FW: (RADIATOR) Re: Please help.
Sam,
For IP
address allocation in Radiator, use AuthBy DYNADDRESS and
AddressAllocator SQL.
Below
is an example of radius.cfg.
Regards,
Harrison
AddressAllocator SQL
Identifier
myallocator
DBSource
dbi:mysql:radius:xxx.xxx.xxx.xxx
DBUsernamexyz DBAuth
xyz
DefaultLeasePeriod
86000 LeaseReclaimInterval
300
FindQuery select
TIME_STAMP,YIADDR,SUBNETMASK,DNSSERVER from RADPOOLwhere POOL='%0' and
STATE=0 order by TIME_STAMP limit 1
AllocateQuery update RADPOOL
set
STATE=1,TIME_STAMP=%0,EXPIRY=%1,USERNAME='%2',CALLINGSTATIONID='%{Calling-Station-Id}'
\
where YIADDR='%3' and TIME_STAMP%4
AddressPool trial1
Subnetmask
255.255.255.0
Rangexxx.xxx.xxx.xxx
yyy.yyy.yyy.yyy
/AddressPool
AddressPool
trial2
Subnetmask
255.255.255.0
Rangexxx.xxx.xxx.xxx
yyy.yyy.yyy.yyy
/AddressPool
/AddressAllocator
SQL
Handler Client-Id = x.x.x.x
AuthBy
xxx
AuthBy
yyy
AuthBy
DYNADDRESS
Allocator
myallocator
PoolHint
%{Reply:PoolHint}
MapAttribute yiaddr,
Framed-IP-Address
MapAttribute subnetmask,
Framed-IP-Netmask
StripFromReply
PoolHint
StripFromReply
Framed-IP-Netmask
AddToReplyIfNotExist Service-Type =
Framed-User
AddToReplyIfNotExist Framed-Protocol = PPP
/AuthBy
DYNADDRESS
/Handler
-Original Message-From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Sam
CheungSent: Tuesday, December 18, 2001 3:06 PMTo:
[EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED];
[EMAIL PROTECTED]; [EMAIL PROTECTED]Subject: (RADIATOR) Re:
Please help.Dear Genius, I am trying to config. a radiator (2.19-demo) allocating IP address dynamicallyusing DB1 to get the authentication info. from DB1 (an mysql server stored usernameand password) and using DB2 (another mysql server) to log the dhcp client info.,DHCPpool and leased IP, etc. using the database which created by a script calledmysqlCreate.sql. Can you give me some suggestion what to put down in the config.cfg?Thanks so much for paying attention. Thanks a lot.Best Regards,Sam Cheung
* This Email is virus-scanned and identified clean.
Re: (RADIATOR) MySQL Simultaneous-Use
Sorry about the blank email. I had tried to cancel the email, as I had
thought I had figured out the problem, but had accidently sent it instead
of cancelling (cntrl-x being right next to cntrl-c).
Anyways, the problem is this: I use the standard realm stripping
RewriteUsername s/^([^@]+).*/$1/ in my Realm... clauses. However, the
full [EMAIL PROTECTED] is being injected into the session db. This isn't
good, because I have some NASes that send plain usernames with no realms,
which get routed with a DefaultRealm statement. These logins do not have
the realm attached when injected into the session db.
As a result, simultaneous use doesn't work properly, as
[EMAIL PROTECTED] != andy
Any ideas on how to fix this? My initial thought was a RewriteUsername
clause inside of the SessionDatabase SQL statement. That, of course,
isn't kosher.
Thanks!
Andy
Here's some trace 4:
First, when the realm is specified:
Tue Dec 18 05:24:21 2001: DEBUG: Handling request with Handler
'Realm=xecu.net'
Tue Dec 18 05:24:21 2001: DEBUG: Rewrote user name to xandy
Tue Dec 18 05:24:21 2001: DEBUG: xecu.net Deleting session for
[EMAIL PROTECTED], 203.63.154.1, 1234
Tue Dec 18 05:24:21 2001: DEBUG: do query is: delete from RADONLINE where
NASIDENTIFIER='203.63.154.1' and NASPORT=01234
Tue Dec 18 05:24:21 2001: DEBUG: Handling with Radius::AuthGROUP
Tue Dec 18 05:24:21 2001: DEBUG: Handling with Radius::AuthSQL
Tue Dec 18 05:24:21 2001: DEBUG: Handling with Radius::AuthSQL:
Tue Dec 18 05:24:21 2001: DEBUG: Query is: select ENCRYPTEDPASSWORD,
CHECKATTR, REPLYATTR from SUBSCRIBERS where USERNAME='xandy'
Tue Dec 18 05:24:21 2001: DEBUG: Radius::AuthSQL looks for match with
xandy
Tue Dec 18 05:24:21 2001: DEBUG: Query is: select NASIDENTIFIER, NASPORT,
ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where USERNAME='[EMAIL PROTECTED]'
Tue Dec 18 05:24:21 2001: DEBUG: Radius::AuthSQL ACCEPT:
Tue Dec 18 05:24:21 2001: DEBUG: Access accepted for xandy
Tue Dec 18 05:24:21 2001: DEBUG: Handling request with Handler
'Realm=xecu.net'
Tue Dec 18 05:24:21 2001: DEBUG: Rewrote user name to xandy
Tue Dec 18 05:24:21 2001: DEBUG: xecu.net Adding session for
[EMAIL PROTECTED], 203.63.154.1, 1234
Tue Dec 18 05:24:21 2001: DEBUG: do query is: delete from RADONLINE where
NASIDENTIFIER='203.63.154.1' and NASPORT=01234
Tue Dec 18 05:24:21 2001: DEBUG: do query is: insert into RADONLINE
(USERNAME, NASIDENTIFIER, NASPORT, ACCTSESS
IONID, TIME_STAMP, FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE) values
('[EMAIL PROTECTED]', '203.63.154.1', 01234, '1234', 1008653061, '', 'Async',
'Framed-User')
Tue Dec 18 05:24:21 2001: DEBUG: Handling with Radius::AuthGROUP
Tue Dec 18 05:24:21 2001: DEBUG: Handling with Radius::AuthSQL
Tue Dec 18 05:24:21 2001: DEBUG: Handling accounting with Radius::AuthSQL
Tue Dec 18 05:24:21 2001: DEBUG: Accounting accepted
And now when the realm is not specified:
Tue Dec 18 16:29:20 2001: DEBUG: Handling request with Handler
'Realm=xecu.net'
Tue Dec 18 16:29:20 2001: DEBUG: Rewrote user name to xandy
Tue Dec 18 16:29:20 2001: DEBUG: xecu.net Deleting session for xandy,
203.63.154.1, 1234
Tue Dec 18 16:29:20 2001: DEBUG: do query is: delete from RADONLINE where
NASIDENTIFIER='203.63.154.1' and NASPORT=01234
Tue Dec 18 16:29:20 2001: DEBUG: Handling with Radius::AuthGROUP
Tue Dec 18 16:29:20 2001: DEBUG: Handling with Radius::AuthSQL
Tue Dec 18 16:29:20 2001: DEBUG: Handling with Radius::AuthSQL:
Tue Dec 18 16:29:20 2001: DEBUG: Query is: select ENCRYPTEDPASSWORD,
CHECKATTR, REPLYATTR from SUBSCRIBERS where USERNAME='xandy'
Tue Dec 18 16:29:20 2001: DEBUG: Radius::AuthSQL looks for match with
xandy
Tue Dec 18 16:29:20 2001: DEBUG: Query is: select NASIDENTIFIER, NASPORT,
ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where USERNAME='xandy'
Tue Dec 18 16:29:20 2001: DEBUG: Radius::AuthSQL ACCEPT:
Tue Dec 18 16:29:20 2001: DEBUG: Access accepted for xandy
Tue Dec 18 16:29:20 2001: DEBUG: Handling request with Handler
'Realm=xecu.net'
Tue Dec 18 16:29:20 2001: DEBUG: Rewrote user name to xandy
Tue Dec 18 16:29:20 2001: DEBUG: xecu.net Adding session for xandy,
203.63.154.1, 1234
Tue Dec 18 16:29:20 2001: DEBUG: do query is: delete from RADONLINE where
NASIDENTIFIER='203.63.154.1' and NASPORT=01234
Tue Dec 18 16:29:20 2001: DEBUG: do query is: insert into RADONLINE
(USERNAME, NASIDENTIFIER, NASPORT, ACCTSESS
IONID, TIME_STAMP, FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE) values
('xandy', '203.63.154.1', 01234, '1234', 1008692960, '', 'Async', 'Framed-User')
Tue Dec 18 16:29:20 2001: DEBUG: Handling with Radius::AuthGROUP
Tue Dec 18 16:29:20 2001: DEBUG: Handling with Radius::AuthSQL
Tue Dec 18 16:29:20 2001: DEBUG: Handling accounting with Radius::AuthSQL
Tue Dec 18 16:29:20 2001: DEBUG: Accounting accepted
Andy Dills 301-682-9972
Xecunet, LLCwww.xecu.net
(RADIATOR) Possible Gotcha in Radiator RADONLINE
Hi All, I thought I would share something that had me very confused for a couple of hours this morning. It is not really a bug, rather my poor implementation of reporting the contents of Radonlne. But it may help some others on the list. This relates to NAS's that send interim 'Alive' packets in addition to start and stop packets. (For people in Australia - Comindico do this) It appears that whichever module manages the Radonline table takes this packet and adds or replaces the current radonline details with these updated details including specifically the timestamp field. I have an inhouse web page we use to report active users using the radonline database. This page calculates the time a user has been online as the time difference between 'now' and the value in the radonline record 'timestamp'. This works fine for NAS's that don't send alive packets, but it reports incorrect information for those that do - it reports the time since the last alive packet instead of the time since login. After reading the doco the solution I found is to change the default RADONLINE table and create a custom AddQuery to also insert acctsessiontime values into radonline. I then had to adjust my web page to calculate and report based on both the timestamp and the interim acctsessiontime. I hope this helps others. It had me convinced that a NAS 'upgrade' was causing users to drop off after 15 minutes (ie the time between 'alive' packets) Regards, Brian Morris === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) MySQL Simultaneous-Use
Hello Andy -
I usually suggest to people that they add a column to the session database
table to store the rewritten username too and then specify the corresponding
queries to do the right thing (tm).
The reason the session database uses the original username is because that is
what must be queried on the NAS if you are doing strict limit checking.
regards
Hugh
On Wed, 19 Dec 2001 03:55, Andy Dills wrote:
Sorry about the blank email. I had tried to cancel the email, as I had
thought I had figured out the problem, but had accidently sent it instead
of cancelling (cntrl-x being right next to cntrl-c).
Anyways, the problem is this: I use the standard realm stripping
RewriteUsername s/^([^@]+).*/$1/ in my Realm... clauses. However, the
full [EMAIL PROTECTED] is being injected into the session db. This isn't
good, because I have some NASes that send plain usernames with no realms,
which get routed with a DefaultRealm statement. These logins do not have
the realm attached when injected into the session db.
As a result, simultaneous use doesn't work properly, as
[EMAIL PROTECTED] != andy
Any ideas on how to fix this? My initial thought was a RewriteUsername
clause inside of the SessionDatabase SQL statement. That, of course,
isn't kosher.
Thanks!
Andy
Here's some trace 4:
First, when the realm is specified:
Tue Dec 18 05:24:21 2001: DEBUG: Handling request with Handler
'Realm=xecu.net'
Tue Dec 18 05:24:21 2001: DEBUG: Rewrote user name to xandy
Tue Dec 18 05:24:21 2001: DEBUG: xecu.net Deleting session for
[EMAIL PROTECTED], 203.63.154.1, 1234
Tue Dec 18 05:24:21 2001: DEBUG: do query is: delete from RADONLINE where
NASIDENTIFIER='203.63.154.1' and NASPORT=01234
Tue Dec 18 05:24:21 2001: DEBUG: Handling with Radius::AuthGROUP
Tue Dec 18 05:24:21 2001: DEBUG: Handling with Radius::AuthSQL
Tue Dec 18 05:24:21 2001: DEBUG: Handling with Radius::AuthSQL:
Tue Dec 18 05:24:21 2001: DEBUG: Query is: select ENCRYPTEDPASSWORD,
CHECKATTR, REPLYATTR from SUBSCRIBERS where USERNAME='xandy'
Tue Dec 18 05:24:21 2001: DEBUG: Radius::AuthSQL looks for match with
xandy
Tue Dec 18 05:24:21 2001: DEBUG: Query is: select NASIDENTIFIER, NASPORT,
ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where
USERNAME='[EMAIL PROTECTED]'
Tue Dec 18 05:24:21 2001: DEBUG: Radius::AuthSQL ACCEPT:
Tue Dec 18 05:24:21 2001: DEBUG: Access accepted for xandy
Tue Dec 18 05:24:21 2001: DEBUG: Handling request with Handler
'Realm=xecu.net'
Tue Dec 18 05:24:21 2001: DEBUG: Rewrote user name to xandy
Tue Dec 18 05:24:21 2001: DEBUG: xecu.net Adding session for
[EMAIL PROTECTED], 203.63.154.1, 1234
Tue Dec 18 05:24:21 2001: DEBUG: do query is: delete from RADONLINE where
NASIDENTIFIER='203.63.154.1' and NASPORT=01234
Tue Dec 18 05:24:21 2001: DEBUG: do query is: insert into RADONLINE
(USERNAME, NASIDENTIFIER, NASPORT, ACCTSESS
IONID, TIME_STAMP, FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE) values
('[EMAIL PROTECTED]', '203.63.154.1', 01234, '1234', 1008653061, '',
'Async', 'Framed-User')
Tue Dec 18 05:24:21 2001: DEBUG: Handling with Radius::AuthGROUP
Tue Dec 18 05:24:21 2001: DEBUG: Handling with Radius::AuthSQL
Tue Dec 18 05:24:21 2001: DEBUG: Handling accounting with Radius::AuthSQL
Tue Dec 18 05:24:21 2001: DEBUG: Accounting accepted
And now when the realm is not specified:
Tue Dec 18 16:29:20 2001: DEBUG: Handling request with Handler
'Realm=xecu.net'
Tue Dec 18 16:29:20 2001: DEBUG: Rewrote user name to xandy
Tue Dec 18 16:29:20 2001: DEBUG: xecu.net Deleting session for xandy,
203.63.154.1, 1234
Tue Dec 18 16:29:20 2001: DEBUG: do query is: delete from RADONLINE where
NASIDENTIFIER='203.63.154.1' and NASPORT=01234
Tue Dec 18 16:29:20 2001: DEBUG: Handling with Radius::AuthGROUP
Tue Dec 18 16:29:20 2001: DEBUG: Handling with Radius::AuthSQL
Tue Dec 18 16:29:20 2001: DEBUG: Handling with Radius::AuthSQL:
Tue Dec 18 16:29:20 2001: DEBUG: Query is: select ENCRYPTEDPASSWORD,
CHECKATTR, REPLYATTR from SUBSCRIBERS where USERNAME='xandy'
Tue Dec 18 16:29:20 2001: DEBUG: Radius::AuthSQL looks for match with
xandy
Tue Dec 18 16:29:20 2001: DEBUG: Query is: select NASIDENTIFIER, NASPORT,
ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where USERNAME='xandy'
Tue Dec 18 16:29:20 2001: DEBUG: Radius::AuthSQL ACCEPT:
Tue Dec 18 16:29:20 2001: DEBUG: Access accepted for xandy
Tue Dec 18 16:29:20 2001: DEBUG: Handling request with Handler
'Realm=xecu.net'
Tue Dec 18 16:29:20 2001: DEBUG: Rewrote user name to xandy
Tue Dec 18 16:29:20 2001: DEBUG: xecu.net Adding session for xandy,
203.63.154.1, 1234
Tue Dec 18 16:29:20 2001: DEBUG: do query is: delete from RADONLINE where
NASIDENTIFIER='203.63.154.1' and NASPORT=01234
Tue Dec 18 16:29:20 2001: DEBUG: do query is: insert into RADONLINE
(USERNAME, NASIDENTIFIER, NASPORT, ACCTSESS
IONID, TIME_STAMP, FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE) values
('xandy', '203.63.154.1', 01234, '1234', 1008692960,
Re: (RADIATOR) MySQL Simultaneous-Use
Andy -
If you look at the manual section 6.7.3 you will see the reference to
'AddQuery'. This is the query that SessionDatabaseSQL uses to add
a user to the sessions table.
You can see that the default add query inserts the username as '%u'
which is the special variable that contains the original username sent
by the nas BEFORE any rewrites.
You don't need to rewrite the username, you just need to customize the
AddQuery to insert the username that you would like.
From the manual:
%n - The User-Name (i.e. the full user name, including the realm)
currently being authenticated, after any RewriteUsername was applied.
%U - The User-Name currently being authenticated with the realm (if any)
stripped off, after any RewriteUsername was applied.
%u -The full original User-Name that was received, before any
RewriteUsername were applied.
- Sam
Andy Dills wrote:
Sorry about the blank email. I had tried to cancel the email, as I had
thought I had figured out the problem, but had accidently sent it instead
of cancelling (cntrl-x being right next to cntrl-c).
Anyways, the problem is this: I use the standard realm stripping
RewriteUsername s/^([^@]+).*/$1/ in my Realm... clauses. However, the
full [EMAIL PROTECTED] is being injected into the session db. This isn't
good, because I have some NASes that send plain usernames with no realms,
which get routed with a DefaultRealm statement. These logins do not have
the realm attached when injected into the session db.
As a result, simultaneous use doesn't work properly, as
[EMAIL PROTECTED] != andy
Any ideas on how to fix this? My initial thought was a RewriteUsername
clause inside of the SessionDatabase SQL statement. That, of course,
isn't kosher.
Thanks!
Andy
Here's some trace 4:
First, when the realm is specified:
Tue Dec 18 05:24:21 2001: DEBUG: Handling request with Handler
'Realm=xecu.net'
Tue Dec 18 05:24:21 2001: DEBUG: Rewrote user name to xandy
Tue Dec 18 05:24:21 2001: DEBUG: xecu.net Deleting session for
[EMAIL PROTECTED], 203.63.154.1, 1234
Tue Dec 18 05:24:21 2001: DEBUG: do query is: delete from RADONLINE where
NASIDENTIFIER='203.63.154.1' and NASPORT=01234
Tue Dec 18 05:24:21 2001: DEBUG: Handling with Radius::AuthGROUP
Tue Dec 18 05:24:21 2001: DEBUG: Handling with Radius::AuthSQL
Tue Dec 18 05:24:21 2001: DEBUG: Handling with Radius::AuthSQL:
Tue Dec 18 05:24:21 2001: DEBUG: Query is: select ENCRYPTEDPASSWORD,
CHECKATTR, REPLYATTR from SUBSCRIBERS where USERNAME='xandy'
Tue Dec 18 05:24:21 2001: DEBUG: Radius::AuthSQL looks for match with
xandy
Tue Dec 18 05:24:21 2001: DEBUG: Query is: select NASIDENTIFIER, NASPORT,
ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where USERNAME='[EMAIL PROTECTED]'
Tue Dec 18 05:24:21 2001: DEBUG: Radius::AuthSQL ACCEPT:
Tue Dec 18 05:24:21 2001: DEBUG: Access accepted for xandy
Tue Dec 18 05:24:21 2001: DEBUG: Handling request with Handler
'Realm=xecu.net'
Tue Dec 18 05:24:21 2001: DEBUG: Rewrote user name to xandy
Tue Dec 18 05:24:21 2001: DEBUG: xecu.net Adding session for
[EMAIL PROTECTED], 203.63.154.1, 1234
Tue Dec 18 05:24:21 2001: DEBUG: do query is: delete from RADONLINE where
NASIDENTIFIER='203.63.154.1' and NASPORT=01234
Tue Dec 18 05:24:21 2001: DEBUG: do query is: insert into RADONLINE
(USERNAME, NASIDENTIFIER, NASPORT, ACCTSESS
IONID, TIME_STAMP, FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE) values
('[EMAIL PROTECTED]', '203.63.154.1', 01234, '1234', 1008653061, '', 'Async',
'Framed-User')
Tue Dec 18 05:24:21 2001: DEBUG: Handling with Radius::AuthGROUP
Tue Dec 18 05:24:21 2001: DEBUG: Handling with Radius::AuthSQL
Tue Dec 18 05:24:21 2001: DEBUG: Handling accounting with Radius::AuthSQL
Tue Dec 18 05:24:21 2001: DEBUG: Accounting accepted
And now when the realm is not specified:
Tue Dec 18 16:29:20 2001: DEBUG: Handling request with Handler
'Realm=xecu.net'
Tue Dec 18 16:29:20 2001: DEBUG: Rewrote user name to xandy
Tue Dec 18 16:29:20 2001: DEBUG: xecu.net Deleting session for xandy,
203.63.154.1, 1234
Tue Dec 18 16:29:20 2001: DEBUG: do query is: delete from RADONLINE where
NASIDENTIFIER='203.63.154.1' and NASPORT=01234
Tue Dec 18 16:29:20 2001: DEBUG: Handling with Radius::AuthGROUP
Tue Dec 18 16:29:20 2001: DEBUG: Handling with Radius::AuthSQL
Tue Dec 18 16:29:20 2001: DEBUG: Handling with Radius::AuthSQL:
Tue Dec 18 16:29:20 2001: DEBUG: Query is: select ENCRYPTEDPASSWORD,
CHECKATTR, REPLYATTR from SUBSCRIBERS where USERNAME='xandy'
Tue Dec 18 16:29:20 2001: DEBUG: Radius::AuthSQL looks for match with
xandy
Tue Dec 18 16:29:20 2001: DEBUG: Query is: select NASIDENTIFIER, NASPORT,
ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where USERNAME='xandy'
Tue Dec 18 16:29:20 2001: DEBUG: Radius::AuthSQL ACCEPT:
Tue Dec 18 16:29:20 2001: DEBUG: Access accepted for xandy
Tue Dec 18 16:29:20 2001: DEBUG: Handling request with Handler
'Realm=xecu.net'
Tue Dec 18 16:29:20 2001:
