Hello Phil -
On Fri, 07 Jan 2000, Phil Freed wrote:
> We have just put up the latest Radiator code, and have
> completely revamped our config to take advantage of the
> nifty new stuff. But we're having problems with accounting
> packets. Radiator gets the packets, but according to "snoop"
> it never replies to them.
>
> Note: this means that the problem is _not_ with the NAS.
> It never gets any ACKs because Radiator isn't sending any.
> So the NAS (correctly) keeps resending the packets.
>
> Here are the salient portions of our config.
>
> <Client xxxxx>
> Secret xxxxx
> IgnoreAcctSignature
> DupInterval 0
> </Client>
>
> The IgnoreAcctSignature and DupInterval lines are there
> for debugging only; they should go away when everything's
> working.
>
> # Handle All the Accounting requests
> <Handler Acct-Status-Type=/.+/>
> AcctLogFileName %L/%R%c-%Y%m%d
> AccountingHandled
> </Handler>
>
> This is the first handler in the config file.
> According to the log, it is properly intercepting
> the accounting packets.
>
> Finally, here is our PreClientHook:
>
> sub{
> ## lc() the username and remove junk characters.
> ## If the user has entered a realm, normalize it.
>
> # We don't need to re-create this hash for every packet....
> if (!defined %main::loa_realm2class) {
> %main::loa_realm2class = (
> 'realm1' => 'class1',
> 'realm2' => 'class2',
> 'realm3' => 'class2',
> : : : : : :
> );
> }
>
> my $p = ${$_[0]};
> my ($user, $realm);
> ($user = lc $p->getUserName) =~ tr/[\\,*\$:'"\x00-\x20\x7F-\x1FF]//d;
> ($user, $realm) = split ('@', $user);
>
> if ($realm) {
> $realm = ( $main::loa_realm2class{$realm} or $realm);
> $p->changeUserName("$user\@$realm");
> }
> }
>
> ---------
>
> And here is a bit from the log file. The daemon has
> just been killed and restarted....
>
> Fri Jan 7 01:25:40 2000: DEBUG: Reading users file /usr/local/etc/raddb/users.isdn
> Fri Jan 7 01:25:40 2000: DEBUG: Reading users file /usr/local/etc/raddb/users.isdn
> Fri Jan 7 01:25:42 2000: INFO: Server started
> Fri Jan 7 01:25:43 2000: DEBUG: Packet dump:
> *** Received from 209.113.155.4 port 1651 ....
> Code: Accounting-Request
> Identifier: 36
> Authentic: <3><221>d<237><140><171><152><147>VKov<219>}<171><139>
> Attributes:
> Acct-Session-Id = "1C002EBF"
> User-Name = "[EMAIL PROTECTED]"
> Client-Id = 216.41.76.18
> NAS-Port = 4
> NAS-Port-Type = Async
> Acct-Status-Type = Stop
> Acct-Session-Time = 1553
> Acct-Authentic = RADIUS
> Connect_Info = 858862128
> Acct-Input-Octets = 20479
> Acct-Output-Octets = 274291
> Called-Station-Id = "9783364950"
> Calling-Station-Id = "9787775389"
> Class = "cybertours.com"
> Acct-Terminate-Cause = ACCT_TERM_USER_REQUEST
> Livingston = "User Request - PPP Term Req"
> Service-Type = Framed-User
> Framed-Protocol = PPP
> Framed-IP-Address = 216.41.76.164
> Acct-Delay-Time = 10699
> Proxy-State =
>8u<135><28><216>)L<18><4>$f<0>I\<221><174><31>P<204><141>&<165>}\<219><19><217><174>
>
> Fri Jan 7 01:25:43 2000: DEBUG: Check if Handler Acct-Status-Type=/.+/ should be
>used to handle this request
> Fri Jan 7 01:25:43 2000: DEBUG: dump:Code: Accounting-Request
> Identifier: 36
> Authentic: <3><221>d<237><140><171><152><147>VKov<219>}<171><139>
> Attributes:
> Acct-Session-Id = "1C002EBF"
> User-Name = "[EMAIL PROTECTED]"
> Client-Id = 216.41.76.18
It looks to me like the regexp in your Handler is causing problems.
You might like to try this:
<Handler Request-Type = Accounting-Request>
....
</Handler>
Note that the Request-Type support is in the Radiator 2.14.1 patches area:
http://www.open.com.au/radiator/downloads/patches-2.14.1/patches.README
6/9/99 Rolled the AddToReplyIfNotExist.patch into the base code. This code
was contributed by Vincent Gillet <[EMAIL PROTECTED]>, and implemnets
the AddToReplyIfNotExist parameter, which will append an attribute
to a reply if and only if it the attribute is not already present.
AlsoaAdded new check item Request-Type. This is mostly useful
in Handlers, to allow you to trigger on different types of
requests.
Download AuthGeneric.pm and AttrVal.pm from here.
hth
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
NT, Rhapsody
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
