(RADIATOR) multilink problem.
Hi all. I am try to use multilink PPP 2, 3, 4 or more channels qith cisco as5260 and radiator.(last version) I am using radiator, to authenticate, ldap to store usernames, passwords, etc, and mysql for ip asignament and accounting. All is ok with 1 channel, but multilink have an error, 2 IPs are marked as 1 in the radpool table (one per channel). How can i configure multilink correctly?? Cesar Garcia. Dept. Sistemas, IdecNet S.A. Edificio IdecNet. C/Juan XXIII 44, Centro de Gestion de Red, E-35004, Las Palmas de Gran Canaria, Islas Canarias - Spain. Tfn: +34 828 111 000 Ext: 340 === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) MySQL connection failures
On Mon, Aug 06, 2001 at 07:30:10PM +1000, Hugh Irvine wrote: What version of Radiator are you running? What version of Perl? What version of DBI/DBD? What hardware/software platform? And when does the problem occur? Radiator 2.18 Perl v.6.0 DBI 1.14 DBD::mysql 2.0415 MySQL 3.23.39 Linux kernel 2.2.19 on Pentium III 937 Mhz Could you also provide a copy of your configuration file (no secrets) together with a trace 4 debug from Radiator showing the startup messages and the problem occuring. Fortunately, the problem did not recur so I won't be able to give trace 4 debug messages. Next time. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) multilink problem.
I am try to use multilink PPP 2, 3, 4 or more channels qith cisco as5260 and radiator.(last version) I am using radiator, to authenticate, ldap to store usernames, passwords, etc, and mysql for ip asignament and accounting. All is ok with 1 channel, but multilink have an error, 2 IPs are marked as 1 in the radpool table (one per channel). How can i configure multilink correctly?? I see the same behaviour with our MAX TNT, so i think it's not NAS-related; i've noticed that the ips are freed both correctly when the user disconnects, so i thought i could live with it (the pool should have enough IPs for all the channels used without multilink anyway, so this is not really an issue). Of course if there's a clean solution i'd be glad to implement it... regards, A.Chiolo -- Alessandro Chiolo [EMAIL PROTECTED] Network Manager, Easynet Italy I'm Winston Wolf, I solve Problems. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) IPASS problems
Title: RE: (RADIATOR) IPASS problems I have the same problem now, but when i was using a DEFAULT client (with nastype=ignore) it works fine CAS -Original Message- From: Hugh Irvine [mailto:[EMAIL PROTECTED]] Sent: Martes, 07 de Agosto de 2001 09:42 p.m. To: Kyle; [EMAIL PROTECTED] Subject: Re: (RADIATOR) IPASS problems Hello Kyle - I would need to see a trace 4 debug from Radiator to see why a Stop record did not cause the deletion of that users record from the session database. The subsequent errors would seem to indicate that you have set a NasType in the Client clause, as that is the only time that Radiator will try to double check simultaneous use. BTW - what version of Radiator are you using? regards Hugh On Wednesday 08 August 2001 02:08, Kyle wrote: Hugh, or whoever else has an answer to this question: We are using IPASS authentication for our customers to be able to use remote NASs to dial into us, but not for other ISP's customers to use us as an access provider. The authentication for this is working great, and IPASS is authenticating against our radiator server. We are using radiators centralized user database to manage multiple sessions and such as well. Occasionaly when we have an user using IPASS, their session becomes frozen in the database. Our accounting record shows a stop, but it has not dropped from the session database. There are then errors similar to this in our logs: SDB1 Could not find a Client for NAS 206.115.158.21 to double-check Simultaneous-Use. Perhaps you do not have a reverse DNS for that NAS? NAS ip is always remote to our location, indicating it is an IPASS nas. Why is the session database not dropping the user correctly? Included is my realms.cfg file. Content-Type: application/x-ns-proxy-autoconfig; charset=us-ascii; name=realms.cfg Content-Transfer-Encoding: 7bit Content-Description: -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Configurations dudes...
Hi Hugh. I am System Admin and a big proyect has been charged to me... We have 3 nodes interconecting with ATM. In any node, we have cisco as5300, cisco 7505 and access for ADSL, Modems and RDSI. Our cisco register connections as Virtual, Async and ISDN respectively. We want based our authentification system in LDAP for accounts information (Username,Password,Permissions...) and SQL for pool assignement and Session DATABASE. In a 2 month, i get that auth with LDAP, Pool with SQL and Accounting in SQL for this kind of acceses Async, ADSLs, and ISDN 1 channel. Now , i am probing with 2 channel ISDN(Multilink), but i can see, that any channel i up, assing 1 IP. The NAS, use the second IP i up for virtual, and if i shutdown the second channel, he free the second IP, that really is in use. I am tryng to configure Session SQL, but i dont know how, i configure SQL table how goodies define, but in the ref.pdf file, aren't examples. We want that one radius in any node, use a local LDAP BD (that is replied) (this is OK). Use a central POOL BD with secondaries Mysqls BD for if principal BD fail.( i dont know how) Use session Database (i cant find information about it.) Multilink, (how can i solution the problem of ips? This is my config file. # ldap.cfg # #Foreground #LogStdout Trace 4 #El puerto de radius authentication ha cambiado a 1812, #a tener en cuenta para el momento #de probar, el puerto por defecto es el 1645 #AuthPort 1812 #El puerto de radius accounting ha cambiado a 1813, #a tener en cuenta para el momento #de probar, el puerto por defecto es el 1646 #AcctPort 1813 LogDir /var/log/radius DbDir /var/radiator LogFile %L/sys/%d-%m-%y-radiator.log DictionaryFile /var/radiator/dictionary # You will probably want to add other Clients to suit your site. Client DEFAULT Secret mysecret #Como actuar en caso de llamadas simultaneas, ignorar, tomamos por defecto. # DupInterval 0 /Client SessionDatabase SQL # Definimos el enlace para la base de datos de sesiones. # Define el enlace, nombre de usuario y clave Identifier PRINCIPAL DBSource dbi:mysql:database=acct;host=sistemas.idecnet.com DBUsername acct DBAuth h3lPm3n0w AddQuery insert into RADONLINE (USERNAME, \ NASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP,\ FRAMEDADDRESS, PORTTYPE, \ SERVICETYPE) values ( %n , %N , %{NAS-Port}, %{Acct-Session-Id} , \ %{Timestamp}, %{Framed-IP-Address} , %{Port-Type} , %{Service-Type} ) /SessionDatabase AddressAllocator SQL # This name allows us to refer to it from inside # an AuthBy DYNADDRESS Identifier PRINCIPAL # For mysql, use something like this DBSource dbi:mysql:database=radiator;host=ldap.idecnet.com DBUsername radiator DBAuth mypass # If SessionTimeout is set by a previous AuthBy # then that is used as the expiry time. Otherwise # DefaultLeasePeriod (in seconds) is used. # Defaults to 1 day #DefaultLeasePeriod 86400 # How often we check the database for expired leases # leases can expire if an acounting stop is lost # or if the session goes longer than the lease # we originally asked for. Defaults to 1 day. LeaseReclaimInterval 86400 # Define the pools that are to be in our database # defining pools here will make AddressAllocator SQL # ensure that all the addresses are present in the database # at startup. You dont have to define pools here. If you dont, # AddressAllocator SQL will just use whatever addresses # it finds in the RADPOOL table. AddressPool pool1 Subnetmask 255.255.255.0 Range 212.xxx.xxx.129 212.xxx..xxx.140 /AddressPool /AddressAllocator Handler Acct-Status-Type = Stop AuthByPolicy ContinueWhileAccept AcctLogFileName %L/acct/framed-%Y-%m-%d.detalle AuthBy SQL # Define el enlace, nombre de usuario y clave DBSource dbi:mysql:database=acct;host=sistemas.idecnet.com DBUsername acct DBAuth mypass # Ignora los Auth y usa la tabla RADACCT para guardar logs.. AuthSelect AccountingStopsOnly AccountingTable PPPUSERS AcctColumnDef USERNAME,User-Name AcctColumnDef NAS,NAS-IP-Address AcctColumnDef ADDRESS,Framed-IP-Address AcctColumnDef PORT,Cisco-NAS-Port AcctColumnDef CALLERID,Calling-Station-Id AcctColumnDef CALLEDID,Called-Station-Id AcctColumnDef PROTOCOL,Framed-Protocol AcctColumnDef PKTSIN,Acct-Input-Packets,integer
(RADIATOR) Undefined subroutine Radius::Radius::get_port
Hi Everyone! I installed Slackware 8.0 on a new box. Perl5, MySQL and MD5 is installed by default by the Slackware Distro. I did not encounter installing Radiator, it passed all the test. I did a sample config and run radiusd and I got this response.. root# radiusdWed Aug 8 19:15:39 2001: DEBUG: Reading users file /usr/local/etc/blockedUndefined subroutine Radius::Radius::get_port called at /usr/bin/radiusd line 326. My config is simple, just an auth by file.. --- start radius.cfg --- Foreground LogStdoutTrace 4AuthPort 1645AcctPort 1646 #AuthPort 1812#AcctPort 1813 LogDir /var/log/radiusLogFile /var/log/radius/%m/%d%Y-traceFingerProg /usr/bin/fingerPidFile /var/run/radius.pid DictionaryFile /etc/radius/dictionarySnmpgetProg /usr/local/bin/snmpgetHandler MaxSessions 1 AcctLogFileName /var/log/radius/BlockNo/details WtmpFileName /var/log/radius/BlockNo/%u PasswordLogFileName /var/log/radius/BlockNo/%m%d%Y-passlog AuthBy FILE Filename /usr/local/etc/blocked /AuthBy/Handler --- end radius.cfg What could this error mean? Thanks in advance! Jaime
Re: (RADIATOR) IPASS problems
Hugh, I have included the database entry for the iPass NAS machine, which has the same IP as the Radiator server, and a trace4 log file that was captured over the course of several hours today. One user that stands out and may make it easier for you to parse is tayer. I see two to three good log in's from him, and then it hits the session error. We are using version 2.18.2 of Radiator as well. Let me know what other information I can give you that would help in diagnosing and solving this problem. Hugh Irvine wrote: Hello Kyle - I would need to see a trace 4 debug from Radiator to see why a Stop record did not cause the deletion of that users record from the session database. The subsequent errors would seem to indicate that you have set a NasType in the Client clause, as that is the only time that Radiator will try to double check simultaneous use. BTW - what version of Radiator are you using? regards Hugh -- Kyle Hultman [EMAIL PROTECTED] Senior Network Engineer Broadband Networks (804) 817-7300 ext 305 === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Radiator and Juniper
Hi all, Does anyone know of the specific attributes that need to be defined in the dictionary file for radiator to be able to talk to Juniper router (M20). Thanks, Imran. __ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Radiator and Juniper
Hello Imran - The standard Radiator dictionary should work for most things with Juniper hardware. You will have to check with Juniper if there are any vendor-specific attributes that they define, and if you find that there are some special Juniper attributes, please ask them for the definitions and send us a copy so we can add them to the distribution. thanks Hugh On Thursday 09 August 2001 04:04, Imran Moin wrote: Hi all, Does anyone know of the specific attributes that need to be defined in the dictionary file for radiator to be able to talk to Juniper router (M20). Thanks, Imran. __ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Undefined subroutine Radius::Radius::get_port
Hello Jaime - On Thursday 09 August 2001 01:24, Jaime Elizaga Jr. wrote: Hi Everyone! I installed Slackware 8.0 on a new box. Perl5, MySQL and MD5 is installed by default by the Slackware Distro. I did not encounter installing Radiator, it passed all the test. I did a sample config and run radiusd and I got this response.. root# radiusd Wed Aug 8 19:15:39 2001: DEBUG: Reading users file /usr/local/etc/blocked Undefined subroutine Radius::Radius::get_port called at /usr/bin/radiusd line 326. It sounds like you have not done a make install for Radiator and you are running the radiusd command from a directory other than the Radiator distribution directory. hth Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Re: Configurations dudes...
Hello Cesar - You are really asking for consulting service here, so I have copied Joanne on this mail so she can send you the rates. I will try to answer your questions, but if you want design and implementation work done it will have to be subject to a consulting contract. On Thursday 09 August 2001 00:46, Cesar Garcia wrote: Hi Hugh. I am System Admin and a big proyect has been charged to me... We have 3 nodes interconecting with ATM. In any node, we have cisco as5300, cisco 7505 and access for ADSL, Modems and RDSI. Our cisco register connections as Virtual, Async and ISDN respectively. We want based our authentification system in LDAP for accounts information (Username,Password,Permissions...) and SQL for pool assignement and Session DATABASE. In a 2 month, i get that auth with LDAP, Pool with SQL and Accounting in SQL for this kind of acceses Async, ADSLs, and ISDN 1 channel. Good work. Now , i am probing with 2 channel ISDN(Multilink), but i can see, that any channel i up, assing 1 IP. An ISDN Multilink session should only use a single IP address. I suspect that you are not differentiating between the initial request and the subsequent request(s) and you are allocating an IP address each time. You should only allocate an IP address on the first request, and deallocate the address on the last channel disconnecting. You will have to look at a trace 4 debug from Radiator to see what information is present in the requests, and set up the configuration file accordingly. The NAS, use the second IP i up for virtual, and if i shutdown the second channel, he free the second IP, that really is in use. See above. I am tryng to configure Session SQL, but i dont know how, i configure SQL table how goodies define, but in the ref.pdf file, aren't examples. There is an example in the sample configuration file called radius.cfg in the Radiator distribution. Have a look at section 6.7 in the Radiator 2.18.2 manual. What problem are you having? We want that one radius in any node, use a local LDAP BD (that is replied) (this is OK). Use a central POOL BD with secondaries Mysqls BD for if principal BD fail.( i dont know how) Use session Database (i cant find information about it.) Multilink, (how can i solution the problem of ips? As mentioned above, if you would like me to help you with the design and implementation of your system, I am happy to do that, but you will have to contact Joanne for a consulting contract. regards Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) CalledStation.pm and Identifier
Hello Tom - You should put the AuthBy clause before the CalledStationId clause, as Radiator does a single forward pass through the configuration file. Ie. you have to define the AuthBy prior to refering to it in a Handler. hth Hugh On Thursday 09 August 2001 10:13, Tom Daly wrote: Can someone look at this and tell my why this might result in the following error. CalledStationId DEFAULT AuthBy g4file /CalledStationId AuthBy FILE Identifier g4file Filename /usr/local/radius/etc/users /AuthBy This is the error: Wed Aug 8 19:50:26 2001: WARNING: Could not find an AuthBy clause with Identifier for AuthBy g4file Wed Aug 8 19:50:26 2001: DEBUG: Reading users file /usr/local/radius/etc/users Wed Aug 8 19:50:27 2001: INFO: Server started: Radiator 2.17.1 on admin.g4.net --Tom Tom Daly Network Operations Administrator G4 Communications Corp. / Metro2000 Internet Services E: [EMAIL PROTECTED] / W3: www.metro2000.net Content-Type: text/html; charset=iso-8859-1; name=Attachment: 1 Content-Transfer-Encoding: quoted-printable Content-Description: -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Want to force a logoff at the end of a month
Hi All, If possible, I would like to return a max session time attribute to certain customers to force them to logoff at the end of a calendar month (say at 23:59 on the last day of each month) this is so I can close off our accounting files for billing purposes. Is there a way I can configure radiator to dynamically set this attribute to return the end of the current month? Regards, Brian Morris === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
IMPORTANT Re: (RADIATOR) multilink problem.
Hello Cesar, Hello Alessandro, Hello Everyone - The subject of multilink PPP (over ISDN or whatever) comes up now and again, so I thought it might be useful to explain a few things. Firstly, there are two forms of utilising more than one link between two routers, either parallel IP links, or multi-link PPP. (For this discussion I will ignore bonded ISDN channels that some hardware supports, which in any case appears to both IP and PPP as a single link.) In the case of parallel links, you essentially have completely seperate IP links and load sharing is accomplished by the IP routing protocol and/or the IP forwarding table. This is a layer 3 technology, implemented in the IP layer of the protocol stack. In this case, each link is handled completely seperately by the routers (or NAS(s)) and hence by Radiator. In the case of Multilink PPP (over ISDN or whatever), the management of the multiple links is handled by PPP at layer 2. In this case, the IP layer only ever sees a single logical link. Problems occur in this scenario, because if the NAS is configured to do Radius authentication for each access request, then each additional channel that comes up in a Multilink PPP session will trigger a Radius authentication request (and probably subsequent accounting requests). Obvioulsy, when dealing with the allocation of IP addresses and the maintenance of a session database, care is required to avoid problems such as allocating multiple IP addresses and incorrectly inserting and deleting user records. Unfortunately, different NAS vendors implement the Radius protocol in different ways, so the only way to understand what the NAS is doing is to look at a trace 4 debug from Radiator (or the output from your favourite packet sniffer) to see what attributes are present in the initial access request, the subsequent access requests for additional Multilink PPP channels, and the related accounting packets. Armed with the information gathered above, you can design a configuration file and a database schema to deal with the problems. Essentially what you are aiming to do is to recognise the initial access request from the NAS, and only allocate an IP address in response to the initial request. Accounting starts can either cause multiple records to be inserted into the session database (with link indicators), or the additional starts after the initial one can be used to increment a link count field in the user record. Accounting stops can be used in a similar fashion, to either decrement a link count in a user record, or only remove the corresponding record from the session database. Finally, only the last accounting stop from the Multilink PPP session shutting down should be used to deallocate the IP address and remove the user record(s) from the session database. Again, as each NAS does things differently, you will have to study the relevant NAS documentation and look at the corresponding Radius packet dumps to discover what information is actually in the various Radius requests. Once you have all of this information, you can design a suitable Radiator configuration file to do whatever is required. As always, I am happy to answer questions and to assist in any way. regards Hugh On Wednesday 08 August 2001 20:31, Alessandro Chiolo wrote: I am try to use multilink PPP 2, 3, 4 or more channels qith cisco as5260 and radiator.(last version) I am using radiator, to authenticate, ldap to store usernames, passwords, etc, and mysql for ip asignament and accounting. All is ok with 1 channel, but multilink have an error, 2 IPs are marked as 1 in the radpool table (one per channel). How can i configure multilink correctly?? I see the same behaviour with our MAX TNT, so i think it's not NAS-related; i've noticed that the ips are freed both correctly when the user disconnects, so i thought i could live with it (the pool should have enough IPs for all the channels used without multilink anyway, so this is not really an issue). Of course if there's a clean solution i'd be glad to implement it... regards, A.Chiolo -- Alessandro Chiolo [EMAIL PROTECTED] Network Manager, Easynet Italy I'm Winston Wolf, I solve Problems. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) IPASS problems
Hello Carlos - Could you provide a little more detail please? thanks Hugh On Wednesday 08 August 2001 23:00, Sola, Carlos Alberto wrote: I have the same problem now, but when i was using a DEFAULT client (with nastype=ignore) it works fine CAS -Original Message- From: Hugh Irvine [mailto:[EMAIL PROTECTED]] Sent: Martes, 07 de Agosto de 2001 09:42 p.m. To: Kyle; [EMAIL PROTECTED] Subject: Re: (RADIATOR) IPASS problems Hello Kyle - I would need to see a trace 4 debug from Radiator to see why a Stop record did not cause the deletion of that users record from the session database. The subsequent errors would seem to indicate that you have set a NasType in the Client clause, as that is the only time that Radiator will try to double check simultaneous use. BTW - what version of Radiator are you using? regards Hugh On Wednesday 08 August 2001 02:08, Kyle wrote: Hugh, or whoever else has an answer to this question: We are using IPASS authentication for our customers to be able to use remote NASs to dial into us, but not for other ISP's customers to use us as an access provider. The authentication for this is working great, and IPASS is authenticating against our radiator server. We are using radiators centralized user database to manage multiple sessions and such as well. Occasionaly when we have an user using IPASS, their session becomes frozen in the database. Our accounting record shows a stop, but it has not dropped from the session database. There are then errors similar to this in our logs: SDB1 Could not find a Client for NAS 206.115.158.21 to double-check Simultaneous-Use. Perhaps you do not have a reverse DNS for that NAS? NAS ip is always remote to our location, indicating it is an IPASS nas. Why is the session database not dropping the user correctly? Included is my realms.cfg file. Content-Type: application/x-ns-proxy-autoconfig; charset=us-ascii; name=realms.cfg Content-Transfer-Encoding: 7bit Content-Description: Content-Type: text/html; charset=iso-8859-1; name=Attachment: 1 Content-Transfer-Encoding: 7bit Content-Description: -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Want to force a logoff at the end of a month
Hello Brian - On Thursday 09 August 2001 12:05, Brian Morris wrote: Hi All, If possible, I would like to return a max session time attribute to certain customers to force them to logoff at the end of a calendar month (say at 23:59 on the last day of each month) this is so I can close off our accounting files for billing purposes. You will have to write a PostAuthHook to calculate the value and add a Session-Timeout attribute with that value to the reply packet. You should beware of this however, as some NAS equipment will have trouble with large numeric values for Session-Timeout. YMMV. Is there a way I can configure radiator to dynamically set this attribute to return the end of the current month? A better way to deal with this problem may be to configure the NAS to send interim accounting packets (Accounting Alives), to periodically send updated accounting information. Many of our customers use this with services such as ADSL, semi-permanent ISDN, etc. hth Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) IPASS problems
Hello Kyle - Thanks for sending the files and the user to check - it makes life *much* easier when digging through debugs. There are at least two problems that I can see. The first is that you are doing an AuthBy DYNADDRESS for requests from iPASS. This is a problem because iPASS does their own address allocation and the addresses that you allocate will never be used and will never be freed (except by timing out). You should not allocate IP addresses to iPASS requests. The second problem is that there is confusion in the session database between the actual IP address of the NAS that sends the request, and the IP address of the iPASS host. You will need to decide whether you want to use a session database for iPASS users at all, and if so you will probably have to define a seperate session database for this purpose and use customised queries to make sure you use the correct IP addresses, etc. hth Hugh On Thursday 09 August 2001 03:02, Kyle wrote: Hugh, I have included the database entry for the iPass NAS machine, which has the same IP as the Radiator server, and a trace4 log file that was captured over the course of several hours today. One user that stands out and may make it easier for you to parse is tayer. I see two to three good log in's from him, and then it hits the session error. We are using version 2.18.2 of Radiator as well. Let me know what other information I can give you that would help in diagnosing and solving this problem. Hugh Irvine wrote: Hello Kyle - I would need to see a trace 4 debug from Radiator to see why a Stop record did not cause the deletion of that users record from the session database. The subsequent errors would seem to indicate that you have set a NasType in the Client clause, as that is the only time that Radiator will try to double check simultaneous use. BTW - what version of Radiator are you using? regards Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.