Re: (RADIATOR) (Radiator) Problem with dial-up users
Hi Hugh, --- Hugh Irvine [EMAIL PROTECTED] wrote: [snip] Which customer is this? The same old TMB. Somehow the radius server was rebooted, and the data in DB AuthBy DYNAADDRESS is not correct as the "netmask" is 255.255.255.0. So when the new user logs on, the RAS will broadcast the IP and claim the class C address with that netmask. ;) The obvious question is "what has changed?". Before I hard-coded that netmask to the configuration file. Somehow it got changed along with quite a few things without my knowledge. This is part of the problem - why is the NAS-Port attribute now 0? It should indicate the port number on the NAS to which the user is connected. I will need to check on this again whether this problem still exists. Thanks for all the help, esp. very fast turnaround time. Wish I had time to reply then. Regards, Peter = P. Srivaree-Ratana __ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/ === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) (Radiator) Problem with dial-up users
Hello Peter - If the configuration file has been changed, there is not much I can do. As you say, if the database contains the wrong IP address information, then all sorts of problems are guaranteed to happen. regards Hugh At 2:42 -0700 01/4/9, Peter Srivaree-Ratana wrote: Hi Hugh, --- Hugh Irvine [EMAIL PROTECTED] wrote: [snip] Which customer is this? The same old TMB. Somehow the radius server was rebooted, and the data in DB AuthBy DYNAADDRESS is not correct as the "netmask" is 255.255.255.0. So when the new user logs on, the RAS will broadcast the IP and claim the class C address with that netmask. ;) The obvious question is "what has changed?". Before I hard-coded that netmask to the configuration file. Somehow it got changed along with quite a few things without my knowledge. This is part of the problem - why is the NAS-Port attribute now 0? It should indicate the port number on the NAS to which the user is connected. I will need to check on this again whether this problem still exists. Thanks for all the help, esp. very fast turnaround time. Wish I had time to reply then. Regards, Peter = P. Srivaree-Ratana __ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/ === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- NB: I am travelling this week, so there may be delays in our correspondence. Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) (Radiator) Problem with dial-up users
Hi Hugh, I need your help for the Radiator 2.16.3's functionality. The customer has no problem with the Radiator for a long time. Now only one user can log on at the given time. Which means, the first user logs on, then the second one comes in. As soon as the second one gets authenticated, the first one can no longer use any other services. After a long trace, we have found that the first user's PPP session is still on, he still can ping but never get the ICMP reply. The server that is pingged actually sends back the reply. So it means that the first user's IP is not routable anymore. When the first user terminates the session, the "Stop" request comes to the Radiator from the RAS. This guarantees that the IP connection between RAS and Radiator is still ok. 1. Does Radiator disconnect users? As far as I know, it doesn't. Anything else to check? 2. I see that RADONLINE table inside MySql is different. Before it contains all the online users. Now when the first user logs on, there will be one record there. Then the second user comes in, the first user's record will be deleted and the second user's record will be there instead. I found something in the log: "delete from RADONLINE where NASIDENTIFIER='10.178.24.57' and NASPORT=0" This command will actually remove everybody from the RADONLINE table because every record will come from the same NAS and will have the same NASPORT. I add this log for your info: Access-Request packet: [snip] Thu Apr 5 14:37:26 2001: DEBUG: Check if Handler NAS-IP-Address=10.178.24.57 sho uld be used to handle this request Thu Apr 5 14:37:26 2001: DEBUG: Handling request with Handler 'NAS-IP-Address=10 .178.24.57' Thu Apr 5 14:37:26 2001: DEBUG: OnlineUser Adding session for ba, 10.178.24 .57, Thu Apr 5 14:37:26 2001: DEBUG: do query is: delete from RADONLINE where NASIDENTIFIER='10.178.24.57' and NASPORT=0 Thu Apr 5 14:37:26 2001: DEBUG: do query is: insert into RADONLINE (USERNAME, NAS IDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP, FRAMEDIPADDRESS, NASPORTTYPE, SERV ICETYPE) values ('ba', '10.178.24.57', 0, '313D0C90', 986452646, '10.171.19 4.31', '', '') Thu Apr 5 14:37:26 2001: DEBUG: Handling with Radius::AuthGROUP Thu Apr 5 14:37:26 2001: DEBUG: Handling with Radius::AuthLDAP2 Thu Apr 5 14:37:26 2001: DEBUG: Handling with Radius::AuthDYNADDRESS Thu Apr 5 14:37:26 2001: DEBUG: Accounting accepted Thu Apr 5 14:37:26 2001: DEBUG: Packet dump: TIA, Peter = P. Srivaree-Ratana __ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/ === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) (Radiator) Problem with dial-up users
Hello Peter - On Friday 06 April 2001 19:31, Peter Srivaree-Ratana wrote: Hi Hugh, I need your help for the Radiator 2.16.3's functionality. The customer has no problem with the Radiator for a long time. Now only one user can log on at the given time. Which means, the first user logs on, then the second one comes in. As soon as the second one gets authenticated, the first one can no longer use any other services. Which customer is this? The obvious question is "what has changed?". After a long trace, we have found that the first user's PPP session is still on, he still can ping but never get the ICMP reply. The server that is pingged actually sends back the reply. So it means that the first user's IP is not routable anymore. When the first user terminates the session, the "Stop" request comes to the Radiator from the RAS. This guarantees that the IP connection between RAS and Radiator is still ok. It sounds to me like a routing issue either on the RAS, or on the internal network leading to the RAS. What IP addresses are being used by the sessions on the RAS? Are they correct or are they broken? 1. Does Radiator disconnect users? As far as I know, it doesn't. Anything else to check? Radiator does not disconnect users, the NAS does that - either because the user hangs up or because the NAS drops the session (timeout or modem dropout). 2. I see that RADONLINE table inside MySql is different. Before it contains all the online users. Now when the first user logs on, there will be one record there. Then the second user comes in, the first user's record will be deleted and the second user's record will be there instead. I found something in the log: "delete from RADONLINE where NASIDENTIFIER='10.178.24.57' and NASPORT=0" This is part of the problem - why is the NAS-Port attribute now 0? It should indicate the port number on the NAS to which the user is connected. This command will actually remove everybody from the RADONLINE table because every record will come from the same NAS and will have the same NASPORT. As mentioned above, it is the NAS that is sending the wrong information. Has the software on the NAS, or the configuration on the NAS changed? I add this log for your info: Access-Request packet: [snip] Thu Apr 5 14:37:26 2001: DEBUG: Check if Handler NAS-IP-Address=10.178.24.57 sho uld be used to handle this request Thu Apr 5 14:37:26 2001: DEBUG: Handling request with Handler 'NAS-IP-Address=10 ..178.24.57' Thu Apr 5 14:37:26 2001: DEBUG: OnlineUser Adding session for ba, 10.178.24 ..57, Thu Apr 5 14:37:26 2001: DEBUG: do query is: delete from RADONLINE where NASIDENTIFIER='10.178.24.57' and NASPORT=0 Thu Apr 5 14:37:26 2001: DEBUG: do query is: insert into RADONLINE (USERNAME, NAS IDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP, FRAMEDIPADDRESS, NASPORTTYPE, SERV ICETYPE) values ('ba', '10.178.24.57', 0, '313D0C90', 986452646, '10.171.19 4.31', '', '') Thu Apr 5 14:37:26 2001: DEBUG: Handling with Radius::AuthGROUP Thu Apr 5 14:37:26 2001: DEBUG: Handling with Radius::AuthLDAP2 Thu Apr 5 14:37:26 2001: DEBUG: Handling with Radius::AuthDYNADDRESS Thu Apr 5 14:37:26 2001: DEBUG: Accounting accepted Thu Apr 5 14:37:26 2001: DEBUG: Packet dump: You may also have a problem with the AuthBy DYNADDRESS - what is it giving as an IP address for a request? I will need to see the configuration file (no secrets) together with a trace 4 debug to see what is going on. BTW - we have still not been paid for the extra work that I did for Telekom Malaysia when I saw you last. Could you perhaps ask Azahar what is going on? And perhaps you can send me Azahar's boss's email address so I can contact him directly to get some action on this issue. Many thanks - when will you need me to come to KL again? regards Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.