Hello,
We are currently getting two sets of errors reported at Log level
4. The first set has to do with our dictionary file, they read:
on Aug 23 10:41:05 1999: ERR: Attribute number 11 (vendor 311) is not
defined in your dictionary
Mon Aug 23 10:41:06 1999: ERR: Attribute number 1 (vendor 311) is not
defined in your dictionary
Mon Aug 23 10:47:19 1999: ERR: Attribute number 11 (vendor 311) is not
defined in your dictionary
Mon Aug 23 10:47:19 1999: ERR: Attribute number 1 (vendor 311) is not
defined in your dictionary
Mon Aug 23 10:57:00 1999: ERR: Attribute number 11 (vendor 311) is not
defined in your dictionary
Mon Aug 23 10:57:00 1999: ERR: Attribute number 1 (vendor 311) is not
defined in your dictionary
And the second set seem to be with the MySQL DBM module when it tries to
query the database:
DBD::mysql::db do failed: You have an error in your SQL syntax near
'Realm='',
'Aug 21, 1999 12:35')' at line 2 at
/usr/local/lib/perl5/site_perl/5.005/Radius/SqlDb.pm line 189.
DBD::mysql::db do failed: You have an error in your SQL syntax near
'Realm='',
'Aug 21, 1999 12:35')' at line 2 at
/usr/local/lib/perl5/site_perl/5.005/Radius/SqlDb.pm line 189.
DBD::mysql::db do failed: You have an error in your SQL syntax near 'PPP',
'4evryng', '', 'Async', '207.240.215.217', 'ccittV42bi' at line 2 at
/usr/local/lib/perl5/site_perl/5.005/Radius/SqlDb.pm line 189.
This are both very mysterious reporting errors to us. It seems that
radiator is also crashing quite frequently (once every two days at least).
We do not get anything logged when it dies. It does take a restart to get
it going again. We where wondering if it might be better to run Radiator
out of inetd? Again, this is for our main authentication server. Any
insight would be appreciated. I have attached a copy of our radius.cfg as
well (with all passwords commented out).
Thanks you,
Oliver Stockhammer
Systems Admin.
Internet Channel
# radius.cfg
#
# This is a very simple radius.cfg that you can use to get started.
# only the most important parameters are set here. The full set
# of parameters can be seen in radius.cfg in the top of the distribution tree.
#
# As it stands, it will authenticate a single client and a
# single realm from a flat file
# database, and save the accounting info to a single details file.
#
# Author: Mike McCauley ([EMAIL PROTECTED])
# Copyright (C) 1997 Open System Consultants
# $Id: radius.cfg,v 1.3 1999/01/28 05:13:52 mikem Exp $
LogStdout
PidFile /usr/local/radiator/etc/radiator.pid
# Set this to the directory where your logfile and details file are to go
LogDir /var/log/radiator
# Set this to the database directory. It should contain these files:
# users The user database
# dictionary The dictionary for your NAS
DbDir /usr/local/radiator/etc/radiusDB
# AuthPort specifies the port to list on for authentication requests
# Can be a numeric port number or a service name from /etc/services
# Defaults to 1645
AuthPort 1645
# AcctPort specifies the port to list on for accounting requests
# Can be a numeric port number or a service name from /etc/services
# Defaults to 1646
AcctPort 1646
########################################################
## Added for USR ##
########################################################
SnmpgetProg /usr/local/bin/snmpget
# This clause defines a single client to listen to
# without the IgnoreAcctSignature it will not Authenticate users.
<Client 207.240.212.131>
Secret XXXX
IgnoreAcctSignature
NasType TotalControlSNMP
</Client>
<Client 207.240.142.3>
Secret XXXX
IgnoreAcctSignature
NasType TotalControlSNMP
</Client>
# without the IgnoreAcctSignature it will not Authenticate users. for this chassis ,
os.
<Client 207.240.142.5>
Secret XXXX
IgnoreAcctSignature
NasType TotalControlSNMP
</Client>
<Client 207.240.142.7>
Secret XXXX
IgnoreAcctSignature
NasType TotalControlSNMP
</Client>
<Client 207.240.142.9>
Secret XXXX
IgnoreAcctSignature
NasType TotalControlSNMP
</Client>
<Client 207.240.142.11>
Secret XXXX
IgnoreAcctSignature
NasType TotalControlSNMP
</Client>
# This is the chassis for the fx lines it has netserver cards which need the
IgnoreAcctSignature command -os
<Client 207.240.140.6>
Secret XXXX
IgnoreAcctSignature
NasType TotalControlSNMP
</Client>
# For testing: this allows us to honour requests from radpwtst
# on the same host.
<Client 127.0.0.1>
Secret XXXX
DupInterval 0
</Client>
# for Ipass Testing
<Client ancillary.inch.com>
Secret XXXX
DupInterval 0
</Client>
# These are all the realms as built by ocs. They rock.
# This is the main authentication Realm for all usernames without
# a domain appended. This should be all our "local" dialups.
# Therefore unless they are stupid and put "@inch.com" or they
# are coming from IPASS, they will be authenicated by this Realm.
<Realm>
#Omar says stuff is bad if this is on.
#RewriteUsername s/^([^@]+).*/$1/
# This inserts a fake entry on every request going through this Realm
PreAuthHook sub { ${$_[0]}->add_attr('Origin', 'util:[Realm] local');}
AcctLogFileName %L/detail
AuthByPolicy ContinueUntilAccept
<AuthBy SQL>
DBSource dbi:mysql:radiator:util.inch.com
# This "root" is a user within mySQL.
DBUsername USERNAME
DBAuth XXXX
# an empty AuthSelect turns off auth
AuthSelect
AccountingTable ACCOUNTING
AcctColumnDef ORIGIN,Origin
AcctColumnDef USERNAME,User-Name
AcctColumnDef CLIENT_ID,Client-Id
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef ACTUAL_TIME,Timestamp,integer-date
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
AcctColumnDef NAS_IDENTIFIER,Client-Id
AcctColumnDef NAS_IP_ADDRESS,NAS-IP-Address
AcctColumnDef NAS_PORT,NAS-Port,integer
AcctColumnDef NAS_PORT_TYPE,NAS-Port-Type
AcctColumnDef ACCTAUTHENTIC,Acct-Authentic
AcctColumnDef SERVICE_TYPE,Service-Type
AcctColumnDef USR_MODEM_TIME,USR-Modem-Training-Time,integer
AcctColumnDef USR_INTERFACE,USR-Interface-Index,integer
AcctColumnDef USR_CHASSIS_SLOT,Chassis-Call-Slot,integer
AcctColumnDef USR_CHASSIS_SPAN,Chassis-Call-Span,integer
AcctColumnDef USR_CHASSIS_CHANNEL,Chassis-Call-Channel,integer
AcctColumnDef USR_UNAUTH_TIME,Unauthenticated-Time,integer
AcctColumnDef CALLING_STATION_ID,Calling-Station-Id
AcctColumnDef CALLED_STATION_ID,Called-Station-Id
AcctColumnDef USR_MODULATION_TYPE,Modulation-Type
AcctColumnDef USR_SMNP_LEVELS,Simplified-MNP-Levels
AcctColumnDef USR_SimplifiedV42BIS_USAGE,Simplified-V42bis-Usage
AcctColumnDef USR_CONNECT_SPEED,Connect-Speed
AcctColumnDef FRAMED_PROTOCOL,Framed-Protocol
AcctColumnDef FRAMED_IP_ADDRESS,Framed-IP-Address
AcctColumnDef USR_MP_MRRU,MP-MRRU,integer
AcctColumnDef ACCTLINKCOUNT,Acct-Link-Count,integer
AcctColumnDef ACCTMULTISESSION_ID,Acct-Multi-Session-Id
</AuthBy>
<AuthBy FILE>
Filename %D/users
</AuthBy>
<AuthBy FILE>
Filename /usr/local/radiator/etc/radiusDB/users.cfg
</AuthBy>
</Realm>
# This realm is for all those idiot users of ours who submit
# "[EMAIL PROTECTED]" as their username. This protects us
# against local dialup users using ipass to dial in and
# from AuthBy IPASS being used to authenticate them. If this
# was not here they would be sent to the <Realm DEFAULT> which
# is being used to Auth Ipass Domains users.
<Realm inch.com>
#Oliver puts this in to strip off inch.com
RewriteUsername s/^([^@]+).*/$1/
# PreAuthHook inserts a fake entry on any request going to this Realm
PreAuthHook sub { ${$_[0]}->add_attr('Origin', 'util:[Realm inch.com]');}
AcctLogFileName %L/detail
AuthByPolicy ContinueUntilAccept
<AuthBy SQL>
DBSource dbi:mysql:radiator:util.inch.com
# This "root" is a user within mySQL.
DBUsername USERNAME
DBAuth XXXX
# an empty AuthSelect turns off auth
AuthSelect
AccountingTable ACCOUNTING
AcctColumnDef ORIGIN,Origin
AcctColumnDef USERNAME,User-Name
AcctColumnDef CLIENT_ID,Client-Id
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef ACTUAL_TIME,Timestamp,integer-date
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
AcctColumnDef NAS_IDENTIFIER,Client-Id
AcctColumnDef NAS_IP_ADDRESS,NAS-IP-Address
AcctColumnDef NAS_PORT,NAS-Port,integer
AcctColumnDef NAS_PORT_TYPE,NAS-Port-Type
AcctColumnDef ACCTAUTHENTIC,Acct-Authentic
AcctColumnDef SERVICE_TYPE,Service-Type
AcctColumnDef USR_MODEM_TIME,USR-Modem-Training-Time,integer
AcctColumnDef USR_INTERFACE,USR-Interface-Index,integer
AcctColumnDef USR_CHASSIS_SLOT,Chassis-Call-Slot,integer
AcctColumnDef USR_CHASSIS_SPAN,Chassis-Call-Span,integer
AcctColumnDef USR_CHASSIS_CHANNEL,Chassis-Call-Channel,integer
AcctColumnDef USR_UNAUTH_TIME,Unauthenticated-Time,integer
AcctColumnDef CALLING_STATION_ID,Calling-Station-Id
AcctColumnDef CALLED_STATION_ID,Called-Station-Id
AcctColumnDef USR_MODULATION_TYPE,Modulation-Type
AcctColumnDef USR_SMNP_LEVELS,Simplified-MNP-Levels
AcctColumnDef USR_SimplifiedV42BIS_USAGE,Simplified-V42bis-Usage
AcctColumnDef USR_CONNECT_SPEED,Connect-Speed
AcctColumnDef FRAMED_PROTOCOL,Framed-Protocol
AcctColumnDef FRAMED_IP_ADDRESS,Framed-IP-Address
AcctColumnDef USR_MP_MRRU,MP-MRRU,integer
AcctColumnDef ACCTLINKCOUNT,Acct-Link-Count,integer
AcctColumnDef ACCTMULTISESSION_ID,Acct-Multi-Session-Id
</AuthBy>
<AuthBy FILE>
Filename %D/users
</AuthBy>
<AuthBy FILE>
Filename /usr/local/radiator/etc/radiusDB/users.cfg
</AuthBy>
</Realm>
# This is the IPASS realm/fallthrough realm: Anyone submiting a
# "[EMAIL PROTECTED]'t.inch.com" will start auth. here.
<Realm DEFAULT>
AcctLogFileName %L/detail-ipass
AuthByPolicy ContinueUntilAccept
# PreAuthHook inserts a fake entry on any request going to this Realm
PreAuthHook sub { ${$_[0]}->add_attr('Origin', 'util:[Realm DEFAULT] IPASS');}
<AuthBy SQL>
DBSource dbi:mysql:radiator:util.inch.com
# This "root" is a user within mySQL.
DBUsername USERNAME
DBAuth XXXX
# an empty AuthSelect turns off auth
AuthSelect
AccountingTable ACCOUNTING
AcctColumnDef ORIGIN,Origin
AcctColumnDef USERNAME,User-Name
AcctColumnDef CLIENT_ID,Client-Id
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef ACTUAL_TIME,Timestamp,integer-date
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
AcctColumnDef NAS_IDENTIFIER,Client-Id
AcctColumnDef NAS_IP_ADDRESS,NAS-IP-Address
AcctColumnDef NAS_PORT,NAS-Port,integer
AcctColumnDef NAS_PORT_TYPE,NAS-Port-Type
AcctColumnDef ACCTAUTHENTIC,Acct-Authentic
AcctColumnDef SERVICE_TYPE,Service-Type
AcctColumnDef USR_MODEM_TIME,USR-Modem-Training-Time,integer
AcctColumnDef USR_INTERFACE,USR-Interface-Index,integer
AcctColumnDef USR_CHASSIS_SLOT,Chassis-Call-Slot,integer
AcctColumnDef USR_CHASSIS_SPAN,Chassis-Call-Span,integer
AcctColumnDef USR_CHASSIS_CHANNEL,Chassis-Call-Channel,integer
AcctColumnDef USR_UNAUTH_TIME,Unauthenticated-Time,integer
AcctColumnDef CALLING_STATION_ID,Calling-Station-Id
AcctColumnDef CALLED_STATION_ID,Called-Station-Id
AcctColumnDef USR_MODULATION_TYPE,Modulation-Type
AcctColumnDef USR_SMNP_LEVELS,Simplified-MNP-Levels
AcctColumnDef USR_SimplifiedV42BIS_USAGE,Simplified-V42bis-Usage
AcctColumnDef USR_CONNECT_SPEED,Connect-Speed
AcctColumnDef FRAMED_PROTOCOL,Framed-Protocol
AcctColumnDef FRAMED_IP_ADDRESS,Framed-IP-Address
AcctColumnDef USR_MP_MRRU,MP-MRRU,integer
AcctColumnDef ACCTLINKCOUNT,Acct-Link-Count,integer
AcctColumnDef ACCTMULTISESSION_ID,Acct-Multi-Session-Id
</AuthBy>
<AuthBy IPASS>
Debug
Config /usr/local/ipass/ipass.conf
Trace /usr/local/ipass/logs/iprd.trace
Home /usr/local/ipass
</AuthBy>
</Realm>
<AuthBy UNIX>
Identifier System
Filename /usr/local/radiator/etc/radiusDB/master.passwd
Match ^([^:]*):([^:]*):[^:]*(?=:([^:]*))
GroupFilename /usr/local/radiator/etc/radiusDB/group
</AuthBy UNIX>
<SessionDatabase SQL>
DBSource dbi:mysql:radiator:util.inch.com
DBUsername USERNAME
DBAuth XXXX
AddQuery insert into RADONLINE (USERNAME, NAS_IDENTIFIER, NAS_PORT,
ACCTSESSIONID, TIME_STAMP, FRAMED_IP_ADDRESS, NAS_PORT_TYPE,
SERVICE_TYPE,USR_MODULATION_TYPE ,USR_CONNECT_SPEED,ORIGIN) values ('%n', '%N',
%{NAS-Port}, '%{Acct-Session-Id}', %{Timestamp}, '%{Framed-IP-Address}',
'%{NAS-Port-Type}', '%{Service-Type}', '%{Modulation-Type}',
'%{Connect-Speed}','%{Origin}')
DeleteQuery delete from RADONLINE where USERNAME='%n' and
NAS_IDENTIFIER='%N' and NAS_PORT=%{NAS-Port}
ClearNasQuery delete from RADONLINE where NAS_IDENTIFIER='%N'
CountQuery select NAS_IDENTIFIER, NAS_PORT, ACCTSESSIONID from
RADONLINE where USERNAME='%n'
</SessionDatabase>
<Log SQL>
DBSource dbi:mysql:radiator:util.inch.com
DBUsername USERNAME
DBAuth XXXX
Trace 3
</Log>
