subject:"RE\: \(RADIATOR\) hostslect FAILUREPOLICY bug\!"

RE: (RADIATOR) hostslect FAILUREPOLICY bug!

2002-09-11 Thread Martin Edge


Yeah, this is the similar effect I have seen as well.

For instance, it was falling back to the default defined AuthBy RADIUS
within SQL RADIUS, after NumHosts was reached, instead of adhering to the
selected Failure Policy. If there was not one defined, it simply ignored.

This is what made me nervous about just letting NumHosts be static.

Oh, the other reason my NumHostSelect query was so important, what about
when there isn't as many authentication servers as there is accounting
servers?

This is the extract from AuthSQLRADIUS that speaks of failurepolicy :

#
# Called when no reply is received fromn any of the attempted
# hosts.
# Look at the failure policy we recorded from the database
# and maybe implement it
sub noreply
{
my ($self, $fp, $p) = @_;

# Call the NoReply hook if there is one, you could adjust the pending
reply here
$self-SUPER::noreply($fp, $p, $p-{rp});

if (defined $fp-{failurePolicy})
{
# The database told us how to deal with failure
$self-adjustReply($p);

$p-{Handler}-handlerResult
($p, $fp-{failurePolicy}, 'SQLRADIUS Proxy failed');
}
return;
}

However, in adjustReply there is no mention of FailurePolicy.. I couldn't
find anything in handlerResult either..





-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
Behalf Of Mohamed Majdoubi
Sent: Wednesday, September 11, 2002 10:53 PM
To: [EMAIL PROTECTED]
Subject: (RADIATOR) hostslect FAILUREPOLICY bug!


Hi
i am trying to use FAILUREPOLICY field in the hostselect statement. The
value FAILUREPOLICY is set to 1 (see the database output), this should
result in a reject to NAS if the host radius does not respond. unfortunatly
this is not happening, the NAS gets still no answer from the proxy radius. i
can conclude that the proxy radius does use the failure policy to send a
reject instead of a ignore. below you can find configuration and the output

with kind regards
Mohamed Majdoubi
KPN Telecom

#
radius setup
#


||||
||
| NAS   |   - proxy   |
radius
||||
||




#
Configuration
#

AuthBy SQLRADIUS
 Identifier ProxyToOffice
 FailureBackoffTime 60
 DBSource dbi:mysql:ProxyDB
 DBUsername root
 DBAuth
 HostSelect select HOST%0, SECRET, AUTHPORT, ACCTPORT, RETRIES,
RETRYTIMEOUT, FAILUREPOLICY from \
 RADSQLRADIUS where TARGETNAME='%R'
 StripFromRequest Cisco-NAS-Port, \
NAS-Port, \
NAS-Port-Type, \
  NAS-IP-Address, \
Called-Station-Id, \
Calling-Station-Id

 AddToRequest Service-Class = %{Reply:Service-Class}
  AllowInReply Service-Type, \
  Framed-Protocol, \
  Framed-IP-Netmask, \
  Framed-IP-Address, \
  Ascend-Client-Primary-DNS, \
  Ascend-Client-Secondary-DNS, \
  Loopback-Tag, \
  Release-Name, \
  VRF-Tag
 ReplyHook file:%D/reply.pl
/AuthBy

#
Database output
#

mysql select HOST1, SECRET, AUTHPORT, ACCTPORT, RETRIES, RETRYTIMEOUT,
FAILUREPOLICY from RADSQLRADIUS where TARGETNAME='office1';
+---++--+--+-+--+---
+
| HOST1 | SECRET | AUTHPORT | ACCTPORT | RETRIES | RETRYTIMEOUT |
FAILUREPOLICY |
+---++--+--+-+--+---
+
| 127.0.0.1 | kpn| 1812 | 1813 |   2 |5 |
1 |
+---++--+--+-+--+---
+
1 row in set (0.00 sec)



#
Debug
#

Code:   Access-Request
Identifier: 2
Authentic:  1234567890123456
Attributes:
User-Name = mohamed@office1
Service-Type = Framed-User
User-Password =
166186H1By%222155151153171216!U133
Service-Class = office2-1.1.1.1-

Wed Sep 11 11:03:22 2002: DEBUG: Timed out, retransmitting
Wed Sep 11 11:03:22 2002: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 1812 

Packet length = 83
01 02 00 53 31 32 33 34 35 36 37 38 39 30 31 32
33 34 35 36 01 11 6d 6f 68 61 6d 65 64 40 6f 66
66 69 63 65 31 06 06 00 00 00 02

Re: (RADIATOR) hostslect FAILUREPOLICY bug!

2002-09-11 Thread Hugh Irvine

 Hello Mohamed -

Thanks for sending the debug information.

The following is taken from the source code in the file "Radius/AuthSQLRADIUS.pm".

The default HostSelect query is this:

$self->{HostSelect} = 'select HOST%0, SECRET, AUTHPORT, ACCTPORT,
RETRIES, RETRYTIMEOUT, USEOLDASCENDPASSWORDS, SERVERHASBROKENPORTNUMBERS,
SERVERHASBROKENADDRESSES, IGNOREREPLYSIGNATURE, FAILUREPOLICY from RADSQLRADIUS
where TARGETNAME=\'%R\'';

Which is processed with this code:

$fp->{failurePolicy} = $row[10] if defined $row[10];


$host = Radius::Host->new
(undef,  $row[0],
defined $row[1] ? (Secret => $row[1]) : (),
defined $row[2] ? (AuthPort   => $row[2]) : (),
defined $row[3] ? (AcctPort   => $row[3]) : (),
defined $row[4] ? (Retries=> $row[4]) : (),
defined $row[5] ? (RetryTimeout   => $row[5]) : (),
defined $row[6] ? (UseOldAscendPasswords  => $row[6]) : (),
defined $row[7] ? (ServerHasBrokenPortNumbers => $row[7]) : (),
defined $row[8] ? (ServerHasBrokenAddresses   => $row[8]) : (),
defined $row[9] ? (IgnoreReplySignature   => $row[9]) : (),
);

In other words, the FailurePolicy is expected to be the 11th element of the row returned by the query.

To fix your problem the simplest thing to do is use NULL's for the elements you are not using in the query:

 HostSelect select HOST%0, SECRET, AUTHPORT, ACCTPORT, RETRIES, RETRYTIMEOUT, NULL, NULL, NULL, NULL, \
FAILUREPOLICY from  RADSQLRADIUS where TARGETNAME='%R'

Otherwise, you could use HostColumnDef's as described in section 6.45.3 in the Radiator 3.3.1 reference manual.
("doc/ref.html").

regards

Hugh


On Wednesday, September 11, 2002, at 10:52 PM, Mohamed Majdoubi wrote:

Hi
i am trying to use FAILUREPOLICY field in the hostselect statement. The value FAILUREPOLICY is set to 1 (see the database output), this should result in a reject to NAS if the host radius does not respond. unfortunatly this is not happening, the NAS gets still no answer from the proxy radius. i can conclude that the proxy radius does use the failure policy to send a reject instead of a ignore. below you can find configuration and the output
 
with kind regards
Mohamed Majdoubi
KPN Telecom
 
#
    radius setup
#
 
 
|||||| 
| NAS   |   - proxy   | radius   
||    ||    || 
 
 
 
 
#
                                            Configuration
#

AuthBy SQLRADIUS>
 Identifier ProxyToOffice
     FailureBackoffTime 60
 DBSource dbi:mysql:ProxyDB
 DBUsername root
 DBAuth 
 HostSelect select HOST%0, SECRET, AUTHPORT, ACCTPORT, RETRIES, RETRYTIMEOUT, FAILUREPOLICY from \
 RADSQLRADIUS where TARGETNAME='%R'
 StripFromRequest Cisco-NAS-Port, \
    NAS-Port, \
    NAS-Port-Type, \
  NAS-IP-Address, \
    Called-Station-Id, \
    Calling-Station-Id
 
 AddToRequest Service-Class = %{Reply:Service-Class}
  AllowInReply Service-Type, \
  Framed-Protocol, \
  Framed-IP-Netmask, \
  Framed-IP-Address, \
  Ascend-Client-Primary-DNS, \
  Ascend-Client-Secondary-DNS, \
  Loopback-Tag, \
  Release-Name, \
  VRF-Tag
 ReplyHook file:"%D/reply.pl"
/AuthBy>
#
                                Database output
#
 
mysql> select HOST1, SECRET, AUTHPORT, ACCTPORT, RETRIES, RETRYTIMEOUT, FAILUREPOLICY from RADSQLRADIUS where TARGETNAME='office1';
+---++--+--+-+--+---+
| HOST1 | SECRET | AUTHPORT | ACCTPORT | RETRIES | RETRYTIMEOUT | FAILUREPOLICY |
+---++--+--+-+--+---+
| 127.0.0.1 | kpn    | 1812 | 1813 |   2 |    5 | 1 |
+---++--+--+-+--+---+
1 row in set (0.00 sec)
 
 
 
#
                                            Debug
#
 
Code:   Access-Request
Identifier: 2
Authentic:  1234567890123456
Attributes:
    User-Name = "mohamed@office1"
    Service-Type = Framed-User
    User-Password = "166>186>H1By%222>155>151>153>171>216>!U133>"
    Service-Class = "office2-1.1.1.1-"
 
Wed Sep 11 11:03:22

RE: (RADIATOR) hostslect FAILUREPOLICY bug!

Re: (RADIATOR) hostslect FAILUREPOLICY bug!

2 matches

Site Navigation

Mail list logo

Footer information