Hello Rohan - The session database and the MaxSessions and/or Simultaneous-Use directives are designed to limit a particular user to some predetermined number of sessions at the same time (typically one).
To do this, Radiator maintains a state table in the session database of all sessions for which an accounting start has been received. When the session ends, the session entry is removed from the session database, and Radiator also does a delete when a new access request is received as a housekeeping exercise. You should check your use of the session database by testing using a call from a test user (and leaving it up), checking the entry in the session database, then making another call from the same test user and again checking what happens with the session database. If simultaeous use is set to one, the first call should result in an entry being added to the session database, and the second call should result in a reject because there is already an entry present for that test user. hope that helps regards Hugh On 7 Nov 2012, at 01:57, [email protected] wrote: > Thanks Hugh. It's working now! > > The Socket6.pm module needed to be installed. > > Tue Nov 6 09:28:28 2012: DEBUG: Handling request with Handler > 'NAS-Identifier="Juniper_E320_2"' > Tue Nov 6 09:28:28 2012: DEBUG: SQLSDB Deleting session for fritzsamuels1, > 208.138.43.125, 805307373 > Tue Nov 6 09:28:28 2012: DEBUG: do query is: 'delete from ACTIVE_SESSIONS > where USER_NAME='fritzsamuels1' and NAS_IP_ADDRESS='208.138.43.125' and > NAS_PORT_ID='TenGigabitEthernet 3/0/0.941005:94-1005'': > Tue Nov 6 09:28:28 2012: DEBUG: Query is: 'select > NAS_IP_ADDRESS='208.138.43.125',NAS_PORT_ID='TenGigabitEthernet > 3/0/0.941005:94-1005',ACCT_SESSION_ID='erx TenGigabitEthernet > 3/0/0.941005:94-1005:1831600483' from ACTIVE_SESSIONS where > USER_NAME='fritzsamuels1'': > Tue Nov 6 09:28:28 2012: WARNING: SQLSDB Could not find a Client for NAS 1 > to double-check Simultaneous-Use. Perhaps you do not have a reverse DNS for > that NAS? > Tue Nov 6 09:28:28 2012: INFO: Access rejected for fritzsamuels1: > MaxSessions exceeded > > The CounQuery is like that since I expect only a single entry per user. > Simultaneous-Use should be one (1). > > Rohan > > On Tue, 6 Nov 2012 16:28:01 +1100 > Hugh Irvine <[email protected]> wrote: >> >> Hello Rohan - >> >> To see what is happening with the crash you should run radiusd from the >> command line so you can see the relevant Perl messages. >> >> Something like this (with your local pathnames): >> >> >> /usr/bin/perl /usr/local/bin/radiusd -foreground -log_stdout -trace 4 >> -config_file /etc/radiator/radius.cfg >> >> >> BTW - I don't think your CountQuery is correct as it will never find all >> existing sessions for that particular user. >> >> regards >> >> Hugh >> >> >> On 6 Nov 2012, at 09:30, <[email protected]> wrote: >> >>> Hugh, >>> >>> re: server crash see config and log files attached. >>> >>> Rohan >>> >>> On Sat, 3 Nov 2012 09:06:44 +1100 >>> Hugh Irvine <[email protected]> wrote: >>>> >>>> Hello Rohan - >>>> >>>> The easiest way to do this is to store only the Stop records, and >>>> calculate the start time from the attributes present in the accounting >>>> stop request. >>>> >>>> Something like this (the value is in epoch seconds): >>>> >>>> Timestamp - Acct-Session-Time - Acct-Delay-Time >>>> >>>> For the crash I will need to see the logfile that immediately precedes it >>>> together with the configuration file you are using. >>>> >>>> regards >>>> >>>> Hugh >>>> >>>> >>>> On 3 Nov 2012, at 02:24, <[email protected]> wrote: >>>> >>>>> Hugh, >>>>> >>>>> Now that records are being written to the database, I want a single >>>>> record per session that includes both Stop and Start times like below. >>>>> >>>>> User_Name, NAS_IP_Address, NAS_Port, Framed_IP_Address, Acct_Start_Time, >>>>> Acct_Stop_Time, Acct_Session_ID >>>>> jwilliams12 208.138.43.123 805306450 72.27.33.224 Nov 2, 2012 12:21:04 AM >>>>> Nov 2, 2012 1:21:16 AM, erx TenGigabitEthernet 3/0/0.37:123-82:1830880926 >>>>> >>>>> So the record is added to the accounting database at the end of a session >>>>> and includes both Stop and Start times. >>>>> >>>>> Added to that is the issue I have where Radiator crashes when I try to >>>>> use the Simultaneous-Use features. >>>>> >>>>> Thanks. >>>>> >>>>> On Fri, 2 Nov 2012 17:46:58 +1100 >>>>> Hugh Irvine <[email protected]> wrote: >>>>>> >>>>>> Hello Rohan - >>>>>> >>>>>> Can you please explain exactly what you are trying to do? >>>>>> >>>>>> It is normal for you to get two records in your accounting table, as >>>>>> that is what you have configured. >>>>>> >>>>>> If you can tell us what you are trying to achieve we will be able to >>>>>> make sensible suggestions. >>>>>> >>>>>> regards >>>>>> >>>>>> Hugh >>>>>> >>>>>> >>>>>> On 2 Nov 2012, at 09:38, <[email protected]> wrote: >>>>>> >>>>>>> Thanks Michael, >>>>>>> >>>>>>> >>>>>>> >>>>>>> I was able to go further with the advice using the AuthByPolicy and >>>>>>> AuthBy GROUP under the existing Handler. Only that two records are >>>>>>> added to my accounting database for a single session - one at Start and >>>>>>> one at Stop. >>>>>>> >>>>>>> <Handler NAS-Identifier="Juniper_E320_2"> >>>>>>> AddToRequest SERVICESTATUS = ACTIVE >>>>>>> SessionDatabase SQLSDB >>>>>>> # MaxSessions 1 >>>>>>> RejectHasReason >>>>>>> >>>>>>> AuthByPolicy ContinueAlways >>>>>>> AuthBy SQLAccounting >>>>>>> <AuthBy GROUP> >>>>>>> AuthByPolicy ContinueWhileIgnore >>>>>>> AuthBy xDSL >>>>>>> </AuthBy> >>>>>>> >>>>>>> >>>>>>> Regards, >>>>>>> >>>>>>> Rohan >>>>>>> >>>>>>> >>>>>>> >>>>>>> On Thu, 01 Nov 2012 17:45:18 -0400 >>>>>>> >>>>>>> Michael wrote: >>>>>>> >>>>>>>> Looks like your "AuthBy xDSL" is accepting, therefore since the >>>>>>>> default AuthByPolicy is ContinueWhileIgnore, it will stop at the xDSL >>>>>>>> authby and the "AuthBy SQLAccounting" is not processed. >>>>>>> >>>>>>>> >>>>>>> >>>>>>>> I personally handle accounting in a separate handler. To me, handling >>>>>>>> accounting and authorization in the same handler is tricky. >>>>>>> >>>>>>>> >>>>>>> >>>>>>>> >>>>>>> >>>>>>>> >>>>>>> >>>>>>>> Michael >>>>>>> >>>>>>>> >>>>>>> >>>>>>>> >>>>>>> >>>>>>>> >>>>>>> >>>>>>>> >>>>>>> >>>>>>>> On 01/11/12 05:07 PM, [email protected] wrote: >>>>>>> >>>>>>>>> Hugh, >>>>>>> >>>>>>>>> >>>>>>> >>>>>>>>> Config and logs attached. >>>>>>> >>>>>>>>> >>>>>>> >>>>>>>>> >>>>>>> >>>>>>>>> And the application crashed when testing Simultaneous-Use for both >>>>>>>>> configurations below. >>>>>>> >>>>>>>>> >>>>>>> >>>>>>>>> In my AuthBy config: >>>>>>> >>>>>>>>> "DefaultSimultaneousUse 1" With "AuthAttrDef >>>>>>>>> Simultaneous-Use,Simultaneous-Use,check" >>>>>>> >>>>>>>>> >>>>>>> >>>>>>>>> Or >>>>>>> >>>>>>>>> >>>>>>> >>>>>>>>> In my Handler: >>>>>>> >>>>>>>>> MaxSessions 1 >>>>>>> >>>>>>>>> >>>>>>> >>>>>>>>> >>>>>>> >>>>>>>>> >>>>>>> >>>>>>>>> On Fri, 2 Nov 2012 07:19:09 +1100 >>>>>>> >>>>>>>>> Hugh Irvine wrote: >>>>>>> >>>>>>>>>> Hello Rohan - >>>>>>> >>>>>>>>>> >>>>>>> >>>>>>>>>> We will need to see the configuration file (no secrets) together >>>>>>>>>> with a trace 4 debug showing what is happening. >>>>>>> >>>>>>>>>> >>>>>>> >>>>>>>>>> regards >>>>>>> >>>>>>>>>> >>>>>>> >>>>>>>>>> Hugh >>>>>>> >>>>>>>>>> >>>>>>> >>>>>>>>>> >>>>>>> >>>>>>>>>> On 2 Nov 2012, at 05:53, wrote: >>>>>>> >>>>>>>>>> >>>>>>> >>>>>>>>>>> Hello, >>>>>>> >>>>>>>>>>> >>>>>>> >>>>>>>>>>> Why doesn't the following work? >>>>>>> >>>>>>>>>>> >>>>>>> >>>>>>>>>>> >>>>>>> >>>>>>>>>>> Identifier SQLAccounting >>>>>>> >>>>>>>>>>> DBSource dbi:mysql:inetdb_test >>>>>>> >>>>>>>>>>> DBUsername inet >>>>>>> >>>>>>>>>>> DBAuth inet@inetdb >>>>>>> >>>>>>>>>>> #Disable SQL authentication >>>>>>> >>>>>>>>>>> AuthSelect >>>>>>> >>>>>>>>>>> HandleAcctStatusTypes Start,Stop >>>>>>> >>>>>>>>>>> AccountingTable ARCH_ACCOUNTING >>>>>>> >>>>>>>>>>> AcctColumnDef USER_NAME,User-Name >>>>>>> >>>>>>>>>>> AcctColumnDef ACCT_START_TIME,Timestamp,integer >>>>>>> >>>>>>>>>>> AcctColumnDef ACCT_STOP_TIME,Timestamp,integer >>>>>>> >>>>>>>>>>> AcctColumnDef ACCT_STATUS_TYPE,Acct-Status-Type,integer >>>>>>> >>>>>>>>>>> AcctColumnDef ACCT_DELAY_TIME,Acct-Delay-Time,integer >>>>>>> >>>>>>>>>>> AcctColumnDef ACCT_INPUT_OCTETS,Acct-Input-Octets,integer >>>>>>> >>>>>>>>>>> AcctColumnDef ACCT_OUTPUT_OCTETS,Acct-Output-Octets,integer >>>>>>> >>>>>>>>>>> AcctColumnDef ACCT_SESSION_ID,Acct-Session-Id >>>>>>> >>>>>>>>>>> AcctColumnDef ACCT_SESSION_TIME,Acct-Session-Time,integer >>>>>>> >>>>>>>>>>> AcctColumnDef ACCT_TERMINATE_CAUSE,Acct-Terminate-Cause,integer >>>>>>> >>>>>>>>>>> AcctColumnDef FRAMED_IP_ADDRESS,Framed-IP-Address >>>>>>> >>>>>>>>>>> AcctColumnDef NAS_IDENTIFIER,NAS-Identifier >>>>>>> >>>>>>>>>>> AcctColumnDef NAS_PORT,NAS-Port,integer >>>>>>> >>>>>>>>>>> AcctColumnDef CALLED_STATION_ID,Called-Station-Id >>>>>>> >>>>>>>>>>> AcctColumnDef CALLING_STATION_ID,Calling-Station-Id >>>>>>> >>>>>>>>>>> SQLRecoveryFile %L/sqlaccounting.sql >>>>>>> >>>>>>>>>>> >>>>>>> >>>>>>>>>>> >>>>>>> >>>>>>>>>>> Specifying the following in my Handler does not work. I don't even >>>>>>>>>>> see any trace in my logs set at level 4 or 5. >>>>>>> >>>>>>>>>>> AuthBy SQLAccounting >>>>>>> >>>>>>>>>>> >>>>>>> >>>>>>>>>>> However my sessions database work with the following. >>>>>>> >>>>>>>>>>> SessionDatabase SQLSDB >>>>>>> >>>>>>>>>>> >>>>>>> >>>>>>>>>>> Thanks much. >>>>>>> >>>>>>>>>>> >>>>>>> >>>>>>>>>>> Regards, >>>>>>> >>>>>>>>>>> Rohan >>>>>>> >>>>>>>>>>> _______________________________________________ >>>>>>> >>>>>>>>>>> radiator mailing list >>>>>>> >>>>>>>>>>> [email protected] >>>>>>> >>>>>>>>>>> http://www.open.com.au/mailman/listinfo/radiator >>>>>>> >>>>>>>>>> >>>>>>> >>>>>>>>>> -- >>>>>>> >>>>>>>>>> >>>>>>> >>>>>>>>>> Hugh Irvine >>>>>>> >>>>>>>>>> [email protected] >>>>>>> >>>>>>>>>> >>>>>>> >>>>>>>>>> Radiator: the most portable, flexible and configurable RADIUS server >>>>>>> >>>>>>>>>> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, >>>>>>> >>>>>>>>>> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, >>>>>>>>>> TLS, >>>>>>> >>>>>>>>>> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, >>>>>>> >>>>>>>>>> DIAMETER etc. >>>>>>> >>>>>>>>>> Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. >>>>>>> >>>>>>>>>> >>>>>>> >>>>>>>>> Rohan Henry >>>>>>> >>>>>>>>> Server Administrator >>>>>>> >>>>>>>>> LIME >>>>>>> >>>>>>>>> Phone (876) 936-4819 >>>>>>> >>>>>>>>> Mobile (876) 997-0729 >>>>>>> >>>>>>>>> >>>>>>> >>>>>>>>> >>>>>>> >>>>>>>>> _______________________________________________ >>>>>>> >>>>>>>>> radiator mailing list >>>>>>> >>>>>>>>> [email protected] >>>>>>> >>>>>>>>> http://www.open.com.au/mailman/listinfo/radiator >>>>>>> >>>>>>> >>>>>>> >>>>>>> Rohan Henry >>>>>>> >>>>>>> Server Administrator >>>>>>> >>>>>>> LIME >>>>>>> >>>>>>> Phone (876) 936-4819 >>>>>>> >>>>>>> Mobile (876) 997-0729 >>>>>>> >>>>>>> _______________________________________________ >>>>>>> radiator mailing list >>>>>>> [email protected] >>>>>>> http://www.open.com.au/mailman/listinfo/radiator >>>>>> >>>>>> >>>>>> -- >>>>>> >>>>>> Hugh Irvine >>>>>> [email protected] >>>>>> >>>>>> Radiator: the most portable, flexible and configurable RADIUS server >>>>>> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, >>>>>> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, >>>>>> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, >>>>>> DIAMETER etc. >>>>>> Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. >>>>>> >>>>> >>>>> Rohan Henry >>>>> Server Administrator >>>>> LIME >>>>> Phone (876) 936-4819 >>>>> Mobile (876) 997-0729 >>>>> _______________________________________________ >>>>> radiator mailing list >>>>> [email protected] >>>>> http://www.open.com.au/mailman/listinfo/radiator >>>> >>>> >>>> -- >>>> >>>> Hugh Irvine >>>> [email protected] >>>> >>>> Radiator: the most portable, flexible and configurable RADIUS server >>>> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, >>>> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, >>>> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, >>>> DIAMETER etc. >>>> Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. >>>> >>> >>> Rohan Henry >>> Server Administrator >>> LIME >>> Phone (876) 936-4819 >>> Mobile (876) 997-0729 >>> <radius.cfg.txt><radius >>> log.txt>_______________________________________________ >>> radiator mailing list >>> [email protected] >>> http://www.open.com.au/mailman/listinfo/radiator >> >> >> -- >> >> Hugh Irvine >> [email protected] >> >> Radiator: the most portable, flexible and configurable RADIUS server >> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, >> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, >> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, >> DIAMETER etc. >> Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. >> > > Rohan Henry > Server Administrator > LIME > Phone (876) 936-4819 > Mobile (876) 997-0729 > _______________________________________________ > radiator mailing list > [email protected] > http://www.open.com.au/mailman/listinfo/radiator -- Hugh Irvine [email protected] Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
