Hi.
I have a strange problem that started happening as the clock rolled over to
Dec 31 1999. All my users started to get "Access rejected, Expiration date
passed " from my Radiator AuthEmerald which is talking to a mSQL database
(platypus).
Here is my config file and dump of logfile at Loglevel 4. Any help would
be appreciated (as I am sure you can imagine)? We are running radiator 2.14.
I cannot work out what is causing it as the expiration date seems to be set
many years into the future.
Thanks:
# emerald.cfg
#
# Example Radiator configuration file that allows you to
# authenticate from and store accounting to the Emerald database
# from IEA (see http://www.emerald.iea.com)
#
# You should consider this file to be a starting point only
# $Id: emerald.cfg,v 1.1 1998/07/12 23:47:50 mikem Exp $
Foreground
LogStdout
LogDir /var/log/radius
DbDir /local/etc/radius
PidFile /var/run/radiusd.pid
#SnmpgetProg /usr/bin/snmpget
AuthPort 1645
AcctPort 1646
Trace 3
# The reason for specifying each type of NAS seperately is to allow us to
# limit the number of simultaneous logins. (At some later date perhaps?)
# Our Ascend's
<Client 203.96.16.5>
# Max
Secret xxxxxxxxx
DupInterval 60
NasType AscendSNMP
SNMPCommunity public
# Add the Ascend MAX TNT's here:
# localhost is to allow us to perform testing...
IdenticalClients 203.96.16.66
</Client>
<Client 203.96.58.18>
Secret xxxxxxxx
DupInterval 60
NasType Ascend
</Client>
<Client 203.96.58.146>
Secret xxxxxxxx
DupInterval 60
NasType Ascend
</Client>
<Client 203.96.58.242>
DupInterval 60
Secret xxxxxxxx
NasType Ascend
</Client>
# Our Cisco's
<Client 203.96.16.1>
# Cisco 1
Secret xxxxxxxx
NasType Cisco
IdenticalClients 203.96.16.2 203.96.16.3 203.96.16.4 203.96.16.6 203.96.16.11
</Client>
<Client 203.96.16.2>
# Cisco 2
Secret xxxxxxxxx
NasType Cisco
IdenticalClients 203.96.16.1 203.96.16.3 203.96.16.4 203.96.16.6 203.96.16.11
</Client>
# IPnet and their USR TotalControls
<Client 192.168.0.33>
Secret xxxxxxxxx
NasType TotalControl
IdenticalClients 192.168.0.34
RewriteUsername s/^([^@]+).*/$1/
</Client>
<Client 192.168.0.34>
Secret xxxxxxxxx
NasType TotalControl
IdenticalClients 192.168.0.33
RewriteUsername s/^([^@]+).*/$1/
</Client>
<SessionDatabase SQL>
# Change DBSource, DBUsername, DBAuth for your database
# See the reference manual
DBSource dbi:ODBC:LocalServer
DBUsername xxxxxxxx
DBAuth xxxxxxxx
</SessionDatabase SQL>
<Realm DEFAULT>
# If Platypus rejects the login, forward it to the old Radius server
PasswordLogFileName %L/password.log
<AuthBy EMERALD>
# You can use this to force Radiator to limit
# maximum session times to how many minutes
# are left in subaccounts.timeleft
DefaultSimultaneousUse 1
TimeBanking
# Change DBSource, DBUsername, DBAuth for your database
# See the reference manual
DBSource dbi:ODBC:LocalServer
DBUsername xxxxxxxx
DBAuth xxxxxxxx
# You can add to or change these if you want.
AccountingTable Calls
AcctColumnDef UserName,User-Name
AcctColumnDef CallDate,Timestamp,integer-date
AcctColumnDef AcctStatusType,Acct-Status-Type,integer
AcctColumnDef AcctDelayTime,Acct-Delay-Time,integer
AcctColumnDef AcctInputOctets,Acct-Input-Octets,integer
AcctColumnDef AcctOutputOctets,Acct-Output-Octets,integer
AcctColumnDef AcctSessionId,Acct-Session-Id
AcctColumnDef AcctSessionTime,Acct-Session-Time,integer
AcctColumnDef AcctTerminateCause,Ascend-Disconnect-Cause,integer
# AcctColumnDef AcctTerminateCause,Acct-Terminate-Cause,integer
# AcctColumnDef NASIdentifier,NAS-Identifier
AcctColumnDef NASIdentifier,NAS-IP-Address
AcctColumnDef NASPort,NAS-Port,integer
AddATDefaults
AuthSelect ,sa.LoginLimit
AuthColumnDef 0,Simultaneous-Use,check
</AuthBy>
<AuthBy FILE>
Filename %D/users
</AuthBy>
# Log all accounting into daily log files
AcctLogFileName /var/log/radius/log/%Y%m%d.act
</Realm>
And here is the Debug output.
Fri Dec 31 07:15:10 1999: DEBUG: Packet dump:
*** Received from 203.96.58.146 port 32849 ....
Code: Access-Request
Identifier: 62
Authentic: <12><4><130><239><227>P<233><228>u<168><193>ho<223><205>`
Attributes:
User-Name = "trustme"
CHAP-Password = "<1>6n<237>a<238>bj<185>cKe<197><132>Y<174><194>"
NAS-IP-Address = 203.96.58.17
NAS-Port = 2146
NAS-Port-Type = Async
State = ""
Called-Station-Id = "78686"
Acct-Session-Id = "298156130"
Ascend-Data-Rate = 28800
Ascend-Xmit-Rate = 49333
Fri Dec 31 07:15:10 1999: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Fri Dec 31 07:15:10 1999: DEBUG: Deleting session for trustme, 203.96.58.17, 2
146
Fri Dec 31 07:15:10 1999: DEBUG: do query is: delete from RADONLINE where NASID
ENTIFIER='203.96.58.17' and NASPORT=2146
Fri Dec 31 07:15:10 1999: DEBUG: Handling with Radius::AuthEMERALD
Fri Dec 31 07:15:10 1999: DEBUG: Handling with Radius::AuthEMERALD
Fri Dec 31 07:15:10 1999: DEBUG: Query is: select DateAdd(Day, ma.extension, ma
ExpireDate),
DateAdd(Day, sa.extension, saExpireDate), sa.AccountID, sa.AccountType,
sa.password, sa.login, sa.shell, sa.TimeLeft, sa.LoginLimit ,sa.LoginLimit
from masteraccounts ma, subaccounts sa
where (sa.login = 'trustme' or sa.shell = 'trustme')
and ma.customerid = sa.customerid
and sa.active <> 0 and ma.active <> 0
Fri Dec 31 07:15:10 1999: DEBUG: Select results: 1999-12-31 00:00:00.00^@, 2037
-01-01 00:00:00.00^@, 7049, PPP, 91081299, trustme, , , 1
Fri Dec 31 07:15:10 1999: DEBUG: Query is: select ra.RadAttributeID, Data, Valu
e, Type
from RadConfigs rc, RadAttributes ra
where ra.RadAttributeID = rc.RadAttributeID and rc.AccountID=7049
Fri Dec 31 07:15:10 1999: DEBUG: Query is: select ra.RadAttributeID, Data, Valu
e, Type
from RadATConfigs rc, RadAttributes ra
where ra.RadAttributeID = rc.RadAttributeID
and rc.AccountType='PPP'
Fri Dec 31 07:15:10 1999: DEBUG: Radius::AuthEMERALD looks for match with trust
me
Fri Dec 31 07:15:10 1999: DEBUG: Expiration date converted to: 946551600
Fri Dec 31 07:15:10 1999: DEBUG: Radius::AuthEMERALD REJECT: Expiration date ha
s passed
Fri Dec 31 07:15:10 1999: DEBUG: Query is: select DateAdd(Day, ma.extension, ma
ExpireDate),
DateAdd(Day, sa.extension, saExpireDate), sa.AccountID, sa.AccountType,
sa.password, sa.login, sa.shell, sa.TimeLeft, sa.LoginLimit ,sa.LoginLimit
from masteraccounts ma, subaccounts sa
where (sa.login = 'DEFAULT' or sa.shell = 'DEFAULT')
and ma.customerid = sa.customerid
and sa.active <> 0 and ma.active <> 0
Fri Dec 31 07:15:10 1999: INFO: Access rejected for trustme: Expiration date ha
s passed
Fri Dec 31 07:15:10 1999: DEBUG: Packet dump:
*** Sending to 203.96.58.146 port 32849 ....
Code: Access-Reject
Identifier: 62
Authentic: <12><4><130><239><227>P<233><228>u<168><193>ho<223><205>`
Attributes:
Reply-Message = "Request Denied"
Fri Dec 31 07:15:12 1999: DEBUG: Packet dump:
*** Received from 192.168.0.33 port 56386 ....
Code: Access-Request
Identifier: 188
Authentic: <0><0>^b<0><0>)<161><0><0>V<194><0><0>^<5>
Attributes:
Proxy-Action = "AUTHENTICATE"
User-Name = "duo"
User-Password =
"<168><11>Q<196><133>3<11><142><186>B<202><242>0<11>><1
64>"
NAS-IP-Address = 192.168.8.253
NAS-Port = 2569
Acct-Session-Id = "168297132"
USR-Interface-Index = 3825
Tunnel-Supports-Tags = 0
Service-Type = Framed-User
Framed-Protocol = PPP
USR-Chassis-Call-Slot = 11
USR-Chassis-Call-Span = 1
USR-Chassis-Call-Channel = 9
Calling-Station-Id = ""
Called-Station-Id = "1900"
NAS-Port-Type = Async
User-Id = "duo"
NAS-Identifier = "ipw1-n1-15.ipnet.telecom.co.nz"
User-Realm = "actrix"
Proxy-State = 0
Fri Dec 31 07:15:12 1999: DEBUG: Rewrote user name to duo
Fri Dec 31 07:15:12 1999: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Fri Dec 31 07:15:12 1999: DEBUG: Deleting session for duo, 192.168.8.253, 2569
Fri Dec 31 07:15:12 1999: DEBUG: do query is: delete from RADONLINE where NASID
ENTIFIER='192.168.8.253' and NASPORT=2569
Fri Dec 31 07:15:12 1999: DEBUG: Handling with Radius::AuthEMERALD
Fri Dec 31 07:15:12 1999: DEBUG: Handling with Radius::AuthEMERALD
Fri Dec 31 07:15:12 1999: DEBUG: Query is: select DateAdd(Day, ma.extension, ma
ExpireDate),
DateAdd(Day, sa.extension, saExpireDate), sa.AccountID, sa.AccountType,
sa.password, sa.login, sa.shell, sa.TimeLeft, sa.LoginLimit ,sa.LoginLimit
from masteraccounts ma, subaccounts sa
where (sa.login = 'duo' or sa.shell = 'duo')
and ma.customerid = sa.customerid
and sa.active <> 0 and ma.active <> 0
Fri Dec 31 07:15:12 1999: DEBUG: Select results: 1999-12-31 00:00:00.00^@, 2037
-01-01 00:00:00.00^@, 8891, PPP, FlasH21x, duo, , , 1
Fri Dec 31 07:15:12 1999: DEBUG: Query is: select ra.RadAttributeID, Data, Valu
e, Type
from RadConfigs rc, RadAttributes ra
where ra.RadAttributeID = rc.RadAttributeID and rc.AccountID=8891
Fri Dec 31 07:15:12 1999: DEBUG: Query is: select ra.RadAttributeID, Data, Valu
e, Type
from RadATConfigs rc, RadAttributes ra
where ra.RadAttributeID = rc.RadAttributeID
and rc.AccountType='PPP'
Fri Dec 31 07:15:12 1999: DEBUG: Radius::AuthEMERALD looks for match with duo
Fri Dec 31 07:15:12 1999: DEBUG: Expiration date converted to: 946551600
Fri Dec 31 07:15:12 1999: DEBUG: Radius::AuthEMERALD REJECT: Expiration date ha
s passed
Fri Dec 31 07:15:12 1999: DEBUG: Query is: select DateAdd(Day, ma.extension, ma
ExpireDate),
DateAdd(Day, sa.extension, saExpireDate), sa.AccountID, sa.AccountType,
sa.password, sa.login, sa.shell, sa.TimeLeft, sa.LoginLimit ,sa.LoginLimit
from masteraccounts ma, subaccounts sa
where (sa.login = 'DEFAULT' or sa.shell = 'DEFAULT')
and ma.customerid = sa.customerid
and sa.active <> 0 and ma.active <> 0
Fri Dec 31 07:15:12 1999: INFO: Access rejected for duo: Expiration date has pa
ssed
Fri Dec 31 07:15:12 1999: DEBUG: Packet dump:
*** Sending to 192.168.0.33 port 56386 ....
Code: Access-Reject
Identifier: 188
Authentic: <0><0>^b<0><0>)<161><0><0>V<194><0><0>^<5>
Attributes:
Proxy-State = 0
Proxy-Action = "AUTHENTICATE"
Reply-Message = "Request Denied"
Fri Dec 31 07:15:14 1999: DEBUG: Packet dump:
*** Received from 192.168.0.33 port 56386 ....
Code: Accounting-Request
Identifier: 4
Authentic: .<181>{<17><151><1><13>O<199><240><14>f<127><177><130><231>
Attributes:
Proxy-Action = "LAS_ACCT"
User-Name = "unauthenticated"
NAS-IP-Address = 192.168.8.253
Acct-Status-Type = Stop
Acct-Session-Id = "168297132"
Acct-Delay-Time = 0
Service-Type = Framed-User
NAS-Port-Type = Async
NAS-Port = 2569
USR-Interface-Index = 3825
USR-Chassis-Call-Slot = 11
USR-Chassis-Call-Span = 1
USR-Chassis-Call-Channel = 9
USR-Unauthenticated-Time = 27
USR-Modem-Training-Time = 10
Calling-Station-Id = ""
Called-Station-Id = "1900"
USR-Modulation-Type = v34
USR-Simplified-MNP-Levels = ccittV42
USR-Simplified-V42bis-Usage = ccittV42bis
USR-Connect-Speed = 28800_BPS
Framed-Protocol = PPP
Framed-IP-Address = 0.0.0.0
Acct-Session-Time = 37
Acct-Terminate-Cause = User-Error
Acct-Input-Octets = 328
Acct-Output-Octets = 262
Acct-Input-Packets = 17
Acct-Output-Packets = 11
User-Id = "unauthenticated"
NAS-Identifier = "ipw1-n1-15.ipnet.telecom.co.nz"
User-Realm = "actrix"
Proxy-State = 0
Fri Dec 31 07:15:14 1999: DEBUG: Rewrote user name to unauthenticated
Fri Dec 31 07:15:14 1999: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Fri Dec 31 07:15:14 1999: DEBUG: Deleting session for unauthenticated, 192.168
.8.253, 2569
Fri Dec 31 07:15:14 1999: DEBUG: do query is: delete from RADONLINE where NASID
ENTIFIER='192.168.8.253' and NASPORT=2569
Fri Dec 31 07:15:14 1999: DEBUG: Handling with Radius::AuthEMERALD
Fri Dec 31 07:15:14 1999: DEBUG: Handling accounting with Radius::AuthEMERALD
Fri Dec 31 07:15:14 1999: DEBUG: do query is: insert into Calls
(UserName, CallDate, AcctStatusType, AcctDelayTime,
AcctInputOc
tets, AcctOutputOctets, AcctSessionId, AcctSessionTime, NASIdentifier, NASPort)
values
('unauthenticated', 'Dec 31, 1999 7:15', 2, 0, 328, 262,
'16829
7132', 37, '192.168.8.253', 2569)
Fri Dec 31 07:15:14 1999: DEBUG: Accounting accepted
Fri Dec 31 07:15:14 1999: DEBUG: Packet dump:
*** Sending to 192.168.0.33 port 56386 ....
Code: Accounting-Response
Identifier: 4
Authentic: .<181>{<17><151><1><13>O<199><240><14>f<127><177><130><231>
Attributes:
Proxy-State = 0
Proxy-Action = "LAS_ACCT"
Fri Dec 31 07:15:19 1999: DEBUG: Packet dump:
*** Received from 192.168.0.33 port 56386 ....
Code: Access-Request
Identifier: 207
Authentic: <0><0>pw<0><0><7>P<0><0><0><139><0><0><10>8
Attributes:
Proxy-Action = "AUTHENTICATE"
User-Name = "gilderdale"
User-Password =
"<28><253><205><219><2><152><174>H&N<217><23><138><197>
<137><2>"
NAS-IP-Address = 192.168.8.253
NAS-Port = 2827
Acct-Session-Id = "185205360"
USR-Interface-Index = 4083
Tunnel-Supports-Tags = 0
Service-Type = Framed-User
Framed-Protocol = PPP
USR-Chassis-Call-Slot = 12
USR-Chassis-Call-Span = 1
USR-Chassis-Call-Channel = 11
Calling-Station-Id = ""
Called-Station-Id = "1900"
NAS-Port-Type = Async
User-Id = "gilderdale"
NAS-Identifier = "ipw1-n1-15.ipnet.telecom.co.nz"
User-Realm = "actrix"
Proxy-State = 0
Fri Dec 31 07:15:19 1999: DEBUG: Rewrote user name to gilderdale
Fri Dec 31 07:15:19 1999: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Fri Dec 31 07:15:19 1999: DEBUG: Deleting session for gilderdale, 192.168.8.25
3, 2827
Fri Dec 31 07:15:19 1999: DEBUG: do query is: delete from RADONLINE where NASID
ENTIFIER='192.168.8.253' and NASPORT=2827
Fri Dec 31 07:15:19 1999: DEBUG: Handling with Radius::AuthEMERALD
Fri Dec 31 07:15:19 1999: DEBUG: Handling with Radius::AuthEMERALD
Fri Dec 31 07:15:19 1999: DEBUG: Query is: select DateAdd(Day, ma.extension, ma
ExpireDate),
DateAdd(Day, sa.extension, saExpireDate), sa.AccountID, sa.AccountType,
sa.password, sa.login, sa.shell, sa.TimeLeft, sa.LoginLimit ,sa.LoginLimit
from masteraccounts ma, subaccounts sa
where (sa.login = 'gilderdale' or sa.shell = 'gilderdale')
and ma.customerid = sa.customerid
and sa.active <> 0 and ma.active <> 0
Fri Dec 31 07:15:19 1999: DEBUG: Select results: 1999-12-31 00:00:00.00^@, 2037
-01-01 00:00:00.00^@, 8437, PPP, xxxxxxxx, gilderdale, , , 1
Fri Dec 31 07:15:19 1999: DEBUG: Query is: select ra.RadAttributeID, Data, Valu
e, Type
from RadConfigs rc, RadAttributes ra
where ra.RadAttributeID = rc.RadAttributeID and rc.AccountID=8437
--
John Vorstermans || We are what we repeatedly do.
Technical Manager || - Aristotle
Actrix Networks
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
