Hello David -
There are also NasType entries for PM3 and PM4 - have you tried those? I also seem to recall this topic being discussed on the mailing list, so check the archive and do a search. www.open.com.au/archives/radiator It is certain that if the SNMP query cannot be run manually, Radiator will not be able to use it either. regards Hugh On Sat, 5 Jan 2002 11:16, David Miller wrote: > Hi all: > Have been relying on a session database to enforce multiple login limits, > but after our data link provider experienced a temporary routing problem > that left the > session database out of sync with the actual users connected, decided a > little more robust > solution was in order. > Have been attempting to use the snmpget program to verify multiple login > violations > with the Livingston Portmaster NASes (PM25 and PM3). These NASes service > channelized T1 > lines. The snmpget program is getting called as shown in the trace below, > but multiple > logins are not getting correctly identified. Logging into the NAS shows > the sessions were still actually active. Have tried various settings for > the LivingstonHole and LivingstonOffs parameters, but to no avail. > Radiator (version 2.18.4) is running on RedHat Linux 7.1, snmpget program > is from > ucd-snmp-4.2.1-4.7.x rpm from sourceforge. I know these are not the most > current versions > of Radiator, and snmp (plan to upgrade as soon as we finish a move to new > facilities). > > Running the first snmpget command shown in the trace from the command line > results > in the following output (community string sanitized): > > [root@dns2 radiator]# snmpget 204.250.116.14 xxxxxxx > .iso.org.dod.internet.private.enterprises.307.2.1.1.1.2.5 > Error in packet > Reason: (noSuchName) There is no such variable name in this MIB. > Failed object: enterprises.307.2.1.1.1.2.5 > > Please forgive my ignorance of snmp, just starting to get my feet wet. > Please let me know if I can supply any additional information. Any insights > would be appreciated. > > Regards, > David Miller > [EMAIL PROTECTED] > > > ---------------------------- > # radius.cfg > # > #===================== > # Global Parameters > #===================== > LogDir /var/log/radius > DbDir /etc/radiator/raddb > > AuthPort 1645 > AcctPort 1646 > > # User a low trace level in production systems. Increase > # it to 4 or 5 for debugging, or use the -trace flag to radiusd > # Trace 3 > Trace 4 > > # Log file, in form of logfile.dd_Mmm_yyy > LogFile %L/logfile.%d_%v_%Y > > # Username Rewrite Rules. Strip off realm name, change to lowercase, and > remove # any whitespace. > RewriteUsername s/^([^@]+).*/$1/ > RewriteUsername tr/A-Z/a-z/ > RewriteUsername s/\s+//g > > # location of snmpget program > SnmpgetProg /usr/bin/snmpget > > # Livingston hole and offs > # LivingstonHole 1 > # LivingstonOffs 22 > > #=========== > # Clients > #=========== > <Client a.b.c.d> > Secret xxxxxx > DupInterval 2 > NasType Livingston > SNMPCommunity xxxxxx > </Client> > > <Client a.b.c.e> > Secret xxxxxx > DupInterval 2 > NasType Livingston > SNMPCommunity xxxxxx > </Client> > > <Client a.b.c.f> > Secret xxxxxx > DupInterval 2 > NasType Livingston > SNMPCommunity xxxxxx > </Client> > > <Client a.b.c.g> > Secret xxxxxx > DupInterval 2 > NasType Livingston > SNMPCommunity xxxxxx > </Client> > > <Client a.b.c.h> > Secret xxxxxx > DupInterval 2 > NasType Livingston > SNMPCommunity xxxxxx > </Client> > > #================== > # Session Database > #================== > <SessionDatabase SQL> > Identifier RadiusDB1 > DBSource dbi:DB2:radius2 > DBUsername xxxxxxx > DBAuth xxxxxxx > </SessionDatabase SQL> > > #================== > # Realms > #================== > <Realm DEFAULT> > # Session Database to use > SessionDatabase RadiusDB1 > > <AuthBy FILE> > # Make passwords case insensitive > CaseInsensitivePasswords > > # Default SimultaneousUse. Can be overridden on a per user basis. > DefaultSimultaneousUse 1 > > Filename %D/users > # no caching for test purposes > # Nocache > </AuthBy> > > # Log accounting to a detail file > # Detail filename in form of detail.dd_Mmm_yyy > AcctLogFileName %L/detail.%d_%v_%Y > </Realm> > > > > ---------------------------------------------- > debug trace, community strings sanitized > ---------------------------------------------- > Thu Jan 3 15:15:40 2002: DEBUG: Packet dump: > *** Received from 206.158.98.10 port 1026 .... > Code: Access-Request > Identifier: 204 > Authentic: <157><192>x<241><7><224><247>@<241><150><19><253><154><17>>r > Attributes: > User-Name = "kstevens" > User-Password = "<241>+<18><130>j{<147><220><216><232><228><236>h^<149>]" > NAS-IP-Address = 206.158.98.10 > NAS-Port = 10 > NAS-Port-Type = Async > Service-Type = Framed-User > Framed-Protocol = PPP > Connect-Info = "48000 LAPM/V42BIS" > > Thu Jan 3 15:15:40 2002: DEBUG: Rewrote user name to kstevens > Thu Jan 3 15:15:40 2002: DEBUG: Rewrote user name to kstevens > Thu Jan 3 15:15:40 2002: DEBUG: Rewrote user name to kstevens > Thu Jan 3 15:15:40 2002: DEBUG: Handling request with Handler > 'Realm=DEFAULT' Thu Jan 3 15:15:40 2002: DEBUG: RadiusDB1 Deleting session > for kstevens, 206.158.98.10, 10 > Thu Jan 3 15:15:40 2002: DEBUG: do query is: delete from RADONLINE where > NASIDENTIFIER='206.158.98.10' and NASPORT=010 > > Thu Jan 3 15:15:40 2002: DEBUG: Handling with Radius::AuthFILE: > Thu Jan 3 15:15:40 2002: DEBUG: Radius::AuthFILE looks for match with > kstevens Thu Jan 3 15:15:40 2002: DEBUG: Query is: select NASIDENTIFIER, > NASPORT, ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where > USERNAME='kstevens' > > Thu Jan 3 15:15:40 2002: DEBUG: Checking if user is still online: > Livingston, kstevens, 206.158.98.11, 26, 2400184E 206.158.99.81 > Thu Jan 3 15:15:40 2002: DEBUG: Running command `/usr/bin/snmpget > 206.158.98.11 xxxxxxxx > .iso.org.dod.internet.private.enterprises.307.2.1.1.1.2.5` > Thu Jan 3 15:15:40 2002: DEBUG: Running command `/usr/bin/snmpget > 206.158.98.11 xxxxxxxx > .iso.org.dod.internet.private.enterprises.307.3.2.1.1.1.5.30` > Thu Jan 3 15:15:40 2002: NOTICE: RadiusDB1 Session for kstevens at > 206.158.98.11:26 has gone away > Thu Jan 3 15:15:40 2002: DEBUG: RadiusDB1 Deleting session for kstevens, > 206.158.98.11, 26 > Thu Jan 3 15:15:40 2002: DEBUG: do query is: delete from RADONLINE where > NASIDENTIFIER='206.158.98.11' and NASPORT=026 > > Thu Jan 3 15:15:40 2002: DEBUG: Radius::AuthFILE ACCEPT: > Thu Jan 3 15:15:40 2002: DEBUG: Access accepted for kstevens > Thu Jan 3 15:15:40 2002: DEBUG: Packet dump: > *** Sending to 206.158.98.10 port 1026 .... > Code: Access-Accept > Identifier: 204 > Authentic: <157><192>x<241><7><224><247>@<241><150><19><253><154><17>>r > Attributes: > > Thu Jan 3 15:15:41 2002: DEBUG: Packet dump: > *** Received from 206.158.98.10 port 1026 .... > Code: Accounting-Request > Identifier: 205 > Authentic: <159><11><162><210>w<174><8><215><22><174>n<171>K<182><226>e > Attributes: > Acct-Session-Id = "2F002436" > User-Name = "kstevens" > NAS-IP-Address = 206.158.98.10 > NAS-Port = 10 > NAS-Port-Type = Async > Acct-Status-Type = Start > Acct-Authentic = RADIUS > Connect-Info = "48000 LAPM/V42BIS" > Service-Type = Framed-User > Framed-Protocol = PPP > Framed-IP-Address = 206.158.99.22 > Acct-Delay-Time = 0 > > Thu Jan 3 15:15:41 2002: DEBUG: Rewrote user name to kstevens > Thu Jan 3 15:15:41 2002: DEBUG: Rewrote user name to kstevens > Thu Jan 3 15:15:41 2002: DEBUG: Rewrote user name to kstevens > Thu Jan 3 15:15:41 2002: DEBUG: Handling request with Handler > 'Realm=DEFAULT' Thu Jan 3 15:15:41 2002: DEBUG: RadiusDB1 Adding session > for kstevens, 206.158.98.10, 10 > Thu Jan 3 15:15:41 2002: DEBUG: do query is: delete from RADONLINE where > NASIDENTIFIER='206.158.98.10' and NASPORT=010 > > Thu Jan 3 15:15:41 2002: DEBUG: do query is: insert into RADONLINE > (USERNAME, NASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP, > FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE) values ('kstevens', > '206.158.98.10', 010, '2F002436', 1010099741, '206.158.99.22', 'Async', > 'Framed-User') > > Thu Jan 3 15:15:41 2002: DEBUG: Handling with Radius::AuthFILE: > Thu Jan 3 15:15:41 2002: DEBUG: Accounting accepted > Thu Jan 3 15:15:41 2002: DEBUG: Packet dump: > *** Sending to 206.158.98.10 port 1026 .... > Code: Accounting-Response > Identifier: 205 > Authentic: <159><11><162><210>w<174><8><215><22><174>n<171>K<182><226>e > Attributes: > > > <snip> > > > Thu Jan 3 15:19:37 2002: DEBUG: Packet dump: > *** Received from 206.158.98.10 port 1026 .... > Code: Access-Request > Identifier: 214 > Authentic: <224>oO",<127><181><133><240>X4"<134><252>p<0> > Attributes: > User-Name = "wheelhouse" > User-Password = "(g<182>:<227><198><148>Fs<178><4>o<205><255>0<151>" > NAS-IP-Address = 206.158.98.10 > NAS-Port = 17 > NAS-Port-Type = Async > Service-Type = Framed-User > Framed-Protocol = PPP > Connect-Info = "28800 LAPM/V42BIS" > > Thu Jan 3 15:19:37 2002: DEBUG: Rewrote user name to wheelhouse > Thu Jan 3 15:19:37 2002: DEBUG: Rewrote user name to wheelhouse > Thu Jan 3 15:19:37 2002: DEBUG: Rewrote user name to wheelhouse > Thu Jan 3 15:19:37 2002: DEBUG: Handling request with Handler > 'Realm=DEFAULT' Thu Jan 3 15:19:37 2002: DEBUG: RadiusDB1 Deleting session > for wheelhouse, 206.158.98.10, 17 > Thu Jan 3 15:19:37 2002: DEBUG: do query is: delete from RADONLINE where > NASIDENTIFIER='206.158.98.10' and NASPORT=017 > > Thu Jan 3 15:19:37 2002: DEBUG: Handling with Radius::AuthFILE: > Thu Jan 3 15:19:37 2002: DEBUG: Radius::AuthFILE looks for match with > wheelhouse > Thu Jan 3 15:19:37 2002: DEBUG: Query is: select NASIDENTIFIER, NASPORT, > ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where USERNAME='wheelhouse' > > Thu Jan 3 15:19:37 2002: DEBUG: Checking if user is still online: > Livingston, wheelhouse, 206.158.98.11, 2, 2400187D 206.158.99.75 > Thu Jan 3 15:19:37 2002: DEBUG: Running command `/usr/bin/snmpget > 206.158.98.11 xxxxxxxx > .iso.org.dod.internet.private.enterprises.307.2.1.1.1.2.5` > Thu Jan 3 15:19:38 2002: DEBUG: Running command `/usr/bin/snmpget > 206.158.98.11 xxxxxxxx > .iso.org.dod.internet.private.enterprises.307.3.2.1.1.1.5.7` > Thu Jan 3 15:19:38 2002: NOTICE: RadiusDB1 Session for wheelhouse at > 206.158.98.11:2 has gone away > Thu Jan 3 15:19:38 2002: DEBUG: RadiusDB1 Deleting session for wheelhouse, > 206.158.98.11, 2 > Thu Jan 3 15:19:38 2002: DEBUG: do query is: delete from RADONLINE where > NASIDENTIFIER='206.158.98.11' and NASPORT=02 > > Thu Jan 3 15:19:38 2002: DEBUG: Radius::AuthFILE ACCEPT: > Thu Jan 3 15:19:38 2002: DEBUG: Access accepted for wheelhouse > Thu Jan 3 15:19:38 2002: DEBUG: Packet dump: > *** Sending to 206.158.98.10 port 1026 .... > Code: Access-Accept > Identifier: 214 > Authentic: <224>oO",<127><181><133><240>X4"<134><252>p<0> > Attributes: > > Thu Jan 3 15:19:39 2002: DEBUG: Packet dump: > *** Received from 206.158.98.10 port 1026 .... > Code: Accounting-Request > Identifier: 215 > Authentic: <23>V.J<243>X&<16>F<250><199>[=<27><186><6> > Attributes: > Acct-Session-Id = "2F002439" > User-Name = "wheelhouse" > NAS-IP-Address = 206.158.98.10 > NAS-Port = 17 > NAS-Port-Type = Async > Acct-Status-Type = Start > Acct-Authentic = RADIUS > Connect-Info = "28800 LAPM/V42BIS" > Service-Type = Framed-User > Framed-Protocol = PPP > Framed-IP-Address = 206.158.99.56 > Acct-Delay-Time = 0 > > Thu Jan 3 15:19:39 2002: DEBUG: Rewrote user name to wheelhouse > Thu Jan 3 15:19:39 2002: DEBUG: Rewrote user name to wheelhouse > Thu Jan 3 15:19:39 2002: DEBUG: Rewrote user name to wheelhouse > Thu Jan 3 15:19:39 2002: DEBUG: Handling request with Handler > 'Realm=DEFAULT' Thu Jan 3 15:19:39 2002: DEBUG: RadiusDB1 Adding session > for wheelhouse, 206.158.98.10, 17 > Thu Jan 3 15:19:39 2002: DEBUG: do query is: delete from RADONLINE where > NASIDENTIFIER='206.158.98.10' and NASPORT=017 > > Thu Jan 3 15:19:39 2002: DEBUG: do query is: insert into RADONLINE > (USERNAME, NASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP, > FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE) values ('wheelhouse', > '206.158.98.10', 017, '2F002439', 1010099979, '206.158.99.56', 'Async', > 'Framed-User') > > Thu Jan 3 15:19:39 2002: DEBUG: Handling with Radius::AuthFILE: > Thu Jan 3 15:19:39 2002: DEBUG: Accounting accepted > Thu Jan 3 15:19:39 2002: DEBUG: Packet dump: > *** Sending to 206.158.98.10 port 1026 .... > Code: Accounting-Response > Identifier: 215 > Authentic: <23>V.J<243>X&<16>F<250><199>[=<27><186><6> > Attributes: > > <snip> > > > Thu Jan 3 15:33:11 2002: DEBUG: Packet dump: > *** Received from 206.158.98.11 port 1026 .... > Code: Access-Request > Identifier: 225 > Authentic: <31><230><184><225>5b<171><237>m<247><156><217><139><199>T<157> > Attributes: > User-Name = "bhyde" > User-Password = "U<216><136>K#qD<224><180><163><199><244>pij<234>" > NAS-IP-Address = 206.158.98.11 > NAS-Port = 32 > NAS-Port-Type = Async > Service-Type = Framed-User > Framed-Protocol = PPP > Connect-Info = "49333 LAPM/V42BIS" > > Thu Jan 3 15:33:11 2002: DEBUG: Rewrote user name to bhyde > Thu Jan 3 15:33:11 2002: DEBUG: Rewrote user name to bhyde > Thu Jan 3 15:33:11 2002: DEBUG: Rewrote user name to bhyde > Thu Jan 3 15:33:11 2002: DEBUG: Handling request with Handler > 'Realm=DEFAULT' Thu Jan 3 15:33:11 2002: DEBUG: RadiusDB1 Deleting session > for bhyde, 206.158.98.11, 32 > Thu Jan 3 15:33:11 2002: DEBUG: do query is: delete from RADONLINE where > NASIDENTIFIER='206.158.98.11' and NASPORT=032 > > Thu Jan 3 15:33:11 2002: DEBUG: Handling with Radius::AuthFILE: > Thu Jan 3 15:33:11 2002: DEBUG: Radius::AuthFILE looks for match with > bhyde Thu Jan 3 15:33:11 2002: DEBUG: Query is: select NASIDENTIFIER, > NASPORT, ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where > USERNAME='bhyde' > > Thu Jan 3 15:33:11 2002: DEBUG: Checking if user is still online: > Livingston, bhyde, 206.158.98.10, 34, 2F002440 206.158.99.19 > Thu Jan 3 15:33:11 2002: DEBUG: Running command `/usr/bin/snmpget > 206.158.98.10 xxxxxxxx > .iso.org.dod.internet.private.enterprises.307.2.1.1.1.2.5` > Thu Jan 3 15:33:11 2002: DEBUG: Running command `/usr/bin/snmpget > 206.158.98.10 xxxxxxxx > .iso.org.dod.internet.private.enterprises.307.3.2.1.1.1.5.38` > Thu Jan 3 15:33:11 2002: NOTICE: RadiusDB1 Session for bhyde at > 206.158.98.10:34 has gone away > Thu Jan 3 15:33:11 2002: DEBUG: RadiusDB1 Deleting session for bhyde, > 206.158.98.10, 34 > Thu Jan 3 15:33:11 2002: DEBUG: do query is: delete from RADONLINE where > NASIDENTIFIER='206.158.98.10' and NASPORT=034 > > Thu Jan 3 15:33:11 2002: DEBUG: Radius::AuthFILE ACCEPT: > Thu Jan 3 15:33:11 2002: DEBUG: Access accepted for bhyde > Thu Jan 3 15:33:11 2002: DEBUG: Packet dump: > *** Sending to 206.158.98.11 port 1026 .... > Code: Access-Accept > Identifier: 225 > Authentic: <31><230><184><225>5b<171><237>m<247><156><217><139><199>T<157> > Attributes: > > Thu Jan 3 15:33:12 2002: DEBUG: Packet dump: > *** Received from 206.158.98.11 port 1026 .... > Code: Accounting-Request > Identifier: 226 > Authentic: > <232><209><248>v<12><182><14><127><142><236><221>F<159><190><171><244> > Attributes: > Acct-Session-Id = "2400188D" > User-Name = "bhyde" > NAS-IP-Address = 206.158.98.11 > NAS-Port = 32 > NAS-Port-Type = Async > Acct-Status-Type = Start > Acct-Authentic = RADIUS > Connect-Info = "49333 LAPM/V42BIS" > Service-Type = Framed-User > Framed-Protocol = PPP > Framed-IP-Address = 206.158.99.95 > Acct-Delay-Time = 0 > > Thu Jan 3 15:33:12 2002: DEBUG: Rewrote user name to bhyde > Thu Jan 3 15:33:12 2002: DEBUG: Rewrote user name to bhyde > Thu Jan 3 15:33:12 2002: DEBUG: Rewrote user name to bhyde > Thu Jan 3 15:33:12 2002: DEBUG: Handling request with Handler > 'Realm=DEFAULT' Thu Jan 3 15:33:12 2002: DEBUG: RadiusDB1 Adding session > for bhyde, 206.158.98.11, 32 > Thu Jan 3 15:33:12 2002: DEBUG: do query is: delete from RADONLINE where > NASIDENTIFIER='206.158.98.11' and NASPORT=032 > > Thu Jan 3 15:33:12 2002: DEBUG: do query is: insert into RADONLINE > (USERNAME, NASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP, > FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE) values ('bhyde', > '206.158.98.11', 032, '2400188D', 1010100792, '206.158.99.95', 'Async', > 'Framed-User') > > Thu Jan 3 15:33:12 2002: DEBUG: Handling with Radius::AuthFILE: > Thu Jan 3 15:33:12 2002: DEBUG: Accounting accepted > Thu Jan 3 15:33:12 2002: DEBUG: Packet dump: > *** Sending to 206.158.98.11 port 1026 .... > Code: Accounting-Response > Identifier: 226 > Authentic: > <232><209><248>v<12><182><14><127><142><236><221>F<159><190><171><244> > Attributes: > > === > Archive at http://www.open.com.au/archives/radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.