----- Forwarded message from Andrew Niven <[EMAIL PROTECTED]> ----- From: "Andrew Niven" <[EMAIL PROTECTED]> To: "Cameron Andrews" <[EMAIL PROTECTED]> Subject: Please complete and foward to Radiator Date: Wed, 31 Jan 2001 08:47:06 +1000 We are running the following software Redhat Linux Version : 6.1 Radiator Version : 2.17.1 Perl version : 5.00503 with Sybase Adaptive Server Anywhere 7.0.0.477 with the following inthe LogFile <Realm DEFAULT> PasswordLogFileName %L/password.log ExcludeFromPasswordLog root admin scan bhaal clh spider alwyn dar ac AuthByPolicy ContinueAlways <AuthBy SQL> FailureBackoffTime 10 DBSource DBI:ODBC:<username> DBUsername <username> DBAuth <password> AuthSelect select ctrl_loginpassword(loginname),String('Expiration = ',DateFormat(AccountExpire, 'Mmm dd yyyy')), if IPNumber='' then String('Framed-Group = ', GetIpGroup(accTypeID)) else String('Framed-IP-Address = ', IPNUMBER) endif, String('Session-Timeout = ', CTRL_AuthTime(loginName)), String('Simultaneous-Use = ', SimultaneousCon), CheckAttrib, ReplyAttrib from Accounts where loginName='%n' and STATUS='A' AND (NASLOCK = '%N' OR NASLOCK IS NULL); AuthColumnDef 0, Encrypted-Password, check AuthColumnDef 1, Expiration, check AuthColumnDef 2, GENERIC, reply AuthColumnDef 3, GENERIC, reply AuthColumnDef 4, GENERIC, check AuthColumnDef 5, GENERIC, check AuthColumnDef 6, GENERIC, reply AddToReply Service-Type=Framed-User,Framed-Protocol=PPP,Framed-Routing=Broadcast-Listen ,Framed-MTU=552 AcctSQLStatement call CTRL_AccountingRecord('%n', '%{Acct-Status-Type}', '%{Acct-Input-Octets}', '%{Acct-Output-Octets}', '%{Acct-Session-Id}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{Framed-IP-Address}') </AuthBy> </Realm> Attached is the radiator logfile for a test login In particular the following lines are causing concern : Wed Jan 31 08:14:18 2001: DEBUG: Handling request with Handler 'Realm=DEFAULT' Wed Jan 31 08:14:18 2001: DEBUG: Adding session for [EMAIL PROTECTED], 203.46.226.38, 6 Wed Jan 31 08:14:18 2001: ERR: Attribute number 211 (vendor ) is not defined in your dictionary Wed Jan 31 08:14:18 2001: DEBUG: Handling with Radius::AuthSQL Wed Jan 31 08:14:18 2001: DEBUG: Handling accounting with Radius::AuthSQL Wed Jan 31 08:14:18 2001: DEBUG: do query is: call CTRL_AccountingRecord('[EMAIL PROTECTED]', 'Start', '', '', 'd60d64e6', '203.46.226.38', '6', '203.46.227.7') Wed Jan 31 08:14:18 2001: ERR: do failed for 'call CTRL_AccountingRecord('[EMAIL PROTECTED]', 'Start', '', '', 'd60d64e6', '203.46.226.38', '6', '203.46.227.7')': SQL Timeout Wed Jan 31 08:14:19 2001: DEBUG: Accounting accepted Wed Jan 31 08:14:19 2001: DEBUG: Packet dump: When this happens we recieve two (2) accounting starts for the user. I have modified the CTRL_AccountingRecord procedure to handle this case but ideally I would prefer to get it the problem solved. I have written a short executable, and am able to Authorise, Start and Stop up to 10 people per second on an unloaded system, this drops to 4 per second on a fully loaded system or during backup. I do not understand what the "SQL Timeout" means ?. Do you Handle Authorising differently to accounting requests ?. The Authorise Query select ctrl_loginpassword(loginname), String('Expiration = ',DateFormat(AccountExpire, 'Mmm dd yyyy')), if IPNumber='' then String('Framed-Group = ',GetIpGroup(accTypeID)) else String('Framed-IP-Address = ', IPNUMBER) endif, String('Session-Timeout = ', CTRL_AuthTime(loginName)), String('Simultaneous-Use = ', SimultaneousCon), CheckAttrib, ReplyAttrib from Accounts where loginName='[EMAIL PROTECTED]' and STATUS='A' AND (NASLOCK = '203.46.226.38' OR NASLOCK IS NULL) takes a lot longer to process (due to the procedure "CTRL_AuthTime" which updates the users account on the fly) but doesn't seem to time out ? As cameron may have mentioned eairler we have changed to using ODBC as ASAny gave the same timeouts but LOCKED up the database leaving rows locked and queries active. Any help or information you could give us would be greatly appreciated ? Thanks Andrew Niven ----- End forwarded message ----- -- Regards, Cameron Andrews System Administration Australian National Research
Wed Jan 31 08:14:17 2001: DEBUG: Packet dump: *** Received from 203.16.233.165 port 1064 .... Code: Access-Request Identifier: 8 Authentic: <188>`<11><176><151> <9><140>w<16><7>kW<16><5><0> Attributes: User-Name = "[EMAIL PROTECTED]" User-Password = "<217>]jc<193><127><30>+<153>P<182><184><11><132>w<128>" Service-Type = Framed-User Framed-Protocol = PPP NAS-IP-Address = 203.46.226.38 NAS-Port = 6 NAS-Port-Type = Async Wed Jan 31 08:14:17 2001: DEBUG: Handling request with Handler 'Realm=DEFAULT' Wed Jan 31 08:14:17 2001: DEBUG: Deleting session for [EMAIL PROTECTED], 203.46.226.38, 6 Wed Jan 31 08:14:17 2001: ERR: Attribute number 211 (vendor ) is not defined in your dictionary Wed Jan 31 08:14:17 2001: DEBUG: Handling with Radius::AuthSQL Wed Jan 31 08:14:17 2001: DEBUG: Handling with Radius::AuthSQL Wed Jan 31 08:14:17 2001: DEBUG: Query is: select ctrl_loginpassword(loginname),String('Expiration = ',DateFormat(AccountExpire, 'Mmm dd yyyy')), if IPNumber='' then String('Framed-Group = ', GetIpGroup(accTypeID)) else String('Framed-IP-Address = ', IPNUMBER) endif, String('Session-Timeout = ', CTRL_AuthTime(loginName)), String('Simultaneous-Use = ', SimultaneousCon), CheckAttrib, ReplyAttrib from Accounts where loginName='[EMAIL PROTECTED]' and STATUS='A' AND (NASLOCK = '203.46.226.38' OR NASLOCK IS NULL); Wed Jan 31 08:14:18 2001: DEBUG: Radius::AuthSQL looks for match with [EMAIL PROTECTED] Wed Jan 31 08:14:18 2001: DEBUG: Expiration date converted to: 983282400 Wed Jan 31 08:14:18 2001: DEBUG: Radius::AuthSQL ACCEPT: Wed Jan 31 08:14:18 2001: DEBUG: FramedGroup 3 address is being assigned Wed Jan 31 08:14:18 2001: DEBUG: Access accepted for [EMAIL PROTECTED] Wed Jan 31 08:14:18 2001: DEBUG: Packet dump: *** Sending to 203.16.233.165 port 1064 .... Code: Access-Accept Identifier: 8 Authentic: <188>`<11><176><151> <9><140>w<16><7>kW<16><5><0> Attributes: Framed-IP-Address = 203.46.227.7 Session-Timeout = 300 Service-Type = Framed-User Framed-Protocol = PPP Framed-Routing = Broadcast-Listen Framed-MTU = 552 Wed Jan 31 08:14:18 2001: DEBUG: Packet dump: *** Received from 203.16.233.165 port 1064 .... Code: Accounting-Request Identifier: 9 Authentic: t<215>e<212><249>KpjX<239>2<163>0<160>u<238> Attributes: Acct-Status-Type = Start Acct-Session-Id = "d60d64e6" Acct-Delay-Time = 0 NAS-Port = 6 NAS-Port-Type = Async User-Name = "[EMAIL PROTECTED]" Service-Type = Framed-User Framed-Protocol = PPP Acct-Authentic = RADIUS Framed-IP-Address = 203.46.227.7 NAS-IP-Address = 203.46.226.38 Timestamp = 980892679 Wed Jan 31 08:14:18 2001: DEBUG: Handling request with Handler 'Realm=DEFAULT' Wed Jan 31 08:14:18 2001: DEBUG: Adding session for [EMAIL PROTECTED], 203.46.226.38, 6 Wed Jan 31 08:14:18 2001: ERR: Attribute number 211 (vendor ) is not defined in your dictionary Wed Jan 31 08:14:18 2001: DEBUG: Handling with Radius::AuthSQL Wed Jan 31 08:14:18 2001: DEBUG: Handling accounting with Radius::AuthSQL Wed Jan 31 08:14:18 2001: DEBUG: do query is: call CTRL_AccountingRecord('[EMAIL PROTECTED]', 'Start', '', '', 'd60d64e6', '203.46.226.38', '6', '203.46.227.7') Wed Jan 31 08:14:18 2001: ERR: do failed for 'call CTRL_AccountingRecord('[EMAIL PROTECTED]', 'Start', '', '', 'd60d64e6', '203.46.226.38', '6', '203.46.227.7')': SQL Timeout Wed Jan 31 08:14:19 2001: DEBUG: Accounting accepted Wed Jan 31 08:14:19 2001: DEBUG: Packet dump: *** Sending to 203.16.233.165 port 1064 .... Code: Accounting-Response Identifier: 9 Authentic: t<215>e<212><249>KpjX<239>2<163>0<160>u<238> Attributes: Wed Jan 31 08:14:21 2001: DEBUG: Packet dump: *** Received from 203.16.233.165 port 1064 .... Code: Accounting-Request Identifier: 10 Authentic: e<209><6><193><157><192><158><215><3><220><213><246><215>><156>a Attributes: Acct-Status-Type = 103809027 Acct-Session-Id = "d60d64e6" Acct-Delay-Time = 0 NAS-Port = 6 NAS-Port-Type = Async User-Name = "[EMAIL PROTECTED]" Service-Type = Framed-User Framed-Protocol = PPP Annex-Local-IP-Address = 203.46.226.38 Framed-IP-Address = 203.46.227.7 NAS-IP-Address = 203.46.226.38 Timestamp = 980892681 Wed Jan 31 08:14:21 2001: DEBUG: Handling request with Handler 'Realm=DEFAULT' Wed Jan 31 08:14:21 2001: ERR: Attribute number 211 (vendor ) is not defined in your dictionary Wed Jan 31 08:14:21 2001: DEBUG: Handling with Radius::AuthSQL Wed Jan 31 08:14:21 2001: DEBUG: Handling accounting with Radius::AuthSQL Wed Jan 31 08:14:21 2001: DEBUG: do query is: call CTRL_AccountingRecord('[EMAIL PROTECTED]', '103809027', '', '', 'd60d64e6', '203.46.226.38', '6', '203.46.227.7') Wed Jan 31 08:14:21 2001: DEBUG: Accounting accepted Wed Jan 31 08:14:21 2001: DEBUG: Packet dump: *** Sending to 203.16.233.165 port 1064 .... Code: Accounting-Response Identifier: 10 Authentic: e<209><6><193><157><192><158><215><3><220><213><246><215>><156>a Attributes: Wed Jan 31 08:14:39 2001: DEBUG: Packet dump: *** Received from 203.16.233.165 port 1064 .... Code: Accounting-Request Identifier: 11 Authentic: 3c<211><214>buN;x<220>}<179><25><<214><156> Attributes: Acct-Status-Type = Stop Acct-Session-Id = "d60d64e6" Acct-Session-Time = 21 Acct-Delay-Time = 0 NAS-Port = 6 NAS-Port-Type = Async User-Name = "[EMAIL PROTECTED]" Service-Type = Framed-User Framed-Protocol = PPP Annex-Local-IP-Address = 203.46.226.38 Framed-IP-Address = 203.46.227.7 Acct-Input-Octets = 3038 Acct-Output-Octets = 957 Acct-Input-Packets = 30 Acct-Output-Packets = 16 Acct-Terminate-Cause = NAS-Error Annex-System-Disc-Reason = Line-disconnected Acct-Authentic = RADIUS NAS-IP-Address = 203.46.226.38 Timestamp = 980892701 Wed Jan 31 08:14:39 2001: DEBUG: Handling request with Handler 'Realm=DEFAULT' Wed Jan 31 08:14:39 2001: DEBUG: Deleting session for [EMAIL PROTECTED], 203.46.226.38, 6 Wed Jan 31 08:14:39 2001: ERR: Attribute number 211 (vendor ) is not defined in your dictionary Wed Jan 31 08:14:39 2001: DEBUG: Handling with Radius::AuthSQL Wed Jan 31 08:14:39 2001: DEBUG: Handling accounting with Radius::AuthSQL Wed Jan 31 08:14:39 2001: DEBUG: do query is: call CTRL_AccountingRecord('[EMAIL PROTECTED]', 'Stop', '3038', '957', 'd60d64e6', '203.46.226.38', '6', '203.46.227.7')