Hi Mike, Hugh...
it's been more than a couple of months since this message... in fact, the
Log.pm got into 2.18.2 in the meantime... the problem I have is that I still
couldn't solve my first item:
> > 1) As I noted in a message exchange with Hugh (cc: the list) a couple of
> > weeks ago, <AuthLog FILE> is not working. The file isn't created at all
> > (and Radiator has sufficient permissions since a <Log FILE> in the same
> > directory IS created.
> >
Today I added an <AuthLog SQL> besides the <AuthLog FILE> to no avail... I
also erased all of my Radiator installation (since I had used it to test some
modules you sent me prior to release) and re-installed the plain 2.18.2
(without any patches, since none of them seem to be at all related with my
problem).
I still can't get it working...
Whatever I do, the log files aren't created (there is no permissions problem,
in fact, Radiator is running as root), the database table for authlogging is
empty.
I'm attaching all of my config files radius-*.cfg (one of them is for
accounting only, other for authentication only and the larger one is included
in both). The other files include an add-on for the dictionary (with faked
attributes) and other files included from the config files.
Do you have a clue on why it isn't working? Anything I can do to check here?
Here's a small portion of an authentication seen from the authentication
debug log
##############################################################################
Mon Aug 6 11:15:11 2001: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 33754 ....
Code: Access-Request
Identifier: 190
Authentic: 1234567890123456
Attributes:
User-Name = "baby@pert"
Service-Type = Framed-User
NAS-IP-Address = 200.59.130.83
NAS-Port = 1234
Called-Station-Id = "123456789"
Calling-Station-Id = "987654321"
NAS-Port-Type = Async
User-Password = "A/<225>x%<251><233>:<238><192><220>`<176><12>\<146>"
Mon Aug 6 11:15:11 2001: DEBUG: Rewrote user name to baby@pert
Mon Aug 6 11:15:11 2001: DEBUG: Rewrote user name to baby@pert
Mon Aug 6 11:15:11 2001: DEBUG: Check if Handler Request-Type = Access-
Request should be used to handle this request
Mon Aug 6 11:15:11 2001: DEBUG: Handling request with Handler 'Request-Type
= Access-Request'
Mon Aug 6 11:15:11 2001: DEBUG: SessDBUsers Deleting session for baby@pert,
200.59.130.83, 1234
Mon Aug 6 11:15:11 2001: DEBUG: do query is: DELETE FROM USUARIOS_EN_LINEA
WHERE USUA_IP_NAS='200.59.130.83' AND USUA_PORT='12
34'
Mon Aug 6 11:15:11 2001: DEBUG: Handling with Radius::AuthSQL
Mon Aug 6 11:15:11 2001: DEBUG: Handling with Radius::AuthSQL
Mon Aug 6 11:15:11 2001: DEBUG: Query is: SELECT U.USU_CLAVE, S.SER_CODIGO,
S.SER_MAX_SESSION_CONCURRENTES, S.TIMEFRAMEID, S.S
ER_GEN_CHECK, S.SER_GEN_REPLY, VS.VISP_SER_VALID_DNIS, U.USU_IP_NRO_FIJA,
U.USU_IP_MASC_FIJA, U.USU_TIEMPO_RESTANTE, U.USU_BYTE
S_RESTANTES, U.USU_SUSPENDIDO, U.USU_GEN_CHECK, U.USU_GEN_REPLY, NC.POOL_NAME
FROM USUARIOS U, VISP V, SERVICIOS S, VISP_SERVIC
IOS VS, NAS_CALIDAD NC WHERE U.VISP_CODIGO = V.VISP_CODIGO AND U.SER_CODIGO =
S.SER_CODIGO AND VS.VISP_CODIGO = V.VISP_CODIGO A
ND VS.SER_CODIGO = S.SER_CODIGO AND U.USU_CODIGO = 'baby' AND U.VISP_CODIGO =
'pert' AND S.CAL_CODIGO = NC.CAL_CODIGO AND NC.NA
S_IDENTIFIER = '200.59.130.83'
Mon Aug 6 11:15:11 2001: DEBUG: Radius::AuthSQL looks for match with
baby@pert
Mon Aug 6 11:15:11 2001: INFO: Access rejected for baby@pert: No such user
Mon Aug 6 11:15:11 2001: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 33754 ....
Code: Access-Reject
Identifier: 190
Authentic: 1234567890123456
Attributes:
Reply-Message = "Request Denied"
##############################################################################
El 10 May 2001, a las 11:31, Mike McCauley escribi�:
> Hello Mariano,
>
> Thanks for raising item 2 below.
> It is indeed a bug, which we have now fixed. The problem was that global
> LogFile and Trace parameters would not be effected until after the
> configuration file had been completely read.
>
> I have attached new files of 3 files required to fix this problem. Perhaps you
> would like to test it?
>
> The new files are radiusd, Log.pm and ServerConfig.pm.
> We apologise for this problem.
> Please let me know how you go.
>
> Cheers.
>
> On May 10, 8:05am, Hugh Irvine wrote:
> > Subject: Fwd: (RADIATOR) log files behavior
> >
> > Mikey -
> >
> > More on the logging problem.
> >
> > cheers
> >
> > Hugh
> >
> > ---------- Forwarded Message ----------
> > Subject: (RADIATOR) log files behavior
> > Date: Wed, 9 May 2001 15:00:46 -0300
> > From: "Mariano Absatz" <[EMAIL PROTECTED]>
> > To: Radiator List <[EMAIL PROTECTED]>
> >
> >
> > Hi,
> >
> > wrapping up my messages of the last days, I see two (somehow) weird
> > things happening with the logs.
> >
> > 1) As I noted in a message exchange with Hugh (cc: the list) a couple of
> > weeks ago, <AuthLog FILE> is not working. The file isn't created at all
> > (and Radiator has sufficient permissions since a <Log FILE> in the same
> > directory IS created.
> >
> > 2) It seems there is a different behavior between the global LogFile and
> > the <Log FILE>.
> >
> > I usually have <Log FILE> somehow "fixed" in the standard "production"
> > logging level (usually 2 or 3, depending on our customer desires), and
> > the global Trace set to 0. When I want to do some debugging, I change the
> > global trace to 4 and check the global LogFile.
> >
> > However, when an error is produced while Radiator is starting (like, for
> > instance the Oracle error I get when I do a kill -HUP, the global log
> > goes to "%L/logfile"... (btw LogDir is not /var/log/radius, so it's not
> > the default)... also, LogFile is set just below LogDir, so variable is
> > already setup (since the log goes to $LogDir/logfile and not to
> > /var/log/radius/logfile.
--
Mariano Absatz
El Baby
----------------------------------------------------------
Macho Law forbids me from admitting I'm wrong.
##################################################################
# ACCOUNTING CONFIGURATION #
##################################################################
# include common configuration and global definitions
include /app/Radiator/etc/radius-common.cfg
# LogFile %L/%Y-%m/%{GlobalVar:rad_instance}/debugLog_%d-%q
# For debugging, swap the comments in the 2 following lines
#Trace 0
Trace 4
#Trace:
#0 ERR. Error conditions. Serious and unexpected failures
#1 WARNING. Warning conditions. Unexpected failures
#2 NOTICE. Normal but significant conditions.
#3 INFO. Informational messages.
#4 DEBUG. Debugging messages.
#5 Incoming raw packet dumps in hexadecimal.
##################################################################
# PROTOCOL SECTION #
##################################################################
#
# We only do accounting in this instance of Radiator
#
AuthPort
AcctPort 1813
<SNMPAgent>
Port 16113
ROCommunity CONFIGURAR-COMUNIDAD
</SNMPAgent>
##################################################################
# AUTHENTICATION CONFIGURATION #
##################################################################
# include common configuration and global definitions
include /app/Radiator/etc/radius-common.cfg
# LogFile %L/%Y-%m/%{GlobalVar:rad_instance}/debugLog_%d-%q
# For debugging, swap the comments in the 2 following lines
#Trace 0
Trace 4
#Trace:
#0 ERR. Error conditions. Serious and unexpected failures
#1 WARNING. Warning conditions. Unexpected failures
#2 NOTICE. Normal but significant conditions.
#3 INFO. Informational messages.
#4 DEBUG. Debugging messages.
#5 Incoming raw packet dumps in hexadecimal.
#
##################################################################
# PROTOCOL SECTION #
##################################################################
#
# We only do authorization in this instance of Radiator
#
AuthPort 1812
AcctPort
<SNMPAgent>
Port 16112
ROCommunity CONFIGURAR-COMUNIDAD
</SNMPAgent>
##################################################################
# COMMON CONFIGURATION #
##################################################################
##################################################################
# FILES AND DIRECTORIES SECTION #
##################################################################
LogDir /logs/radius
DbDir /app/Radiator/db
DefineGlobalVar ScriptDir /app/Radiator/scripts
DefineGlobalVar ConfigDir /app/Radiator/etc
DefineGlobalVar TempDir /app/Radiator/tmp
DictionaryFile %{GlobalVar:ConfigDir}/dictionary
PidFile %{GlobalVar:TempDir}/rad-%{GlobalVar:rad_instance}.pid
LogFile %L/%Y-%m/%{GlobalVar:rad_instance}/debugLog_%d-%q
# DataBase Global Data
include %{GlobalVar:ConfigDir}/DBGlobalData.cfg
##################################################################
# LOGGING SECTION #
##################################################################
<Log FILE>
Identifier fileLoggerMetroAuth
Filename %L/%Y-%m/%{GlobalVar:rad_instance}/stdLog_%d-%q
Trace 3
</Log>
# Log authentication success and failure to a file
# (in fact is only valid for authentication)
<AuthLog FILE>
Identifier authLoggerMetroRED
Filename %L/%Y-%m/%{GlobalVar:rad_instance}/authLog_%d-%q
LogSuccess 1
LogFailure 1
SuccessFormat %l:%n:<****>:OK:-
FailureFormat %l:%n:%P:FAIL:%1
</AuthLog>
<AuthLog SQL>
Identifier logAuthentications
# include %{GlobalVar:ConfigDir}/DBUseData.cfg
Table AUTH_LOG
SuccessQuery INSERT INTO AUTH_LOG \
(ACCESS_OK,TIME_STAMP,DISP_TIMESTAMP,USERNAME, \
USU_CODIGO,VISP_CODIGO,PASSWORD,SEVERITY,REASON) \
VALUES \
('OK',%t,'%l','%n', \
'%U','%R','%P','%0','%1')
FailureQuery INSERT INTO AUTH_LOG \
(ACCESS_OK,TIME_STAMP,DISP_TIMESTAMP,USERNAME, \
USU_CODIGO,VISP_CODIGO,PASSWORD,SEVERITY,REASON) \
VALUES \
('NO',%t,'%l','%n', \
'%U','%R','%P','%0','%1')
</AuthLog>
##################################################################
# GLOBAL HOOKS & REWRITE SECTION #
##################################################################
StartupHook file:"%{GlobalVar:ScriptDir}/initTimeFrame"
# REWRITE USER NAME BEFORE ANYTHING ELSE
# Rewrite any Name without realm to our realm
# because defaultrealm does not match on HANDLER
RewriteUsername s/^([^@]+)$/$1\@metrored/
# change everything in the username to lowercase
RewriteUsername tr/[A-Z]/[a-z]/
##################################################################
# CLIENTS SECTION #
##################################################################
include %{GlobalVar:ConfigDir}/clients.cfg
##################################################################
# AUTHBY SECTION #
##################################################################
<AuthBy SQL>
Identifier UserGetPassword
NoDefault
include %{GlobalVar:ConfigDir}/DBUseData.cfg
AuthColumnDef 0, User-Password, check
AuthColumnDef 1, Pert-Service-Code, request
# In request-packet so I don't have to delete it (since it's fake)
AuthColumnDef 2, Simultaneous-Use, check
# In request-packet so I don't have to delete it (since it's fake)
AuthColumnDef 3, Pert-TimeFrame-Id, request
AuthColumnDef 4, GENERIC, check
AuthColumnDef 5, GENERIC, reply
AuthColumnDef 6, Pert-Service-DNIS-MatchString, request
# In request-packet so I don't have to delete it (since it's fake)
AuthColumnDef 7, Framed-IP-Address, reply
AuthColumnDef 8, Framed-IP-Netmask, reply
AuthColumnDef 9, Session-Timeout, reply
AuthColumnDef 10, Pert-Session-OctetsLeft, request
# In request-packet so I don't have to delete it (since it's fake)
AuthColumnDef 11, Pert-No-Login, request
# In request-packet so I don't have to delete it (since it's fake)
AuthColumnDef 12, GENERIC, check
AuthColumnDef 13, GENERIC, reply
AuthColumnDef 14, PoolHint, reply
AuthSelect SELECT U.USU_CLAVE, \
S.SER_CODIGO, \
S.SER_MAX_SESSION_CONCURRENTES, \
S.TIMEFRAMEID, \
S.SER_GEN_CHECK, \
S.SER_GEN_REPLY, \
VS.VISP_SER_VALID_DNIS, \
U.USU_IP_NRO_FIJA, \
U.USU_IP_MASC_FIJA, \
U.USU_TIEMPO_RESTANTE, \
U.USU_BYTES_RESTANTES, \
U.USU_SUSPENDIDO, \
U.USU_GEN_CHECK, \
U.USU_GEN_REPLY, \
NC.POOL_NAME \
FROM USUARIOS U, VISP V, SERVICIOS S, VISP_SERVICIOS VS, NAS_CALIDAD
NC \
WHERE U.VISP_CODIGO = V.VISP_CODIGO AND \
U.SER_CODIGO = S.SER_CODIGO AND \
VS.VISP_CODIGO = V.VISP_CODIGO AND \
VS.SER_CODIGO = S.SER_CODIGO AND \
U.USU_CODIGO = '%U' AND U.VISP_CODIGO = '%R' AND \
S.CAL_CODIGO = NC.CAL_CODIGO AND \
NC.NAS_IDENTIFIER = '%{NAS-Identifier}'
#AuthSelect SELECT U.USU_CLAVE, \
#S.SER_CODIGO, \
#S.SER_MAX_SESSION_CONCURRENTES, \
#S.SER_GEN_CHECK, \
#S.SER_GEN_REPLY, \
#VS.VISP_SER_VALID_DNIS, \
#U.USU_IP_NRO_FIJA, \
#U.USU_IP_MASC_FIJA, \
#U.USU_TIEMPO_RESTANTE, \
#U.USU_BYTES_RESTANTES, \
#U.USU_SUSPENDIDO, \
#U.USU_GEN_CHECK, \
#U.USU_GEN_REPLY, \
#NC.POOL_NAME \
#FROM USUARIOS U, VISP V, SERVICIOS S, VISP_SERVICIOS VS, NAS_CALIDAD
NC \
#WHERE U.VISP_CODIGO = V.VISP_CODIGO AND \
#U.SER_CODIGO = S.SER_CODIGO AND \
#VS.VISP_CODIGO = V.VISP_CODIGO AND \
#VS.SER_CODIGO = S.SER_CODIGO AND \
#U.USU_CODIGO = '%U' AND U.VISP_CODIGO = '%R' AND \
#S.CAL_CODIGO = NC.CAL_CODIGO AND \
#NC.NAS_IDENTIFIER = '%{NAS-Identifier}'
</AuthBy>
##################################################################
# PORT LIMITS SECTION #
##################################################################
<AuthBy PORTLIMITCHECK>
Identifier PortLmits
NoDefault
# include %{GlobalVar:ConfigDir}/DBUseData.cfg
# Esto no va, usa los mismos datos de <SessionDatabase SQL>
CountQuery SELECT COUNT(*) \
FROM USUARIOS_EN_LINEA \
WHERE VISP_CODIGO = '%R' AND SER_CODIGO = '%{Pert-Service-Code}' \
VISP_SER_VALID_DNIS = '%{Pert-Service-DNIS-MatchString}'
LimitQuery SELECT VISP_CANT_PORTS \
FROM VISP_SERVICIOS \
WHERE VISP_CODIGO = '%R' AND SER_CODIGO = '%{Pert-Service-Code}' \
VISP_SER_VALID_DNIS = '%{Pert-Service-DNIS-MatchString}'
</AuthBy>
##################################################################
# ADDRESS ALLOCATION SECTION #
##################################################################
<AddressAllocator SQL>
Identifier AddressAllocSQL
include %{GlobalVar:ConfigDir}/DBUseData.cfg
# Una vez por dia, reclamamos las IP's expiradas
LeaseReclaimInterval 86400
# Las direcciones expiran a la semana (ver si es razonable)
DefaultLeasePeriod 604800
FindQuery SELECT TIME_STAMP, IP_NUMERO, IP_MASCARA, DNS_SERVERS \
FROM POOL_IP \
WHERE POOL_NAME = '%0' AND \
OCUPADA = 0 \
ORDER BY TIME_STAMP
AllocateQuery UPDATE POOL_IP \
SET OCUPADA = 1, TIME_STAMP = %0, EXPIRA = %1 \
WHERE IP_NUMERO = '%3'
DeallocateQuery UPDATE POOL_IP \
SET OCUPADA = 0, TIME_STAMP = %t \
WHERE IP_NUMERO = '%0'
ReclaimQuery UPDATE POOL_IP \
SET OCUPADA = 0 \
WHERE OCUPADA != 0 AND EXPIRA < %0
</AddressAllocator>
<AuthBy DYNADDRESS>
Identifier IPPoolManager
Allocator AddressAllocSQL
PoolHint %{Reply:PoolHint}
StripFromReply PoolHint
</AuthBy>
##################################################################
# SESSION DATABASE SECTION #
##################################################################
<SessionDatabase SQL>
Identifier SessDBUsers
include %{GlobalVar:ConfigDir}/DBUseData.cfg
AddQuery INSERT INTO USUARIOS_EN_LINEA \
(USU_CODIGO, VISP_CODIGO, USUA_SESION_ID, \
USUA_IP_NAS, POOL_NAME, USUA_PORT, USUA_BYTES, USUA_TIEMPO, \
USUA_HORA_CONEXION, USUA_CALL_ID, USUA_DNIS, USUA_IP_ASIGNADA, \
SER_CODIGO, VISP_SER_VALID_DNIS) \
VALUES \
('%U', '%R', '%{Acct-Session-Id}', \
'%N', 'pool', %{NAS-Port}, 0, 0, \
TO_DATE('%Y-%m-%d %H:%M:%S', 'YYYY-MM-DD HH24:MI:SS'), \
'%{Calling-Station-Id}', '%{Called-Station-Id}',
'%{Framed-IP-Address}',\
NULL,NULL)
DeleteQuery DELETE FROM USUARIOS_EN_LINEA \
WHERE USUA_IP_NAS='%N' AND USUA_PORT='%{NAS-Port}'
ClearNasQuery DELETE FROM USUARIOS_EN_LINEA \
WHERE USUA_IP_NAS='%N'
CountQuery SELECT USUA_IP_NAS, USUA_PORT, USUA_SESION_ID \
FROM USUARIOS_EN_LINEA \
WHERE USU_CODIGO='%U' AND VISP_CODIGO='%R'
</SessionDatabase>
##################################################################
# ACCOUNTING SECTION #
##################################################################
<AuthBy SQL>
Identifier RadAcctSQL
include %{GlobalVar:ConfigDir}/DBUseData.cfg
AuthSelect
AcctFailedLogFileName %L/%Y-%m/%{GlobalVar:rad_instance}/acctFailedLog_%d-%q
AccountingTable ACCOUNTING
AcctColumnDef TYPE,Acct-Status-Type
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIMESTAMP,Timestamp,integer
AcctColumnDef SESSIONID,Acct-Session-Id
AcctColumnDef SESSIONTIME,Acct-Session-Time,integer
AcctColumnDef INPUTBYTES,Acct-Input-Octets
AcctColumnDef OUTPUTBYTES,Acct-Output-Octets
AcctColumnDef TERMINATECAUSE,Acct-Terminate-Cause
AcctColumnDef IPADDRESS,Framed-IP-Address
AcctColumnDef CALLERID,Calling-Station-Id
AcctColumnDef DNIS,Called-Station-Id
AcctColumnDef NASIDENTIFIER,NAS-Identifier
AcctColumnDef NASIPADDRESS,NAS-IP-Address
AcctColumnDef NASPORT,NAS-Port,integer
</AuthBy SQL>
<AuthBy SQL>
Identifier StopAddlProcess
# Procesamos datos cuando se desconecta para chequearlos en el
# PostAuthHook cuando se conecte la proxima vez
include %{GlobalVar:ConfigDir}/DBUseData.cfg
AccountingStopsOnly
# Cuando llega el paquete de Stop, si corresponde, le actualizamos el tiempo
restante
AcctSQLStatement UPDATE USUARIOS \
SET USU_TIEMPO_RESTANTE = USU_TIEMPO_RESTANTE - 0%{Acct-Session-Time} \
WHERE USU_CODIGO='%U' AND VISP_CODIGO='%R' AND \
USU_TIEMPO_RESTANTE IS NOT NULL
# Cuando llega el paquete de Stop, si corresponde, le actualizamos los bytes
de xfer restantes
AcctSQLStatement UPDATE USUARIOS \
SET USU_BYTES_RESTANTES = USU_BYTES_RESTANTES - 0%{Acct-Input-Octets}
- 0%{Acct-Output-Octets} \
WHERE USU_CODIGO='%U' AND VISP_CODIGO='%R' AND \
USU_BYTES_RESTANTES IS NOT NULL
</AuthBy SQL>
##################################################################
# HANDLER SECTION #
##################################################################
<Handler Request-Type = Access-Request>
Identifier AccessHandler
AuthByPolicy ContinueWhileAccept
AuthBy UserGetPassword
AuthBy IPPoolManager
PreAuthHook file:"%{GlobalVar:ScriptDir}/preAuthChecks"
PostAuthHook file:"%{GlobalVar:ScriptDir}/lastAuthChecks"
</Handler>
<Handler Request-Type = Accounting-Request>
Identifier AccountingHandler
AuthByPolicy ContinueWhileAccept
AuthBy RadAcctSQL
AuthBy StopAddlProcess
</Handler>
##################################################################
# DATABASE GLOBAL DATA #
##################################################################
DefineGlobalVar OracleHost localhost
DefineGlobalVar OracleSID radius
#DefineGlobalVar MR_DBSource dbi:Oracle:host=localhost;sid=radius
DefineGlobalVar MR_DBSource dbi:Oracle:host=mr-visp;sid=radius
DefineGlobalVar MR_DBUsername radmin
DefineGlobalVar MR_DBAuth radius
##################################################################
# CLIENTS SECTION #
##################################################################
<ClientListSQL>
# Client (NAS) info is in the database
include %{GlobalVar:ConfigDir}/DBUseData.cfg
GetClientQuery SELECT \
NAS_IDENTIFIER, NAS_SECRET, \
NAS_IGNOREACCTSIGNATURE, NAS_DUPINTERVAL, \
NAS_DEFAULTREALM, NAS_TYPE, NAS_SNMPCOMMUNITY, \
NAS_LIVINGSTONOFFS, NAS_LIVINGSTONHOLE, \
NAS_FRAMEDGROUPBASEADDRESS, NAS_FRAMEDGROUPMAXPORTSPERCLAS, \
NAS_REWRITEUSERNAME, NAS_NOIGNOREDUPLICATES, \
NAS_PREHANDLERHOOK \
FROM NAS
</ClientListSQL>
##################################################################
# DATABASE INVOCATION DATA #
##################################################################
# before you must:
# include %{GlobalVar:ConfigDir}/DBGlobalData.cfg
#
DBSource %{GlobalVar:MR_DBSource}
DBUsername %{GlobalVar:MR_DBUsername}
DBAuth %{GlobalVar:MR_DBAuth}
# Pert Attributes
VENDORATTR 7095 Pert-Service-Code 101 string
VENDORATTR 7095 Pert-Service-DNIS-MatchString 102 string
VENDORATTR 7095 Pert-Session-OctetsLeft 111 integer
VENDORATTR 7095 Pert-No-Login 121 integer
VENDORATTR 7095 Pert-TimeFrame-Id 131 integer
