Re: (RADIATOR) (Radiator) Problem with dial-up users
Hi Hugh, --- Hugh Irvine [EMAIL PROTECTED] wrote: [snip] Which customer is this? The same old TMB. Somehow the radius server was rebooted, and the data in DB AuthBy DYNAADDRESS is not correct as the "netmask" is 255.255.255.0. So when the new user logs on, the RAS will broadcast the IP and claim the class C address with that netmask. ;) The obvious question is "what has changed?". Before I hard-coded that netmask to the configuration file. Somehow it got changed along with quite a few things without my knowledge. This is part of the problem - why is the NAS-Port attribute now 0? It should indicate the port number on the NAS to which the user is connected. I will need to check on this again whether this problem still exists. Thanks for all the help, esp. very fast turnaround time. Wish I had time to reply then. Regards, Peter = P. Srivaree-Ratana __ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/ === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) (Radiator) Problem with dial-up users
Hello Peter - If the configuration file has been changed, there is not much I can do. As you say, if the database contains the wrong IP address information, then all sorts of problems are guaranteed to happen. regards Hugh At 2:42 -0700 01/4/9, Peter Srivaree-Ratana wrote: Hi Hugh, --- Hugh Irvine [EMAIL PROTECTED] wrote: [snip] Which customer is this? The same old TMB. Somehow the radius server was rebooted, and the data in DB AuthBy DYNAADDRESS is not correct as the "netmask" is 255.255.255.0. So when the new user logs on, the RAS will broadcast the IP and claim the class C address with that netmask. ;) The obvious question is "what has changed?". Before I hard-coded that netmask to the configuration file. Somehow it got changed along with quite a few things without my knowledge. This is part of the problem - why is the NAS-Port attribute now 0? It should indicate the port number on the NAS to which the user is connected. I will need to check on this again whether this problem still exists. Thanks for all the help, esp. very fast turnaround time. Wish I had time to reply then. Regards, Peter = P. Srivaree-Ratana __ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/ === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- NB: I am travelling this week, so there may be delays in our correspondence. Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) (Radiator) Problem with dial-up users
Hi Hugh,
I need your help for the Radiator 2.16.3's
functionality. The customer has no problem with the
Radiator for a long time. Now only one user can log
on at the given time. Which means, the first user
logs on, then the second one comes in. As soon as the
second one gets authenticated, the first one can no
longer use any other services.
After a long trace, we have found that the first
user's PPP session is still on, he still can ping but
never get the ICMP reply. The server that is pingged
actually sends back the reply. So it means that the
first user's IP is not routable anymore. When the
first user terminates the session, the "Stop" request
comes to the Radiator from the RAS. This guarantees
that the IP connection between RAS and Radiator is
still ok.
1. Does Radiator disconnect users? As far as I know,
it doesn't. Anything else to check?
2. I see that RADONLINE table inside MySql is
different. Before it contains all the online users.
Now when the first user logs on, there will be one
record there. Then the second user comes in, the
first user's record will be deleted and the second
user's record will be there instead. I found
something in the log:
"delete from RADONLINE where
NASIDENTIFIER='10.178.24.57' and NASPORT=0"
This command will actually remove everybody from the
RADONLINE table because every record will come from
the same NAS and will have the same NASPORT.
I add this log for your info:
Access-Request packet:
[snip]
Thu Apr 5 14:37:26 2001: DEBUG: Check if Handler
NAS-IP-Address=10.178.24.57 sho
uld be used to handle this request
Thu Apr 5 14:37:26 2001: DEBUG: Handling request with
Handler 'NAS-IP-Address=10
.178.24.57'
Thu Apr 5 14:37:26 2001: DEBUG: OnlineUser Adding
session for ba, 10.178.24
.57,
Thu Apr 5 14:37:26 2001: DEBUG: do query is: delete
from RADONLINE where NASIDENTIFIER='10.178.24.57' and
NASPORT=0
Thu Apr 5 14:37:26 2001: DEBUG: do query is: insert
into RADONLINE (USERNAME, NAS
IDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP,
FRAMEDIPADDRESS, NASPORTTYPE, SERV
ICETYPE) values ('ba', '10.178.24.57', 0, '313D0C90',
986452646, '10.171.19
4.31', '', '')
Thu Apr 5 14:37:26 2001: DEBUG: Handling with
Radius::AuthGROUP
Thu Apr 5 14:37:26 2001: DEBUG: Handling with
Radius::AuthLDAP2
Thu Apr 5 14:37:26 2001: DEBUG: Handling with
Radius::AuthDYNADDRESS
Thu Apr 5 14:37:26 2001: DEBUG: Accounting accepted
Thu Apr 5 14:37:26 2001: DEBUG: Packet dump:
TIA,
Peter
=
P. Srivaree-Ratana
__
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail.
http://personal.mail.yahoo.com/
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) (Radiator) Problem with dial-up users
Hello Peter -
On Friday 06 April 2001 19:31, Peter Srivaree-Ratana wrote:
Hi Hugh,
I need your help for the Radiator 2.16.3's
functionality. The customer has no problem with the
Radiator for a long time. Now only one user can log
on at the given time. Which means, the first user
logs on, then the second one comes in. As soon as the
second one gets authenticated, the first one can no
longer use any other services.
Which customer is this?
The obvious question is "what has changed?".
After a long trace, we have found that the first
user's PPP session is still on, he still can ping but
never get the ICMP reply. The server that is pingged
actually sends back the reply. So it means that the
first user's IP is not routable anymore. When the
first user terminates the session, the "Stop" request
comes to the Radiator from the RAS. This guarantees
that the IP connection between RAS and Radiator is
still ok.
It sounds to me like a routing issue either on the RAS, or on the internal
network leading to the RAS. What IP addresses are being used by the sessions
on the RAS? Are they correct or are they broken?
1. Does Radiator disconnect users? As far as I know,
it doesn't. Anything else to check?
Radiator does not disconnect users, the NAS does that - either because the
user hangs up or because the NAS drops the session (timeout or modem dropout).
2. I see that RADONLINE table inside MySql is
different. Before it contains all the online users.
Now when the first user logs on, there will be one
record there. Then the second user comes in, the
first user's record will be deleted and the second
user's record will be there instead. I found
something in the log:
"delete from RADONLINE where
NASIDENTIFIER='10.178.24.57' and NASPORT=0"
This is part of the problem - why is the NAS-Port attribute now 0? It should
indicate the port number on the NAS to which the user is connected.
This command will actually remove everybody from the
RADONLINE table because every record will come from
the same NAS and will have the same NASPORT.
As mentioned above, it is the NAS that is sending the wrong information. Has
the software on the NAS, or the configuration on the NAS changed?
I add this log for your info:
Access-Request packet:
[snip]
Thu Apr 5 14:37:26 2001: DEBUG: Check if Handler
NAS-IP-Address=10.178.24.57 sho
uld be used to handle this request
Thu Apr 5 14:37:26 2001: DEBUG: Handling request with
Handler 'NAS-IP-Address=10
..178.24.57'
Thu Apr 5 14:37:26 2001: DEBUG: OnlineUser Adding
session for ba, 10.178.24
..57,
Thu Apr 5 14:37:26 2001: DEBUG: do query is: delete
from RADONLINE where NASIDENTIFIER='10.178.24.57' and
NASPORT=0
Thu Apr 5 14:37:26 2001: DEBUG: do query is: insert
into RADONLINE (USERNAME, NAS
IDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP,
FRAMEDIPADDRESS, NASPORTTYPE, SERV
ICETYPE) values ('ba', '10.178.24.57', 0, '313D0C90',
986452646, '10.171.19
4.31', '', '')
Thu Apr 5 14:37:26 2001: DEBUG: Handling with
Radius::AuthGROUP
Thu Apr 5 14:37:26 2001: DEBUG: Handling with
Radius::AuthLDAP2
Thu Apr 5 14:37:26 2001: DEBUG: Handling with
Radius::AuthDYNADDRESS
Thu Apr 5 14:37:26 2001: DEBUG: Accounting accepted
Thu Apr 5 14:37:26 2001: DEBUG: Packet dump:
You may also have a problem with the AuthBy DYNADDRESS - what is it giving as
an IP address for a request?
I will need to see the configuration file (no secrets) together with a trace
4 debug to see what is going on.
BTW - we have still not been paid for the extra work that I did for Telekom
Malaysia when I saw you last. Could you perhaps ask Azahar what is going on?
And perhaps you can send me Azahar's boss's email address so I can contact
him directly to get some action on this issue.
Many thanks - when will you need me to come to KL again?
regards
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
