Hello, We are currently getting two sets of errors reported at Log level 4. The first set has to do with our dictionary file, they read: on Aug 23 10:41:05 1999: ERR: Attribute number 11 (vendor 311) is not defined in your dictionary Mon Aug 23 10:41:06 1999: ERR: Attribute number 1 (vendor 311) is not defined in your dictionary Mon Aug 23 10:47:19 1999: ERR: Attribute number 11 (vendor 311) is not defined in your dictionary Mon Aug 23 10:47:19 1999: ERR: Attribute number 1 (vendor 311) is not defined in your dictionary Mon Aug 23 10:57:00 1999: ERR: Attribute number 11 (vendor 311) is not defined in your dictionary Mon Aug 23 10:57:00 1999: ERR: Attribute number 1 (vendor 311) is not defined in your dictionary And the second set seem to be with the MySQL DBM module when it tries to query the database: DBD::mysql::db do failed: You have an error in your SQL syntax near 'Realm='', 'Aug 21, 1999 12:35')' at line 2 at /usr/local/lib/perl5/site_perl/5.005/Radius/SqlDb.pm line 189. DBD::mysql::db do failed: You have an error in your SQL syntax near 'Realm='', 'Aug 21, 1999 12:35')' at line 2 at /usr/local/lib/perl5/site_perl/5.005/Radius/SqlDb.pm line 189. DBD::mysql::db do failed: You have an error in your SQL syntax near 'PPP', '4evryng', '', 'Async', '207.240.215.217', 'ccittV42bi' at line 2 at /usr/local/lib/perl5/site_perl/5.005/Radius/SqlDb.pm line 189. This are both very mysterious reporting errors to us. It seems that radiator is also crashing quite frequently (once every two days at least). We do not get anything logged when it dies. It does take a restart to get it going again. We where wondering if it might be better to run Radiator out of inetd? Again, this is for our main authentication server. Any insight would be appreciated. I have attached a copy of our radius.cfg as well (with all passwords commented out). Thanks you, Oliver Stockhammer Systems Admin. Internet Channel
# radius.cfg # # This is a very simple radius.cfg that you can use to get started. # only the most important parameters are set here. The full set # of parameters can be seen in radius.cfg in the top of the distribution tree. # # As it stands, it will authenticate a single client and a # single realm from a flat file # database, and save the accounting info to a single details file. # # Author: Mike McCauley ([EMAIL PROTECTED]) # Copyright (C) 1997 Open System Consultants # $Id: radius.cfg,v 1.3 1999/01/28 05:13:52 mikem Exp $ LogStdout PidFile /usr/local/radiator/etc/radiator.pid # Set this to the directory where your logfile and details file are to go LogDir /var/log/radiator # Set this to the database directory. It should contain these files: # users The user database # dictionary The dictionary for your NAS DbDir /usr/local/radiator/etc/radiusDB # AuthPort specifies the port to list on for authentication requests # Can be a numeric port number or a service name from /etc/services # Defaults to 1645 AuthPort 1645 # AcctPort specifies the port to list on for accounting requests # Can be a numeric port number or a service name from /etc/services # Defaults to 1646 AcctPort 1646 ######################################################## ## Added for USR ## ######################################################## SnmpgetProg /usr/local/bin/snmpget # This clause defines a single client to listen to # without the IgnoreAcctSignature it will not Authenticate users. <Client 207.240.212.131> Secret XXXX IgnoreAcctSignature NasType TotalControlSNMP </Client> <Client 207.240.142.3> Secret XXXX IgnoreAcctSignature NasType TotalControlSNMP </Client> # without the IgnoreAcctSignature it will not Authenticate users. for this chassis , os. <Client 207.240.142.5> Secret XXXX IgnoreAcctSignature NasType TotalControlSNMP </Client> <Client 207.240.142.7> Secret XXXX IgnoreAcctSignature NasType TotalControlSNMP </Client> <Client 207.240.142.9> Secret XXXX IgnoreAcctSignature NasType TotalControlSNMP </Client> <Client 207.240.142.11> Secret XXXX IgnoreAcctSignature NasType TotalControlSNMP </Client> # This is the chassis for the fx lines it has netserver cards which need the IgnoreAcctSignature command -os <Client 207.240.140.6> Secret XXXX IgnoreAcctSignature NasType TotalControlSNMP </Client> # For testing: this allows us to honour requests from radpwtst # on the same host. <Client 127.0.0.1> Secret XXXX DupInterval 0 </Client> # for Ipass Testing <Client ancillary.inch.com> Secret XXXX DupInterval 0 </Client> # These are all the realms as built by ocs. They rock. # This is the main authentication Realm for all usernames without # a domain appended. This should be all our "local" dialups. # Therefore unless they are stupid and put "@inch.com" or they # are coming from IPASS, they will be authenicated by this Realm. <Realm> #Omar says stuff is bad if this is on. #RewriteUsername s/^([^@]+).*/$1/ # This inserts a fake entry on every request going through this Realm PreAuthHook sub { ${$_[0]}->add_attr('Origin', 'util:[Realm] local');} AcctLogFileName %L/detail AuthByPolicy ContinueUntilAccept <AuthBy SQL> DBSource dbi:mysql:radiator:util.inch.com # This "root" is a user within mySQL. DBUsername USERNAME DBAuth XXXX # an empty AuthSelect turns off auth AuthSelect AccountingTable ACCOUNTING AcctColumnDef ORIGIN,Origin AcctColumnDef USERNAME,User-Name AcctColumnDef CLIENT_ID,Client-Id AcctColumnDef TIME_STAMP,Timestamp,integer AcctColumnDef ACTUAL_TIME,Timestamp,integer-date AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer AcctColumnDef ACCTSESSIONID,Acct-Session-Id AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause AcctColumnDef NAS_IDENTIFIER,Client-Id AcctColumnDef NAS_IP_ADDRESS,NAS-IP-Address AcctColumnDef NAS_PORT,NAS-Port,integer AcctColumnDef NAS_PORT_TYPE,NAS-Port-Type AcctColumnDef ACCTAUTHENTIC,Acct-Authentic AcctColumnDef SERVICE_TYPE,Service-Type AcctColumnDef USR_MODEM_TIME,USR-Modem-Training-Time,integer AcctColumnDef USR_INTERFACE,USR-Interface-Index,integer AcctColumnDef USR_CHASSIS_SLOT,Chassis-Call-Slot,integer AcctColumnDef USR_CHASSIS_SPAN,Chassis-Call-Span,integer AcctColumnDef USR_CHASSIS_CHANNEL,Chassis-Call-Channel,integer AcctColumnDef USR_UNAUTH_TIME,Unauthenticated-Time,integer AcctColumnDef CALLING_STATION_ID,Calling-Station-Id AcctColumnDef CALLED_STATION_ID,Called-Station-Id AcctColumnDef USR_MODULATION_TYPE,Modulation-Type AcctColumnDef USR_SMNP_LEVELS,Simplified-MNP-Levels AcctColumnDef USR_SimplifiedV42BIS_USAGE,Simplified-V42bis-Usage AcctColumnDef USR_CONNECT_SPEED,Connect-Speed AcctColumnDef FRAMED_PROTOCOL,Framed-Protocol AcctColumnDef FRAMED_IP_ADDRESS,Framed-IP-Address AcctColumnDef USR_MP_MRRU,MP-MRRU,integer AcctColumnDef ACCTLINKCOUNT,Acct-Link-Count,integer AcctColumnDef ACCTMULTISESSION_ID,Acct-Multi-Session-Id </AuthBy> <AuthBy FILE> Filename %D/users </AuthBy> <AuthBy FILE> Filename /usr/local/radiator/etc/radiusDB/users.cfg </AuthBy> </Realm> # This realm is for all those idiot users of ours who submit # "[EMAIL PROTECTED]" as their username. This protects us # against local dialup users using ipass to dial in and # from AuthBy IPASS being used to authenticate them. If this # was not here they would be sent to the <Realm DEFAULT> which # is being used to Auth Ipass Domains users. <Realm inch.com> #Oliver puts this in to strip off inch.com RewriteUsername s/^([^@]+).*/$1/ # PreAuthHook inserts a fake entry on any request going to this Realm PreAuthHook sub { ${$_[0]}->add_attr('Origin', 'util:[Realm inch.com]');} AcctLogFileName %L/detail AuthByPolicy ContinueUntilAccept <AuthBy SQL> DBSource dbi:mysql:radiator:util.inch.com # This "root" is a user within mySQL. DBUsername USERNAME DBAuth XXXX # an empty AuthSelect turns off auth AuthSelect AccountingTable ACCOUNTING AcctColumnDef ORIGIN,Origin AcctColumnDef USERNAME,User-Name AcctColumnDef CLIENT_ID,Client-Id AcctColumnDef TIME_STAMP,Timestamp,integer AcctColumnDef ACTUAL_TIME,Timestamp,integer-date AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer AcctColumnDef ACCTSESSIONID,Acct-Session-Id AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause AcctColumnDef NAS_IDENTIFIER,Client-Id AcctColumnDef NAS_IP_ADDRESS,NAS-IP-Address AcctColumnDef NAS_PORT,NAS-Port,integer AcctColumnDef NAS_PORT_TYPE,NAS-Port-Type AcctColumnDef ACCTAUTHENTIC,Acct-Authentic AcctColumnDef SERVICE_TYPE,Service-Type AcctColumnDef USR_MODEM_TIME,USR-Modem-Training-Time,integer AcctColumnDef USR_INTERFACE,USR-Interface-Index,integer AcctColumnDef USR_CHASSIS_SLOT,Chassis-Call-Slot,integer AcctColumnDef USR_CHASSIS_SPAN,Chassis-Call-Span,integer AcctColumnDef USR_CHASSIS_CHANNEL,Chassis-Call-Channel,integer AcctColumnDef USR_UNAUTH_TIME,Unauthenticated-Time,integer AcctColumnDef CALLING_STATION_ID,Calling-Station-Id AcctColumnDef CALLED_STATION_ID,Called-Station-Id AcctColumnDef USR_MODULATION_TYPE,Modulation-Type AcctColumnDef USR_SMNP_LEVELS,Simplified-MNP-Levels AcctColumnDef USR_SimplifiedV42BIS_USAGE,Simplified-V42bis-Usage AcctColumnDef USR_CONNECT_SPEED,Connect-Speed AcctColumnDef FRAMED_PROTOCOL,Framed-Protocol AcctColumnDef FRAMED_IP_ADDRESS,Framed-IP-Address AcctColumnDef USR_MP_MRRU,MP-MRRU,integer AcctColumnDef ACCTLINKCOUNT,Acct-Link-Count,integer AcctColumnDef ACCTMULTISESSION_ID,Acct-Multi-Session-Id </AuthBy> <AuthBy FILE> Filename %D/users </AuthBy> <AuthBy FILE> Filename /usr/local/radiator/etc/radiusDB/users.cfg </AuthBy> </Realm> # This is the IPASS realm/fallthrough realm: Anyone submiting a # "[EMAIL PROTECTED]'t.inch.com" will start auth. here. <Realm DEFAULT> AcctLogFileName %L/detail-ipass AuthByPolicy ContinueUntilAccept # PreAuthHook inserts a fake entry on any request going to this Realm PreAuthHook sub { ${$_[0]}->add_attr('Origin', 'util:[Realm DEFAULT] IPASS');} <AuthBy SQL> DBSource dbi:mysql:radiator:util.inch.com # This "root" is a user within mySQL. DBUsername USERNAME DBAuth XXXX # an empty AuthSelect turns off auth AuthSelect AccountingTable ACCOUNTING AcctColumnDef ORIGIN,Origin AcctColumnDef USERNAME,User-Name AcctColumnDef CLIENT_ID,Client-Id AcctColumnDef TIME_STAMP,Timestamp,integer AcctColumnDef ACTUAL_TIME,Timestamp,integer-date AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer AcctColumnDef ACCTSESSIONID,Acct-Session-Id AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause AcctColumnDef NAS_IDENTIFIER,Client-Id AcctColumnDef NAS_IP_ADDRESS,NAS-IP-Address AcctColumnDef NAS_PORT,NAS-Port,integer AcctColumnDef NAS_PORT_TYPE,NAS-Port-Type AcctColumnDef ACCTAUTHENTIC,Acct-Authentic AcctColumnDef SERVICE_TYPE,Service-Type AcctColumnDef USR_MODEM_TIME,USR-Modem-Training-Time,integer AcctColumnDef USR_INTERFACE,USR-Interface-Index,integer AcctColumnDef USR_CHASSIS_SLOT,Chassis-Call-Slot,integer AcctColumnDef USR_CHASSIS_SPAN,Chassis-Call-Span,integer AcctColumnDef USR_CHASSIS_CHANNEL,Chassis-Call-Channel,integer AcctColumnDef USR_UNAUTH_TIME,Unauthenticated-Time,integer AcctColumnDef CALLING_STATION_ID,Calling-Station-Id AcctColumnDef CALLED_STATION_ID,Called-Station-Id AcctColumnDef USR_MODULATION_TYPE,Modulation-Type AcctColumnDef USR_SMNP_LEVELS,Simplified-MNP-Levels AcctColumnDef USR_SimplifiedV42BIS_USAGE,Simplified-V42bis-Usage AcctColumnDef USR_CONNECT_SPEED,Connect-Speed AcctColumnDef FRAMED_PROTOCOL,Framed-Protocol AcctColumnDef FRAMED_IP_ADDRESS,Framed-IP-Address AcctColumnDef USR_MP_MRRU,MP-MRRU,integer AcctColumnDef ACCTLINKCOUNT,Acct-Link-Count,integer AcctColumnDef ACCTMULTISESSION_ID,Acct-Multi-Session-Id </AuthBy> <AuthBy IPASS> Debug Config /usr/local/ipass/ipass.conf Trace /usr/local/ipass/logs/iprd.trace Home /usr/local/ipass </AuthBy> </Realm> <AuthBy UNIX> Identifier System Filename /usr/local/radiator/etc/radiusDB/master.passwd Match ^([^:]*):([^:]*):[^:]*(?=:([^:]*)) GroupFilename /usr/local/radiator/etc/radiusDB/group </AuthBy UNIX> <SessionDatabase SQL> DBSource dbi:mysql:radiator:util.inch.com DBUsername USERNAME DBAuth XXXX AddQuery insert into RADONLINE (USERNAME, NAS_IDENTIFIER, NAS_PORT, ACCTSESSIONID, TIME_STAMP, FRAMED_IP_ADDRESS, NAS_PORT_TYPE, SERVICE_TYPE,USR_MODULATION_TYPE ,USR_CONNECT_SPEED,ORIGIN) values ('%n', '%N', %{NAS-Port}, '%{Acct-Session-Id}', %{Timestamp}, '%{Framed-IP-Address}', '%{NAS-Port-Type}', '%{Service-Type}', '%{Modulation-Type}', '%{Connect-Speed}','%{Origin}') DeleteQuery delete from RADONLINE where USERNAME='%n' and NAS_IDENTIFIER='%N' and NAS_PORT=%{NAS-Port} ClearNasQuery delete from RADONLINE where NAS_IDENTIFIER='%N' CountQuery select NAS_IDENTIFIER, NAS_PORT, ACCTSESSIONID from RADONLINE where USERNAME='%n' </SessionDatabase> <Log SQL> DBSource dbi:mysql:radiator:util.inch.com DBUsername USERNAME DBAuth XXXX Trace 3 </Log>