret DupInterval 0 ### ## Log SQL Identifier logsql DBSource dbi:mysql:radius:10.25.157.33 DBUsername xxx DBAuth xxx Table RADLOG Trace 3 LogQuery insert into RADLOG (TIME_STAMP,PRIORITY,MESSAGE,HOST) values (%t,%0,%2,'%h') ### ## AuthBy Module ## Identifier defaultaccept Filename %D/users.accept Identifier defaultreject Filename %D/users.reject Identifier roundrobin Secret xxx AuthPort 1812 AcctPort 1813 Secret xxx AuthPort 1812 AcctPort 1813 ### ## Handler Module # RejectHasReason RewriteUsername s/^([^@]+).*/$1/ #SessionDatabase simultaneous AuthBy roundrobin AcctLogFileName %L/%c/grad3.%c.detail.%Y%m%d PasswordLogFileName %L/grad3.password.%Y%m%d RejectHasReason RewriteUsername s/^([^@]+).*/$1/ #SessionDatabase simultaneous AuthBy roundrobin AcctLogFileName %L/%c/grad3.%c.detail.%Y%m%d PasswordLogFileName %L/grad3.password.%Y%m%d RejectHasReason RewriteUsername s/^([^@]+).*/$1/ AuthBy defaultaccept AcctLogFileName %L/%c/grad3.%c.detail.%Y%m%d PasswordLogFileName %L/grad3.password.%Y%m%d ### ## Global Parameters ## Trace 4 AuthPort1812 AcctPort1813 LogDir /var/log/radius DbDir /usr/local/etc/raddb LogFile %L/grad1.logfile.%Y%m%d DictionaryFile %D/dictionary PidFile %L/radiusd.pid ### ## NAS Client # Secret xxx Secret mysecret DupInterval 0 ### ## Log SQL Identifier logsql DBSource dbi:mysql:radius:10.25.157.33 DBUsername xxx DBAuth xxx Table RADLOG Trace 3 LogQuery insert into RADLOG (TIME_STAMP,PRIORITY,MESSAGE,HOST) values (%t,%0,%2,'%h') ### ## Simultaneous-use Limit Checking Identifier simultaneous DBSource dbi:mysql:radius:10.25.157.33 DBUsername xxx DBAuth xxx AddQuery insert into RADONLINE (USERNAME,CALLINGSTATIONID,NASIDENTIFIER,NASPORT,ACCTSESSIONID,\ TIME_STAMP,FRAMEDIPADDRESS) \ values ('%u','%{Calling-Station-Id}','%N',%{NAS-Port},'%{Acct-Session-Id}',\ %{Timestamp},'%{Framed-IP-
RE: (RADIATOR) Ericsson GSN for GPRS
Title: RE: (RADIATOR) Ericsson GSN for GPRS Ingvar, Hello my friend! I would like to hear your opinion. 1. We've 3 APN for different kind of service. Each APN should has its ip address range for handsets. What we are doing now is using radiator with different POOLHINT to allocate ip address. Which one is better in allocating ip address, from APN internally or radiator server. 2. Your words: 'It has a binary value for session ID (4 bytes GGSN IP address + 4 bytes Framed-IP-Address)' Our session ID is very urgly. It concat six zero and attribute to be session ID. See below sample. I think it should be a integer, hex, or some number. Do you know any workaround. *** Received from 10.25.155.1 port 3645 Code: Accounting-Request Identifier: 95 Authentic: ?I<144><143><227>'<243><139>I<191><203><160><132>N<12>b Attributes: User-Name = "rad_user" Class = "SI=Testing" Acct-Session-Id = ""00Testing"" NAS-IP-Address = 10.25.155.1 Acct-Status-Type = Stop NAS-Port = 1 Acct-Authentic = RADIUS NAS-Identifier = "rad" Framed-Protocol = PPP Calling-Station-Id = "85298699517" Framed-IP-Address = 10.25.155.3 3. Are you still working on GSN product. Do you know any GSN resource, specification, books, pdf, or anything on Ericsson website, so we can make use of it. Thanks :-) Harrison -Original Message- From: Harrison Ng Sent: Thursday, August 23, 2001 5:32 PM To: 'Ingvar Berg (ERA)' Subject: RE: (RADIATOR) Ericsson GSN for GPRS Ingvar, Hello my friend! I would like to hear your opinion. 1. We've 3 APN for different kind of service. Each APN should has its ip address range for handsets. What we are doing now is using radiator with different POOLHINT to allocate ip address. Which one is better in allocating ip address, from APN internally or radiator server. 2. Your words: 'It has a binary value for session ID (4 bytes GGSN IP address + 4 bytes Framed-IP-Address)' Our session ID is very urgly. It concat six zero and attribute to be session ID. See below sample. I think it should be a integer, hex, or some number. Do you know any workaround. *** Received from 10.25.155.1 port 3645 Code: Accounting-Request Identifier: 95 Authentic: ?I<144><143><227>'<243><139>I<191><203><160><132>N<12>b Attributes: User-Name = "rad_user" Class = "SI=Testing" Acct-Session-Id = ""00Testing"" NAS-IP-Address = 10.25.155.1 Acct-Status-Type = Stop NAS-Port = 1 Acct-Authentic = RADIUS NAS-Identifier = "rad" Framed-Protocol = PPP Calling-Station-Id = "85298699517" Framed-IP-Address = 10.25.155.3 3. Are you still working on GSN product. Do you know any GSN resource, specification, books, pdf, or anything on Ericsson website, so we can make use of it. Thanks :-) Harrison -Original Message- From: Ingvar Berg (ERA) [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 23, 2001 2:34 PM To: '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]' Subject: RE: (RADIATOR) Ericsson GSN for GPRS Hello Harrison, I have a GGSN parameter list from a lab setup we did early this year: APN : ucb.gsn.lkp Number of Configured APNs : 3 First Supported IP Segment : 172.44.220.0 GGSN IP Address : 172.44.220.254 // Not so brilliant choice... Last Supported IP Segment : 172.44.220.0 // More segments in reality Netmask : 255.255.255.0 // - " - Authenticate MS Using RADIUS : true // Yes Send MSISDN in Access Req. : true // Yes Send MSISDN in Accounting Req. : true // Yes Primary RADIUS Server Address : 192.168.240.12 Primary Query Time-out [ms] : 3 Primary Query Retries : 10 Primary Encryption Key : thesharedsecret Origin of MS IP Address : RADIUS // Yes Allow Select from SGSN : false Allow Select from Subscription : true Allow Select from User : true Enable Ingress Filter : false Routing Method : IP The RADIUS client in the GGSN has a couple of annoying problems, at least the version we did the work on: - It doesn't include the Framed-IP-Address in accounting stop - It has a binary value for session ID (4 bytes GGSN IP address + 4 bytes Framed-IP-Address) The first one is a serious one, that has to be handled, or your address allocator will run dry. Hugh's suggestion was to use the Class attribute to put a copy of the allocated IP address when you send the access accept (AddToReply...). Then when the acct stop comes, you pick the IP address from the Class attribute if Framed-IP-Address is missing. Sample code: # Handle Accounting-Requests. # Make sure there is a Framed-IP-Address in the request # (from the contents of the Class attribute). elsif ($code eq 'Accounting-Request') { my $address = $p->get_attr('Framed-IP-Address'); if (!defined $address) {