Hello Donald -
It is difficult to say what is happening without a complete configuration file and an accompanying trace 4 debug.
I suspect what is happening here is you have not correctly configured an AuthByPolicy to control the execution of the AuthBy clauses. In the case you show below you should probably use this:
AuthByPolicy ContinueAlways
regards
Hugh
On Friday, Jun 27, 2003, at 13:59 Australia/Melbourne, Foo Donald (Products O2) wrote:
Hi Hugh,
Sorry for push so hard ,any update for this? We need to fix the accounting
proxy asap.
The current status is one radiator proxy to 4 accoutning server (A,B,C,D).
Now we only can see the accounting packet from proxy to A, no accounting
arrive to B, C, D. Herewith is the current <auth radius>.
<AuthBy RADIUS> RetryTimeout 25 NoForwardAuthentication Secret radius AcctPort 1813 Host 10.12.1.2 </AuthBy>
<AuthBy RADIUS> IgnoreAccountingResponse RetryTimeout 25 NoForwardAuthentication Secret radius AcctPort 1813 Host 10.12.1.41 </AuthBy>
<AuthBy RADIUS> IgnoreAccountingResponse RetryTimeout 25 NoForwardAuthentication Secret radius AcctPort 1813 Host 10.12.1.201 </AuthBy>
<AuthBy RADIUS> IgnoreAccountingResponse RetryTimeout 25 NoForwardAuthentication Secret radius AcctPort 1813 Host 10.12.1.202 </AuthBy>
Regards, Donald
-----Original Message----- From: Foo Donald (Products O2) [mailto:[EMAIL PROTECTED] Sent: Thursday, June 26, 2003 10:47 PM To: '[EMAIL PROTECTED]' Subject: (RADIATOR) some question about the radiator
Hi there,
we found something strange after on production. can you help?
we have a ggsn pointing to two radiator A and B, their configuration are the
same.
1. we send the accounting packet to 4 accounting server(A1,A2,A3,A4),we only
need A1 reply. But if A2 or A3 dead, the ggsn will fail to B radiator.
herewith is the auth radius when we have this problem. with this
configuration, we can see accounting send to A1, A2 and A3 but not A4, why??
<AuthBy RADIUS>
Synchronous
RetryTimeout 25
NoForwardAuthentication
Secret radius
AcctPort 1813
Host 10.12.1.2
</AuthBy>
<AuthBy RADIUS> Synchronous RetryTimeout 25 NoForwardAuthentication Secret radius AcctPort 1813 Host 10.12.1.41 </AuthBy>
<AuthBy RADIUS> RetryTimeout 25 NoForwardAuthentication Secret radius AcctPort 1813 Host 10.12.1.201 </AuthBy>
<AuthBy RADIUS> RetryTimeout 25 NoForwardAuthentication Secret radius AcctPort 1813 Host 10.12.1.202 </AuthBy>
2) When I put the IgnoreAccountingResponse in each of the tag, I can now
only see accounting go A1 and don't see any accouning goto A2, A3, A4 (the
current configuration is on below).
3) When I do a radiator/mysql process restart (we wrote a script to do start
and stop) after change the configuration, it will not take effect until we
reboot it, but the script works fine when test, is this relate to stack
buffer or cache problem?
4) we found that the mysql database is growth fast. so it will take longer
time to start it. is there anything in radiator which can detail the
database ready before it can connect to it?
The current configuration
#Foreground #LogStdout LogDir /var/radiator LogFile %L/detail DbDir /usr/local/radiator DictionaryFile %D/dictionary,%D/goodies/dictionary.usr PidFile %L/radiusd.pid Trace 4
AuthPort 1812 AcctPort 1813
#<Client DEFAULT> # Secret radius #</Client> <Client 0.0.0.0> Secret bbbbb DupInterval 3 </Client>
<Client 10.12.1.57> Secret bbbbb DupInterval 3 </Client>
<Client 10.10.0.2> Secret aaaaa DupInterval 3 </Client>
<Client 10.208.2.2> Secret bbbbb DupInterval 3 </Client>
<Client 10.10.0.3> Secret aaaaa DupInterval 3 </Client>
<Client 10.208.2.1> Secret bbbbb DupInterval 3 </Client>
<Client 10.208.2.3> Secret bbbbb DupInterval 3 </Client>
<Client 10.11.0.1> Secret aaaaa DupInterval 3 </Client>
<Client 10.208.2.4> Secret bbbbb DupInterval 3 </Client>
<AuthBy SQL> Identifier CheckSQLBlacklist DBSource dbi:mysql:radius DBUsername root DBAuth tbsbeatptoc AuthSelect select REJECT from CALLER_BLACKLIST where Calling_Station='%{Calling-Station-Id}' AuthColumnDef 0, GENERIC, check AcceptIfMissing NoDefaultIfFound </AuthBy>
<AuthBy SQL> Identifier CheckSQLNormal DBSource dbi:mysql:radius DBUsername root DBAuth tbsbeatptoc
AccountingTable ACCOUNTING AcctColumnDef USERNAME,User-Name AcctColumnDef TIME_STAMP,Timestamp,integer AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer AcctColumnDef ACCTSESSIONID,Acct-Session-Id AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause AcctColumnDef NASIDENTIFIER,NAS-Identifier AcctColumnDef NASPORT,NAS-Port,integer AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address AcctColumnDef ACCTCALLINGSTATIONID,Calling-Station-Id </AuthBy>
# M1 Blacklist
<Handler
Calling-Station-Id=/ ^(6590[479]|6593[46]|6594[37]|6596[89]|6597[469]|6598[47
]|65919[0-8]|65927[3-9])/>
RejectHasReason
<AuthBy INTERNAL>
DefaultResult REJECT
RejectReason You are not StarHub Customer
</AuthBy>
<AuthLog SQL>
DBSource dbi:mysql:radius
DBUsername root
DBAuth tbsbeatptoc
LogFailure
FailureQuery insert into RADAUTHLOG (TIME_STAMP, USERNAME,
TYPE, REASON, Calling_Station) values (%t, '%n', 0, %1,
'%{Calling-Station-Id}')
</AuthLog SQL>
</Handler>
# SingTel Blacklist
<Handler
Calling-Station-Id=/^(6590[135]|6591[12357]|6593[579]|6594[46]|6596[1- 7]|659
7[23578]|6598[2369]|65908[1-9]|65923[0-6]|65929[5-9]|659334|65942[0- 2]|65971
[0-6]|65980[6-7]|65981[0-2]|65981[5-9])/>
RejectHasReason
<AuthBy INTERNAL>
DefaultResult RREJECT
RejectReason You are not StarHub Customer
</AuthBy>
<AuthLog SQL>
DBSource dbi:mysql:radius
DBUsername root
DBAuth tbsbeatptoc
LogFailure
FailureQuery insert into RADAUTHLOG (TIME_STAMP, USERNAME,
TYPE, REASON, Calling_Station) values (%t, '%n', 0, %1,
'%{Calling-Station-Id}')
</AuthLog SQL>
</Handler>
<Handler> RejectHasReason AuthByPolicy ContinueWhileAccept AuthBy CheckSQLBlacklist AuthBy CheckSQLNormal <AuthBy RADIUS> RetryTimeout 25 NoForwardAuthentication Secret radius AcctPort 1813 Host 10.12.1.2 </AuthBy>
<AuthBy RADIUS> IgnoreAccountingResponse RetryTimeout 25 NoForwardAuthentication Secret radius AcctPort 1813 Host 10.12.1.41 </AuthBy>
<AuthBy RADIUS> IgnoreAccountingResponse RetryTimeout 25 NoForwardAuthentication Secret radius AcctPort 1813 Host 10.12.1.201 </AuthBy>
<AuthBy RADIUS> IgnoreAccountingResponse RetryTimeout 25 NoForwardAuthentication Secret radius AcctPort 1813 Host 10.12.1.202 </AuthBy>
<AuthLog SQL>
DBSource dbi:mysql:radius
DBUsername root
DBAuth tbsbeatptoc
LogSuccess
SuccessQuery insert into RADAUTHLOG (TIME_STAMP, USERNAME,
TYPE, REASON, Calling_Station) values (%t, '%n', 1, 'Authorized',
'%{Calling-Station-Id}')
LogFailure
FailureQuery insert into RADAUTHLOG (TIME_STAMP, USERNAME,
TYPE, REASON, Calling_Station) values (%t, '%n', 0, %1,
'%{Calling-Station-Id}')
</AuthLog>
</Handler>
<StatsLog SQL> DBSource dbi:mysql:radius DBUsername root DBAuth tbsbeatptoc Interval 3600 </StatsLog>
Regards, Donald === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening?
-- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence.
=== Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
