Hello Julio -
Thanks for sending the files.
There are a couple of things that I notice straight away.
The first is a very large number of errors with the communication with the Oracle database. This should be addressed first of all so you have a stable communication channel with no errors. The usual cause of problems like this is the versions of either the DBI module or the DBD-Oracle module. You should check the CPAN site and either upgrade or downgrade until you find a stable combination.
The second is a configuration issue which is your use of "Fork" in your AuthBy RADIUS clauses. You should not use "Fork" in an AuthBy RADIUS clause. This may also be contributing the Oracle communications problems.
Note that the AuthBy RADIUS clause operates asynchronously in any case, so "Fork" is not required.
regards
Hugh
On 06/11/2003, at 4:37 AM, Julio Cesar Pinto wrote:
Hi Hung,
Ok, our config file is a little complex, but the summary is the following:
Foreground Trace 4 ### CONFIGURATION ### LogDir /home/radius/log/%{GlobalVar:RadiusIP} LogFile %L/radiator.log DbDir /home/radius/etc/conf DictionaryFile %D/dictionary.ifx PidFile %L/radius.pid BindAddress %{GlobalVar:RadiusIP} AuthPort 1812 AcctPort 1813 ### CONFIGURATION ###
#ACCT_RADIUS_CL <AuthBy RADIUS> Fork AcctPort 1646 NoForwardAuthentication Host 216.241.*.* Identifier ACCT_RADIUS_CL LocalAddress %{GlobalVar:RadiusIP} Retries 3 RetryTimeout 30 Secret ****** </AuthBy>
#ACCT_RADIUS_AR <AuthBy RADIUS> Fork AcctPort 1646 NoForwardAuthentication Host 200.61.*.* Identifier ACCT_RADIUS_AR LocalAddress %{GlobalVar:RadiusIP} Retries 3 RetryTimeout 30 Secret ***** </AuthBy>
#DB Clients <ClientListSQL> DBAuth ******* DBSource DBI:Oracle:ORACLE.DOMAIN.COM DBUsername usersql GetClientQuery select NASIDENTIFIER,SECRET from RADCLIENTLIST </ClientListSQL>
# VE RAS 200.62.10.25 is a USR TotalControl which sends bad signatures ( fg - 9/10/2003)
<Client 200.62.10.25>
Secret *******
IgnoreAcctSignature
</Client>
#Sesscion RADONLINE
<SessionDatabase SQL>
AddQuery insert into RADONLINE (USERNAME, NASIDENTIFIER, NASPORT,ACCTSESSIONID, TIMESTAMP, FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE,CALL
ERID,CLIENTPORTDNIS,IFX_VISP_ID,IFX_COUNTRY_ID) values ('%u', '%N', 0%{NAS-Port},'%{Acct-Session-Id}', to_date('%d %m %Y %H:%M:%S', 'DD MM
YYYY HH24:MI:SS'), '%{Framed-IP-Address}','%{NAS-Port-Type}', '%{Service-Type}','%{Calling-Station-Id}','%{Called-Station- Id}','%{Ifx-Vis
p-Id}','%{Ifx-Country-Id}')
ClearNasQuery delete from RADONLINE where NASIDENTIFIER='%N'
CountNasSessionsQuery select ACCTSESSIONID from RADONLINE where NASIDENTIFIER='%N'
CountQuery select NASIDENTIFIER, NASPORT, ACCTSESSIONID from RADONLINE where USERNAME='%u
DBAuth *******
DBSource DBI:Oracle:ORACLE.DOMAIN.COM
DBUsername usersql
DeleteQuery delete from RADONLINE where NASIDENTIFIER='%N' and NASPORT=0%{NAS-Port}
Identifier SESSIONID_0
</SessionDatabase>
#PROMISCUE <AuthBy TEST> Identifier PROMISCUO </AuthBy>
#AA_SQL_LOCAL
<AuthBy SQL>
DBAuth ******
DBSource DBI:Oracle:ORACLE.DOMAIN.COM
DBUsername usersql
AuthSelect select PASSWORD, TO_CHAR(EXPIRATION,'YYYY-MM-DD'), CHECKATTR, REPLYATTR from SUBSCRIBERS where USERNAME='%n' and ACTIVE=1
AuthColumnDef 0, User-Password, check
AuthColumnDef 1, Expiration, check
AuthColumnDef 2, GENERIC, check
AuthColumnDef 3, GENERIC, reply
AccountingTable ACCOUNTING%Y%m
AcctColumnDef USERNAME,User-Name
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
AcctColumnDef NASIDENTIFIER,NAS-IP-Address
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
AcctColumnDef FRAMEDIPNETMASK,Framed-IP-Netmask
AcctColumnDef ASCENDDATARATE,Ascend-Data-Rate,integer
AcctColumnDef ASCENDDISCONNECTCAUSE,Ascend-Disconnect-Cause,integer
AcctColumnDef ASCENDPRESESSIONTIME,Ascend-PreSession-Time,integer
AcctColumnDef CALLERID,Calling-Station-Id
AcctColumnDef CLIENTPORTDNIS,Called-Station-Id
AcctColumnDef IFX_VISP_ID,Ifx-Visp-Id
AcctColumnDef IFX_CONN_STAT,Ifx-Conn-Stat,integer
AcctColumnDef IFX_TEST,Ifx-Test,integer
AcctColumnDef IFX_COUNTRY_ID,Ifx-Country-Id
AcctColumnDef TIMESTAMP,Timestamp,formatted-date,to_date('%e %m %Y %H:%M:%S', 'DD MM YYYY HH24:MI:SS')
AcctColumnDef CLASS,Class
AccountingStopsOnly
NoDefault
IgnoreAuthentication
Identifier AA_SQL_LOCAL
AcctFailedLogFileName %L/FailedSqlAccounting.log
AddToReplyIfNotExist \
Service-Type = Framed-User, \
Framed-Protocol = PPP, \
Framed-IP-Address = 255.255.255.254, \
Framed-IP-Netmask = 255.255.255.255, \
Idle-Timeout = 900, \
Session-Timeout = 82800, \
Framed-MTU = 1500, \
Port-Limit = 1
</AuthBy>
#AUTH_SQL_LOCAL
<AuthBy SQL>
DBAuth ******
DBSource DBI:Oracle:ORACLE.DOMAIN.COM
DBUsername usersql
AuthSelect select PASSWORD, TO_CHAR(EXPIRATION,'YYYY-MM-DD'), CHECKATTR, REPLYATTR from SUBSCRIBERS where USERNAME='%n' and ACTIVE=1
AuthColumnDef 0, User-Password, check
AuthColumnDef 1, Expiration, check
AuthColumnDef 1, Expiration, check
AuthColumnDef 2, GENERIC, check
AuthColumnDef 3, GENERIC, reply
AccountingTable ACCOUNTING%Y%m
AcctColumnDef USERNAME,User-Name
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
AcctColumnDef NASIDENTIFIER,NAS-IP-Address
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
AcctColumnDef FRAMEDIPNETMASK,Framed-IP-Netmask
AcctColumnDef ASCENDDATARATE,Ascend-Data-Rate,integer
AcctColumnDef ASCENDDISCONNECTCAUSE,Ascend-Disconnect-Cause,integer
AcctColumnDef ASCENDPRESESSIONTIME,Ascend-PreSession-Time,integer
AcctColumnDef CALLERID,Calling-Station-Id
AcctColumnDef CLIENTPORTDNIS,Called-Station-Id
AcctColumnDef IFX_VISP_ID,Ifx-Visp-Id
AcctColumnDef IFX_CONN_STAT,Ifx-Conn-Stat,integer
AcctColumnDef IFX_TEST,Ifx-Test,integer
AcctColumnDef IFX_COUNTRY_ID,Ifx-Country-Id
AcctColumnDef TIMESTAMP,Timestamp,formatted-date,to_date('%e %m %Y %H:%M:%S', 'DD MM YYYY HH24:MI:SS')
AcctColumnDef CLASS,Class
AccountingStopsOnly
NoDefault
Identifier AUTH_SQL_LOCAL
AcctFailedLogFileName %L/FailedSqlAccounting.log
AddToReplyIfNotExist \
Service-Type = Framed-User, \
Framed-Protocol = PPP, \
Framed-IP-Address = 255.255.255.254, \
Framed-IP-Netmask = 255.255.255.255, \
Idle-Timeout = 900, \
Session-Timeout = 82800, \
Framed-MTU = 1500, \
Port-Limit = 1
</AuthBy>
<AuthBy FILE> Filename %D/rad_users.txt Identifier USERSFILE </AuthBy>
##Propel
<AuthBy SQL>
DBSource DBI:Oracle:ORACLE.DOMAIN.COM
DBUsername usersql
DBAuth *******
AuthSelect select FRAMEDIPADDRESS from RADONLINE where (FRAMEDIPADDRESS='%{Propel-Client-IP-Address}' and IFX_VISP_ID in ('TUTOPIA','TU
TOPIAPL','TUTOPIAEXP') and IFX_COUNTRY_ID='PA') or (FRAMEDIPADDRESS='%{Propel-Client-IP-Address}' and IFX_VISP_ID in ('TUTOPIAEXTREM','TUT
OPIAPL','TUTOPIA') and IFX_COUNTRY_ID='CL')
AuthColumnDef 0, Propel-Client-IP-Address, check
Identifier PROPEL
</AuthBy>
#Aniblock
<AuthBy SQLANI>
DBSource DBI:Oracle:ORACLE.DOMAIN.COM
DBUsername usersql
DBAuth ******
AuthSelect select CALLINGSTATIONID from ANIBLOCK where CALLINGSTATIONID='%{Calling-Station-Id}' and IFX_VISP_ID='%{Ifx-Visp-Id}' and IF
X_COUNTRY_ID='%{Ifx-Country-Id}'
AuthRejectQuery insert into ANIBLOCKREJECT VALUES ('%{Ifx-Visp-Id}','%{Ifx-Country-Id}','%{Called-Station- Id}','%{Calling-Station-Id}',
sysdate,'%u','%{NAS-IP-Address}')
Identifier AniBlock
</AuthBy>
#Aniblock - Venezuela
<AuthBy SQLANI>
DBSource DBI:Oracle:ORACLE.DOMAIN.COM
DBUsername usersql
DBAuth ******
AuthSelect select CALLINGSTATIONID from ANIBLOCK where CALLINGSTATIONID='%{Calling-Station-Id}' and (IFX_VISP_ID='TUTOPIAEXP' or IFX_VI
SP_ID='TUTOPIADULT') and IFX_COUNTRY_ID='%{Ifx-Country-Id}'
AuthRejectQuery insert into ANIBLOCKREJECT VALUES ('%{Ifx-Visp-Id}','%{Ifx-Country-Id}','%{Called-Station- Id}','%{Calling-Station-Id}',
sysdate,'%u','%{NAS-IP-Address}')
Identifier AniBlockVE
</AuthBy>
#IFXLog - moved to the DB
<AuthLog FILE>
Identifier IFXLogFile
Filename /disk/store0/authlog/%{GlobalVar:RadiusIP}/%m-%d-%Y.log
SuccessFormat %l:%N:%{Calling-Station-Id}:%{Called-Station-Id}:%u:%P:SUCCESS
FailureFormat %l:%N:%{Calling-Station-Id}:%{Called-Station-Id}:%u:%P:%1:FAILURE
LogSuccess 1
LogFailure 1
</AuthLog>
#IFXLogCatch - moved to the DB
<AuthLog FILE>
Identifier IFXLogCatchFile
Filename /disk/store0/authlog/%{GlobalVar:RadiusIP}/%m-%d-%Y.clog
SuccessFormat %l:%N:%{Calling-Station-Id}:%{Called-Station-Id}:%u:%P:SUCCESS
FailureFormat %l:%N:%{Calling-Station-Id}:%{Called-Station-Id}:%u:%P:%1:FAILURE
LogSuccess 1
LogFailure 1
</AuthLog>
#IFXLog
<AuthLog SQL>
Identifier IFXLog
DBAuth *******
DBSource DBI:Oracle:ORACLE.DOMAIN.COM
DBUsername usersql
# SuccessQuery insert into AUTHLOG (TIMESTAMP, NASIPADDRESS, CALLEDSTATIONID, CALLINGSTATIONID, USERNAME, PASSWORD, IFX_COUNTRY_ID,
IFX_VISP_ID, ORIGIN, REASON, RADIUSIP,STATE) values (to_date('%d %m %Y %H:%M:%S', 'DD MM YYYY HH24:MI:SS'), '%N', '%{Called-Station-Id}',
'%{Calling-Station-Id}','%u','%P','%{Ifx-Country-Id}','%{Ifx-Visp- Id}',0,%1,'%{GlobalVar:RadiusIP}',0)
FailureQuery insert into AUTHLOG (TIMESTAMP, NASIPADDRESS, CALLEDSTATIONID, CALLINGSTATIONID, USERNAME, PASSWORD, IFX_COUNTRY_ID,
IFX_VISP_ID, ORIGIN, REASON, RADIUSIP,STATE) values (to_date('%d %m %Y %H:%M:%S', 'DD MM YYYY HH24:MI:SS'), '%N', '%{Called-Station-Id}',
'%{Calling-Station-Id}','%u','%P','%{Ifx-Country-Id}','%{Ifx-Visp- Id}',0,%1,'%{GlobalVar:RadiusIP}',1)
# LogSuccess 1
LogFailure 1
</AuthLog>
#IFXLogCatch
<AuthLog SQL>
Identifier IFXLogCatch
DBAuth ******
DBSource DBI:Oracle:ORACLE.DOMAIN.COM
DBUsername usersql
# SuccessQuery insert into AUTHLOG (TIMESTAMP, NASIPADDRESS, CALLEDSTATIONID, CALLINGSTATIONID, USERNAME, PASSWORD, IFX_COUNTRY_ID,
IFX_VISP_ID, ORIGIN, REASON, RADIUSIP,STATE) values (to_date('%d %m %Y %H:%M:%S', 'DD MM YYYY HH24:MI:SS'), '%N', '%{Called-Station-Id}',
'%{Calling-Station-Id}','%u','%P','%{Ifx-Country-Id}','%{Ifx-Visp- Id}',1,%1,'%{GlobalVar:RadiusIP}',0)
FailureQuery insert into AUTHLOG (TIMESTAMP, NASIPADDRESS, CALLEDSTATIONID, CALLINGSTATIONID, USERNAME, PASSWORD, IFX_COUNTRY_ID,
IFX_VISP_ID, ORIGIN, REASON, RADIUSIP,STATE) values (to_date('%d %m %Y %H:%M:%S', 'DD MM YYYY HH24:MI:SS'), '%N', '%{Called-Station-Id}',
'%{Calling-Station-Id}','%u','%P','%{Ifx-Country-Id}','%{Ifx-Visp- Id}',1,%1,'%{GlobalVar:RadiusIP}',1)
# LogSuccess 1
LogFailure 1
</AuthLog>
#Handler to Foundry healty <Handler Realm=testdomain.com> <AuthBy TEST> </AuthBy> </Handler>
#####[ HANDLER TO DENY Profiles from MAX TNT ]##### <Handler Service-Type=Dialout-Framed-User> </Handler>
include %D/auth.cfg
#Defaul response
<Handler>
RejectHasReason
<AuthBy INTERNAL>
DefaultResult REJECT
AcctResult ACCEPT
</AuthBy>
PostAuthHook sub{${$_[1]}->add_attr('Reply-Message','Sorry There is no Handler for this request');}
AuthLog IFXLogCatch
</Handler>
I will appreciate much your aid.
Sincerely, JC.
On Fri, 2003-10-31 at 19:10, Hugh Irvine wrote:Hello Julio -
I will need to see a trace 4 debug from Radiator together with a copy of your configuration file (no secrets).
It would also be useful to see the error output from Perl, which you can do easily by running from the command line:
perl radiusd -foreground -log_stdout -trace 4 -config_file /your/configuration/file
The usual reason for this is Perl modules that have not been installed.
regards
Hugh
On 01/11/2003, at 6:34 AM, Julio Cesar Pinto wrote:
Hi Everyone,
We have a problem with version 3.7.1, the situation is the following one.
Software installed: Red Hat Linux release 7.3 (Valhalla) Perl v5.6.1 DBI v 1.3.8 Oracle Client Version 8.1 DBI::Oracle v 1.14 Digest-MD5 v 2.27 Radiator 3.7.1
Problem:
After to startup to the daemon the packages enters without problems,
after approximately 5-10 minutes when we began to receive much
packages,
the daemon dead, return us in the standard output. Segmentation Faul.
We thank for any information on the matter
-- Julio Cesar Pinto <[EMAIL PROTECTED]> IFX NETWORKS
=== Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening?-- Julio Cesar Pinto <[EMAIL PROTECTED]> IFX NETWORKS <radiator.log><file.txt>
NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening?
-- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. - CATool: Private Certificate Authority for Unix and Unix-like systems.
=== Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
