----- Forwarded message from Andrew Niven <[EMAIL PROTECTED]> -----
From: "Andrew Niven" <[EMAIL PROTECTED]>
To: "Cameron Andrews" <[EMAIL PROTECTED]>
Subject: Please complete and foward to Radiator
Date: Wed, 31 Jan 2001 08:47:06 +1000
We are running the following software
Redhat Linux Version : 6.1
Radiator Version : 2.17.1
Perl version : 5.00503
with
Sybase Adaptive Server Anywhere 7.0.0.477
with the following inthe LogFile
<Realm DEFAULT>
PasswordLogFileName %L/password.log
ExcludeFromPasswordLog root admin scan bhaal clh spider alwyn dar ac
AuthByPolicy ContinueAlways
<AuthBy SQL>
FailureBackoffTime 10
DBSource DBI:ODBC:<username>
DBUsername <username>
DBAuth <password>
AuthSelect select ctrl_loginpassword(loginname),String('Expiration =
',DateFormat(AccountExpire, 'Mmm dd yyyy')), if IPNumber='' then
String('Framed-Group = ', GetIpGroup(accTypeID)) else
String('Framed-IP-Address = ', IPNUMBER) endif, String('Session-Timeout = ',
CTRL_AuthTime(loginName)), String('Simultaneous-Use = ', SimultaneousCon),
CheckAttrib, ReplyAttrib from Accounts where loginName='%n' and STATUS='A'
AND (NASLOCK = '%N' OR NASLOCK IS NULL);
AuthColumnDef 0, Encrypted-Password, check
AuthColumnDef 1, Expiration, check
AuthColumnDef 2, GENERIC, reply
AuthColumnDef 3, GENERIC, reply
AuthColumnDef 4, GENERIC, check
AuthColumnDef 5, GENERIC, check
AuthColumnDef 6, GENERIC, reply
AddToReply
Service-Type=Framed-User,Framed-Protocol=PPP,Framed-Routing=Broadcast-Listen
,Framed-MTU=552
AcctSQLStatement call CTRL_AccountingRecord('%n', '%{Acct-Status-Type}',
'%{Acct-Input-Octets}', '%{Acct-Output-Octets}', '%{Acct-Session-Id}',
'%{NAS-IP-Address}', '%{NAS-Port}', '%{Framed-IP-Address}')
</AuthBy>
</Realm>
Attached is the radiator logfile for a test login
In particular the following lines are causing concern :
Wed Jan 31 08:14:18 2001: DEBUG: Handling request with Handler
'Realm=DEFAULT'
Wed Jan 31 08:14:18 2001: DEBUG: Adding session for [EMAIL PROTECTED],
203.46.226.38, 6
Wed Jan 31 08:14:18 2001: ERR: Attribute number 211 (vendor ) is not defined
in your dictionary
Wed Jan 31 08:14:18 2001: DEBUG: Handling with Radius::AuthSQL
Wed Jan 31 08:14:18 2001: DEBUG: Handling accounting with Radius::AuthSQL
Wed Jan 31 08:14:18 2001: DEBUG: do query is: call
CTRL_AccountingRecord('[EMAIL PROTECTED]', 'Start', '', '', 'd60d64e6',
'203.46.226.38', '6', '203.46.227.7')
Wed Jan 31 08:14:18 2001: ERR: do failed for 'call
CTRL_AccountingRecord('[EMAIL PROTECTED]', 'Start', '', '', 'd60d64e6',
'203.46.226.38', '6', '203.46.227.7')': SQL Timeout
Wed Jan 31 08:14:19 2001: DEBUG: Accounting accepted
Wed Jan 31 08:14:19 2001: DEBUG: Packet dump:
When this happens we recieve two (2) accounting starts for the user.
I have modified the CTRL_AccountingRecord procedure to handle this case
but ideally I would prefer to get it the problem solved.
I have written a short executable, and am able to Authorise, Start and Stop
up to 10 people per second on an unloaded system, this drops to 4 per second
on a fully loaded system or during backup.
I do not understand what the "SQL Timeout" means ?.
Do you Handle Authorising differently to accounting requests ?.
The Authorise Query
select ctrl_loginpassword(loginname),
String('Expiration = ',DateFormat(AccountExpire, 'Mmm dd yyyy')),
if IPNumber='' then String('Framed-Group = ',GetIpGroup(accTypeID))
else String('Framed-IP-Address = ', IPNUMBER)
endif,
String('Session-Timeout = ', CTRL_AuthTime(loginName)),
String('Simultaneous-Use = ', SimultaneousCon),
CheckAttrib, ReplyAttrib from Accounts
where loginName='[EMAIL PROTECTED]' and STATUS='A'
AND (NASLOCK = '203.46.226.38' OR NASLOCK IS NULL)
takes a lot longer to process (due to the procedure "CTRL_AuthTime" which
updates
the users account on the fly) but doesn't seem to time out ?
As cameron may have mentioned eairler we have changed to using ODBC as
ASAny gave the same timeouts but LOCKED up the database leaving rows
locked and queries active.
Any help or information you could give us would be greatly appreciated ?
Thanks
Andrew Niven
----- End forwarded message -----
--
Regards,
Cameron Andrews
System Administration
Australian National Research
Wed Jan 31 08:14:17 2001: DEBUG: Packet dump:
*** Received from 203.16.233.165 port 1064 ....
Code: Access-Request
Identifier: 8
Authentic: <188>`<11><176><151> <9><140>w<16><7>kW<16><5><0>
Attributes:
User-Name = "[EMAIL PROTECTED]"
User-Password = "<217>]jc<193><127><30>+<153>P<182><184><11><132>w<128>"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-IP-Address = 203.46.226.38
NAS-Port = 6
NAS-Port-Type = Async
Wed Jan 31 08:14:17 2001: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Wed Jan 31 08:14:17 2001: DEBUG: Deleting session for [EMAIL PROTECTED],
203.46.226.38, 6
Wed Jan 31 08:14:17 2001: ERR: Attribute number 211 (vendor ) is not defined in your
dictionary
Wed Jan 31 08:14:17 2001: DEBUG: Handling with Radius::AuthSQL
Wed Jan 31 08:14:17 2001: DEBUG: Handling with Radius::AuthSQL
Wed Jan 31 08:14:17 2001: DEBUG: Query is: select
ctrl_loginpassword(loginname),String('Expiration = ',DateFormat(AccountExpire, 'Mmm dd
yyyy')), if IPNumber='' then String('Framed-Group = ', GetIpGroup(accTypeID)) else
String('Framed-IP-Address = ', IPNUMBER) endif, String('Session-Timeout = ',
CTRL_AuthTime(loginName)), String('Simultaneous-Use = ', SimultaneousCon),
CheckAttrib, ReplyAttrib from Accounts where loginName='[EMAIL PROTECTED]' and
STATUS='A' AND (NASLOCK = '203.46.226.38' OR NASLOCK IS NULL);
Wed Jan 31 08:14:18 2001: DEBUG: Radius::AuthSQL looks for match with
[EMAIL PROTECTED]
Wed Jan 31 08:14:18 2001: DEBUG: Expiration date converted to: 983282400
Wed Jan 31 08:14:18 2001: DEBUG: Radius::AuthSQL ACCEPT:
Wed Jan 31 08:14:18 2001: DEBUG: FramedGroup 3 address is being assigned
Wed Jan 31 08:14:18 2001: DEBUG: Access accepted for [EMAIL PROTECTED]
Wed Jan 31 08:14:18 2001: DEBUG: Packet dump:
*** Sending to 203.16.233.165 port 1064 ....
Code: Access-Accept
Identifier: 8
Authentic: <188>`<11><176><151> <9><140>w<16><7>kW<16><5><0>
Attributes:
Framed-IP-Address = 203.46.227.7
Session-Timeout = 300
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-Routing = Broadcast-Listen
Framed-MTU = 552
Wed Jan 31 08:14:18 2001: DEBUG: Packet dump:
*** Received from 203.16.233.165 port 1064 ....
Code: Accounting-Request
Identifier: 9
Authentic: t<215>e<212><249>KpjX<239>2<163>0<160>u<238>
Attributes:
Acct-Status-Type = Start
Acct-Session-Id = "d60d64e6"
Acct-Delay-Time = 0
NAS-Port = 6
NAS-Port-Type = Async
User-Name = "[EMAIL PROTECTED]"
Service-Type = Framed-User
Framed-Protocol = PPP
Acct-Authentic = RADIUS
Framed-IP-Address = 203.46.227.7
NAS-IP-Address = 203.46.226.38
Timestamp = 980892679
Wed Jan 31 08:14:18 2001: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Wed Jan 31 08:14:18 2001: DEBUG: Adding session for [EMAIL PROTECTED],
203.46.226.38, 6
Wed Jan 31 08:14:18 2001: ERR: Attribute number 211 (vendor ) is not defined in your
dictionary
Wed Jan 31 08:14:18 2001: DEBUG: Handling with Radius::AuthSQL
Wed Jan 31 08:14:18 2001: DEBUG: Handling accounting with Radius::AuthSQL
Wed Jan 31 08:14:18 2001: DEBUG: do query is: call
CTRL_AccountingRecord('[EMAIL PROTECTED]', 'Start', '', '', 'd60d64e6',
'203.46.226.38', '6', '203.46.227.7')
Wed Jan 31 08:14:18 2001: ERR: do failed for 'call
CTRL_AccountingRecord('[EMAIL PROTECTED]', 'Start', '', '', 'd60d64e6',
'203.46.226.38', '6', '203.46.227.7')': SQL Timeout
Wed Jan 31 08:14:19 2001: DEBUG: Accounting accepted
Wed Jan 31 08:14:19 2001: DEBUG: Packet dump:
*** Sending to 203.16.233.165 port 1064 ....
Code: Accounting-Response
Identifier: 9
Authentic: t<215>e<212><249>KpjX<239>2<163>0<160>u<238>
Attributes:
Wed Jan 31 08:14:21 2001: DEBUG: Packet dump:
*** Received from 203.16.233.165 port 1064 ....
Code: Accounting-Request
Identifier: 10
Authentic: e<209><6><193><157><192><158><215><3><220><213><246><215>><156>a
Attributes:
Acct-Status-Type = 103809027
Acct-Session-Id = "d60d64e6"
Acct-Delay-Time = 0
NAS-Port = 6
NAS-Port-Type = Async
User-Name = "[EMAIL PROTECTED]"
Service-Type = Framed-User
Framed-Protocol = PPP
Annex-Local-IP-Address = 203.46.226.38
Framed-IP-Address = 203.46.227.7
NAS-IP-Address = 203.46.226.38
Timestamp = 980892681
Wed Jan 31 08:14:21 2001: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Wed Jan 31 08:14:21 2001: ERR: Attribute number 211 (vendor ) is not defined in your
dictionary
Wed Jan 31 08:14:21 2001: DEBUG: Handling with Radius::AuthSQL
Wed Jan 31 08:14:21 2001: DEBUG: Handling accounting with Radius::AuthSQL
Wed Jan 31 08:14:21 2001: DEBUG: do query is: call
CTRL_AccountingRecord('[EMAIL PROTECTED]', '103809027', '', '', 'd60d64e6',
'203.46.226.38', '6', '203.46.227.7')
Wed Jan 31 08:14:21 2001: DEBUG: Accounting accepted
Wed Jan 31 08:14:21 2001: DEBUG: Packet dump:
*** Sending to 203.16.233.165 port 1064 ....
Code: Accounting-Response
Identifier: 10
Authentic: e<209><6><193><157><192><158><215><3><220><213><246><215>><156>a
Attributes:
Wed Jan 31 08:14:39 2001: DEBUG: Packet dump:
*** Received from 203.16.233.165 port 1064 ....
Code: Accounting-Request
Identifier: 11
Authentic: 3c<211><214>buN;x<220>}<179><25><<214><156>
Attributes:
Acct-Status-Type = Stop
Acct-Session-Id = "d60d64e6"
Acct-Session-Time = 21
Acct-Delay-Time = 0
NAS-Port = 6
NAS-Port-Type = Async
User-Name = "[EMAIL PROTECTED]"
Service-Type = Framed-User
Framed-Protocol = PPP
Annex-Local-IP-Address = 203.46.226.38
Framed-IP-Address = 203.46.227.7
Acct-Input-Octets = 3038
Acct-Output-Octets = 957
Acct-Input-Packets = 30
Acct-Output-Packets = 16
Acct-Terminate-Cause = NAS-Error
Annex-System-Disc-Reason = Line-disconnected
Acct-Authentic = RADIUS
NAS-IP-Address = 203.46.226.38
Timestamp = 980892701
Wed Jan 31 08:14:39 2001: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Wed Jan 31 08:14:39 2001: DEBUG: Deleting session for [EMAIL PROTECTED],
203.46.226.38, 6
Wed Jan 31 08:14:39 2001: ERR: Attribute number 211 (vendor ) is not defined in your
dictionary
Wed Jan 31 08:14:39 2001: DEBUG: Handling with Radius::AuthSQL
Wed Jan 31 08:14:39 2001: DEBUG: Handling accounting with Radius::AuthSQL
Wed Jan 31 08:14:39 2001: DEBUG: do query is: call
CTRL_AccountingRecord('[EMAIL PROTECTED]', 'Stop', '3038', '957', 'd60d64e6',
'203.46.226.38', '6', '203.46.227.7')
