Thanks for sending the trace file and the configuration.
It would appear from the trace that there is a problem with the Client defintions, and it also shows there is a timeout when executing the snmpget. What do you see when you run the snmpget by hand? You should get that working first, because until you do, Radiator will not work either.
It also appears from the trace that you have a problem in the AuthBy FILE clause(s):
Unix-PW
is being used as a check item, which should probably be
User-Password
regards
Hugh
On Friday, August 2, 2002, at 06:14 AM, Gib Salisbury wrote:
Hey all,--
I'm trying to get a new radiator configuration working on my FreeBSD 4.4
Machine that is using Radiator 3.1 and Perl 5.6.1. The problem that I am
having is when Radiator tries to check if an existing session is still
active with snmpget it times out every time without repsonse. I am using
snmpget 5.0.1 that was compiled locally. Also, the TotalControls are
running various ComOS versions 5.0-5.3. I have made sure that the SNMP
community was configured in the TC and that it had the proper host
authority. If you could provide any pointers as to what I could be doing
wrong it would be much appreciated. I have attached my config file and
also the trace level 4 output.
Secondly, I am having a problem with the TC putting accounting entries in
for Manager every minute. It increases the session id by one each time it
does it. Does anyone know if this is a setting inside ComOS? Thanks in
advance.
Sincerely,
Gib Salisbury
Technician
Quantum Connections, LLC
Phone (616) 926-4242 x215
http://www.qtm.net/
*** Received from 127.0.0.1 port 3713 ....
Code: Access-Request
Identifier: 82
Authentic: 1234567890123456
Attributes:
User-Name = "gsalisbu"
Service-Type = Framed-User
NAS-IP-Address = 216.163.41.10
NAS-Port = 1234
Called-Station-Id = "123456789"
Calling-Station-Id = "987654321"
NAS-Port-Type = Async
User-Password = "*removed but correct*"
Thu Aug 1 15:47:07 2002: DEBUG: Rewrote user name to gsalisbu
Thu Aug 1 15:47:07 2002: DEBUG: Rewrote user name to gsalisbu
Thu Aug 1 15:47:07 2002: DEBUG: Rewrote user name to gsalisbu
Thu Aug 1 15:47:07 2002: DEBUG: Handling request with Handler
'Realm=x2realm'
Thu Aug 1 15:47:07 2002: DEBUG: Rewrote user name to gsalisbu
Thu Aug 1 15:47:07 2002: DEBUG: SessionSQL Deleting session for gsalisbu,
216.163.41.10, 1234
Thu Aug 1 15:47:07 2002: DEBUG: do query is: delete from RADONLINE where
NASIDENTIFIER='216.163.41.10' and NASPORT=01234
Thu Aug 1 15:47:07 2002: DEBUG: Handling with Radius::AuthSQL
Thu Aug 1 15:47:07 2002: DEBUG: Handling with Radius::AuthFILE: x2users
Thu Aug 1 15:47:07 2002: DEBUG: Radius::AuthFILE looks for match with
gsalisbu
Thu Aug 1 15:47:07 2002: DEBUG: Handling with Radius::AuthUNIX: password
Thu Aug 1 15:47:07 2002: DEBUG: Radius::AuthUNIX looks for match with
gsalisbu
Thu Aug 1 15:47:07 2002: DEBUG: Query is: select NASIDENTIFIER, NASPORT,
ACCTSESSIONID from RADONLINE where USERNAME='gsalisbu'
Thu Aug 1 15:47:07 2002: WARNING: SessionSQL Could not find a Client for
NAS 203.63.154.1 to double-check Simultaneous-Use. Perhaps you do not have
a reverse DNS for that NAS?
Thu Aug 1 15:47:07 2002: WARNING: SessionSQL Could not find a Client for
NAS 216.163.32.138 to double-check Simultaneous-Use. Perhaps you do not
have a reverse DNS for that NAS?
Thu Aug 1 15:47:07 2002: DEBUG: Checking if user is still online: Hiper,
gsalisbu, 216.163.62.138, 4577, 00001234
Thu Aug 1 15:47:07 2002: DEBUG: Running command `/usr/local/bin/snmpget -c
'public' 216.163.62.138
.iso.org.dod.internet.private.enterprises.429.4.10.1.1.18.5833`
Timeout: No Response from 216.163.62.138.
Thu Aug 1 15:47:13 2002: NOTICE: SessionSQL Session for gsalisbu at
216.163.62.138:4577 has gone away
Thu Aug 1 15:47:13 2002: DEBUG: SessionSQL Deleting session for gsalisbu,
216.163.62.138, 4577
Thu Aug 1 15:47:13 2002: DEBUG: do query is: delete from RADONLINE where
NASIDENTIFIER='216.163.41.10' and NASPORT=01234
Thu Aug 1 15:47:13 2002: DEBUG: Checking if user is still online:
TotalControlSNMP, gsalisbu, 216.163.41.10, 4577, 00001234
Thu Aug 1 15:47:13 2002: DEBUG: Running command `/usr/local/bin/snmpget -c
'public' 216.163.41.10
.iso.org.dod.internet.private.enterprises.429.4.2.1.140.1.2.8.48.48.48.4
8.49.50.51.52`
Timeout: No Response from 216.163.41.10.
Thu Aug 1 15:47:19 2002: NOTICE: SessionSQL Session for gsalisbu at
216.163.41.10:4577 has gone away
Thu Aug 1 15:47:19 2002: DEBUG: SessionSQL Deleting session for gsalisbu,
216.163.41.10, 4577
Thu Aug 1 15:47:19 2002: DEBUG: do query is: delete from RADONLINE where
NASIDENTIFIER='216.163.41.10' and NASPORT=01234
Thu Aug 1 15:47:19 2002: DEBUG: Query is: select NASIDENTIFIER, NASPORT,
ACCTSESSIONID from RADONLINE where USERNAME='gsalisbu'
Thu Aug 1 15:47:19 2002: WARNING: SessionSQL Could not find a Client for
NAS 203.63.154.1 to double-check Simultaneous-Use. Perhaps you do not have
a reverse DNS for that NAS?
Thu Aug 1 15:47:19 2002: WARNING: SessionSQL Could not find a Client for
NAS 216.163.32.138 to double-check Simultaneous-Use. Perhaps you do not
have a reverse DNS for that NAS?
Thu Aug 1 15:47:19 2002: DEBUG: Checking if user is still online: Hiper,
gsalisbu, 216.163.62.138, 4577, 00001234
Thu Aug 1 15:47:19 2002: DEBUG: Running command `/usr/local/bin/snmpget -c
'public' 216.163.62.138
.iso.org.dod.internet.private.enterprises.429.4.10.1.1.18.5833`
Timeout: No Response from 216.163.62.138.
Thu Aug 1 15:47:25 2002: NOTICE: SessionSQL Session for gsalisbu at
216.163.62.138:4577 has gone away
Thu Aug 1 15:47:25 2002: DEBUG: SessionSQL Deleting session for gsalisbu,
216.163.62.138, 4577
Thu Aug 1 15:47:26 2002: DEBUG: do query is: delete from RADONLINE where
NASIDENTIFIER='216.163.41.10' and NASPORT=01234
Thu Aug 1 15:47:26 2002: DEBUG: Checking if user is still online:
TotalControlSNMP, gsalisbu, 216.163.41.10, 4577, 00001234
Thu Aug 1 15:47:26 2002: DEBUG: Running command `/usr/local/bin/snmpget -c
'public' 216.163.41.10
.iso.org.dod.internet.private.enterprises.429.4.2.1.140.1.2.8.48.48.48.4
8.49.50.51.52`
Timeout: No Response from 216.163.41.10.
Thu Aug 1 15:47:32 2002: NOTICE: SessionSQL Session for gsalisbu at
216.163.41.10:4577 has gone away
Thu Aug 1 15:47:32 2002: DEBUG: SessionSQL Deleting session for gsalisbu,
216.163.41.10, 4577
Thu Aug 1 15:47:32 2002: DEBUG: do query is: delete from RADONLINE where
NASIDENTIFIER='216.163.41.10' and NASPORT=01234
Thu Aug 1 15:47:32 2002: DEBUG: Radius::AuthUNIX REJECT:
DefaultSimultaneousUse of 1 exceeded
Thu Aug 1 15:47:32 2002: DEBUG: Radius::AuthFILE REJECT:
DefaultSimultaneousUse of 1 exceeded
Thu Aug 1 15:47:32 2002: DEBUG: Radius::AuthFILE looks for match with
DEFAULT
Thu Aug 1 15:47:32 2002: DEBUG: Radius::AuthFILE REJECT: Check item
Authentication-type expression 'Unix-PW' does not match '' in request
Thu Aug 1 15:47:32 2002: INFO: Access rejected for gsalisbu: Check item
Authentication-type expression 'Unix-PW' does not match '' in request
Thu Aug 1 15:47:32 2002: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 3713 ....
Code: Access-Reject
Identifier: 82
Authentic: 1234567890123456
Attributes:
Reply-Message = "Request Denied"
DbDir /raddb
DictionaryFile /raddb/dictionary
LogDir /raddb
LogFile %L\radius
PidFile radius.pid
SnmpgetProg /usr/local/bin/snmpget
RewriteUsername s/^([^@]+).*/$1/
RewriteUsername tr/[A-Z]/[a-z]/
RewriteUsername s/\s+//g
Trace 4
LogStdout
<AuthBy UNIX>
DefaultSimultaneousUse 1
Description unix pw auth
Filename /etc/master.passwd
GroupFilename /etc/group
Identifier password
</AuthBy>
<AuthBy FILE>
DefaultSimultaneousUse 1
Description users std
Filename %D/users
Identifier users
</AuthBy>
<AuthBy FILE>
DefaultSimultaneousUse 1
Description tc8 users
Filename %D/tc8.users
Identifier tc8users
</AuthBy>
<AuthBy FILE>
DefaultSimultaneousUse 1
Description dsl
Filename %D/dsl.users
Identifier dslusers
</AuthBy>
<AuthBy FILE>
DefaultSimultaneousUse 1
Description x2 user auth
Filename %D/x2.users
Identifier x2users
</AuthBy>
<AuthBy SQL>
DBSource dbi:mysql:radius
DBUsername radius
DBAuth XXXX
AuthSelect
Identifier sqlacct
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
AcctColumnDef NASIDENTIFIER,NAS-Identifier
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
AcctColumnDef CALLINGSTATION,Calling-Station-Id,integer
</AuthBy>
<ClientListSQL>
DBSource dbi:mysql:radius
DBUsername radius
DBAuth XXXX
</ClientListSQL>
<Log SQL>
DBSource dbi:mysql:radius
DBUsername radius
DBAuth XXXX
</Log>
<StatsLog SQL>
DBSource dbi:mysql:radius
DBUsername radius
DBAuth XXXX
Interval 86400
</StatsLogSQL>
<Realm realmusers>
RewriteUsername s/^([^@]+).*/$1/
AuthByPolicy null
AuthBy sqlacct
AuthBy users
PasswordLogFileName pwd.log
SessionDatabase
</Realm>
<Realm x2realm>
RewriteUsername s/^([^@]+).*/$1/
AuthByPolicy Null
AuthBy sqlacct
AuthBy x2users
PasswordLogFileName pwd.log
SessionDatabase
</Realm>
<Realm dslrealm>
RewriteUsername s/^([^@]+).*/$1/
AuthByPolicy Null
AuthBy sqlacct
AuthBy dslusers
PasswordLogFileName pwd.log
SessionDatabase
</Realm>
<Realm tc8realm>
RewriteUsername s/^([^@]+).*/$1/
AuthByPolicy Null
AuthBy sqlacct
AuthBy tc8users
PasswordLogFileName pwd.log
SessionDatabase
</Realm>
<SessionDatabase SQL>
AddQuery insert into RADONLINE (USERNAME, NASIDENTIFIER, NASPORT,
ACCTSESSIONID, TIME_STAMP, FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE)
values ('%u', '%N', 0%{NAS-Port}, '%{Acct-Session-Id}', %{Timestamp},
'%{Framed-IP-Address}', '%{NAS-Port-Type}', '%{Service-Type}')
ClearNasQuery delete from RADONLINE where NASIDENTIFIER='%N'
CountNasSessionsQuery select ACCTSESSIONID from RADONLINE where
NASIDENTIFIER='%N'
CountQuery select NASIDENTIFIER, NASPORT, ACCTSESSIONID from RADONLINE
where USERNAME='%u'
DBAuth XXXX
DBSource dbi:mysql:radius
DBUsername radius
DeleteQuery delete from RADONLINE where NASIDENTIFIER='%N' and
NASPORT=0%{NAS-Port}
Description Current Session database
Identifier SessionSQL
</SessionDatabase>
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
