(RADIATOR) AccountingHandled
Hi,
I've already put AccountingHandled on my config file. I wonder
why I still received Retransmission coming from my LNS Cisco 7206.
Here is my config
Foreground
AuthPort 1645
AcctPort 1646
LogDir /data/LOGFILE
LogFile %L/%Y-%m-%d-%H-logfile.log
DbDir /usr/local/etc/raddb
Trace 4
SocketQueueLength 100
LogMicroseconds
Client localhost
Secret mysecret
DupInterval 60
/Client
Handler Called-Station-Id = 1234567
AccountingHandled
MaxSessions 1
SessionDatabase TEST
#RewriteUsername tr/A-Z/a-z/
AcctLogFileName %L/TEST/%Y-%m-%d-detail
PasswordLogFileName %L/TEST/%Y-%m-%d-password
AcctLogFileFormat %m %d %Y %H:%M:%S NAS-IP-Address=%{NAS-IP-
Address} NAS-Port=%{NAS-Port} User-Name=%{User-Name} Called-Station-
Id=%{Called-Station-Id} Calling-Station-Id=%{Calling-Station-Id} Acct-
Status-Type=%{Acct-Status-Type} Service-Type=%{Service-Type} Acct-
Session-Id=%{Acct-Session-Id} Framed-Protocol=%{Framed-Protocol}
Framed-IP-Address=%{Framed-IP-Address} Acct-Session-Time=%{Acct-
Session-Time}Tunnel-Server-Auth-ID=%{Tunnel-Server-Auth-ID} Acct-
Terminate-Cause=%{Acct-Terminate-Cause}
PreAuthHook file:%D/sample.hook
AuthBy SQL
.
.
.
.
/AuthBy
/Handler
Ray
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) AccountingHandled
Hello Ray -
The only way to tell what is going on is to look at a trace 4 debug from
Radiator showing the problem.
I am guessing that the accounting response that Radiator is sending is
being dropped somewhere on the return path to the LNS/NAS. Either that
or there is simply an IOS software bug.
regards
Hugh
On Wednesday, August 28, 2002, at 05:44 PM, [EMAIL PROTECTED] wrote:
Hi,
I've already put AccountingHandled on my config file. I wonder
why I still received Retransmission coming from my LNS Cisco 7206.
Here is my config
Foreground
AuthPort 1645
AcctPort 1646
LogDir /data/LOGFILE
LogFile %L/%Y-%m-%d-%H-logfile.log
DbDir /usr/local/etc/raddb
Trace 4
SocketQueueLength 100
LogMicroseconds
Client localhost
Secret mysecret
DupInterval 60
/Client
Handler Called-Station-Id = 1234567
AccountingHandled
MaxSessions 1
SessionDatabase TEST
#RewriteUsername tr/A-Z/a-z/
AcctLogFileName %L/TEST/%Y-%m-%d-detail
PasswordLogFileName %L/TEST/%Y-%m-%d-password
AcctLogFileFormat %m %d %Y %H:%M:%S NAS-IP-Address=%{NAS-IP-
Address} NAS-Port=%{NAS-Port} User-Name=%{User-Name} Called-Station-
Id=%{Called-Station-Id} Calling-Station-Id=%{Calling-Station-Id} Acct-
Status-Type=%{Acct-Status-Type} Service-Type=%{Service-Type} Acct-
Session-Id=%{Acct-Session-Id} Framed-Protocol=%{Framed-Protocol}
Framed-IP-Address=%{Framed-IP-Address} Acct-Session-Time=%{Acct-
Session-Time}Tunnel-Server-Auth-ID=%{Tunnel-Server-Auth-ID} Acct-
Terminate-Cause=%{Acct-Terminate-Cause}
PreAuthHook file:%D/sample.hook
AuthBy SQL
.
.
.
.
/AuthBy
/Handler
Ray
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) AcceptIfMissing
Hello Simon - This is very odd. Can you please tell me what version of Radiator you are running and what hardware/software platform you are running it on? thanks Hugh On Wednesday, August 28, 2002, at 08:58 AM, Simon Dixon wrote: G'day I've got an issue with the AcceptIfMissing command. With most things it is working how it should,if the user does not exist it will return Accept, if the password for a valid user is correct then it will return Accept, but if the password for a valid user is incorrect, radiator sees that it is incorrect but will still return Accept. Below is a cut down copy of my config, and a log output, any help would be greatly appreciated. - Foreground LogStdout AuthPort 1645 #LogDir . DbDir /usr/local/etc/raddb # User a lower trace level in production systems: Trace 4 Client localhost Secret x DupInterval 0 /Client AuthBy FILE Identifier dicko-file Filename %D/users NoDefault AcceptIfMissing /AuthBy Realm DEFAULT AuthBy dicko-file /Realm -- devmug Password = Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Netmask = 255.255.255.0, Framed-Compression = Van-Jacobson-TCP-IP --- Wed Aug 28 06:46:07 2002: DEBUG: Handling request with Handler 'Realm=DEFAULT' Wed Aug 28 06:46:07 2002: DEBUG: Deleting session for devmug, 203.63.154.1, 1234 Wed Aug 28 06:46:07 2002: DEBUG: Handling with Radius::AuthFILE: dicko-file Wed Aug 28 06:46:07 2002: DEBUG: Radius::AuthFILE looks for match with devmug Wed Aug 28 06:46:07 2002: DEBUG: Radius::AuthFILE REJECT: Bad Password Wed Aug 28 06:46:07 2002: DEBUG: Access accepted for devmug Wed Aug 28 06:46:07 2002: DEBUG: Packet dump: *** Sending to 127.0.0.1 port 1231 Code: Access-Accept Identifier: 216 Authentic: 1234567890123456 Attributes: Thanks Simon Dixon Highway1 === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) AcceptIfMissing
Not a Problem, I'm running FreeBSD 4.6.2 on a x86 machine, with Radiator 3.2. I also get the same issue with FreeBSD 4.5. Regards Simon Dixon Network Administrator www.highway1.com.au -Original Message- From: Hugh Irvine [mailto:[EMAIL PROTECTED]] Sent: Wednesday, 28 August 2002 4:40 PM To: Simon Dixon Cc: [EMAIL PROTECTED] Subject: Re: (RADIATOR) AcceptIfMissing Hello Simon - This is very odd. Can you please tell me what version of Radiator you are running and what hardware/software platform you are running it on? thanks Hugh On Wednesday, August 28, 2002, at 08:58 AM, Simon Dixon wrote: G'day I've got an issue with the AcceptIfMissing command. With most things it is working how it should,if the user does not exist it will return Accept, if the password for a valid user is correct then it will return Accept, but if the password for a valid user is incorrect, radiator sees that it is incorrect but will still return Accept. Below is a cut down copy of my config, and a log output, any help would be greatly appreciated. - Foreground LogStdout AuthPort 1645 #LogDir . DbDir /usr/local/etc/raddb # User a lower trace level in production systems: Trace 4 Client localhost Secret x DupInterval 0 /Client AuthBy FILE Identifier dicko-file Filename %D/users NoDefault AcceptIfMissing /AuthBy Realm DEFAULT AuthBy dicko-file /Realm -- devmug Password = Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Netmask = 255.255.255.0, Framed-Compression = Van-Jacobson-TCP-IP --- Wed Aug 28 06:46:07 2002: DEBUG: Handling request with Handler 'Realm=DEFAULT' Wed Aug 28 06:46:07 2002: DEBUG: Deleting session for devmug, 203.63.154.1, 1234 Wed Aug 28 06:46:07 2002: DEBUG: Handling with Radius::AuthFILE: dicko-file Wed Aug 28 06:46:07 2002: DEBUG: Radius::AuthFILE looks for match with devmug Wed Aug 28 06:46:07 2002: DEBUG: Radius::AuthFILE REJECT: Bad Password Wed Aug 28 06:46:07 2002: DEBUG: Access accepted for devmug Wed Aug 28 06:46:07 2002: DEBUG: Packet dump: *** Sending to 127.0.0.1 port 1231 Code: Access-Accept Identifier: 216 Authentic: 1234567890123456 Attributes: Thanks Simon Dixon Highway1 === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Problems with Radiator-3.3 .tgz install (SITEPREFIX)
Hi Hugh or Mike, I install the different radiator version with a PREFIX, so that I can hold more than one version, see below: # cd /radiator/build/Radiator-X.Y.Z # /radiator/perl/bin/perl Makefile.PL PREFIX=/radiator/install-X.Y.Z # make # make test # make install and with a symlink I choose the current version # ln -s /radiator/install-X.Y.Z /radiator/current (of course, I had to adjust the @INC array in the bin/program(s) from: unshift(@INC, '.'); to:unshift(@INC, '/radiator/current/lib/site_perl/5.6.1'); since you did not proper attend this Makefile PREFIX to adjust your @INC Path. I think you could do a: use lib '%%PREFIX%%/lib/site_perl/5.6.1' and clean this MakeMaker Parameter properly in your binaries. Anyway, this was not a problem for me, because I handled this in my way and was still to lazy to post it as a question. But now with version 3.3 you introduced a magic SITEPREFIX Parameter in the Makefile.PL for .rpm but this is still in the .tgz and the PREFIX is no longer used for the lib installment. In my situation, I got the path /lib/perl5/site_perl clobbered because nobody fills this SITEPREFIX with a useful value. If I try a: mizar:.../Radiator-3.3# /radiator/perl/bin/perl Makefile.PL SITEPREFIX=/radiator/install-3.3/ I get: 'SITEPREFIX' is not a known MakeMaker parameter name. Writing Makefile for Radius Where is the solution? Regards Charly -- Karl Gaissmaier Computing Center,University of Ulm,Germany Email:[EMAIL PROTECTED] Network Administration Tel.: ++49 731 50-22499 === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Radiator Verison 3.3 released
On Tue, Aug 27, 2002 at 11:02:18 +1000, Mike McCauley wrote: Default install directory for Radius/*.pm library files changed to be independent of perl version and for improved RPM installation. On SuSE Linux 8.0 it installed in /lib/perl5/site_perl, but the proper directory would be /usr/lib/perl5/site_perl. So I had to move files into the right directory. Could you please correct this in the next release? Thanks, Marc === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Install broken on FreeBSD-stable?
Just downloaded 3.3 and tried to install on a fresh box.. it seems that the install procedure puts the perl modules under /lib (where they cannot be found by the default perl install), where the more appropriate place would be /usr/local/lib or /usr/lib. FreeBSD 4.6-STABLE #0: Fri Aug 23 15:52:43 GMT 2002 su-2.05b# rm -rf Radiator-3.3 su-2.05b# tar xzf Radiator-3.3.tgz su-2.05b# cd Radiator-3.3 su-2.05b# perl Makefile.PL Checking if your kit is complete... Looks good Writing Makefile for Radius su-2.05b# make install mkdir blib mkdir blib/lib cp Radius/RadpwtstGui.pm blib/lib/Radius/RadpwtstGui.pm cp Radius/AuthGROUP.pm blib/lib/Radius/AuthGROUP.pm cp Radius/DHCP.pm blib/lib/Radius/DHCP.pm [etc, etc] Installing /lib/perl5/site_perl/Radius/RadpwtstGui.pm Installing /lib/perl5/site_perl/Radius/AuthGROUP.pm Installing /lib/perl5/site_perl/Radius/DHCP.pm [more etc, etc] Writing /lib/perl5/site_perl/auto/Radius/.packlist Appending installation info to /usr/libdata/perl/5.00503/mach/perllocal.pod su-2.05b# cd su-2.05b# radiusd Can't locate Radius/RDict.pm in @INC (@INC contains: . /usr/local/lib/perl5/site_perl/5.005/i386-freebsd /usr/local/lib/perl5/site_perl/5.005 . /usr/libdata/perl/5.00503/mach /usr/libdata/perl/5.00503) at /usr/bin/radiusd line 25. BEGIN failed--compilation aborted at /usr/bin/radiusd line 25. --Doug === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Proposal for new config keywords
Some users might want to lighten up the load on their sessions SQL
table. On a typical ADSL setup, the following scenario occurs :
- One auth ticket sent by the TELCO for it's local BAS - DELETE
- One auth ticket sent by our own BAS - DELETE
- One session start ticket sent by the TELCO's BAS - DELETE / INSERT
- One session stop ticket sent by our BAS - DELETE / INSERT
- Then, the normal Stop tickets mechanism which we don't touch.
This makes a total of 4 DELETEs + 2 INSERTs.
I propose the following mechanism :
1) As the Auth ticket will be followed by a Start ticket, the first
delete is made optional. The only case where this would be a problem
in the current behavior of radiator would be the following one :
- You use the simultaneous sessions limit (MaxSessions) feature
- User foo is disconnected the hard way and no Stop ticket is received.
- Use foo reconnects on exactly the same NAS/NASPORT and nobody has
reconnected on it before him.
This is most unlikely to happen, and even if I did not do it, it would
be pretty simple to add a test to SessSQL's exceeded function to test
for same NAS/NASPORT before incrementing $count.
2) As some databases can do it easily (MySQL is one), the DELETE/INSERT
mechanism can be replaced by a single REPLACE INTO which replaces the
entry identified by the table's primary key (fine if your accounting
table has a primary key on the NAS/NASPORT pair), and inserts it if
it does not exist.
I added two flags to the SessSQL handler :
- DontDeleteOnAuth
- DontDeleteBeforeAdd
The first one is pretty straightforward, but the second one implies
that the user configures his instance of radiator to make a replace
into instead of an insert. e.g :
SessionDatabase SQL
[... cut some stuff ...]
DontDeleteBeforeAdd
AddQueryreplace into RADONLINE (USERNAME, NASIDENTIFIER,
NASPORT, ACCTSESSIONID, TIME_STAMP, FRAMEDIPADDRESS, NASPORTTYPE,
SERVICETYPE) values ('%u', '%N', 0%{NAS-Port}, '%{Acct-Session-Id}',
%{Timestamp}, '%{Framed-IP-Address}', '%{NAS-Port-Type}',
'%{Service-Type}')
/SessionDatabase
This also means that the primary key on the table is based on :
NASIDENTIFIER/NASPORT.
As a result of using those two flags, and in the case we are
talking about above, we go from :
4 DELETEs + 2 INSERTs.
to :
2 REPLACE INTO
Which is much, much faster because radiator only has 2 queries to
run (and wait a return for), and because the database backend has
very limited locking involved.
Modem sessions handling meet the same situation but we only loose
one DELETE.
The patch is pretty simple and involves only two files :
(The bug correction I sent earlier is not included in this diff.
It's based on pure 3.1 code).
*** Handler.pm Tue Aug 27 21:54:28 2002
--- Handler.pm.patched Wed Aug 28 15:37:10 2002
***
*** 188,195
if ($p-code eq 'Access-Request')
{
# If we lost a Stop for this port, clean up the session database
$sessdb-delete($original_username, $nas_id, $nas_port, $p,
! $session_id, $framed_ip_address);
# Issue a denial and bomb out
return $self-handlerResult($p, $main::REJECT, 'MaxSessions
exceeded')
--- 188,196
if ($p-code eq 'Access-Request')
{
# If we lost a Stop for this port, clean up the session database
+ # if flag DontDeleteOnAUth is not present.
$sessdb-delete($original_username, $nas_id, $nas_port, $p,
! $session_id, $framed_ip_address) if (!defined
$sessdb-{DontDeleteOnAuth}) ;
# Issue a denial and bomb out
return $self-handlerResult($p, $main::REJECT, 'MaxSessions
exceeded')
*** SessSQL.pm Tue Aug 27 22:03:57 2002
--- SessSQL.pm.patched Wed Aug 28 16:19:41 2002
***
*** 21,27
'DeleteQuery' = 'string',
'ClearNasQuery' = 'string',
'CountQuery'= 'string',
! 'CountNasSessionsQuery' = 'string'
);
#
--- 21,29
'DeleteQuery' = 'string',
'ClearNasQuery' = 'string',
'CountQuery'= 'string',
! 'CountNasSessionsQuery' = 'string',
! 'DontDeleteBeforeAdd' = 'flag',
! 'DontDeleteOnAuth' = 'flag'
);
#
***
*** 61,69
$self-log($main::LOG_DEBUG,
$self-{Identifier} Adding session for $name, $nas_id,
$nas_port, $p);
! if ($self-{DeleteQuery})
{
# Delete any existing session on this port first: its clearly defunct
$self-do(Radius::Util::format_special
($self-{DeleteQuery}, $p, undef,
$name, $nas_id, $nas_port));
--- 63,72
$self-log($main::LOG_DEBUG,
$self-{Identifier} Adding session for $name, $nas_id,
$nas_port, $p);
! if (!defined
FW: (RADIATOR) NumHosts in SQLRadius
Information on extending the functionality of SQLRADIUS
You may remember in a previous email I was asking about how to get NumHosts
to not be a fixed value. NumHosts defines the amount of hosts avaliable for
the downstream configuration we are currently proxy RADIUS'ing to.
Reason being, that the amount of avaliable hosts is completely different for
each proxy-radius downstream.
I have modified my version of SQLRADIUS to fix this problem, and here's what
to do if anyone else is interested:
First part is the modification of the configuration keywords in the
AuthSQLRADIUS.pm module. I added NumHostQuery, as a string.
%Radius::AuthSQLRADIUS::ConfigKeywords =
(
'HostSelect'= 'string',
'NumHosts' = 'integer',
'NumHostQuery' = 'string', # Define NumHostQuery for the Config
'HostColumnDef' = 'stringhash',
);
The NumHostQuery I use:
NumHostQuery select count(*) from downstream_host downh, downstream_dnis
ddnis \
where ddnis.target_id = downh.target_id and ddnis.dnis =
'%{Called-Station-Id}'
Below, is the changes I made to the chooseHost method. Denoted by the
meriads of ---'s.
Thanks,
Martin
sub chooseHost
{
my ($self, $fp, $p) = @_;
# If they have already tried to send this too many times, and there
# are no more hosts to send to take the policy from the database
# This standard table has space for 2 hosts. Adjust this if necessary
return if ($fp-{hostCounter} = $self-{NumHosts});
- my
bit
# However, the first time we try to find a host for this
# instance, we should check whether there is a NumHostQuery (to
# confirm the amount of hosts)
# Added by Martin Edge [EMAIL PROTECTED]
if (defined $self-{NumHostQuery}) # If there is a NumHostQuery defined
if (!defined $self-{NumHostQueryRan}) { # If we haven't checked
NumHostQuery result
# Format the Query with special character results
my $sth = $self-prepareAndExecute(
Radius::Util::format_special ($self-{NumHostQuery}, $p,
undef, undef, undef)
);
# fetch results
my @results = $sth-fetchrow();
# If there is results, update NumHosts, and set a flag in the object so
we know
# we have run a check
if (@results) {
$self-log($main::LOG_DEBUG, ADJUSTING NUMHOSTS TO
.$results[0]);
$self-{NumHosts} = $results[0];
}
$self-{NumHostQueryRan} = 1; # Mark the Object with a 'we have
checked it'
}
}
- /my
bit
$fp-{hostCounter}++;
my $q = Radius::Util::format_special
($self-{HostSelect}, $p, undef, $fp-{hostCounter});
my $sth = $self-prepareAndExecute($q);
return unless $sth;
my (@row, $host);
if (@row = $self-getOneRow($sth))
{
# If there is no host (maybe no secondary?) return
return if $row[0] eq '';
if (defined $self-{HostColumnDef})
{
$host = $self-getHostColumns($fp, @row);
}
else
{
# If certain columns are present, use them to
# initialise the Radius::Host object that tells
# AuthRADIUS where to proxy to.
$fp-{failurePolicy} = $row[10] if defined $row[10];
$host = Radius::Host-new
(undef, $row[0],
defined $row[1] ? (Secret = $row[1]) :
(),
defined $row[2] ? (AuthPort = $row[2]) :
(),
defined $row[3] ? (AcctPort = $row[3]) :
(),
defined $row[4] ? (Retries= $row[4]) :
(),
defined $row[5] ? (RetryTimeout = $row[5]) :
(),
defined $row[6] ? (UseOldAscendPasswords = $row[6]) :
(),
defined $row[7] ? (ServerHasBrokenPortNumbers = $row[7]) :
(),
defined $row[8] ? (ServerHasBrokenAddresses = $row[8]) :
(),
defined $row[9] ? (IgnoreReplySignature = $row[9]) :
(),
);
}
}
else
{
# Call the superclass to fall back to any hardwired
# hosts.
return $self-SUPER::chooseHost($fp, $p, $p-{rp});
}
return $host;
}
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Radiator Verison 3.3 released
Hello Marc - Thanks for your mail - I have forwarded a copy to Mike and we will have an answer later today. regards Hugh On Wednesday, August 28, 2002, at 08:54 PM, Marc Langer wrote: On Tue, Aug 27, 2002 at 11:02:18 +1000, Mike McCauley wrote: Default install directory for Radius/*.pm library files changed to be independent of perl version and for improved RPM installation. On SuSE Linux 8.0 it installed in /lib/perl5/site_perl, but the proper directory would be /usr/lib/perl5/site_perl. So I had to move files into the right directory. Could you please correct this in the next release? Thanks, Marc === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Problems with Radiator-3.3 .tgz install (SITEPREFIX)
Hi Charly - I have forwarded your mail to Mike and I'll get back to you shortly. regards Hugh On Wednesday, August 28, 2002, at 08:13 PM, Karl Gaissmaier wrote: Hi Hugh or Mike, I install the different radiator version with a PREFIX, so that I can hold more than one version, see below: # cd /radiator/build/Radiator-X.Y.Z # /radiator/perl/bin/perl Makefile.PL PREFIX=/radiator/install-X.Y.Z # make # make test # make install and with a symlink I choose the current version # ln -s /radiator/install-X.Y.Z /radiator/current (of course, I had to adjust the @INC array in the bin/program(s) from: unshift(@INC, '.'); to:unshift(@INC, '/radiator/current/lib/site_perl/5.6.1'); since you did not proper attend this Makefile PREFIX to adjust your @INC Path. I think you could do a: use lib '%%PREFIX%%/lib/site_perl/5.6.1' and clean this MakeMaker Parameter properly in your binaries. Anyway, this was not a problem for me, because I handled this in my way and was still to lazy to post it as a question. But now with version 3.3 you introduced a magic SITEPREFIX Parameter in the Makefile.PL for .rpm but this is still in the .tgz and the PREFIX is no longer used for the lib installment. In my situation, I got the path /lib/perl5/site_perl clobbered because nobody fills this SITEPREFIX with a useful value. If I try a: mizar:.../Radiator-3.3# /radiator/perl/bin/perl Makefile.PL SITEPREFIX=/radiator/install-3.3/ I get: 'SITEPREFIX' is not a known MakeMaker parameter name. Writing Makefile for Radius Where is the solution? Regards Charly -- Karl Gaissmaier Computing Center,University of Ulm,Germany Email:[EMAIL PROTECTED] Network Administration Tel.: ++49 731 50-22499 === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Install broken on FreeBSD-stable?
Hi Doug - I have forwarded your mail to Mike and I will get back to you later today. thanks Hugh On Wednesday, August 28, 2002, at 08:24 PM, Doug Clements wrote: Just downloaded 3.3 and tried to install on a fresh box.. it seems that the install procedure puts the perl modules under /lib (where they cannot be found by the default perl install), where the more appropriate place would be /usr/local/lib or /usr/lib. FreeBSD 4.6-STABLE #0: Fri Aug 23 15:52:43 GMT 2002 su-2.05b# rm -rf Radiator-3.3 su-2.05b# tar xzf Radiator-3.3.tgz su-2.05b# cd Radiator-3.3 su-2.05b# perl Makefile.PL Checking if your kit is complete... Looks good Writing Makefile for Radius su-2.05b# make install mkdir blib mkdir blib/lib cp Radius/RadpwtstGui.pm blib/lib/Radius/RadpwtstGui.pm cp Radius/AuthGROUP.pm blib/lib/Radius/AuthGROUP.pm cp Radius/DHCP.pm blib/lib/Radius/DHCP.pm [etc, etc] Installing /lib/perl5/site_perl/Radius/RadpwtstGui.pm Installing /lib/perl5/site_perl/Radius/AuthGROUP.pm Installing /lib/perl5/site_perl/Radius/DHCP.pm [more etc, etc] Writing /lib/perl5/site_perl/auto/Radius/.packlist Appending installation info to /usr/libdata/perl/5.00503/mach/perllocal.pod su-2.05b# cd su-2.05b# radiusd Can't locate Radius/RDict.pm in @INC (@INC contains: . /usr/local/lib/perl5/site_perl/5.005/i386-freebsd /usr/local/lib/perl5/site_perl/5.005 . /usr/libdata/perl/5.00503/mach /usr/libdata/perl/5.00503) at /usr/bin/radiusd line 25. BEGIN failed--compilation aborted at /usr/bin/radiusd line 25. --Doug === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Version 3.3 install
Hello all, a number of people have reported problems with the install process in version 3.3. On Suse and FreeBSD, 'make install' will try to install library files into /lib instead of the more usual /usr/lib. We have uploaded a new Makefile.PL to the 3.3 patches area that should fix this problem. http://www.open.com.au/radiator/downloads/patches-3.3/Makefile.PL Any further reports to me please. Cheers. -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X etc etc === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Proposal for new config keywords
Hello Frederic -
I would have thought that a better answer would be to configure seperate
Handlers for each BAS and only do the database accesses for your own.
Something like this:
# define Client clauses
Client 1.1.1.1
Identifier TelcoBAS
.
/Client
Client 2.2.2.2
Identifier LocalBAS
.
/Client
# define Handlers
Handler Client-Identifier = TelcoBAS
.
/Handler
Handler Client-Identifier = LocalBAS
.
/Handler
regards
Hugh
On Thursday, August 29, 2002, at 03:40 AM, Frederic Olivie wrote:
Some users might want to lighten up the load on their sessions SQL
table. On a typical ADSL setup, the following scenario occurs :
- One auth ticket sent by the TELCO for it's local BAS - DELETE
- One auth ticket sent by our own BAS - DELETE
- One session start ticket sent by the TELCO's BAS - DELETE / INSERT
- One session stop ticket sent by our BAS - DELETE / INSERT
- Then, the normal Stop tickets mechanism which we don't touch.
This makes a total of 4 DELETEs + 2 INSERTs.
I propose the following mechanism :
1) As the Auth ticket will be followed by a Start ticket, the first
delete is made optional. The only case where this would be a problem
in the current behavior of radiator would be the following one :
- You use the simultaneous sessions limit (MaxSessions) feature
- User foo is disconnected the hard way and no Stop ticket is received.
- Use foo reconnects on exactly the same NAS/NASPORT and nobody has
reconnected on it before him.
This is most unlikely to happen, and even if I did not do it, it would
be pretty simple to add a test to SessSQL's exceeded function to test
for same NAS/NASPORT before incrementing $count.
2) As some databases can do it easily (MySQL is one), the DELETE/INSERT
mechanism can be replaced by a single REPLACE INTO which replaces the
entry identified by the table's primary key (fine if your accounting
table has a primary key on the NAS/NASPORT pair), and inserts it if
it does not exist.
I added two flags to the SessSQL handler :
- DontDeleteOnAuth
- DontDeleteBeforeAdd
The first one is pretty straightforward, but the second one implies
that the user configures his instance of radiator to make a replace
into instead of an insert. e.g :
SessionDatabase SQL
[... cut some stuff ...]
DontDeleteBeforeAdd
AddQueryreplace into RADONLINE (USERNAME, NASIDENTIFIER,
NASPORT, ACCTSESSIONID, TIME_STAMP, FRAMEDIPADDRESS, NASPORTTYPE,
SERVICETYPE) values ('%u', '%N', 0%{NAS-Port}, '%{Acct-Session-Id}',
%{Timestamp}, '%{Framed-IP-Address}', '%{NAS-Port-Type}',
'%{Service-Type}')
/SessionDatabase
This also means that the primary key on the table is based on :
NASIDENTIFIER/NASPORT.
As a result of using those two flags, and in the case we are
talking about above, we go from :
4 DELETEs + 2 INSERTs.
to :
2 REPLACE INTO
Which is much, much faster because radiator only has 2 queries to
run (and wait a return for), and because the database backend has
very limited locking involved.
Modem sessions handling meet the same situation but we only loose
one DELETE.
The patch is pretty simple and involves only two files :
(The bug correction I sent earlier is not included in this diff.
It's based on pure 3.1 code).
*** Handler.pmTue Aug 27 21:54:28 2002
--- Handler.pm.patchedWed Aug 28 15:37:10 2002
***
*** 188,195
if ($p-code eq 'Access-Request')
{
# If we lost a Stop for this port, clean up the session database
$sessdb-delete($original_username, $nas_id, $nas_port, $p,
! $session_id, $framed_ip_address);
# Issue a denial and bomb out
return $self-handlerResult($p, $main::REJECT, 'MaxSessions
exceeded')
--- 188,196
if ($p-code eq 'Access-Request')
{
# If we lost a Stop for this port, clean up the session database
+ # if flag DontDeleteOnAUth is not present.
$sessdb-delete($original_username, $nas_id, $nas_port, $p,
! $session_id, $framed_ip_address) if (!defined
$sessdb-{DontDeleteOnAuth}) ;
# Issue a denial and bomb out
return $self-handlerResult($p, $main::REJECT, 'MaxSessions
exceeded')
*** SessSQL.pmTue Aug 27 22:03:57 2002
--- SessSQL.pm.patchedWed Aug 28 16:19:41 2002
***
*** 21,27
'DeleteQuery' = 'string',
'ClearNasQuery' = 'string',
'CountQuery'= 'string',
! 'CountNasSessionsQuery' = 'string'
);
#
--- 21,29
'DeleteQuery' = 'string',
'ClearNasQuery' = 'string',
'CountQuery'= 'string',
! 'CountNasSessionsQuery' = 'string',
! 'DontDeleteBeforeAdd' = 'flag',
! 'DontDeleteOnAuth' = 'flag'
);
Re: (RADIATOR) AcceptIfMissing
Hello Simon - Our apologies - a bug. There is a fixed version of AuthGeneric.pm in the patches area of the web site. Thanks for reporting the problem. regards Hugh On Wednesday, August 28, 2002, at 07:19 PM, Simon Dixon wrote: Not a Problem, I'm running FreeBSD 4.6.2 on a x86 machine, with Radiator 3.2. I also get the same issue with FreeBSD 4.5. Regards Simon Dixon Network Administrator www.highway1.com.au -Original Message- From: Hugh Irvine [mailto:[EMAIL PROTECTED]] Sent: Wednesday, 28 August 2002 4:40 PM To: Simon Dixon Cc: [EMAIL PROTECTED] Subject: Re: (RADIATOR) AcceptIfMissing Hello Simon - This is very odd. Can you please tell me what version of Radiator you are running and what hardware/software platform you are running it on? thanks Hugh On Wednesday, August 28, 2002, at 08:58 AM, Simon Dixon wrote: G'day I've got an issue with the AcceptIfMissing command. With most things it is working how it should,if the user does not exist it will return Accept, if the password for a valid user is correct then it will return Accept, but if the password for a valid user is incorrect, radiator sees that it is incorrect but will still return Accept. Below is a cut down copy of my config, and a log output, any help would be greatly appreciated. - Foreground LogStdout AuthPort 1645 #LogDir . DbDir /usr/local/etc/raddb # User a lower trace level in production systems: Trace 4 Client localhost Secret x DupInterval 0 /Client AuthBy FILE Identifier dicko-file Filename %D/users NoDefault AcceptIfMissing /AuthBy Realm DEFAULT AuthBy dicko-file /Realm -- devmug Password = Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Netmask = 255.255.255.0, Framed-Compression = Van-Jacobson-TCP-IP --- Wed Aug 28 06:46:07 2002: DEBUG: Handling request with Handler 'Realm=DEFAULT' Wed Aug 28 06:46:07 2002: DEBUG: Deleting session for devmug, 203.63.154.1, 1234 Wed Aug 28 06:46:07 2002: DEBUG: Handling with Radius::AuthFILE: dicko-file Wed Aug 28 06:46:07 2002: DEBUG: Radius::AuthFILE looks for match with devmug Wed Aug 28 06:46:07 2002: DEBUG: Radius::AuthFILE REJECT: Bad Password Wed Aug 28 06:46:07 2002: DEBUG: Access accepted for devmug Wed Aug 28 06:46:07 2002: DEBUG: Packet dump: *** Sending to 127.0.0.1 port 1231 Code: Access-Accept Identifier: 216 Authentic: 1234567890123456 Attributes: Thanks Simon Dixon Highway1 === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Version 3.3 install
Hi, Mike. The same problem is on SPARC Solaris 8. I dont test new Makefile.PL yet. MM Hello all, MM a number of people have reported problems with the install process in version MM 3.3. On Suse and FreeBSD, 'make install' will try to install library files MM into /lib instead of the more usual /usr/lib. MM We have uploaded a new Makefile.PL to the 3.3 patches area that should fix MM this problem. MM http://www.open.com.au/radiator/downloads/patches-3.3/Makefile.PL MM Any further reports to me please. MM Cheers. With respect, Pavel A Crasotin OJSC SeverTransCom 159 Moskovsky pr, Yaroslavl, 150048, Russia Tel/Fax: +7 (0852) 49-57-57, 49-58-88 === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Version 3.3 install
You guys aint having fun lately are yaz ;-) ...Skeeve -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Mike McCauley Sent: Thursday, August 29, 2002 11:36 AM To: [EMAIL PROTECTED] Subject: (RADIATOR) Version 3.3 install Hello all, a number of people have reported problems with the install process in version 3.3. On Suse and FreeBSD, 'make install' will try to install library files into /lib instead of the more usual /usr/lib. We have uploaded a new Makefile.PL to the 3.3 patches area that should fix this problem. http://www.open.com.au/radiator/downloads/patches-3.3/Makefile.PL Any further reports to me please. Cheers. -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X etc etc === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Simultaneous-User connection
Dear All, I am checking for simulatenous user connection. Here demo@abc has simulatenous-user = 1. But the usercan do multiple connection.Here's my Trace 4 debug: first access request session: from XXX.XXX.XXX.2:4 for demo@abc ..Access-accepted ..Accounting-request .. During the second connection session: from XXX.XXX.XXX.3:6 for demo@abc ... Wed Aug 28 15:28:40 2002: DEBUG: Checking if user is still online: Router demo@abc, XXX.XXX.XXX.2, 4, 08B3 Wed Aug 28 15:28:40 2002: DEBUG: Running command `/usr/bin/snmpget XXX.XXX.XXX.2 mysecret.iso.org.dod.internet.private.enterprises.9.2.9.2.1.18.4` (i.e. simultaneous user is been checked. perfect till here, i suppose.) Wed Aug 28 15:28:40 2002: NOTICE: SessSQL Session for demo@abc, at XXX.XXX.XXX.2:4 has gone away (here i doubt why first session has gone away ) Wed Aug 28 15:28:40 2002: DEBUG: SessSQL Deleting session for demo@abc, XXX.XXX.XXX.2, 4Wed Aug 28 15:28:40 2002: DEBUG: do query is: delete from RADONLINE where NASIDENTIFIER ='XXX.XXX.XXX.3' and NASPORT =06. hence, secondgot connected. What might be the reason for the first session ie XXX.XXX.XXX.2:4that hasgone away. It should bedenying the second session mentioning"Simulatenous-Use of 1 exceeded". right? Plese help me out. Thanking you in advance. regards, Rajan.
Re: (RADIATOR) Version 3.3 install
Hi Mike, Pavel, The patched Makefile.PL on SPARC Solaris 8 was installing the .pm files in /usr/local/lib/perl5/site_perl instead of /usr/local/lib/perl5/site_perl/5.005 where perl expected it. Cheers, Chris Pavel A Crasotin wrote: Hi, Mike. The same problem is on SPARC Solaris 8. I dont test new Makefile.PL yet. MM Hello all, MM a number of people have reported problems with the install process in version MM 3.3. On Suse and FreeBSD, 'make install' will try to install library files MM into /lib instead of the more usual /usr/lib. MM We have uploaded a new Makefile.PL to the 3.3 patches area that should fix MM this problem. MM http://www.open.com.au/radiator/downloads/patches-3.3/Makefile.PL MM Any further reports to me please. MM Cheers. With respect, Pavel A Crasotin OJSC SeverTransCom 159 Moskovsky pr, Yaroslavl, 150048, Russia Tel/Fax: +7 (0852) 49-57-57, 49-58-88 === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- +Chris Myers ~ [EMAIL PROTECTED] . Information Technology Services - Software Infrastructure . Ph: +61 7 3365 4017 - Mobile: 0413-009-482 - Room: 42-412 . The Prentice Building - The University of Queensland 4072 + PGP Public key available @ http://www.uq.edu.au/~uqcmyers === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
