RE: (RADIATOR) AddressAllocatorSQL
Title: RE: (RADIATOR) AddressAllocatorSQL Hugh, Thanks for your hint :-) Harrison -Original Message- From: Hugh Irvine [mailto:[EMAIL PROTECTED]] Sent: Friday, August 24, 2001 8:18 AM To: Harrison Ng; '[EMAIL PROTECTED]' Subject: Re: (RADIATOR) AddressAllocatorSQL Hello Harrison - Having more than one Radiator host will not cause a problem. Note the ReclaimQuery that is run: Wed Aug 22 19:22:14 2001: DEBUG: do query is: update RADPOOL set STATE=0 where state!=0 and EXPIRY 998479334 This will only reclaim leases that have expired, as configured by the DefaultLeasePeriod. This is the correct behaviour. In any case, you can disable the query in the configuration file by specifying an empty string. Ie: ReclaimQuery hth Hugh On Thursday 23 August 2001 20:12, Harrison Ng wrote: Hello, Is there any way to disable ReclaimQuery during radiator startup. Using AddressAllocatorSQL on one radius server with one database should be fine. But not in AuthBy ROUNDROBIN environment. Here is our machine configuration. 1. One Ericsson GSN with 2 radius clients. It send access request, a/c start, a/c stop to radius proxy using AuthBy ROUNDROBIN. 2. The proxy will forward those request to two radius server for enhancing performance. 3. The two radius server use AddressAllocatorSQL to reply ip address to client. They share a RADPOOL reside in mysql db. Serious problem arises when either one radius server restart, it will reset all ip address STATE to zero. Pls see debug message. Even though some ip address is already allocated by another health radius server. Is anyone have different implementation method. Can anyone give me some hint. Pls find attached radius.cfg for your reference. Harrison SmarTone BroadBand Services Limited Wed Aug 22 19:22:11 2001: DEBUG: Reading users file /usr/local/etc/raddb/users.accept Wed Aug 22 19:22:11 2001: DEBUG: Reading users file /usr/local/etc/raddb/users.reject Wed Aug 22 19:22:11 2001: DEBUG: Checking address 202.140.74.2 Wed Aug 22 19:22:11 2001: DEBUG: Query is: select STATE from RADPOOL where YIADDR='202.140.74.2' Wed Aug 22 19:22:14 2001: DEBUG: Reclaiming expired leases Wed Aug 22 19:22:14 2001: DEBUG: do query is: update RADPOOL set STATE=0 where state!=0 and EXPIRY 998479334 Wed Aug 22 19:22:14 2001: INFO: Server started: Radiator 2.18.2 on grad1 Wed Aug 22 19:22:14 2001: DEBUG: Packet dump: *** Received from 10.25.157.17 port 1033 Code: Access-Request radius.proxy.txt radius.server.txt Content-Type: text/html; charset=iso-8859-1; name=Attachment: 1 Content-Transfer-Encoding: quoted-printable Content-Description: Content-Type: text/plain; charset=iso-8859-1; name=radius.proxy.txt Content-Transfer-Encoding: 7bit Content-Description: Content-Type: text/plain; charset=iso-8859-1; name=radius.server.txt Content-Transfer-Encoding: quoted-printable Content-Description: -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence.
(RADIATOR) NAS-Identifier value
Hi,
for what I understand of the standard (RFC2865 section 5.32) the NAS-
Identifier attribute is an arbitrary string used to identify the NAS.
However, when I put a simple string in a ClientListSQL it complains that it
can´t resolve an address for it.
I had something like this:
==
ClientListSQL
# Client (NAS) info is in the database
include %{GlobalVar:ConfigDir}/DBUseData.cfg
GetClientQuery SELECT \
NAS_IDENTIFIER, NAS_SECRET, \
NAS_IGNOREACCTSIGNATURE, NAS_DUPINTERVAL, \
NAS_DEFAULTREALM, NAS_TYPE, NAS_SNMPCOMMUNITY, \
NAS_LIVINGSTONOFFS, NAS_LIVINGSTONHOLE, \
NAS_FRAMEDGROUPBASEADDRESS, NAS_FRAMEDGROUPMAXPORTSPERCLAS, \
NAS_REWRITEUSERNAME, NAS_NOIGNOREDUPLICATES, \
NAS_PREHANDLERHOOK \
FROM NAS
/ClientListSQL
==
The message in the log is:
==
Sat Aug 25 12:07:40 2001: ERR: Could not resolve an address for Client CPM1
Sat Aug 25 12:07:41 2001: INFO: Server started: Radiator 2.18.2 on radius1
==
However, in the database, NAS_IDENTIFIER is a common name (in fact, it's the
table's id field) and I have a NAS_IP_ADDRESS field.
Re-reading the manual, I see there is no place to hold the NAS-IP-Address...
should I use NAS_IP_ADDRESS as the first field in the query?
All the fields ar taken in order? that is, it works as if it had an implied
ClientColumnDef or something like that?
TIA.
--
Mariano Absatz
El Baby
--
Your e-mail has been returned due to insufficient voltage.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
(RADIATOR) MD5
Hello, I am having problems with the Digest:MD5. I cannot seem to compile it. The error I receive is: cc: language depend not recognized cc: MD5.c: linker input file unused because linking not done LD_RUN_PATH= cc -o blib/arch/auto/Digest/MD5/MD5.s0 -G MD5.0 cc: MD5.0: No such file or directory cc: No imput files ***Error code 1 TO let you know, I downloaded and installed gcc, and linked it to cc as I didnt have C compiler before. I would appreciate any help you could give me on this. Thank you very much!!! Amit Anand === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) preauthhook
How can i write a preauthhook to normalize the username to store in session database? I have more than 10 realms (or domains) for the same user and i want to limit maxsessions to 1, but i have in session database (for example) : username, nasidentifier pepe@domain1, 1.1.1.1 pepe@domain2, 1.1.1.2 Thanks CAS
(RADIATOR) Multiple Accounting Stop Records
We're having a problem with multiple accounting stop records. The stop records have exactly a 1 minute difference between them, .i.e, a stop record at 09:00:00 is followed by another stop record at 09:00:01. We starting seeing these multiple accounting stop records about a month ago. This coincides with some changes we made to our systems, namely, upgrading to RedHat 7.1, upgrading to Radiator 2.18.1, and switching to TotalControl (HiperArc) NASes. I need help determining why we're getting there multiple stop records. Everything was working fine with Radiator 2.16 and with the Ascend Maxes we were previously using. I found some messages in the archives about Acct-Delay-Time, but they're rather old and had to do with Radiator 2.14 and MAXes. The manual seems to indicate that the default value of Acct-Delay-Time is 0, but as you can see from the accounting log the second stop record has a value of 60 which is exactly the 1 minute difference between stop records that we're seeing. In this a Radiator problem or a Total Control problem or should I be looking elsewhere. Thanks in advance. William Hernández ESS/PR Webmasters San Juan, P.R. Tel: 787-723-5000 Fax: 787-722-6242 -From the dictionary file-- ATTRIBUTE Acct-Delay-Time 41 integer -From the Accounting detail file--- Wed Aug 15 08:59:29 2001 User-Name = pijuan NAS-IP-Address = 208.249.78.12 NAS-Identifier = 208.249.78.12 Acct-Status-Type = Stop Acct-Session-Id = 35455064 Acct-Delay-Time = 0 Acct-Authentic = RADIUS Service-Type = Framed-User NAS-Port-Type = Async NAS-Port = 549 USR-Modem-Training-Time = 17 USR-Interface-Index = 1805 Chassis-Call-Slot = 3 Chassis-Call-Span = 2 Chassis-Call-Channel = 37 Unauthenticated-Time = 4 Calling-Station-Id = Called-Station-Id = 6419000 VPN-ID = 0 Modulation-Type = v90Digital Simplified-MNP-Levels = ccittV42 Simplified-V42bis-Usage = ccittV42bis Connect-Speed = 48000_BPS Framed-Protocol = PPP Framed-IP-Address = 63.124.21.132 VTS-Session-Key = W228|171292442322022464;208219132 173 Call-Arrived-time = 177418488 Call-Lost-time = 177425969 Acct-Session-Time = 7464 Acct-Terminate-Cause = User-Request Disconnect-Reason = 8 Speed-Of-Connection = 48000 Acct-Input-Octets = 1050588 Acct-Output-Octets = 2531954 Acct-Input-Packets = 7333 Acct-Output-Packets = 7891 Timestamp = 997880369 Wed Aug 15 09:00:29 2001 User-Name = pijuan NAS-IP-Address = 208.249.78.12 NAS-Identifier = 208.249.78.12 Acct-Status-Type = Stop Acct-Session-Id = 35455064 Acct-Delay-Time = 60 Acct-Authentic = RADIUS Service-Type = Framed-User NAS-Port-Type = Async NAS-Port = 549 USR-Modem-Training-Time = 17 USR-Interface-Index = 1805 Chassis-Call-Slot = 3 Chassis-Call-Span = 2 Chassis-Call-Channel = 37 Unauthenticated-Time = 4 Calling-Station-Id = Called-Station-Id = 6419000 VPN-ID = 0 Modulation-Type = v90Digital Simplified-MNP-Levels = ccittV42 Simplified-V42bis-Usage = ccittV42bis Connect-Speed = 48000_BPS Framed-Protocol = PPP Framed-IP-Address = 63.124.21.132 VTS-Session-Key = W228|171292442322022464;208219132 173 Call-Arrived-time = 177418488 Call-Lost-time = 177425969 Acct-Session-Time = 7464 Acct-Terminate-Cause = User-Request Disconnect-Reason = 8 Speed-Of-Connection = 48000 Acct-Input-Octets = 1050588 Acct-Output-Octets = 2531954 Acct-Input-Packets = 7333 Acct-Output-Packets = 7891 Timestamp = 997880369 === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) preauthhook
Hello Carlos - On Tuesday 28 August 2001 00:33, Sola, Carlos Alberto wrote: How can i write a preauthhook to normalize the username to store in session database? I have more than 10 realms (or domains) for the same user and i want to limit maxsessions to 1, but i have in session database (for example) : username, nasidentifier pepe@domain1 mailto:pepe@domain1 , 1.1.1.1 pepe@domain2 mailto:pepe@domain2 , 1.1.1.2 You don't need a hook - you just need a RewriteUsername: # Strip the realm from all requests, because our # database only has user names (no realm) RewriteUsername s/^([^@]+).*/$1 You can also add a column for the rewritten usernames in the session database and supply your own queries to do whatever you need to do. hth Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) MD5
Hello Amit - On Tuesday 28 August 2001 00:37, Amit Anand wrote: Hello, I am having problems with the Digest:MD5. I cannot seem to compile it. The error I receive is: cc: language depend not recognized cc: MD5.c: linker input file unused because linking not done LD_RUN_PATH= cc -o blib/arch/auto/Digest/MD5/MD5.s0 -G MD5.0 cc: MD5.0: No such file or directory cc: No imput files ***Error code 1 TO let you know, I downloaded and installed gcc, and linked it to cc as I didnt have C compiler before. I would appreciate any help you could give me on this. Thank you very much!!! What hardware/software platform are you running? And what version of Perl? Normally you would build and install Perl modules with: perl Makefile.pl make make test make install You may be experiencing difficulties if Perl was compiled with a different C compiler than the one you are trying to use. This will not work - Perl must be built with the same C compiler as you use to build any other Perl module. You can see what version of Perl you have and what C compiler was used by running the following: perl -V hth Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Multiple Accounting Stop Records
Hello William - What you are seeing is NAS retransmissions because the NAS has not received an Accounting-Response in reply to an Accounting-Request (or possibly a NAS bug). The radius retransmission timeout on the NAS must be set to 60 seconds if that is what you are seeing in the log file. Note that it is pretty simple to recognise the retransmissions simply by the fact that the Acct-Delay-Time is not 0. In other words, the first transmission of an accounting packet will have an Acct-Delay-Time of 0, the second will have an Acct-Delay-Time of whatever the radius retry timeout is set on the NAS, the third will have an Acct-Delay-Time of twice the radius retry timeout, etc. etc. The way to find out what is happening is to check a trace 4 debug from Radiator to verify that the first accounting packet in the series is indeed being replied to, and then use your favourite packet sniffer along the transmission path back to the NAS to verify whether the reply is getting back to the NAS. In our experience the vast majority of problems like this are the direct result of saturated links somewhere in the transmission path that cause packets to be dropped. hth Hugh On Tuesday 28 August 2001 04:04, William Hernandez wrote: We're having a problem with multiple accounting stop records. The stop records have exactly a 1 minute difference between them, ..i.e, a stop record at 09:00:00 is followed by another stop record at 09:00:01. We starting seeing these multiple accounting stop records about a month ago. This coincides with some changes we made to our systems, namely, upgrading to RedHat 7.1, upgrading to Radiator 2.18.1, and switching to TotalControl (HiperArc) NASes. I need help determining why we're getting there multiple stop records. Everything was working fine with Radiator 2.16 and with the Ascend Maxes we were previously using. I found some messages in the archives about Acct-Delay-Time, but they're rather old and had to do with Radiator 2.14 and MAXes. The manual seems to indicate that the default value of Acct-Delay-Time is 0, but as you can see from the accounting log the second stop record has a value of 60 which is exactly the 1 minute difference between stop records that we're seeing. In this a Radiator problem or a Total Control problem or should I be looking elsewhere. Thanks in advance. William Hernández ESS/PR Webmasters San Juan, P.R. Tel: 787-723-5000 Fax: 787-722-6242 -From the dictionary file-- ATTRIBUTE Acct-Delay-Time 41 integer -From the Accounting detail file--- Wed Aug 15 08:59:29 2001 User-Name = pijuan NAS-IP-Address = 208.249.78.12 NAS-Identifier = 208.249.78.12 Acct-Status-Type = Stop Acct-Session-Id = 35455064 Acct-Delay-Time = 0 Acct-Authentic = RADIUS Service-Type = Framed-User NAS-Port-Type = Async NAS-Port = 549 USR-Modem-Training-Time = 17 USR-Interface-Index = 1805 Chassis-Call-Slot = 3 Chassis-Call-Span = 2 Chassis-Call-Channel = 37 Unauthenticated-Time = 4 Calling-Station-Id = Called-Station-Id = 6419000 VPN-ID = 0 Modulation-Type = v90Digital Simplified-MNP-Levels = ccittV42 Simplified-V42bis-Usage = ccittV42bis Connect-Speed = 48000_BPS Framed-Protocol = PPP Framed-IP-Address = 63.124.21.132 VTS-Session-Key = W228|171292442322022464;208219132 173 Call-Arrived-time = 177418488 Call-Lost-time = 177425969 Acct-Session-Time = 7464 Acct-Terminate-Cause = User-Request Disconnect-Reason = 8 Speed-Of-Connection = 48000 Acct-Input-Octets = 1050588 Acct-Output-Octets = 2531954 Acct-Input-Packets = 7333 Acct-Output-Packets = 7891 Timestamp = 997880369 Wed Aug 15 09:00:29 2001 User-Name = pijuan NAS-IP-Address = 208.249.78.12 NAS-Identifier = 208.249.78.12 Acct-Status-Type = Stop Acct-Session-Id = 35455064 Acct-Delay-Time = 60 Acct-Authentic = RADIUS Service-Type = Framed-User NAS-Port-Type = Async NAS-Port = 549 USR-Modem-Training-Time = 17 USR-Interface-Index = 1805 Chassis-Call-Slot = 3 Chassis-Call-Span = 2 Chassis-Call-Channel = 37 Unauthenticated-Time = 4 Calling-Station-Id = Called-Station-Id = 6419000 VPN-ID = 0 Modulation-Type = v90Digital Simplified-MNP-Levels = ccittV42 Simplified-V42bis-Usage = ccittV42bis Connect-Speed = 48000_BPS Framed-Protocol = PPP Framed-IP-Address = 63.124.21.132 VTS-Session-Key = W228|171292442322022464;208219132 173
Re: (RADIATOR) NAS-Identifier value
Hello Mariano -
On Monday 27 August 2001 23:04, Mariano Absatz wrote:
Hi,
for what I understand of the standard (RFC2865 section 5.32) the NAS-
Identifier attribute is an arbitrary string used to identify the NAS.
Yes, although it is usually a fully qualified domain name, and that is what
Radiator expects it to be.
However, when I put a simple string in a ClientListSQL it complains that
it can´t resolve an address for it.
I had something like this:
==
ClientListSQL
# Client (NAS) info is in the database
include %{GlobalVar:ConfigDir}/DBUseData.cfg
GetClientQuery SELECT \
NAS_IDENTIFIER, NAS_SECRET, \
NAS_IGNOREACCTSIGNATURE, NAS_DUPINTERVAL, \
NAS_DEFAULTREALM, NAS_TYPE, NAS_SNMPCOMMUNITY, \
NAS_LIVINGSTONOFFS, NAS_LIVINGSTONHOLE, \
NAS_FRAMEDGROUPBASEADDRESS, NAS_FRAMEDGROUPMAXPORTSPERCLAS, \
NAS_REWRITEUSERNAME, NAS_NOIGNOREDUPLICATES, \
NAS_PREHANDLERHOOK \
FROM NAS
/ClientListSQL
==
The message in the log is:
==
Sat Aug 25 12:07:40 2001: ERR: Could not resolve an address for Client CPM1
Sat Aug 25 12:07:41 2001: INFO: Server started: Radiator 2.18.2 on radius1
==
However, in the database, NAS_IDENTIFIER is a common name (in fact, it's
the table's id field) and I have a NAS_IP_ADDRESS field.
Re-reading the manual, I see there is no place to hold the
NAS-IP-Address... should I use NAS_IP_ADDRESS as the first field in the
query?
All the fields ar taken in order? that is, it works as if it had an
implied ClientColumnDef or something like that?
Yes, the fields are taken in order.
From section 6.6.2 in the Radiator 2.18.2 reference manual:
Your database table must include at least the first and second fields (i.e.
the NAS name or IP address and the shared secret). All the other fields are
optional, but if they occur, they must occur in the same order. When they
occur, they are used to initialize the Client parameter of the same name as
shown above. The FRAMEDGROUPBASEADDRESS column may contain multiple
comma-separated base addresses.
# Our custom client table only has NAS identifier,
# shared secret and default realm in it:
GetClientQuery select NAME,SECRET,NULL,NULL,DREALM
hth
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
No Subject
-- Forwarded Message -- Subject: BOUNCE [EMAIL PROTECTED]:Non-member submission from [David Nguyen [EMAIL PROTECTED]] Date: Sun, 26 Aug 2001 07:38:20 -0500 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] From [EMAIL PROTECTED] Sun Aug 26 07:38:19 2001 Received: from www.hrnet.fr (lvs1.hrnet.fr [212.94.223.11]) by server1.open.com.au (8.11.0/8.11.0) with ESMTP id f7QCcI323644 for [EMAIL PROTECTED]; Sun, 26 Aug 2001 07:38:18 -0500 Received: from hrnet.fr (www.hrnet.fr [127.0.0.1]) by www.hrnet.fr (8.11.0/8.11.0) with SMTP id f7QEKFH02514 for [EMAIL PROTECTED]; Sun, 26 Aug 2001 16:20:15 +0200 Received: from remote-d.hrnet.fr ([195.68.31.149]) (SquirrelMail authenticated user david) by www.hrnet.fr with HTTP; Sun, 26 Aug 2001 16:20:15 +0200 (CEST) Message-ID: [EMAIL PROTECTED] Date: Sun, 26 Aug 2001 16:20:15 +0200 (CEST) Subject: From: David Nguyen [EMAIL PROTECTED] To: [EMAIL PROTECTED] X-Mailer: SquirrelMail (version 1.2.0 [rc1]) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Hello, My Cisco won't send the Framed-IP-Address attribute when starting a session. I've seen you talk bout copying the attribute wiht a hook, but I can't find it and I can't figure out how to do that. Here's the log: Code: Accounting-Request Identifier: 23 Authentic: 164175192R16F#211167247137173131178y241 Attributes: NAS-IP-Address = 212.94.223.243 NAS-Port = 1 NAS-Port-Type = ISDN User-Name = david@hrnet2 Acct-Status-Type = Start Acct-Authentic = RADIUS Service-Type = Framed-User Acct-Session-Id = 0008 Framed-Protocol = PPP Acct-Delay-Time = 0 Everything seems fine but this Framed-IP-Address attribute which is missing. Radiator sends it at the 'stop', but while the session in open I can't see IP address that has been assigned to the user. The other thing that's wrong id the Nas-Port-Type which is not ISDN but Virtual, this is no big deal though. I upgraded the IOS on the Cisco (to see if that could add my Framed-IP-Address attribute that's missing), and that's when I started getting ISDN instead of Virtual. Thank you for any tip that might help!! -- David Nguyen HR Net --- === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) User-Password
Hi All, I have an authentication question. We want to use prepaid card. I want to authenticate the user by calling card ID, PIN number and balance. How can I do that with Mysql Database. Would anyone explain me? Thanks a lot. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
