Hello Peter -
On Friday 06 April 2001 19:31, Peter Srivaree-Ratana wrote:
> Hi Hugh,
>
> I need your help for the Radiator 2.16.3's
> functionality. The customer has no problem with the
> Radiator for a long time. Now only one user can log
> on at the given time. Which means, the first user
> logs on, then the second one comes in. As soon as the
> second one gets authenticated, the first one can no
> longer use any other services.
>
Which customer is this?
The obvious question is "what has changed?".
> After a long trace, we have found that the first
> user's PPP session is still on, he still can ping but
> never get the ICMP reply. The server that is pingged
> actually sends back the reply. So it means that the
> first user's IP is not routable anymore. When the
> first user terminates the session, the "Stop" request
> comes to the Radiator from the RAS. This guarantees
> that the IP connection between RAS and Radiator is
> still ok.
>
It sounds to me like a routing issue either on the RAS, or on the internal
network leading to the RAS. What IP addresses are being used by the sessions
on the RAS? Are they correct or are they broken?
> 1. Does Radiator disconnect users? As far as I know,
> it doesn't. Anything else to check?
>
Radiator does not disconnect users, the NAS does that - either because the
user hangs up or because the NAS drops the session (timeout or modem dropout).
> 2. I see that RADONLINE table inside MySql is
> different. Before it contains all the online users.
> Now when the first user logs on, there will be one
> record there. Then the second user comes in, the
> first user's record will be deleted and the second
> user's record will be there instead. I found
> something in the log:
> "delete from RADONLINE where
> NASIDENTIFIER='10.178.24.57' and NASPORT=0"
This is part of the problem - why is the NAS-Port attribute now 0? It should
indicate the port number on the NAS to which the user is connected.
> This command will actually remove everybody from the
> RADONLINE table because every record will come from
> the same NAS and will have the same NASPORT.
>
As mentioned above, it is the NAS that is sending the wrong information. Has
the software on the NAS, or the configuration on the NAS changed?
> I add this log for your info:
> Access-Request packet:
> [snip]
> Thu Apr 5 14:37:26 2001: DEBUG: Check if Handler
> NAS-IP-Address=10.178.24.57 sho
> uld be used to handle this request
> Thu Apr 5 14:37:26 2001: DEBUG: Handling request with
> Handler 'NAS-IP-Address=10
> ..178.24.57'
> Thu Apr 5 14:37:26 2001: DEBUG: OnlineUser Adding
> session for ba, 10.178.24
> ..57,
> Thu Apr 5 14:37:26 2001: DEBUG: do query is: delete
> from RADONLINE where NASIDENTIFIER='10.178.24.57' and
> NASPORT=0
>
> Thu Apr 5 14:37:26 2001: DEBUG: do query is: insert
> into RADONLINE (USERNAME, NAS
> IDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP,
> FRAMEDIPADDRESS, NASPORTTYPE, SERV
> ICETYPE) values ('ba', '10.178.24.57', 0, '313D0C90',
> 986452646, '10.171.19
> 4.31', '', '')
>
> Thu Apr 5 14:37:26 2001: DEBUG: Handling with
> Radius::AuthGROUP
> Thu Apr 5 14:37:26 2001: DEBUG: Handling with
> Radius::AuthLDAP2
> Thu Apr 5 14:37:26 2001: DEBUG: Handling with
> Radius::AuthDYNADDRESS
> Thu Apr 5 14:37:26 2001: DEBUG: Accounting accepted
> Thu Apr 5 14:37:26 2001: DEBUG: Packet dump:
>
You may also have a problem with the AuthBy DYNADDRESS - what is it giving as
an IP address for a request?
I will need to see the configuration file (no secrets) together with a trace
4 debug to see what is going on.
BTW - we have still not been paid for the extra work that I did for Telekom
Malaysia when I saw you last. Could you perhaps ask Azahar what is going on?
And perhaps you can send me Azahar's boss's email address so I can contact
him directly to get some action on this issue.
Many thanks - when will you need me to come to KL again?
regards
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
