FW: (RADIATOR) Re: Please help.
Sam, For IP address allocation in Radiator, use AuthBy DYNADDRESS and AddressAllocator SQL. Below is an example of radius.cfg. Regards, Harrison AddressAllocator SQL Identifier myallocator DBSource dbi:mysql:radius:xxx.xxx.xxx.xxx DBUsernamexyz DBAuth xyz DefaultLeasePeriod 86000 LeaseReclaimInterval 300 FindQuery select TIME_STAMP,YIADDR,SUBNETMASK,DNSSERVER from RADPOOLwhere POOL='%0' and STATE=0 order by TIME_STAMP limit 1 AllocateQuery update RADPOOL set STATE=1,TIME_STAMP=%0,EXPIRY=%1,USERNAME='%2',CALLINGSTATIONID='%{Calling-Station-Id}' \ where YIADDR='%3' and TIME_STAMP%4 AddressPool trial1 Subnetmask 255.255.255.0 Rangexxx.xxx.xxx.xxx yyy.yyy.yyy.yyy /AddressPool AddressPool trial2 Subnetmask 255.255.255.0 Rangexxx.xxx.xxx.xxx yyy.yyy.yyy.yyy /AddressPool /AddressAllocator SQL Handler Client-Id = x.x.x.x AuthBy xxx AuthBy yyy AuthBy DYNADDRESS Allocator myallocator PoolHint %{Reply:PoolHint} MapAttribute yiaddr, Framed-IP-Address MapAttribute subnetmask, Framed-IP-Netmask StripFromReply PoolHint StripFromReply Framed-IP-Netmask AddToReplyIfNotExist Service-Type = Framed-User AddToReplyIfNotExist Framed-Protocol = PPP /AuthBy DYNADDRESS /Handler -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Sam CheungSent: Tuesday, December 18, 2001 3:06 PMTo: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]Subject: (RADIATOR) Re: Please help.Dear Genius, I am trying to config. a radiator (2.19-demo) allocating IP address dynamicallyusing DB1 to get the authentication info. from DB1 (an mysql server stored usernameand password) and using DB2 (another mysql server) to log the dhcp client info.,DHCPpool and leased IP, etc. using the database which created by a script calledmysqlCreate.sql. Can you give me some suggestion what to put down in the config.cfg?Thanks so much for paying attention. Thanks a lot.Best Regards,Sam Cheung * This Email is virus-scanned and identified clean.
Re: (RADIATOR) MySQL Simultaneous-Use
Sorry about the blank email. I had tried to cancel the email, as I had thought I had figured out the problem, but had accidently sent it instead of cancelling (cntrl-x being right next to cntrl-c). Anyways, the problem is this: I use the standard realm stripping RewriteUsername s/^([^@]+).*/$1/ in my Realm... clauses. However, the full [EMAIL PROTECTED] is being injected into the session db. This isn't good, because I have some NASes that send plain usernames with no realms, which get routed with a DefaultRealm statement. These logins do not have the realm attached when injected into the session db. As a result, simultaneous use doesn't work properly, as [EMAIL PROTECTED] != andy Any ideas on how to fix this? My initial thought was a RewriteUsername clause inside of the SessionDatabase SQL statement. That, of course, isn't kosher. Thanks! Andy Here's some trace 4: First, when the realm is specified: Tue Dec 18 05:24:21 2001: DEBUG: Handling request with Handler 'Realm=xecu.net' Tue Dec 18 05:24:21 2001: DEBUG: Rewrote user name to xandy Tue Dec 18 05:24:21 2001: DEBUG: xecu.net Deleting session for [EMAIL PROTECTED], 203.63.154.1, 1234 Tue Dec 18 05:24:21 2001: DEBUG: do query is: delete from RADONLINE where NASIDENTIFIER='203.63.154.1' and NASPORT=01234 Tue Dec 18 05:24:21 2001: DEBUG: Handling with Radius::AuthGROUP Tue Dec 18 05:24:21 2001: DEBUG: Handling with Radius::AuthSQL Tue Dec 18 05:24:21 2001: DEBUG: Handling with Radius::AuthSQL: Tue Dec 18 05:24:21 2001: DEBUG: Query is: select ENCRYPTEDPASSWORD, CHECKATTR, REPLYATTR from SUBSCRIBERS where USERNAME='xandy' Tue Dec 18 05:24:21 2001: DEBUG: Radius::AuthSQL looks for match with xandy Tue Dec 18 05:24:21 2001: DEBUG: Query is: select NASIDENTIFIER, NASPORT, ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where USERNAME='[EMAIL PROTECTED]' Tue Dec 18 05:24:21 2001: DEBUG: Radius::AuthSQL ACCEPT: Tue Dec 18 05:24:21 2001: DEBUG: Access accepted for xandy Tue Dec 18 05:24:21 2001: DEBUG: Handling request with Handler 'Realm=xecu.net' Tue Dec 18 05:24:21 2001: DEBUG: Rewrote user name to xandy Tue Dec 18 05:24:21 2001: DEBUG: xecu.net Adding session for [EMAIL PROTECTED], 203.63.154.1, 1234 Tue Dec 18 05:24:21 2001: DEBUG: do query is: delete from RADONLINE where NASIDENTIFIER='203.63.154.1' and NASPORT=01234 Tue Dec 18 05:24:21 2001: DEBUG: do query is: insert into RADONLINE (USERNAME, NASIDENTIFIER, NASPORT, ACCTSESS IONID, TIME_STAMP, FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE) values ('[EMAIL PROTECTED]', '203.63.154.1', 01234, '1234', 1008653061, '', 'Async', 'Framed-User') Tue Dec 18 05:24:21 2001: DEBUG: Handling with Radius::AuthGROUP Tue Dec 18 05:24:21 2001: DEBUG: Handling with Radius::AuthSQL Tue Dec 18 05:24:21 2001: DEBUG: Handling accounting with Radius::AuthSQL Tue Dec 18 05:24:21 2001: DEBUG: Accounting accepted And now when the realm is not specified: Tue Dec 18 16:29:20 2001: DEBUG: Handling request with Handler 'Realm=xecu.net' Tue Dec 18 16:29:20 2001: DEBUG: Rewrote user name to xandy Tue Dec 18 16:29:20 2001: DEBUG: xecu.net Deleting session for xandy, 203.63.154.1, 1234 Tue Dec 18 16:29:20 2001: DEBUG: do query is: delete from RADONLINE where NASIDENTIFIER='203.63.154.1' and NASPORT=01234 Tue Dec 18 16:29:20 2001: DEBUG: Handling with Radius::AuthGROUP Tue Dec 18 16:29:20 2001: DEBUG: Handling with Radius::AuthSQL Tue Dec 18 16:29:20 2001: DEBUG: Handling with Radius::AuthSQL: Tue Dec 18 16:29:20 2001: DEBUG: Query is: select ENCRYPTEDPASSWORD, CHECKATTR, REPLYATTR from SUBSCRIBERS where USERNAME='xandy' Tue Dec 18 16:29:20 2001: DEBUG: Radius::AuthSQL looks for match with xandy Tue Dec 18 16:29:20 2001: DEBUG: Query is: select NASIDENTIFIER, NASPORT, ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where USERNAME='xandy' Tue Dec 18 16:29:20 2001: DEBUG: Radius::AuthSQL ACCEPT: Tue Dec 18 16:29:20 2001: DEBUG: Access accepted for xandy Tue Dec 18 16:29:20 2001: DEBUG: Handling request with Handler 'Realm=xecu.net' Tue Dec 18 16:29:20 2001: DEBUG: Rewrote user name to xandy Tue Dec 18 16:29:20 2001: DEBUG: xecu.net Adding session for xandy, 203.63.154.1, 1234 Tue Dec 18 16:29:20 2001: DEBUG: do query is: delete from RADONLINE where NASIDENTIFIER='203.63.154.1' and NASPORT=01234 Tue Dec 18 16:29:20 2001: DEBUG: do query is: insert into RADONLINE (USERNAME, NASIDENTIFIER, NASPORT, ACCTSESS IONID, TIME_STAMP, FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE) values ('xandy', '203.63.154.1', 01234, '1234', 1008692960, '', 'Async', 'Framed-User') Tue Dec 18 16:29:20 2001: DEBUG: Handling with Radius::AuthGROUP Tue Dec 18 16:29:20 2001: DEBUG: Handling with Radius::AuthSQL Tue Dec 18 16:29:20 2001: DEBUG: Handling accounting with Radius::AuthSQL Tue Dec 18 16:29:20 2001: DEBUG: Accounting accepted Andy Dills 301-682-9972 Xecunet, LLCwww.xecu.net
(RADIATOR) Possible Gotcha in Radiator RADONLINE
Hi All, I thought I would share something that had me very confused for a couple of hours this morning. It is not really a bug, rather my poor implementation of reporting the contents of Radonlne. But it may help some others on the list. This relates to NAS's that send interim 'Alive' packets in addition to start and stop packets. (For people in Australia - Comindico do this) It appears that whichever module manages the Radonline table takes this packet and adds or replaces the current radonline details with these updated details including specifically the timestamp field. I have an inhouse web page we use to report active users using the radonline database. This page calculates the time a user has been online as the time difference between 'now' and the value in the radonline record 'timestamp'. This works fine for NAS's that don't send alive packets, but it reports incorrect information for those that do - it reports the time since the last alive packet instead of the time since login. After reading the doco the solution I found is to change the default RADONLINE table and create a custom AddQuery to also insert acctsessiontime values into radonline. I then had to adjust my web page to calculate and report based on both the timestamp and the interim acctsessiontime. I hope this helps others. It had me convinced that a NAS 'upgrade' was causing users to drop off after 15 minutes (ie the time between 'alive' packets) Regards, Brian Morris === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) MySQL Simultaneous-Use
Hello Andy - I usually suggest to people that they add a column to the session database table to store the rewritten username too and then specify the corresponding queries to do the right thing (tm). The reason the session database uses the original username is because that is what must be queried on the NAS if you are doing strict limit checking. regards Hugh On Wed, 19 Dec 2001 03:55, Andy Dills wrote: Sorry about the blank email. I had tried to cancel the email, as I had thought I had figured out the problem, but had accidently sent it instead of cancelling (cntrl-x being right next to cntrl-c). Anyways, the problem is this: I use the standard realm stripping RewriteUsername s/^([^@]+).*/$1/ in my Realm... clauses. However, the full [EMAIL PROTECTED] is being injected into the session db. This isn't good, because I have some NASes that send plain usernames with no realms, which get routed with a DefaultRealm statement. These logins do not have the realm attached when injected into the session db. As a result, simultaneous use doesn't work properly, as [EMAIL PROTECTED] != andy Any ideas on how to fix this? My initial thought was a RewriteUsername clause inside of the SessionDatabase SQL statement. That, of course, isn't kosher. Thanks! Andy Here's some trace 4: First, when the realm is specified: Tue Dec 18 05:24:21 2001: DEBUG: Handling request with Handler 'Realm=xecu.net' Tue Dec 18 05:24:21 2001: DEBUG: Rewrote user name to xandy Tue Dec 18 05:24:21 2001: DEBUG: xecu.net Deleting session for [EMAIL PROTECTED], 203.63.154.1, 1234 Tue Dec 18 05:24:21 2001: DEBUG: do query is: delete from RADONLINE where NASIDENTIFIER='203.63.154.1' and NASPORT=01234 Tue Dec 18 05:24:21 2001: DEBUG: Handling with Radius::AuthGROUP Tue Dec 18 05:24:21 2001: DEBUG: Handling with Radius::AuthSQL Tue Dec 18 05:24:21 2001: DEBUG: Handling with Radius::AuthSQL: Tue Dec 18 05:24:21 2001: DEBUG: Query is: select ENCRYPTEDPASSWORD, CHECKATTR, REPLYATTR from SUBSCRIBERS where USERNAME='xandy' Tue Dec 18 05:24:21 2001: DEBUG: Radius::AuthSQL looks for match with xandy Tue Dec 18 05:24:21 2001: DEBUG: Query is: select NASIDENTIFIER, NASPORT, ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where USERNAME='[EMAIL PROTECTED]' Tue Dec 18 05:24:21 2001: DEBUG: Radius::AuthSQL ACCEPT: Tue Dec 18 05:24:21 2001: DEBUG: Access accepted for xandy Tue Dec 18 05:24:21 2001: DEBUG: Handling request with Handler 'Realm=xecu.net' Tue Dec 18 05:24:21 2001: DEBUG: Rewrote user name to xandy Tue Dec 18 05:24:21 2001: DEBUG: xecu.net Adding session for [EMAIL PROTECTED], 203.63.154.1, 1234 Tue Dec 18 05:24:21 2001: DEBUG: do query is: delete from RADONLINE where NASIDENTIFIER='203.63.154.1' and NASPORT=01234 Tue Dec 18 05:24:21 2001: DEBUG: do query is: insert into RADONLINE (USERNAME, NASIDENTIFIER, NASPORT, ACCTSESS IONID, TIME_STAMP, FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE) values ('[EMAIL PROTECTED]', '203.63.154.1', 01234, '1234', 1008653061, '', 'Async', 'Framed-User') Tue Dec 18 05:24:21 2001: DEBUG: Handling with Radius::AuthGROUP Tue Dec 18 05:24:21 2001: DEBUG: Handling with Radius::AuthSQL Tue Dec 18 05:24:21 2001: DEBUG: Handling accounting with Radius::AuthSQL Tue Dec 18 05:24:21 2001: DEBUG: Accounting accepted And now when the realm is not specified: Tue Dec 18 16:29:20 2001: DEBUG: Handling request with Handler 'Realm=xecu.net' Tue Dec 18 16:29:20 2001: DEBUG: Rewrote user name to xandy Tue Dec 18 16:29:20 2001: DEBUG: xecu.net Deleting session for xandy, 203.63.154.1, 1234 Tue Dec 18 16:29:20 2001: DEBUG: do query is: delete from RADONLINE where NASIDENTIFIER='203.63.154.1' and NASPORT=01234 Tue Dec 18 16:29:20 2001: DEBUG: Handling with Radius::AuthGROUP Tue Dec 18 16:29:20 2001: DEBUG: Handling with Radius::AuthSQL Tue Dec 18 16:29:20 2001: DEBUG: Handling with Radius::AuthSQL: Tue Dec 18 16:29:20 2001: DEBUG: Query is: select ENCRYPTEDPASSWORD, CHECKATTR, REPLYATTR from SUBSCRIBERS where USERNAME='xandy' Tue Dec 18 16:29:20 2001: DEBUG: Radius::AuthSQL looks for match with xandy Tue Dec 18 16:29:20 2001: DEBUG: Query is: select NASIDENTIFIER, NASPORT, ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where USERNAME='xandy' Tue Dec 18 16:29:20 2001: DEBUG: Radius::AuthSQL ACCEPT: Tue Dec 18 16:29:20 2001: DEBUG: Access accepted for xandy Tue Dec 18 16:29:20 2001: DEBUG: Handling request with Handler 'Realm=xecu.net' Tue Dec 18 16:29:20 2001: DEBUG: Rewrote user name to xandy Tue Dec 18 16:29:20 2001: DEBUG: xecu.net Adding session for xandy, 203.63.154.1, 1234 Tue Dec 18 16:29:20 2001: DEBUG: do query is: delete from RADONLINE where NASIDENTIFIER='203.63.154.1' and NASPORT=01234 Tue Dec 18 16:29:20 2001: DEBUG: do query is: insert into RADONLINE (USERNAME, NASIDENTIFIER, NASPORT, ACCTSESS IONID, TIME_STAMP, FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE) values ('xandy', '203.63.154.1', 01234, '1234', 1008692960,
Re: (RADIATOR) MySQL Simultaneous-Use
Andy - If you look at the manual section 6.7.3 you will see the reference to 'AddQuery'. This is the query that SessionDatabaseSQL uses to add a user to the sessions table. You can see that the default add query inserts the username as '%u' which is the special variable that contains the original username sent by the nas BEFORE any rewrites. You don't need to rewrite the username, you just need to customize the AddQuery to insert the username that you would like. From the manual: %n - The User-Name (i.e. the full user name, including the realm) currently being authenticated, after any RewriteUsername was applied. %U - The User-Name currently being authenticated with the realm (if any) stripped off, after any RewriteUsername was applied. %u -The full original User-Name that was received, before any RewriteUsername were applied. - Sam Andy Dills wrote: Sorry about the blank email. I had tried to cancel the email, as I had thought I had figured out the problem, but had accidently sent it instead of cancelling (cntrl-x being right next to cntrl-c). Anyways, the problem is this: I use the standard realm stripping RewriteUsername s/^([^@]+).*/$1/ in my Realm... clauses. However, the full [EMAIL PROTECTED] is being injected into the session db. This isn't good, because I have some NASes that send plain usernames with no realms, which get routed with a DefaultRealm statement. These logins do not have the realm attached when injected into the session db. As a result, simultaneous use doesn't work properly, as [EMAIL PROTECTED] != andy Any ideas on how to fix this? My initial thought was a RewriteUsername clause inside of the SessionDatabase SQL statement. That, of course, isn't kosher. Thanks! Andy Here's some trace 4: First, when the realm is specified: Tue Dec 18 05:24:21 2001: DEBUG: Handling request with Handler 'Realm=xecu.net' Tue Dec 18 05:24:21 2001: DEBUG: Rewrote user name to xandy Tue Dec 18 05:24:21 2001: DEBUG: xecu.net Deleting session for [EMAIL PROTECTED], 203.63.154.1, 1234 Tue Dec 18 05:24:21 2001: DEBUG: do query is: delete from RADONLINE where NASIDENTIFIER='203.63.154.1' and NASPORT=01234 Tue Dec 18 05:24:21 2001: DEBUG: Handling with Radius::AuthGROUP Tue Dec 18 05:24:21 2001: DEBUG: Handling with Radius::AuthSQL Tue Dec 18 05:24:21 2001: DEBUG: Handling with Radius::AuthSQL: Tue Dec 18 05:24:21 2001: DEBUG: Query is: select ENCRYPTEDPASSWORD, CHECKATTR, REPLYATTR from SUBSCRIBERS where USERNAME='xandy' Tue Dec 18 05:24:21 2001: DEBUG: Radius::AuthSQL looks for match with xandy Tue Dec 18 05:24:21 2001: DEBUG: Query is: select NASIDENTIFIER, NASPORT, ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where USERNAME='[EMAIL PROTECTED]' Tue Dec 18 05:24:21 2001: DEBUG: Radius::AuthSQL ACCEPT: Tue Dec 18 05:24:21 2001: DEBUG: Access accepted for xandy Tue Dec 18 05:24:21 2001: DEBUG: Handling request with Handler 'Realm=xecu.net' Tue Dec 18 05:24:21 2001: DEBUG: Rewrote user name to xandy Tue Dec 18 05:24:21 2001: DEBUG: xecu.net Adding session for [EMAIL PROTECTED], 203.63.154.1, 1234 Tue Dec 18 05:24:21 2001: DEBUG: do query is: delete from RADONLINE where NASIDENTIFIER='203.63.154.1' and NASPORT=01234 Tue Dec 18 05:24:21 2001: DEBUG: do query is: insert into RADONLINE (USERNAME, NASIDENTIFIER, NASPORT, ACCTSESS IONID, TIME_STAMP, FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE) values ('[EMAIL PROTECTED]', '203.63.154.1', 01234, '1234', 1008653061, '', 'Async', 'Framed-User') Tue Dec 18 05:24:21 2001: DEBUG: Handling with Radius::AuthGROUP Tue Dec 18 05:24:21 2001: DEBUG: Handling with Radius::AuthSQL Tue Dec 18 05:24:21 2001: DEBUG: Handling accounting with Radius::AuthSQL Tue Dec 18 05:24:21 2001: DEBUG: Accounting accepted And now when the realm is not specified: Tue Dec 18 16:29:20 2001: DEBUG: Handling request with Handler 'Realm=xecu.net' Tue Dec 18 16:29:20 2001: DEBUG: Rewrote user name to xandy Tue Dec 18 16:29:20 2001: DEBUG: xecu.net Deleting session for xandy, 203.63.154.1, 1234 Tue Dec 18 16:29:20 2001: DEBUG: do query is: delete from RADONLINE where NASIDENTIFIER='203.63.154.1' and NASPORT=01234 Tue Dec 18 16:29:20 2001: DEBUG: Handling with Radius::AuthGROUP Tue Dec 18 16:29:20 2001: DEBUG: Handling with Radius::AuthSQL Tue Dec 18 16:29:20 2001: DEBUG: Handling with Radius::AuthSQL: Tue Dec 18 16:29:20 2001: DEBUG: Query is: select ENCRYPTEDPASSWORD, CHECKATTR, REPLYATTR from SUBSCRIBERS where USERNAME='xandy' Tue Dec 18 16:29:20 2001: DEBUG: Radius::AuthSQL looks for match with xandy Tue Dec 18 16:29:20 2001: DEBUG: Query is: select NASIDENTIFIER, NASPORT, ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where USERNAME='xandy' Tue Dec 18 16:29:20 2001: DEBUG: Radius::AuthSQL ACCEPT: Tue Dec 18 16:29:20 2001: DEBUG: Access accepted for xandy Tue Dec 18 16:29:20 2001: DEBUG: Handling request with Handler 'Realm=xecu.net' Tue Dec 18 16:29:20 2001: