It looks like radpwtst is sending the default NAS-Port of 1234 for each request. Since radiator sees the second call coming in on the same physical port it assumes that the first session had to have ended. Change the NAS-Port in the second test using the -nas_port parameter of radpwtst so it looks like you are putting up a second simultaneous call.
-Frank -----Original Message----- From: Griff Hamlin, III [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 17, 2002 2:03 PM To: [EMAIL PROTECTED] Subject: (RADIATOR) Session Database issues. I am using Radiator 2.18.3 on AIX. I find that even though in my config file I have DefaultSimultaneousUse 1 set, all users are still allowed on. I use an SQL session database, and when I try tests using radpwtst I find something peculiar. I first run the following command: /usr/local/Radiator-2.18/radpwtst -nostop -user=hamlin -password=XXXX -auth_port=1645 -acct_port=1646 -calling_station_id 9095551212 -nas_ip_address 127.0.0.1 This gives me an accesss accept and place the user information into my sql 'online' table. I purposely do not let radpwtst send a stop packet so that the information will remain in the online table. I then change the phone number (because I have a hook that checks for it) and run the following command from radpwtst. /usr/local/Radiator-2.18/radpwtst -noacct -user=hamlin -password=XXXX -auth_port=1645 -acct_port=1646 -calling_station_id 9495551213 -nas_ip_address 127.0.0.1 Notice that now, I have changed it to -noacct since all I want is the access reply. Strangely enough, it is accepted! Yet I can see the row in the online database. I get the following from the logfile on trace 4. This is the access request after the user is already in the online sql database. ---------logfile output ---------------------------- *** Received from 127.0.0.1 port 46269 .... Code: Access-Request Identifier: 17 Authentic: 1234567890123456 Attributes: User-Name = "hamlin" Service-Type = Framed-User NAS-IP-Address = 127.0.0.1 NAS-Port = 1234 Called-Station-Id = "123456789" Calling-Station-Id = "9491234546" NAS-Port-Type = Async User-Password = "<207><184>f<154><223>5p<246><188>8<9><160><216>}x<153>" Fri Jan 18 05:39:47 2002: INFO: Checking :hamlin: call-id :9491234546: Fri Jan 18 05:39:47 2002: INFO: CallIDHook: returned row ---> 'hamlin', '9095551212' Fri Jan 18 05:39:47 2002: DEBUG: Check if Handler Service-Type = Call-Check should be used to handle this request Fri Jan 18 05:39:47 2002: DEBUG: Check if Handler User-Name = admin should be used to handle this request Fri Jan 18 05:39:47 2002: DEBUG: Check if Handler Request-Type=Accounting-Request should be used to handle this request Fri Jan 18 05:39:47 2002: DEBUG: Check if Handler should be used to handle this request Fri Jan 18 05:39:47 2002: DEBUG: Handling request with Handler '' Fri Jan 18 05:39:47 2002: DEBUG: Rewrote user name to hamlin Fri Jan 18 05:39:47 2002: DEBUG: Deleting session for hamlin, 127.0.0.1, 1234 <-----### This seems odd to me Fri Jan 18 05:39:47 2002: DEBUG: do query is: delete from online where (nasidentifier='127.0.0.1')&&(nasport='1234') Fri Jan 18 05:39:47 2002: DEBUG: Handling with Radius::AuthGROUP Fri Jan 18 05:39:47 2002: DEBUG: Handling with Radius::AuthSQL Fri Jan 18 05:39:47 2002: DEBUG: Handling with Radius::AuthSQL: Fri Jan 18 05:39:47 2002: DEBUG: Query is: select check_items, reply_items, case when (prepay='false') then if(session_timeout,session_timeout,NULL) when ((prepay='true')&&(ISNULL(session_timeout))) then prepaid_timeleft when ((prepay='true')&&(!(ISNULL(session_timeout)))) then if(prepaid_timeleft<session_timeout,prepaid_timeleft,session_timeout) end from users where (username='hamlin' && handler_group='defau') Fri Jan 18 05:39:47 2002: DEBUG: Radius::AuthSQL looks for match with hamlin Fri Jan 18 05:39:47 2002: DEBUG: Query is: select username, acctsessionid from online where username='hamlin' Fri Jan 18 05:39:47 2002: DEBUG: Radius::AuthSQL ACCEPT: Fri Jan 18 05:39:47 2002: DEBUG: Access accepted for hamlin Fri Jan 18 05:39:47 2002::hamlin accepted from 127.0.0.1, called 123456789 from 9491234546 Fri Jan 18 05:39:47 2002: DEBUG: Packet dump: *** Sending to 127.0.0.1 port 46269 .... Code: Access-Accept Identifier: 17 Authentic: 1234567890123456 Attributes: Framed-IP-Address = 255.255.255.254 Framed-Routing = None Framed-Compression = Van-Jacobson-TCP-IP Framed-IP-Netmask = 255.255.255.255 Idle-Timeout = 900 Framed-Protocol = PPP Service-Type = Framed-User ----------end logfile output--------------------------------------------------- I have labelled the line above that seems strange to me. Why would it delete the session from the online sql database before doing anything else? I found the line in Handler.pm that does this and commented it out. When I then tried this test, it works like a champ (It's line 257 in Handler.pm). Perhaps I am doing something wrong. My radius.cfg file is as follows: ---------- radius.cfg -------------- # Values for testing only Trace 4 #Trace 3 #AuthPort 1812 #AcctPort 1813 # Directory where logfile and details file are LogDir /var/adm/radacct # Database directory. Should contain: # users The user database # dictionary The dictionary for your NAS DbDir /etc/raddb AuthPort 1645 AcctPort 1646 # client list include %D/client_list.cfg SnmpgetProg /usr/bin/snmp_aix.pl PreClientHook file:"/etc/raddb/CallIdCheck.hook" # Global parameters LivingstonOffs 29 LivingstonHole 2 LivingstonMIB 1.3.6.1.4.1.307 # Define Global Variables # DbHost should be localhost DefineGlobalVar DbHost ns2.quik.com.au DefineGlobalVar DbServer xxxxxx DefineGlobalVar DbUser xxxxx DefineGlobalVar DbPass xxxxxx # Online Session Database <SessionDatabase SQL> DBSource %{GlobalVar:DbServer} DBUsername %{GlobalVar:DbUser} DBAuth %{GlobalVar:DbPass} AddQuery insert into online (username, nasidentifier, nasport,\ acctsessionid, callingid, framedaddress) values ('%U','%c',\ '%{NAS-Port}','%{Acct-Session-Id}','%{Calling-Station-Id}',\ '%{Framed-IP-Address}') DeleteQuery delete from online where (nasidentifier='%1')&&(nasport='%2') CountQuery select username, acctsessionid from online where username='%n' </SessionDatabase> <AuthLog FILE> Identifier log1 Filename %L/logfile LogSuccess 1 LogFailure 1 @ SuccessFormat %l::%n accepted from %c, called %{Called-Station-Id} from %{Calling-Station-Id} FailureFormat %l::%n rejected from %c, %1, Called %{Called-Station-Id} from %{Calling-Station-Id}, password=%P </AuthLog> # Process call-check requests. <Handler Service-Type = Call-Check> AcctLogFileName %L/callcheck.log <AuthBy SQL> DBSource %{GlobalVar:DbServer} DBUsername %{GlobalVar:DbUser} DBAuth %{GlobalVar:DbPass} Timeout 8 FailureBackoffTime 10 AuthSelect select handler_group from check where \ (dialing_number='%{Calling-Station-Id}')&& \ (handler_group='%{Handler-Group}') AuthColumnDef 0,Handler-Group,check </AuthBy> </Handler> # Get rid of admin accounting requests <Handler User-Name = admin> </Handler> # Handle all accounting here. <Handler Request-Type=Accounting-Request> RewriteUsername s/^([^@]+).*/$1/ # Need a little hook here to determine if this is an accounting packet # whether we use the Livingston or Acct-Terminate-Cause attributes. # This gets the attribute Livingston if it exists, if not, gets # Acct-Terminate-Cause, if not gets Ascend-Disconnect-Cause # Put the correct one in new attribute %{Term-Cause} to be used later PreAuthHook file:"/etc/raddb/accounting.hook" <AuthBy GROUP> AuthByPolicy ContinueWhileAccept <AuthBy SQL> DBSource dbi:mysql:cheetah:ns.quik.com.au DBUsername %{GlobalVar:DbUser} DBAuth %{GlobalVar:DbPass} AccountingTable dialupusage AccountingStopsOnly Timeout 8 FailureBackoffTime 10 AcctColumnDef username, %U, formatted AcctColumnDef session_id, %{Acct-Session-Id}%m-%d, formatted AcctColumnDef router_ip, %c, formatted AcctColumnDef date, %f-%g-%i %j:%k:%p, formatted AcctColumnDef session_time, %{Acct-Session-Time}, formatted AcctColumnDef ip_address, %{Framed-IP-Address}, formatted AcctColumnDef phone, %{Calling-Station-Id}, formatted AcctColumnDef terminate_cause, %{Term-Cause}, formatted </AuthBy> <AuthBy SQL> DBSource %{GlobalVar:DbServer} DBUsername %{GlobalVar:DbUser} DBAuth %{GlobalVar:DbPass} AccountingStopsOnly Timeout 8 FailureBackoffTime 10 AcctSQLStatement update users set prepaid_timeleft=prepaid_timeleft-0%{Acct-Session-Time} where (prepay='true')&&(username='%U') </AuthBy> # SQL </AuthBy> # Group </Handler> # Handle the bulk of the users using our radius:users SQL table <Handler> # remove the realm RewriteUsername s/^([^@]+).*/$1/ <AuthBy GROUP> AuthByPolicy ContinueWhileIgnore <AuthBy SQL> IgnoreAccounting Timeout 8 FailureBackoffTime 10 DBSource %{GlobalVar:DbServer} DBUsername %{GlobalVar:DbUser} DBAuth %{GlobalVar:DbPass} NoDefault DefaultSimultaneousUse 1 # This AuthSelect gets a comma separated list of check items, a comma # separated list of reply items from the radius:users table AuthSelect select check_items, reply_items, case when (prepay='false') then if(session_timeout,session_timeout,NULL) when ((prepay='true')&&(ISNULL(session_timeout))) then prepaid_timeleft when ((prepay='true')&&(!(ISNULL(session_timeout)))) then if(prepaid_timeleft<session_timeout,prepaid_timeleft,session_timeout) end from users where (username='%U' && handler_group='%{Handler-Group}') # As it turns out, an attributename of GENERIC means that it is a # comma separated list of attribute=value pairs. # AuthColumnDef statements define the returned value from the database # AuthColumnDef <position number in select starting with 0>, attribute # name (or GENERIC if list), and whether check, reply, or request (to be # used in later sql statement). AuthColumnDef 0,GENERIC, check AuthColumnDef 1,GENERIC,reply AuthColumnDef 2,Session-Timeout,reply </AuthBy> #SQL # <AuthBy FILE> # # if db fails # Filename %D/users # </AuthBy> </AuthBy> # Group PostAuthHook file:"/etc/raddb/prepay_overuse.hook" AuthLog log1 </Handler> ------- end radius.cfg Any help is greatly appreciated. Griff Hamlin, III === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
