RE: (RADIATOR) AddressAllocatorSQL
Title: RE: (RADIATOR) AddressAllocatorSQL Hugh, Thanks for your hint :-) Harrison -Original Message- From: Hugh Irvine [mailto:[EMAIL PROTECTED]] Sent: Friday, August 24, 2001 8:18 AM To: Harrison Ng; '[EMAIL PROTECTED]' Subject: Re: (RADIATOR) AddressAllocatorSQL Hello Harrison - Having more than one Radiator host will not cause a problem. Note the ReclaimQuery that is run: Wed Aug 22 19:22:14 2001: DEBUG: do query is: update RADPOOL set STATE=0 where state!=0 and EXPIRY 998479334 This will only reclaim leases that have expired, as configured by the DefaultLeasePeriod. This is the correct behaviour. In any case, you can disable the query in the configuration file by specifying an empty string. Ie: ReclaimQuery hth Hugh On Thursday 23 August 2001 20:12, Harrison Ng wrote: Hello, Is there any way to disable ReclaimQuery during radiator startup. Using AddressAllocatorSQL on one radius server with one database should be fine. But not in AuthBy ROUNDROBIN environment. Here is our machine configuration. 1. One Ericsson GSN with 2 radius clients. It send access request, a/c start, a/c stop to radius proxy using AuthBy ROUNDROBIN. 2. The proxy will forward those request to two radius server for enhancing performance. 3. The two radius server use AddressAllocatorSQL to reply ip address to client. They share a RADPOOL reside in mysql db. Serious problem arises when either one radius server restart, it will reset all ip address STATE to zero. Pls see debug message. Even though some ip address is already allocated by another health radius server. Is anyone have different implementation method. Can anyone give me some hint. Pls find attached radius.cfg for your reference. Harrison SmarTone BroadBand Services Limited Wed Aug 22 19:22:11 2001: DEBUG: Reading users file /usr/local/etc/raddb/users.accept Wed Aug 22 19:22:11 2001: DEBUG: Reading users file /usr/local/etc/raddb/users.reject Wed Aug 22 19:22:11 2001: DEBUG: Checking address 202.140.74.2 Wed Aug 22 19:22:11 2001: DEBUG: Query is: select STATE from RADPOOL where YIADDR='202.140.74.2' Wed Aug 22 19:22:14 2001: DEBUG: Reclaiming expired leases Wed Aug 22 19:22:14 2001: DEBUG: do query is: update RADPOOL set STATE=0 where state!=0 and EXPIRY 998479334 Wed Aug 22 19:22:14 2001: INFO: Server started: Radiator 2.18.2 on grad1 Wed Aug 22 19:22:14 2001: DEBUG: Packet dump: *** Received from 10.25.157.17 port 1033 Code: Access-Request radius.proxy.txt radius.server.txt Content-Type: text/html; charset=iso-8859-1; name=Attachment: 1 Content-Transfer-Encoding: quoted-printable Content-Description: Content-Type: text/plain; charset=iso-8859-1; name=radius.proxy.txt Content-Transfer-Encoding: 7bit Content-Description: Content-Type: text/plain; charset=iso-8859-1; name=radius.server.txt Content-Transfer-Encoding: quoted-printable Content-Description: -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence.
(RADIATOR) AddressAllocatorSQL
Title: AddressAllocatorSQL Hello, Is there any way to disable ReclaimQuery during radiator startup. Using AddressAllocatorSQL on one radius server with one database should be fine. But not in AuthBy ROUNDROBIN environment. Here is our machine configuration. 1. One Ericsson GSN with 2 radius clients. It send access request, a/c start, a/c stop to radius proxy using AuthBy ROUNDROBIN. 2. The proxy will forward those request to two radius server for enhancing performance. 3. The two radius server use AddressAllocatorSQL to reply ip address to client. They share a RADPOOL reside in mysql db. Serious problem arises when either one radius server restart, it will reset all ip address STATE to zero. Pls see debug message. Even though some ip address is already allocated by another health radius server. Is anyone have different implementation method. Can anyone give me some hint. Pls find attached radius.cfg for your reference. Harrison SmarTone BroadBand Services Limited Wed Aug 22 19:22:11 2001: DEBUG: Reading users file /usr/local/etc/raddb/users.accept Wed Aug 22 19:22:11 2001: DEBUG: Reading users file /usr/local/etc/raddb/users.reject Wed Aug 22 19:22:11 2001: DEBUG: Checking address 202.140.74.2 Wed Aug 22 19:22:11 2001: DEBUG: Query is: select STATE from RADPOOL where YIADDR='202.140.74.2' ... ... Wed Aug 22 19:22:14 2001: DEBUG: Reclaiming expired leases Wed Aug 22 19:22:14 2001: DEBUG: do query is: update RADPOOL set STATE=0 where state!=0 and EXPIRY 998479334 Wed Aug 22 19:22:14 2001: INFO: Server started: Radiator 2.18.2 on grad1 Wed Aug 22 19:22:14 2001: DEBUG: Packet dump: *** Received from 10.25.157.17 port 1033 Code: Access-Request ... ... radius.proxy.txt radius.server.txt ## Global Parameters ## Trace 4 AuthPort1812 AcctPort1813 LogDir /var/log/radius DbDir /usr/local/etc/raddb LogFile %L/grad3.logfile.%Y%m%d DictionaryFile %D/dictionary PidFile %L/radiusd.pid ### ## NAS Client # Client 202.140.74.1 Secret xxx /Client Client 10.25.155.1 Secret xxx /Client Client localhost Secret mysecret DupInterval 0 /Client ### ## Log SQL Log SQL Identifier logsql DBSource dbi:mysql:radius:10.25.157.33 DBUsername xxx DBAuth xxx Table RADLOG Trace 3 LogQuery insert into RADLOG (TIME_STAMP,PRIORITY,MESSAGE,HOST) values (%t,%0,%2,'%h') /Log SQL ### ## AuthBy Module ## AuthBy FILE Identifier defaultaccept Filename %D/users.accept /AuthBy AuthBy FILE Identifier defaultreject Filename %D/users.reject /AuthBy AuthBy ROUNDROBIN Identifier roundrobin Host 10.25.157.19 Secret xxx AuthPort 1812 AcctPort 1813 /Host Host 10.25.157.18 Secret xxx AuthPort 1812 AcctPort 1813 /Host /AuthBy ### ## Handler Module # Handler Client-Id = 202.140.74.1,NAS-Identifier = radius RejectHasReason RewriteUsername s/^([^@]+).*/$1/ #SessionDatabase simultaneous AuthBy roundrobin AcctLogFileName %L/%c/grad3.%c.detail.%Y%m%d PasswordLogFileName %L/grad3.password.%Y%m%d /Handler Handler Client-Id = 10.25.155.1,NAS-Identifier = rad RejectHasReason RewriteUsername s/^([^@]+).*/$1/ #SessionDatabase simultaneous AuthBy roundrobin AcctLogFileName %L/%c/grad3.%c.detail.%Y%m%d PasswordLogFileName %L/grad3.password.%Y%m%d /Handler Handler Client-Id = localhost RejectHasReason RewriteUsername s/^([^@]+).*/$1/ AuthBy defaultaccept AcctLogFileName %L/%c/grad3.%c.detail.%Y%m%d PasswordLogFileName %L/grad3.password.%Y%m%d /Handler ### ## Global Parameters ## Trace 4 AuthPort1812 AcctPort1813 LogDir /var/log/radius DbDir /usr/local/etc/raddb LogFile %L/grad1.logfile.%Y%m%d DictionaryFile %D/dictionary PidFile %L/radiusd.pid ### ## NAS Client # Client 10.25.157.17 Secret xxx /Client Client localhost Secret mysecret DupInterval 0 /Client ### ## Log SQL Log SQL Identifier logsql DBSource dbi:mysql:radius:10.25.157.33 DBUsername xxx DBAuth xxx Table RADLOG Trace 3 LogQuery insert into RADLOG (TIME_STAMP,PRIORITY,MESSAGE,HOST) values
Re: (RADIATOR) AddressAllocatorSQL
Hello Harrison - Having more than one Radiator host will not cause a problem. Note the ReclaimQuery that is run: Wed Aug 22 19:22:14 2001: DEBUG: do query is: update RADPOOL set STATE=0 where state!=0 and EXPIRY 998479334 This will only reclaim leases that have expired, as configured by the DefaultLeasePeriod. This is the correct behaviour. In any case, you can disable the query in the configuration file by specifying an empty string. Ie: ReclaimQuery hth Hugh On Thursday 23 August 2001 20:12, Harrison Ng wrote: Hello, Is there any way to disable ReclaimQuery during radiator startup. Using AddressAllocatorSQL on one radius server with one database should be fine. But not in AuthBy ROUNDROBIN environment. Here is our machine configuration. 1. One Ericsson GSN with 2 radius clients. It send access request, a/c start, a/c stop to radius proxy using AuthBy ROUNDROBIN. 2. The proxy will forward those request to two radius server for enhancing performance. 3. The two radius server use AddressAllocatorSQL to reply ip address to client. They share a RADPOOL reside in mysql db. Serious problem arises when either one radius server restart, it will reset all ip address STATE to zero. Pls see debug message. Even though some ip address is already allocated by another health radius server. Is anyone have different implementation method. Can anyone give me some hint. Pls find attached radius.cfg for your reference. Harrison SmarTone BroadBand Services Limited Wed Aug 22 19:22:11 2001: DEBUG: Reading users file /usr/local/etc/raddb/users.accept Wed Aug 22 19:22:11 2001: DEBUG: Reading users file /usr/local/etc/raddb/users.reject Wed Aug 22 19:22:11 2001: DEBUG: Checking address 202.140.74.2 Wed Aug 22 19:22:11 2001: DEBUG: Query is: select STATE from RADPOOL where YIADDR='202.140.74.2' Wed Aug 22 19:22:14 2001: DEBUG: Reclaiming expired leases Wed Aug 22 19:22:14 2001: DEBUG: do query is: update RADPOOL set STATE=0 where state!=0 and EXPIRY 998479334 Wed Aug 22 19:22:14 2001: INFO: Server started: Radiator 2.18.2 on grad1 Wed Aug 22 19:22:14 2001: DEBUG: Packet dump: *** Received from 10.25.157.17 port 1033 Code: Access-Request radius.proxy.txt radius.server.txt Content-Type: text/html; charset=iso-8859-1; name=Attachment: 1 Content-Transfer-Encoding: quoted-printable Content-Description: Content-Type: text/plain; charset=iso-8859-1; name=radius.proxy.txt Content-Transfer-Encoding: 7bit Content-Description: Content-Type: text/plain; charset=iso-8859-1; name=radius.server.txt Content-Transfer-Encoding: quoted-printable Content-Description: -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) AddressAllocatorSQL lease 'confirm' function
Hello Valentin - On Thursday 08 March 2001 07:05, Valentin Tumarkin wrote: Hi, Will Radiator 2.18 include update to the AddressAllocatorSQL.pm module so that 'confirm' function actually confirms IP allocation (in Radiator 2.17.1 it just returns 'ACCEPT') ? My worry is that in case of some NAS/network/Server performance problem a sitiation can occur, where multiple, duplicate Access-Request packets will be sent to the Radius server, which Radiator will not be able to De-Duplicate. That will result in AddressAllocatorSQL allocating a number of IP Addresses for a single user. The full solution to the above problem would probably also include puting NAS-IP-Address:NAS-Port pairs in the RADPOOL table, and checking for existing leases for a NAS-IP-Address:NAS-Port pair before giving out a new lease (simular to Session Database). Mike and I discussed this at great length and there was much subsequent discussion on the mailing list. The reason the code does what it does currently is because it is the lesser of two evils. This is because if you miss an accounting start, and reallocate an address that is already in use, very bad things happen. This to us seems worse that having a few IP addresses marked as used until the lease period expires. Note that there is a very good way to deal with the duplicate problem, and that is simply by specifying an appropriate DupInterval in the Client clause. I have used this approach very successfully in the past. regards Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.