Hello Stefanita -
On Sun, 09 Jan 2000, Stefanita Vilcu wrote:
> Hello,
>
> I have a Total Control Box (HiperARC) which sends some kind of
> accounting packets which
> looks like this:
>
> Code: Accounting-Request
> Identifier: 238
> Authentic: <212><14>iU<252><8><189><223><162> W<214><133><26><146>n
> Attributes:
> Acct-Status-Type = Accounting-On
> USR-Acct-Reason-Code = No-Reason-Given-No-Failure
> Acct-Delay-Time = 466680
> Acct-Session-Id = "This is an Accounting ON message"
> NAS-IP-Address = 1.1.1.1
>
> I inserted the lines below in the radius.cfg file since I don't want
>
> WARNING: Could not find a handler: request is ignored
>
> in my logs:
>
> <Handler USR-Acct-Reason-Code=No-Reason-Given-No-Failure>
> </Handler>
>
> My problem is that now, every time the server receives such a crappy
> package, it cleans the RADONLINE table for the specified NAS:
>
This is exactly the situation I mentioned the other day about one of the uses
for multiple session databases.
What you can do is something like the following:
# this is your existing session database in SQL
<SessionDatabase SQL>
Identifier InSQL
DBSource ....
DBAuth ....
DBUsername ....
....
</SessionDatabase>
# set up an internal session database just for bogus accounting packets
<SessionDatabase INTERNAL>
Identifier InMemory
</SessionDatabase>
# use this Handler for bogus accounting packets
# note use of separate session database
# also note AuthBy FILE to respond to accounting packets
<Handler USR-Acct-Reason-Code=No-Reason-Given-No-Failure>
SessionDatabase InMemory
<AuthBy FILE>
Filename %D/reject-users
</AuthBy>
</Handler>
# the rest of your configuration follows
<Handler ....>
SessionDatabase InSQL
....
</Handler>
....
# the file %D/reject-users would contain this (for security)
DEFAULT Auth-Type = Reject
Now there are a couple of things to note here. First, there was a bug in the
use of an Identifer with a SessionDatabase INTERNAL declaration which has now
been fixed, however if you put this declaration last in your list of session
databases it will still work as it will be taken as the default. Second, every
Handler clause must have an AuthBy declaration, as it is the AuthBy module that
returns the Accounting-Accept to the NAS. I have configured an AuthBy FILE
above that always rejects - it should never be used for authentication, but its
always better to be safe.
If you have any other questions I am always happy to help.
regards
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
NT, Rhapsody
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
