Hello Donald -


It is difficult to say what is happening without a complete configuration file and an accompanying trace 4 debug.

I suspect what is happening here is you have not correctly configured an AuthByPolicy to control the execution of the AuthBy clauses. In the case you show below you should probably use this:

AuthByPolicy ContinueAlways

regards

Hugh


On Friday, Jun 27, 2003, at 13:59 Australia/Melbourne, Foo Donald (Products O2) wrote:


Hi Hugh,
Sorry for push so hard ,any update for this? We need to fix the accounting
proxy asap.
The current status is one radiator proxy to 4 accoutning server (A,B,C,D).
Now we only can see the accounting packet from proxy to A, no accounting
arrive to B, C, D. Herewith is the current <auth radius>.


        <AuthBy RADIUS>
                RetryTimeout 25
                NoForwardAuthentication
                Secret radius
                AcctPort 1813
                Host 10.12.1.2
        </AuthBy>

        <AuthBy RADIUS>
                IgnoreAccountingResponse
                RetryTimeout 25
                NoForwardAuthentication
                Secret radius
                AcctPort 1813
                Host 10.12.1.41
        </AuthBy>

        <AuthBy RADIUS>
                IgnoreAccountingResponse
                RetryTimeout 25
                NoForwardAuthentication
                Secret radius
                AcctPort 1813
                Host 10.12.1.201
        </AuthBy>

        <AuthBy RADIUS>
                IgnoreAccountingResponse
                RetryTimeout 25
                NoForwardAuthentication
                Secret radius
                AcctPort 1813
                Host 10.12.1.202
        </AuthBy>

Regards,
Donald



-----Original Message-----
From: Foo Donald (Products O2) [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 26, 2003 10:47 PM
To: '[EMAIL PROTECTED]'
Subject: (RADIATOR) some question about the radiator


Hi there,
we found something strange after on production. can you help?
we have a ggsn pointing to two radiator A and B, their configuration are the
same.


1. we send the accounting packet to 4 accounting server(A1,A2,A3,A4),we only
need A1 reply. But if A2 or A3 dead, the ggsn will fail to B radiator.
herewith is the auth radius when we have this problem. with this
configuration, we can see accounting send to A1, A2 and A3 but not A4, why??
<AuthBy RADIUS>
Synchronous
RetryTimeout 25
NoForwardAuthentication
Secret radius
AcctPort 1813
Host 10.12.1.2
</AuthBy>


        <AuthBy RADIUS>
                Synchronous
                RetryTimeout 25
                NoForwardAuthentication
                Secret radius
                AcctPort 1813
                Host 10.12.1.41
        </AuthBy>

        <AuthBy RADIUS>
                RetryTimeout 25
                NoForwardAuthentication
                Secret radius
                AcctPort 1813
                Host 10.12.1.201
        </AuthBy>

        <AuthBy RADIUS>
                RetryTimeout 25
                NoForwardAuthentication
                Secret radius
                AcctPort 1813
                Host 10.12.1.202
        </AuthBy>


2) When I put the IgnoreAccountingResponse in each of the tag, I can now
only see accounting go A1 and don't see any accouning goto A2, A3, A4 (the
current configuration is on below).


3) When I do a radiator/mysql process restart (we wrote a script to do start
and stop) after change the configuration, it will not take effect until we
reboot it, but the script works fine when test, is this relate to stack
buffer or cache problem?


4) we found that the mysql database is growth fast. so it will take longer
time to start it. is there anything in radiator which can detail the
database ready before it can connect to it?



The current configuration


#Foreground
#LogStdout
LogDir          /var/radiator
LogFile         %L/detail
DbDir           /usr/local/radiator
DictionaryFile  %D/dictionary,%D/goodies/dictionary.usr
PidFile         %L/radiusd.pid
Trace           4

AuthPort 1812
AcctPort 1813

#<Client DEFAULT>
#        Secret  radius
#</Client>
<Client 0.0.0.0>
        Secret bbbbb
        DupInterval 3
</Client>

<Client 10.12.1.57>
        Secret bbbbb
        DupInterval 3
</Client>


<Client 10.10.0.2> Secret aaaaa DupInterval 3 </Client>

<Client 10.208.2.2>
        Secret bbbbb
        DupInterval 3
</Client>

<Client 10.10.0.3>
        Secret aaaaa
        DupInterval 3
</Client>

<Client 10.208.2.1>
        Secret bbbbb
        DupInterval 3
</Client>

<Client 10.208.2.3>
        Secret bbbbb
        DupInterval 3
</Client>

<Client 10.11.0.1>
        Secret aaaaa
        DupInterval 3
</Client>

<Client 10.208.2.4>
        Secret bbbbb
        DupInterval 3
</Client>

<AuthBy SQL>
        Identifier      CheckSQLBlacklist
        DBSource        dbi:mysql:radius
        DBUsername      root
        DBAuth          tbsbeatptoc
        AuthSelect      select REJECT from CALLER_BLACKLIST where
Calling_Station='%{Calling-Station-Id}'
        AuthColumnDef   0, GENERIC, check
        AcceptIfMissing
        NoDefaultIfFound
</AuthBy>

<AuthBy SQL>
        Identifier      CheckSQLNormal
        DBSource        dbi:mysql:radius
        DBUsername      root
        DBAuth          tbsbeatptoc

        AccountingTable ACCOUNTING
        AcctColumnDef   USERNAME,User-Name
        AcctColumnDef   TIME_STAMP,Timestamp,integer
        AcctColumnDef   ACCTSTATUSTYPE,Acct-Status-Type
        AcctColumnDef   ACCTDELAYTIME,Acct-Delay-Time,integer
        AcctColumnDef   ACCTINPUTOCTETS,Acct-Input-Octets,integer
        AcctColumnDef   ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
        AcctColumnDef   ACCTSESSIONID,Acct-Session-Id
        AcctColumnDef   ACCTSESSIONTIME,Acct-Session-Time,integer
        AcctColumnDef   ACCTTERMINATECAUSE,Acct-Terminate-Cause
        AcctColumnDef   NASIDENTIFIER,NAS-Identifier
        AcctColumnDef   NASPORT,NAS-Port,integer
        AcctColumnDef   FRAMEDIPADDRESS,Framed-IP-Address
        AcctColumnDef   ACCTCALLINGSTATIONID,Calling-Station-Id
</AuthBy>

# M1 Blacklist
<Handler
Calling-Station-Id=/ ^(6590[479]|6593[46]|6594[37]|6596[89]|6597[469]|6598[47
]|65919[0-8]|65927[3-9])/>
RejectHasReason
<AuthBy INTERNAL>
DefaultResult REJECT
RejectReason You are not StarHub Customer
</AuthBy>


<AuthLog SQL>
DBSource dbi:mysql:radius
DBUsername root
DBAuth tbsbeatptoc
LogFailure
FailureQuery insert into RADAUTHLOG (TIME_STAMP, USERNAME,
TYPE, REASON, Calling_Station) values (%t, '%n', 0, %1,
'%{Calling-Station-Id}')
</AuthLog SQL>
</Handler>


# SingTel Blacklist
<Handler
Calling-Station-Id=/^(6590[135]|6591[12357]|6593[579]|6594[46]|6596[1- 7]|659
7[23578]|6598[2369]|65908[1-9]|65923[0-6]|65929[5-9]|659334|65942[0- 2]|65971
[0-6]|65980[6-7]|65981[0-2]|65981[5-9])/>
RejectHasReason
<AuthBy INTERNAL>
DefaultResult RREJECT
RejectReason You are not StarHub Customer
</AuthBy>


<AuthLog SQL>
DBSource dbi:mysql:radius
DBUsername root
DBAuth tbsbeatptoc
LogFailure
FailureQuery insert into RADAUTHLOG (TIME_STAMP, USERNAME,
TYPE, REASON, Calling_Station) values (%t, '%n', 0, %1,
'%{Calling-Station-Id}')
</AuthLog SQL>
</Handler>


<Handler>
        RejectHasReason
        AuthByPolicy    ContinueWhileAccept
        AuthBy          CheckSQLBlacklist
        AuthBy          CheckSQLNormal
        <AuthBy RADIUS>
                RetryTimeout 25
                NoForwardAuthentication
                Secret radius
                AcctPort 1813
                Host 10.12.1.2
        </AuthBy>

        <AuthBy RADIUS>
                IgnoreAccountingResponse
                RetryTimeout 25
                NoForwardAuthentication
                Secret radius
                AcctPort 1813
                Host 10.12.1.41
        </AuthBy>

        <AuthBy RADIUS>
                IgnoreAccountingResponse
                RetryTimeout 25
                NoForwardAuthentication
                Secret radius
                AcctPort 1813
                Host 10.12.1.201
        </AuthBy>

        <AuthBy RADIUS>
                IgnoreAccountingResponse
                RetryTimeout 25
                NoForwardAuthentication
                Secret radius
                AcctPort 1813
                Host 10.12.1.202
        </AuthBy>

<AuthLog SQL>
DBSource dbi:mysql:radius
DBUsername root
DBAuth tbsbeatptoc
LogSuccess
SuccessQuery insert into RADAUTHLOG (TIME_STAMP, USERNAME,
TYPE, REASON, Calling_Station) values (%t, '%n', 1, 'Authorized',
'%{Calling-Station-Id}')
LogFailure
FailureQuery insert into RADAUTHLOG (TIME_STAMP, USERNAME,
TYPE, REASON, Calling_Station) values (%t, '%n', 0, %1,
'%{Calling-Station-Id}')
</AuthLog>


</Handler>

<StatsLog SQL>
        DBSource        dbi:mysql:radius
        DBUsername      root
        DBAuth          tbsbeatptoc
        Interval 3600
</StatsLog>

Regards,
Donald
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.



NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening?

--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Reply via email to