Hi, just to follow-up here, we did some additional investigation
and are pretty sure that the 2nd errors reported below are
because the text of the 3rd field of the MySQL insert contains
single quotes around the Realm= statement, causing the text
field to end prematurely. What should we do?
Also, please make sure to maintain the cc to [EMAIL PROTECTED] on all
email that Oliver has sent you all. He will be out of the office
for at least a week, and we want to continue the work in his
absence.
Thanks in advance,
--
Omar Thameen
Systems Administration
The Internet Channel
[EMAIL PROTECTED]
On Mon, Aug 23, 1999 at 03:44:29PM -0400, O Stockhammer wrote:
> Hello,
> We are currently getting two sets of errors reported at Log level
> 4. The first set has to do with our dictionary file, they read:
>
> on Aug 23 10:41:05 1999: ERR: Attribute number 11 (vendor 311) is not
> defined in your dictionary
> Mon Aug 23 10:41:06 1999: ERR: Attribute number 1 (vendor 311) is not
> defined in your dictionary
> Mon Aug 23 10:47:19 1999: ERR: Attribute number 11 (vendor 311) is not
> defined in your dictionary
> Mon Aug 23 10:47:19 1999: ERR: Attribute number 1 (vendor 311) is not
> defined in your dictionary
> Mon Aug 23 10:57:00 1999: ERR: Attribute number 11 (vendor 311) is not
> defined in your dictionary
> Mon Aug 23 10:57:00 1999: ERR: Attribute number 1 (vendor 311) is not
> defined in your dictionary
>
> And the second set seem to be with the MySQL DBM module when it tries to
> query the database:
>
> DBD::mysql::db do failed: You have an error in your SQL syntax near
> 'Realm='',
> 'Aug 21, 1999 12:35')' at line 2 at
> /usr/local/lib/perl5/site_perl/5.005/Radius/SqlDb.pm line 189.
> DBD::mysql::db do failed: You have an error in your SQL syntax near
> 'Realm='',
> 'Aug 21, 1999 12:35')' at line 2 at
> /usr/local/lib/perl5/site_perl/5.005/Radius/SqlDb.pm line 189.
> DBD::mysql::db do failed: You have an error in your SQL syntax near 'PPP',
> '4evryng', '', 'Async', '207.240.215.217', 'ccittV42bi' at line 2 at
> /usr/local/lib/perl5/site_perl/5.005/Radius/SqlDb.pm line 189.
>
> This are both very mysterious reporting errors to us. It seems that
> radiator is also crashing quite frequently (once every two days at least).
> We do not get anything logged when it dies. It does take a restart to get
> it going again. We where wondering if it might be better to run Radiator
> out of inetd? Again, this is for our main authentication server. Any
> insight would be appreciated. I have attached a copy of our radius.cfg as
> well (with all passwords commented out).
>
> Thanks you,
> Oliver Stockhammer
> Systems Admin.
> Internet Channel
Content-Description: current radius.cfg
> # radius.cfg
> #
> # This is a very simple radius.cfg that you can use to get started.
> # only the most important parameters are set here. The full set
> # of parameters can be seen in radius.cfg in the top of the distribution tree.
> #
> # As it stands, it will authenticate a single client and a
> # single realm from a flat file
> # database, and save the accounting info to a single details file.
> #
> # Author: Mike McCauley ([EMAIL PROTECTED])
> # Copyright (C) 1997 Open System Consultants
> # $Id: radius.cfg,v 1.3 1999/01/28 05:13:52 mikem Exp $
>
> LogStdout
> PidFile /usr/local/radiator/etc/radiator.pid
>
> # Set this to the directory where your logfile and details file are to go
> LogDir /var/log/radiator
>
> # Set this to the database directory. It should contain these files:
> # users The user database
> # dictionary The dictionary for your NAS
> DbDir /usr/local/radiator/etc/radiusDB
>
> # AuthPort specifies the port to list on for authentication requests
> # Can be a numeric port number or a service name from /etc/services
> # Defaults to 1645
> AuthPort 1645
>
> # AcctPort specifies the port to list on for accounting requests
> # Can be a numeric port number or a service name from /etc/services
> # Defaults to 1646
> AcctPort 1646
>
> ########################################################
> ## Added for USR ##
> ########################################################
> SnmpgetProg /usr/local/bin/snmpget
>
> # This clause defines a single client to listen to
>
> # without the IgnoreAcctSignature it will not Authenticate users.
> <Client 207.240.212.131>
> Secret XXXX
> IgnoreAcctSignature
> NasType TotalControlSNMP
> </Client>
>
> <Client 207.240.142.3>
> Secret XXXX
> IgnoreAcctSignature
> NasType TotalControlSNMP
> </Client>
>
> # without the IgnoreAcctSignature it will not Authenticate users. for this chassis ,
>os.
> <Client 207.240.142.5>
> Secret XXXX
> IgnoreAcctSignature
> NasType TotalControlSNMP
> </Client>
>
> <Client 207.240.142.7>
> Secret XXXX
> IgnoreAcctSignature
> NasType TotalControlSNMP
> </Client>
>
> <Client 207.240.142.9>
> Secret XXXX
> IgnoreAcctSignature
> NasType TotalControlSNMP
> </Client>
>
> <Client 207.240.142.11>
> Secret XXXX
> IgnoreAcctSignature
> NasType TotalControlSNMP
> </Client>
>
> # This is the chassis for the fx lines it has netserver cards which need the
>IgnoreAcctSignature command -os
> <Client 207.240.140.6>
> Secret XXXX
> IgnoreAcctSignature
> NasType TotalControlSNMP
> </Client>
>
> # For testing: this allows us to honour requests from radpwtst
> # on the same host.
> <Client 127.0.0.1>
> Secret XXXX
> DupInterval 0
> </Client>
>
> # for Ipass Testing
> <Client ancillary.inch.com>
> Secret XXXX
> DupInterval 0
> </Client>
>
> # These are all the realms as built by ocs. They rock.
>
> # This is the main authentication Realm for all usernames without
> # a domain appended. This should be all our "local" dialups.
> # Therefore unless they are stupid and put "@inch.com" or they
> # are coming from IPASS, they will be authenicated by this Realm.
>
> <Realm>
> #Omar says stuff is bad if this is on.
> #RewriteUsername s/^([^@]+).*/$1/
> # This inserts a fake entry on every request going through this Realm
> PreAuthHook sub { ${$_[0]}->add_attr('Origin', 'util:[Realm] local');}
> AcctLogFileName %L/detail
> AuthByPolicy ContinueUntilAccept
> <AuthBy SQL>
> DBSource dbi:mysql:radiator:util.inch.com
> # This "root" is a user within mySQL.
> DBUsername USERNAME
> DBAuth XXXX
> # an empty AuthSelect turns off auth
> AuthSelect
>
> AccountingTable ACCOUNTING
> AcctColumnDef ORIGIN,Origin
> AcctColumnDef USERNAME,User-Name
> AcctColumnDef CLIENT_ID,Client-Id
> AcctColumnDef TIME_STAMP,Timestamp,integer
> AcctColumnDef ACTUAL_TIME,Timestamp,integer-date
> AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
> AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
> AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
> AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
> AcctColumnDef ACCTSESSIONID,Acct-Session-Id
> AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
> AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
> AcctColumnDef NAS_IDENTIFIER,Client-Id
> AcctColumnDef NAS_IP_ADDRESS,NAS-IP-Address
> AcctColumnDef NAS_PORT,NAS-Port,integer
> AcctColumnDef NAS_PORT_TYPE,NAS-Port-Type
> AcctColumnDef ACCTAUTHENTIC,Acct-Authentic
> AcctColumnDef SERVICE_TYPE,Service-Type
> AcctColumnDef USR_MODEM_TIME,USR-Modem-Training-Time,integer
> AcctColumnDef USR_INTERFACE,USR-Interface-Index,integer
> AcctColumnDef USR_CHASSIS_SLOT,Chassis-Call-Slot,integer
> AcctColumnDef USR_CHASSIS_SPAN,Chassis-Call-Span,integer
> AcctColumnDef USR_CHASSIS_CHANNEL,Chassis-Call-Channel,integer
> AcctColumnDef USR_UNAUTH_TIME,Unauthenticated-Time,integer
> AcctColumnDef CALLING_STATION_ID,Calling-Station-Id
> AcctColumnDef CALLED_STATION_ID,Called-Station-Id
> AcctColumnDef USR_MODULATION_TYPE,Modulation-Type
> AcctColumnDef USR_SMNP_LEVELS,Simplified-MNP-Levels
> AcctColumnDef USR_SimplifiedV42BIS_USAGE,Simplified-V42bis-Usage
> AcctColumnDef USR_CONNECT_SPEED,Connect-Speed
> AcctColumnDef FRAMED_PROTOCOL,Framed-Protocol
> AcctColumnDef FRAMED_IP_ADDRESS,Framed-IP-Address
> AcctColumnDef USR_MP_MRRU,MP-MRRU,integer
> AcctColumnDef ACCTLINKCOUNT,Acct-Link-Count,integer
> AcctColumnDef ACCTMULTISESSION_ID,Acct-Multi-Session-Id
> </AuthBy>
> <AuthBy FILE>
> Filename %D/users
> </AuthBy>
> <AuthBy FILE>
> Filename /usr/local/radiator/etc/radiusDB/users.cfg
> </AuthBy>
> </Realm>
>
> # This realm is for all those idiot users of ours who submit
> # "[EMAIL PROTECTED]" as their username. This protects us
> # against local dialup users using ipass to dial in and
> # from AuthBy IPASS being used to authenticate them. If this
> # was not here they would be sent to the <Realm DEFAULT> which
> # is being used to Auth Ipass Domains users.
> <Realm inch.com>
> #Oliver puts this in to strip off inch.com
> RewriteUsername s/^([^@]+).*/$1/
> # PreAuthHook inserts a fake entry on any request going to this Realm
> PreAuthHook sub { ${$_[0]}->add_attr('Origin', 'util:[Realm inch.com]');}
> AcctLogFileName %L/detail
> AuthByPolicy ContinueUntilAccept
> <AuthBy SQL>
> DBSource dbi:mysql:radiator:util.inch.com
> # This "root" is a user within mySQL.
> DBUsername USERNAME
> DBAuth XXXX
> # an empty AuthSelect turns off auth
> AuthSelect
>
> AccountingTable ACCOUNTING
> AcctColumnDef ORIGIN,Origin
> AcctColumnDef USERNAME,User-Name
> AcctColumnDef CLIENT_ID,Client-Id
> AcctColumnDef TIME_STAMP,Timestamp,integer
> AcctColumnDef ACTUAL_TIME,Timestamp,integer-date
> AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
> AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
> AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
> AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
> AcctColumnDef ACCTSESSIONID,Acct-Session-Id
> AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
> AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
> AcctColumnDef NAS_IDENTIFIER,Client-Id
> AcctColumnDef NAS_IP_ADDRESS,NAS-IP-Address
> AcctColumnDef NAS_PORT,NAS-Port,integer
> AcctColumnDef NAS_PORT_TYPE,NAS-Port-Type
> AcctColumnDef ACCTAUTHENTIC,Acct-Authentic
> AcctColumnDef SERVICE_TYPE,Service-Type
> AcctColumnDef USR_MODEM_TIME,USR-Modem-Training-Time,integer
> AcctColumnDef USR_INTERFACE,USR-Interface-Index,integer
> AcctColumnDef USR_CHASSIS_SLOT,Chassis-Call-Slot,integer
> AcctColumnDef USR_CHASSIS_SPAN,Chassis-Call-Span,integer
> AcctColumnDef USR_CHASSIS_CHANNEL,Chassis-Call-Channel,integer
> AcctColumnDef USR_UNAUTH_TIME,Unauthenticated-Time,integer
> AcctColumnDef CALLING_STATION_ID,Calling-Station-Id
> AcctColumnDef CALLED_STATION_ID,Called-Station-Id
> AcctColumnDef USR_MODULATION_TYPE,Modulation-Type
> AcctColumnDef USR_SMNP_LEVELS,Simplified-MNP-Levels
> AcctColumnDef USR_SimplifiedV42BIS_USAGE,Simplified-V42bis-Usage
> AcctColumnDef USR_CONNECT_SPEED,Connect-Speed
> AcctColumnDef FRAMED_PROTOCOL,Framed-Protocol
> AcctColumnDef FRAMED_IP_ADDRESS,Framed-IP-Address
> AcctColumnDef USR_MP_MRRU,MP-MRRU,integer
> AcctColumnDef ACCTLINKCOUNT,Acct-Link-Count,integer
> AcctColumnDef ACCTMULTISESSION_ID,Acct-Multi-Session-Id
> </AuthBy>
> <AuthBy FILE>
> Filename %D/users
> </AuthBy>
> <AuthBy FILE>
> Filename /usr/local/radiator/etc/radiusDB/users.cfg
> </AuthBy>
> </Realm>
>
> # This is the IPASS realm/fallthrough realm: Anyone submiting a
> # "[EMAIL PROTECTED]'t.inch.com" will start auth. here.
> <Realm DEFAULT>
> AcctLogFileName %L/detail-ipass
> AuthByPolicy ContinueUntilAccept
> # PreAuthHook inserts a fake entry on any request going to this Realm
> PreAuthHook sub { ${$_[0]}->add_attr('Origin', 'util:[Realm DEFAULT] IPASS');}
> <AuthBy SQL>
> DBSource dbi:mysql:radiator:util.inch.com
> # This "root" is a user within mySQL.
> DBUsername USERNAME
> DBAuth XXXX
> # an empty AuthSelect turns off auth
> AuthSelect
>
> AccountingTable ACCOUNTING
> AcctColumnDef ORIGIN,Origin
> AcctColumnDef USERNAME,User-Name
> AcctColumnDef CLIENT_ID,Client-Id
> AcctColumnDef TIME_STAMP,Timestamp,integer
> AcctColumnDef ACTUAL_TIME,Timestamp,integer-date
> AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
> AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
> AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
> AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
> AcctColumnDef ACCTSESSIONID,Acct-Session-Id
> AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
> AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
> AcctColumnDef NAS_IDENTIFIER,Client-Id
> AcctColumnDef NAS_IP_ADDRESS,NAS-IP-Address
> AcctColumnDef NAS_PORT,NAS-Port,integer
> AcctColumnDef NAS_PORT_TYPE,NAS-Port-Type
> AcctColumnDef ACCTAUTHENTIC,Acct-Authentic
> AcctColumnDef SERVICE_TYPE,Service-Type
> AcctColumnDef USR_MODEM_TIME,USR-Modem-Training-Time,integer
> AcctColumnDef USR_INTERFACE,USR-Interface-Index,integer
> AcctColumnDef USR_CHASSIS_SLOT,Chassis-Call-Slot,integer
> AcctColumnDef USR_CHASSIS_SPAN,Chassis-Call-Span,integer
> AcctColumnDef USR_CHASSIS_CHANNEL,Chassis-Call-Channel,integer
> AcctColumnDef USR_UNAUTH_TIME,Unauthenticated-Time,integer
> AcctColumnDef CALLING_STATION_ID,Calling-Station-Id
> AcctColumnDef CALLED_STATION_ID,Called-Station-Id
> AcctColumnDef USR_MODULATION_TYPE,Modulation-Type
> AcctColumnDef USR_SMNP_LEVELS,Simplified-MNP-Levels
> AcctColumnDef USR_SimplifiedV42BIS_USAGE,Simplified-V42bis-Usage
> AcctColumnDef USR_CONNECT_SPEED,Connect-Speed
> AcctColumnDef FRAMED_PROTOCOL,Framed-Protocol
> AcctColumnDef FRAMED_IP_ADDRESS,Framed-IP-Address
> AcctColumnDef USR_MP_MRRU,MP-MRRU,integer
> AcctColumnDef ACCTLINKCOUNT,Acct-Link-Count,integer
> AcctColumnDef ACCTMULTISESSION_ID,Acct-Multi-Session-Id
> </AuthBy>
> <AuthBy IPASS>
> Debug
> Config /usr/local/ipass/ipass.conf
> Trace /usr/local/ipass/logs/iprd.trace
> Home /usr/local/ipass
> </AuthBy>
> </Realm>
>
> <AuthBy UNIX>
> Identifier System
> Filename /usr/local/radiator/etc/radiusDB/master.passwd
> Match ^([^:]*):([^:]*):[^:]*(?=:([^:]*))
> GroupFilename /usr/local/radiator/etc/radiusDB/group
> </AuthBy UNIX>
>
>
> <SessionDatabase SQL>
> DBSource dbi:mysql:radiator:util.inch.com
> DBUsername USERNAME
> DBAuth XXXX
> AddQuery insert into RADONLINE (USERNAME, NAS_IDENTIFIER, NAS_PORT,
>ACCTSESSIONID, TIME_STAMP, FRAMED_IP_ADDRESS, NAS_PORT_TYPE,
>SERVICE_TYPE,USR_MODULATION_TYPE ,USR_CONNECT_SPEED,ORIGIN) values ('%n', '%N',
>%{NAS-Port}, '%{Acct-Session-Id}', %{Timestamp}, '%{Framed-IP-Address}',
>'%{NAS-Port-Type}', '%{Service-Type}', '%{Modulation-Type}',
>'%{Connect-Speed}','%{Origin}')
> DeleteQuery delete from RADONLINE where USERNAME='%n' and
>NAS_IDENTIFIER='%N' and NAS_PORT=%{NAS-Port}
> ClearNasQuery delete from RADONLINE where NAS_IDENTIFIER='%N'
> CountQuery select NAS_IDENTIFIER, NAS_PORT, ACCTSESSIONID from
>RADONLINE where USERNAME='%n'
> </SessionDatabase>
>
> <Log SQL>
> DBSource dbi:mysql:radiator:util.inch.com
> DBUsername USERNAME
> DBAuth XXXX
> Trace 3
> </Log>
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
