Hello everyone -
Thanks to the other members of the list who have posted follow ups to this
message. I thought I might take this opportunity to address the
Simultaneous-Use issue again.
The thing to keep in mind here is that Radiator can only go on what it sees
reported by the NAS equipment that is in use. In other words, it is the
Accounting Starts and Accounting Stops that are used to keep the session
database up to date. If there are any problems with what is reported by the NAS
(or if Accounting packets go missing), then Radiator is going to get out of
sync. This is true for any sort of session database (INTERNAL, DBM, SQL), so
the place to start looking for problems is a trace 4 debug in Radiator together
with snoop or tcpdump or your favourite packet sniffer. Once you have an idea
of what radius accounting packets are being sent (or not as the case may be),
you can decide on a course of action to try and fix the problem. You can always
restart Radiator as a last resort, but we would rather do something smarter
than that, wouldn't we? BTW - another blunt object approach here is to use
"radpwtst" to send dummied up Accounting packets to re-sync the session
database.
A better approach to maintaining session database coherency is to use strict
checking of the NAS. This is what the NasType parameter is used for in the
Client clauses (see section 6.4.5 in the Radiator 2.16.1 reference manual).
Note that there is a new NasType of "Ping" in 2.16.1 that doesn't actually
query the NAS (via finger, who, snmp or whatever), but simply pings the IP
address (Framed-IP-Address) to see if it is still there. An additional trick
that is useful is to have a special Handler(s) to catch bogus accounting
records, and use a SessionDatabase INTERNAL in that Handler(s) to keep the
bogus records away from the SQL session database.
This subject was discussed on the list fairly comprehensively a couple of
months ago, and several customers have reported very good success with an SQL
session database (with a custom DeleteQuery to delete a record with an IP
address and/or a NAS-IP-Address/NAS-Port) and a NasType of Ping.
BTW - the other good reason to use an SQL session database is because Radiator
includes a cgi script (radwho.cgi) that you can use with an internal web server
to view the contents of the session database in a browser window. This is an
excellent tool for your help-desk staff as well as for the network group.
Have a look at the archive site and do a search.
Hope that helps.
regards
Hugh
On Thu, 20 Jul 2000, Jeremy Gault wrote:
> Hi,
>
> We are running Radiator (its either the 2.13 series or 2.14) and
> 3Com Total Control HiPer ARC terminal servers. We're having a
> problem with the Simultaneous-Use feature.
> Our regular dialup customers (and 64K ISDN) accounts are given
> a Simultaneous-Use of 1, thus allowing them only one login. That is
> what our DefaultSimultaneousUse is set to, and the "DEFAULT" user
> has that also.
> Customers who want 128K ISDN are given a Simultaneous-Use
> of 2 to allow them to connect to both channels. We set that on a
> per-user basis in our Radis users file.
> Now, here's the problem. It works fine with regular dialup users,
> but ISDN users have a world of problems. They are able to login a
> few times, and then it starts rejecting them. Our log files show that
> their Simultaneous-Use of 2 has been exceeded, yet I can list the
> users logged into the terminal server, and they aren't on. Somehow
> Radiator thinks they are on, but they aren't. People can use their
> ISDN a few times, and then they end up having to call us to have is
> kill the radiusd process so they can login again.
> I haven't seen this discussed on the list (although I may have
> missed it) and I have upgraded Radiator several times and it still
> does it, so I doubt it's a bug in Radiator. Has anyone else had this
> problem, or have an idea on how to fix it? I'm about to upgrade to
> Radiatur 2.16.1 later today, but I don't think that will fix it.
> Basically, here is our setup. We have a BSDI system running
> the Radiator software, and a 3Com Total Control HiPer ARC
> (v4.2.32) terminal server which talks to Radiator. There's nothing
> really fancy about it, just a terminal server, Radiator server, and a
> few realms for filtering and such.
> If anyone can help, I'd appreciate it. Thanks.
>
> Jeremy
>
>
> --
> Jeremy Gault <[EMAIL PROTECTED]>
> WingNET Internet Services UNIX Systems Administrator
> WingNET - http://www.wingnet.net/
> (423)559-5465 VOICE / (423)559-5444 (FAX)
>
> Linux on a CD-ROM ... $50
> Linux on an FTP site ... $0
> Never seeing another Dr. Watson error message ... PRICELESS
> Linux, it's everywhere you want to be!
>
> ===
> Archive at http://www.starport.net/~radiator/
> Announcements on [EMAIL PROTECTED]
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
