Hi Hugh,
I've turned RejectHasReason off - one Reply-Message vanished.
*** Sending to x.x.x.x port 1025 ....
Code: Access-Reject
Identifier: 88
Authentic: <236><214><200><231><185><231><27><20><26><<29><9><222><156><211>z
Attributes:
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Netmask = 255.255.255.255
Framed-Routing = None
Framed-MTU = 1500
Framed-Compression = Van-Jacobson-TCP-IP
Framed-IP-Address = 172.16.1.2
Reply-Message = "Demo limit exceeded"
Reply-Message = "Request Denied"
HI> Hello Pavel -
HI> Very nice work!
HI> I suspect the reason you are getting the three Reply-Message lines is
HI> because you have "RejectHasReason" in your Handler. You might just
HI> try turning it off.
HI> regards
HI> Hugh
HI> At 14:51 +0300 01/1/13, pavel wrote:
>>Hi,
>>
>>I've written PostAuthHook which controls the number of demo sessions
>>on our access servers and dynamically clears lines for registered
>>users (see it below).
>>Everything works fine but when I try to set custom reject reason
>>Radiator 2.17.1 puts 3(!) Reply-Message attribute in reply:
>>
>>*** Sending to x.x.x.x port 1025 ....
>>Code: Access-Reject
>>Identifier: 26
>>Authentic: <199><15>NJ?<165><241>r<146><246><177><20><231><139>A<12>
>>Attributes:
>> Service-Type = Framed-User
>> Framed-Protocol = PPP
>> Framed-IP-Netmask = 255.255.255.255
>> Framed-Routing = None
>> Framed-MTU = 1500
>> Framed-Compression = Van-Jacobson-TCP-IP
>> Framed-IP-Address = 172.16.1.2
>> Reply-Message = "Demo limit exceeded"
>> Reply-Message = "Request Denied"
>> Reply-Message = ""
>>
>>It's not critical but annoying.
>>Is it possible to set just one Reply-Message attribute?
>>
>>Here is the exerption from radius.cfg:
>>...
>><SessionDatabase SQL>
>> Identifier SessDB
>> DBSource dbi:Oracle:host.somewhere-in.ru
>> DBUsername zzzz
>> DBAuth xxxx
>></SessionDatabase>
>>...
>><AuthBy PLSQL>
>> Identifier DialUp
>> NoDefault
>> DBSource dbi:Oracle:host.somewhere-in.ru
>> DBUsername zzzz
>> DBAuth xxxx
>>
>> # Authentication
>> AuthBlock BEGIN \
>>
>>get_user_data('%n','%N',:passwd,:check_item,:reply_item); \
>> END;
>>
>> AuthParamDef :passwd, User-Password, check
>> AuthParamDef :check_item, GENERIC, check
>> AuthParamDef :reply_item, GENERIC, reply
>>
>> # Accounting
>> AccountingStopsOnly
>> AcctSQLStatement DECLARE \
>> ret_val integer; \
>> BEGIN \
>> ret_val := stat.new_dialup_log_record_f('%{User-Name}', \
>> '%j:%k:%p %f-%g-%i', \
>> '%{Acct-Session-Time}', \
>> '%{Acct-Input-Octets}', \
>> '%{Acct-Output-Octets}', \
>> '%{Acct-Session-Id}', \
>>
>>'%{Acct-Terminate-Cause}%{Ascend-Disconnect-Cause}', \
>> '%N', \
>> '%{NAS-Port}', \
>> '%{Framed-IP-Address}'); \
>> END;
>></Auth>
>>...
>><Handler>
>> AcctLogFileName %L/account.log
>> PasswordLogFileName %L/password.log
>>
>> AuthBy DialUp
>> PostAuthHook file:"%D/checkDemo"
>> AccountingHandled
>> RejectHasReason
>> SessionDatabase SessDB
>></Handler>
>>
>>
>>checkDemo
>>#
>>sub {
>> my $request = ${$_[0]};
>> my $reply = ${$_[1]};
>> my $result = ${$_[2]};
>>
>> &main::log($main::LOG_DEBUG, "Entering checkDemo");
>>
>> my %client = (
>> # client type,limit
>> 'x.x.x.x' => ['Cisco', 28],
>> 'y.y.y.y' => ['Ascend', 28]
>> );
>> my %kick = (
>> 'Cisco' => \&kickOnCisco,
>> 'Ascend' => \&kickOnAscend
>> );
>>
>> # Exit if it's not Access-Request
>> return if ($request->code ne 'Access-Request');
>>
>> my $community = "zzzzzzzzzz";
>> my $sdb;
>>
>> # Get IP of the pool and username
>> my $nas_ip = $request->get_attr('NAS-IP-Address');
>> my $user_name = $request->get_attr('User-Name');
>>
>> if ($result == $main::ACCEPT) {
>>
>> # Check how many lines are used on the pool
>> $sdb = &Radius::SessGeneric::find('SessDB');
>> my $lines_used = $sdb->sessionsOnNAS($nas_ip,$request);
>>
>> if ($lines_used >= $client{$nas_ip}[1]) {
>>
>> if ($user_name eq 'demo') {
>> ${$_[2]} = $main::REJECT;
>> $reply->change_attr('Reply-Message','Demo limit exceeded');
>> &main::log($main::LOG_INFO, "Line limit for demo
>>exceeded($lines_used $client{$nas_ip}[1]) on $nas_ip");
>> }
>> else {
>> # Kick one of the demo
>>
>>&{$kick{$client{$nas_ip}[0]}}($sdb,$nas_ip,$lines_used -
>>$client{$nas_ip}[1],$user_name);
>> }
>> }
>> }
>>
>> &main::log($main::LOG_DEBUG, "Exiting checkDemo");
>>
>># Subroutines
>> sub kickOnCisco {
>> my $sessdb = $_[0];
>> my $ip = $_[1];
>> my $count = $_[2];
>> my $name = $_[3];
>>
>> my $CiscoOID = ".1.3.6.1.4.1.9.2.1.76.0";
>> my @ifNumber = (13, 14, 15, 16, 17, 18, 19, 20,
>> 5, 6, 7, 8, 9, 10, 11, 12);
>>
>> # Select demos from DB
>> my $q = "SELECT NASPORT
>> FROM RADONLINE
>> WHERE
>> (NASIDENTIFIER ='$ip') AND
>> (USERNAME ='demo')";
>>
>> my $sth = $sessdb->prepareAndExecute($q);
>> return unless $sth;
>>
>> # Lets kick
>> my $nasPort;
>> while (($nasPort) = $sth->fetchrow())
>> {
>> &main::log($main::LOG_INFO,"Kicking demo from
>>$ip:$nasPort for $name");
>> # Kicking
>> my $result = &Radius::SNMP::snmpset($ip,
>> $community,
>> $CiscoOID,
>> 'i', $ifNumber[$nasPort-1]);
>>
>> # Not more then count
>> last if --$count ;
>> }
>>
>> return;
>> }
>>
>> sub kickOnAscend {
>> my $sessdb = $_[0];
>> my $ip = $_[1];
>> my $count = $_[2];
>> my $name = $_[3];
>>
>> # Select demos from DB
>> my $q = "SELECT ACCTSESSIONID
>> FROM RADONLINE
>> WHERE
>> (NASIDENTIFIER ='$ip') AND
>> (USERNAME ='demo')";
>>
>> my $sth = $sessdb->prepareAndExecute($q);
>> return unless $sth;
>>
>> # Lets kick
>> my $sessId;
>> while (($sessId) = $sth->fetchrow())
>> {
>> &main::log($main::LOG_INFO,"Kicking demo from $ip,
>>session $sessId for $name");
>> # Kicking
>> my $result = &Radius::SNMP::snmpset($ip,
>> $community,
>> "$Radius::Nas::AscendMIB.12.3.1.3.$sessId",
>> 'i', 1);
>>
>> # Not more then count
>> last if --$count ;
>> }
>>
>> return;
>> }
>>}
>>
>>
>>With respect,
>>Pavel A Crasotin
>>____________________________________
>>OJSC SeverTransCom
>>40/13 Sobinova, Yaroslavl, 150000, Russia
>>Tel/Fax: +7 (0852) 47-71-70, 47-69-49
>> +7 (0852) 72-17-28, 72-17-38
>>
>>
>>
>>===
>>Archive at http://www.starport.net/~radiator/
>>Announcements on [EMAIL PROTECTED]
>>To unsubscribe, email '[EMAIL PROTECTED]' with
>>'unsubscribe radiator' in the body of the message.
With respect,
Pavel A Crasotin
____________________________________
OJSC SeverTransCom
40/13 Sobinova, Yaroslavl, 150000, Russia
Tel/Fax: +7 (0852) 47-71-70, 47-69-49
+7 (0852) 72-17-28, 72-17-38
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
