Ok I will try an out of the blue help attempt. First of all , I like radutmp, it might be slower, but it is a well defined interface
without the MYSQL -ANYSQL layer of complexity added to it.
in other words ADD radutmp in the session section.
next add the entries in naslist and naspassword for all your nases, DO NOT assume that any of the programs will have gracefull defaults.
I write some code and I know I am lazy ....
then enable debug inside checkrad so you can view your log file . To do this locate the line that reads $debug=0 , and change it to $debug=1
last but not least do not forget to add a line like the following in your users file
DEFAULT Service-Type == Framed-User, Simultaneous-Use := 1
Framed-Protocol = PPP,
Framed-Compression = Van-Jacobson-TCP-IP,
Framed-MTU = 1500
If none of the above helps .. go back to step 1
Jorge Minassian wrote:
Hi again, I need to have some solution about this, Chris can you helpme ?, any one on the list please ?Thank you very much. JM> Chris, JM> thank for your answer, JM> I put radius on debug mode, then called nas (Total Control JM> w/HiperArc) as a user that where connected, but I don't see any error JM> .... and the request have not been rejected. JM> Below is the result of debug mode. JM> After that you have again radiusd.conf. JM> Thank for your help ! JM> Jorge.Hi all !,
I am having some trouble about simultaneous connnection.
I can not see where would be the error on configuration, if any, and did not get nothing browsing docs, faqs, etc, that were applicable to my config.
Can some one give some idea about this ?.
What error messages did you receive, and what is the output from running 'radiusd -X' ( debug mode ) telling you? -Chris
JM> ----- Results from "radiusd -X"
JM> Starting - reading configuration files ...
JM> reread_config: reading radiusd.conf
JM> Config: including file: /etc/raddb/proxy.conf
JM> Config: including file: /etc/raddb/clients.conf
JM> Config: including file: /etc/raddb/snmp.conf
JM> Config: including file: /etc/raddb/sql.conf
JM> main: prefix = "/usr"
JM> main: localstatedir = "/usr/var"
JM> main: logdir = "/var/log/radius"
JM> main: libdir = "/usr/lib"
JM> main: radacctdir = "/var/log/radius/radacct"
JM> main: hostname_lookups = no
JM> read_config_files: reading dictionary
JM> read_config_files: reading clients
JM> read_config_files: reading realms
JM> read_config_files: reading naslist
JM> main: max_request_time = 30
JM> main: cleanup_delay = 5
JM> main: max_requests = 1024
JM> main: delete_blocked_requests = 0
JM> main: port = 0
JM> main: allow_core_dumps = no
JM> main: log_stripped_names = yes
JM> main: log_auth = yes
JM> main: log_auth_badpass = yes
JM> main: log_auth_goodpass = no
JM> main: pidfile = "/var/run/radius/radiusd.pid"
JM> main: user = "radius"
JM> main: group = "radius"
JM> main: usercollide = no
JM> main: lower_user = "no"
JM> main: lower_pass = "no"
JM> main: nospace_user = "no"
JM> main: nospace_pass = "no"
JM> main: proxy_requests = yes
JM> proxy: retry_delay = 5
JM> proxy: retry_count = 3
JM> proxy: synchronous = no
JM> proxy: default_fallback = yes
JM> proxy: dead_time = 120
JM> security: max_attributes = 200
JM> security: reject_delay = 1
JM> main: debug_level = 0
JM> read_config_files: entering modules setup
JM> Module: Library search path is /usr/lib
JM> Module: Loaded preprocess JM> preprocess: huntgroups = "/etc/raddb/huntgroups"
JM> preprocess: hints = "/etc/raddb/hints"
JM> preprocess: with_ascend_hack = no
JM> preprocess: ascend_channels_per_line = 23
JM> preprocess: with_ntdomain_hack = no
JM> preprocess: with_specialix_jetstream_hack = no
JM> preprocess: with_cisco_vsa_hack = no
JM> Module: Instantiated preprocess (preprocess) JM> Module: Loaded realm JM> realm: format = "suffix"
JM> realm: delimiter = "@"
JM> Module: Instantiated realm (suffix) JM> Module: Loaded SQL JM> sql: driver = "rlm_sql_mysql"
JM> sql: server = "localhost"
JM> sql: port = ""
JM> sql: login = "digitalcoop"
JM> sql: password = "digitalcoop"
JM> sql: radius_db = "digitalcoop"
JM> sql: acct_table = "radacct"
JM> sql: acct_table2 = "radacct"
JM> sql: authcheck_table = "radcheck"
JM> sql: authreply_table = "radreply"
JM> sql: groupcheck_table = "radgroupcheck"
JM> sql: groupreply_table = "radgroupreply"
JM> sql: usergroup_table = "usergroup"
JM> sql: nas_table = "nas"
JM> sql: dict_table = "dictionary"
JM> sql: sqltrace = no
JM> sql: sqltracefile = "/var/log/radius/sqltrace.sql"
JM> sql: deletestalesessions = yes
JM> sql: num_sql_socks = 5
JM> sql: sql_user_name = "%{User-Name}"
JM> sql: authorize_check_query = "SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = JM> '%{SQL-User-Name}' ORDER BY id"
JM> sql: authorize_reply_query = "SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = JM> '%{SQL-User-Name}' ORDER BY id"
JM> sql: authorize_group_check_query = "SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.A
JM> ttribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username
JM> = '%{SQL-User-Name}' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id"
JM> sql: authorize_group_reply_query = "SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.A
JM> ttribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username
JM> = '%{SQL-User-Name}' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id"
JM> sql: authenticate_query = "SELECT Value,Attribute FROM radcheck WHERE UserName = '%{User-Name}' AND
JM> ( Attribute = 'User-Password' OR Attribute = 'Password' OR Attribute = 'Crypt-Password' ) ORDER BY JM> Attribute DESC"
JM> sql: accounting_onoff_query = "UPDATE radacct SET AcctStopTime='%S', AcctSessionTime=unix_timestamp
JM> ('%S') - unix_timestamp(AcctStartTime), AcctTerminateCause='%{Acct-Terminate-Cause}', AcctStopDelay JM> = %{Acct-Delay-Time} WHERE AcctSessionTime=0 AND AcctStopTime=0 AND NASIPAddress= '%{NAS-IP-Address}
JM> ' AND AcctStartTime <= '%S'"
JM> sql: accounting_update_query = "UPDATE radacct SET FramedIPAddress = '%{Framed-IP-Address}' WHERE A
JM> cctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress= '%{NAS-IP-Ad
JM> dress}' AND AcctStopTime = 0"
JM> sql: accounting_start_query = "INSERT into radacct (RadAcctId, AcctSessionId, AcctUniqueId, UserNam
JM> e, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAu
JM> thentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, Ca
JM> llingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, Ac
JM> ctStopDelay) values('', '%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Re
JM> alm}', '%{NAS-IP-Address}', '%{NAS-Port-Id}', '%{NAS-Port-Type}', '%S', '0', '0', '%{Acct-Authentic}
JM> ', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-
JM> Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '%{Acct-Delay-Time}', '0')"
JM> sql: accounting_start_query_alt = "UPDATE radacct SET AcctStartTime = '%S', AcctStartDelay = '%{Acc
JM> t-Delay-Time}', ConnectInfo_start = '%{Connect-Info}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND
JM> UserName = '%{SQL-User-Name}' AND NASIPAddress = '%{NAS-IP-Address}' AND AcctStopTime = 0"
JM> sql: accounting_stop_query = "UPDATE radacct SET AcctStopTime = '%S', AcctSessionTime = '%{Acct-Ses
JM> sion-Time}', AcctInputOctets = '%{Acct-Input-Octets}', AcctOutputOctets = '%{Acct-Output-Octets}', A
JM> cctTerminateCause = '%{Acct-Terminate-Cause}', AcctStopDelay = '%{Acct-Delay-Time}', ConnectInfo_sto
JM> p = '%{Connect-Info}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' A
JM> ND NASIPAddress = '%{NAS-IP-Address}' AND AcctStopTime = 0"
JM> sql: accounting_stop_query_alt = "INSERT into radacct (RadAcctId, AcctSessionId, AcctUniqueId, User
JM> Name, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, Acc
JM> tAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId,
JM> CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay,
JM> AcctStopDelay) values('', '%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%
JM> {Realm}', '%{NAS-IP-Address}', '%{NAS-Port-Id}', '%{NAS-Port-Type}', '0', '%S', '%{Acct-Session-Time
JM> }', '%{Acct-Authentic}', '', '%{Connect-Info}', '%{Acct-Input-Octets}', '%{Acct-Output-Octets}', '%{
JM> Called-Station-Id}', '%{Calling-Station-Id}', '%{Acct-Terminate-Cause}', '%{Service-Type}', '%{Frame
JM> d-Protocol}', '%{Framed-IP-Address}', '0', '%{Acct-Delay-Time}')"
JM> sql: connect_failure_retry_delay = 60
JM> sql: simul_count_query = ""
JM> sql: simul_verify_query = "SELECT RadAcctId, AcctSessionId, UserName, NASIPAddress, NASPortId, Fram
JM> edIPAddress, CalledStationId FROM radacct WHERE UserName='%{SQL-User-Name}' AND AcctStopTime = 0"
JM> sql: simul_zap_query = "DELETE FROM radacct WHERE RadAcctId = '%s'"
JM> rlm_sql: Driver rlm_sql_mysql loaded and linked
JM> rlm_sql: Attempting to connect to digitalcoop@localhost:/digitalcoop
JM> rlm_sql: Connected new DB handle, #0
JM> rlm_sql: Connected new DB handle, #1
JM> rlm_sql: Connected new DB handle, #2
JM> rlm_sql: Connected new DB handle, #3
JM> rlm_sql: Connected new DB handle, #4
JM> Module: Instantiated sql (sql) JM> Module: Loaded files JM> files: usersfile = "/etc/raddb/users"
JM> files: acctusersfile = "/etc/raddb/acct_users"
JM> files: compat = "no"
JM> Module: Instantiated files (files) JM> Module: Loaded radutmp JM> radutmp: filename = "/var/log/radius/radutmp"
JM> radutmp: username = "%{User-Name}"
JM> radutmp: perm = 384
JM> radutmp: callerid = yes
JM> Module: Instantiated radutmp (radutmp) JM> Listening on IP address *, ports 1812/udp and 1813/udp, with proxy on 1814/udp.
JM> Ready to process requests.
JM> rad_recv: Access-Request packet from host 200.43.61.6:1645, id=203, length=193
JM> User-Name = "susanagabriela"
JM> User-Password = "n\004v\262Q\373A\330\237(HdC\317$\263"
JM> NAS-IP-Address = 200.43.61.6
JM> NAS-Port = 769
JM> Acct-Session-Id = "45050"
JM> USR-Interface-Index = 2025
JM> USR-Supports-Tags = 0
JM> Service-Type = Framed-User
JM> Framed-Protocol = PPP
JM> USR-Chassis-Call-Slot = 4
JM> USR-Chassis-Call-Span = 1
JM> USR-Chassis-Call-Channel = 1
JM> USR-Connect-Speed = NONE
JM> Calling-Station-Id = "3548491674"
JM> Called-Station-Id = "7000"
JM> NAS-Port-Type = Async
JM> modcall: entering group authorize
JM> modcall[authorize]: module "preprocess" returns ok
JM> rlm_realm: Looking up realm NULL for User-Name = "susanagabriela"
JM> rlm_realm: No such realm NULL
JM> modcall[authorize]: module "suffix" returns noop
JM> radius_xlat: 'susanagabriela'
JM> sql_set_user: escaped user --> 'susanagabriela'
JM> radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'susanagabriela'
JM> ORDER BY id'
JM> rlm_sql: Reserving sql socket id: 4
JM> radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck
JM> .Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'susanagabriela' AN
JM> D usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
JM> radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'susanagabriela'
JM> ORDER BY id'
JM> radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply
JM> .Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'susanagabriela' AN
JM> D usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
JM> radius_xlat: 'SELECT Value,Attribute FROM radcheck WHERE UserName = 'susanagabriela' AND ( Attribut
JM> e = 'User-Password' OR Attribute = 'Password' OR Attribute = 'Crypt-Password' ) ORDER BY Attribute D
JM> ESC'
JM> rlm_sql: Released sql socket id: 4
JM> modcall[authorize]: module "sql" returns ok
JM> modcall: group authorize returns ok
JM> auth: type Local
JM> auth: user supplied User-Password matches local User-Password
JM> Login OK: [susanagabriela] (from client digitalcop-nas port 769 cli 3548491674)
JM> Sending Access-Accept of id 203 to 200.43.61.6:1645
JM> Framed-Protocol = PPP
JM> Framed-Compression = Van-Jacobson-TCP-IP
JM> Framed-IP-Address = 255.255.255.254
JM> Service-Type = Framed-User
JM> Finished request 0
JM> Going to the next request
JM> --- Walking the entire request list ---
JM> Waking up in 6 seconds...
JM> rad_recv: Accounting-Request packet from host 200.43.61.6:1646, id=185, length=295
JM> User-Name = "susanagabriela"
JM> NAS-IP-Address = 200.43.61.6
JM> Acct-Status-Type = Start
JM> Acct-Session-Id = "45050"
JM> Acct-Delay-Time = 0
JM> Acct-Authentic = RADIUS
JM> Service-Type = Framed-User
JM> NAS-Port-Type = Async
JM> NAS-Port = 769
JM> USR-Modem-Training-Time = 19
JM> USR-Interface-Index = 2025
JM> USR-Chassis-Call-Slot = 4
JM> USR-Chassis-Call-Span = 1
JM> USR-Chassis-Call-Channel = 1
JM> USR-Unauthenticated-Time = 4
JM> Calling-Station-Id = "3548491674"
JM> Called-Station-Id = "7000"
JM> USR-Modulation-Type = v90Digital
JM> USR-Simplified-MNP-Levels = ccittV42
JM> USR-Simplified-V42bis-Usage = ccittV42bis
JM> USR-Connect-Speed = 50666-BPS
JM> Framed-Protocol = PPP
JM> Framed-IP-Address = 200.43.61.65
JM> USR-VTS-Session-Key = "\302\002\377\002\377U\360\347a\314{\277G\034G\261"
JM> USR-Call-Arrival-Time = 214525749
JM> modcall: entering group preacct
JM> modcall[preacct]: module "preprocess" returns noop
JM> rlm_realm: Looking up realm NULL for User-Name = "susanagabriela"
JM> rlm_realm: No such realm NULL
JM> modcall[preacct]: module "suffix" returns noop
JM> modcall[preacct]: module "files" returns noop
JM> modcall: group preacct returns noop
JM> modcall: entering group accounting
JM> radius_xlat: 'susanagabriela'
JM> sql_set_user: escaped user --> 'susanagabriela'
JM> radius_xlat: 'INSERT into radacct (RadAcctId, AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAd
JM> dress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectI
JM> nfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, A
JM> cctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) valu
JM> es('', '45050', '', 'susanagabriela', '', '200.43.61.6', '', 'Async', '2002-10-18 22:20:50', '0', '0
JM> ', 'RADIUS', '', '', '0', '0', '7000', '3548491674', '', 'Framed-User', 'PPP', '200.43.61.65', '0', JM> '0')'
JM> rlm_sql: Reserving sql socket id: 3
JM> rlm_sql: Released sql socket id: 3
JM> modcall[accounting]: module "sql" returns ok
JM> radius_xlat: 'susanagabriela'
JM> modcall[accounting]: module "radutmp" returns ok
JM> modcall: group accounting returns ok
JM> Sending Accounting-Response of id 185 to 200.43.61.6:1646
JM> Finished request 1
JM> Going to the next request
JM> --- Walking the entire request list ---
JM> Cleaning up request 1 ID 185 with timestamp 3db0c182
JM> Waking up in 4 seconds...
JM> --- Walking the entire request list ---
JM> Cleaning up request 0 ID 203 with timestamp 3db0c180
JM> Nothing to do. Sleeping until we see a request.
JM> ------------- End of radiud -X
JM> ---- radiusd.conf:
JM> prefix = /usr/local/freeradius
JM> exec_prefix = ${prefix}
JM> sysconfdir = ${prefix}/etc
JM> localstatedir = ${prefix}/var
JM> sbindir = ${exec_prefix}/sbin
JM> logdir = ${localstatedir}/log/radius
JM> raddbdir = ${sysconfdir}/raddb
JM> radacctdir = ${logdir}/radacct
JM> confdir = ${raddbdir}
JM> run_dir = ${localstatedir}/run/radiusd
JM> libdir = ${exec_prefix}/lib
JM> pidfile = ${run_dir}/radiusd.pid
JM> user = radius
JM> group = radius
JM> max_request_time = 30
JM> delete_blocked_requests = no
JM> cleanup_delay = 5
JM> max_requests = 1024
JM> bind_address = *
JM> port = 0
JM> hostname_lookups = no
JM> allow_core_dumps = no
JM> regular_expressions = yes
JM> extended_expressions = yes
JM> log_stripped_names = no
JM> log_auth = no
JM> log_auth_badpass = no
JM> log_auth_goodpass = no
JM> usercollide = no
JM> lower_user = no
JM> lower_pass = no
JM> nospace_user = no
JM> nospace_pass = no
JM> checkrad = ${sbindir}/checkrad
JM> security {
JM> max_attributes = 200
JM> reject_delay = 1
JM> }
JM> proxy_requests = yes
JM> $INCLUDE ${confdir}/proxy.conf
JM> $INCLUDE ${confdir}/clients.conf
JM> $INCLUDE ${confdir}/snmp.conf
JM> thread pool {
JM> start_servers = 5
JM> max_servers = 32
JM> min_spare_servers = 3
JM> max_spare_servers = 10
JM> max_requests_per_server = 0
JM> }
JM> modules {
JM> realm suffix {
JM> format = suffix
JM> delimiter = "@"
JM> }
JM> preprocess {
JM> huntgroups = ${confdir}/huntgroups
JM> hints = ${confdir}/hints
JM> with_ascend_hack = no
JM> ascend_channels_per_line = 23
JM> with_ntdomain_hack = no
JM> with_specialix_jetstream_hack = no
JM> with_cisco_vsa_hack = no
JM> }
JM> acct_unique {
JM> key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port-Id"
JM> }
JM> $INCLUDE ${confdir}/sql.conf
JM> always fail {
JM> rcode = fail
JM> }
JM> always reject {
JM> rcode = reject
JM> }
JM> always ok {
JM> rcode = ok
JM> simulcount = 0
JM> mpp = no
JM> }
JM> }
JM> authorize {
JM> preprocess
JM> suffix
JM> sql
JM> }
JM> authenticate {
JM> sql
JM> }
JM> preacct {
JM> preprocess
JM> suffix
JM> }
JM> accounting {
JM> sql
JM> }
JM> session {
JM> sql
JM> }
JM> - JM> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
---- Saludos,
Jorge
mailto:jorge@;minassian.net
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
