(RADIATOR) multilink problem.

[Cesar Garcia]

Hi all.

I am try to use multilink PPP 2, 3, 4 or more channels qith cisco as5260 and
radiator.(last version)

I am using radiator, to authenticate, ldap to store usernames, passwords,
etc, and mysql for ip asignament and accounting.

All is ok with 1 channel, but multilink have an error, 2 IPs are marked as 1
in the radpool table (one per channel).

How can i configure multilink correctly??



  Cesar Garcia.
  Dept. Sistemas, IdecNet S.A.
  Edificio IdecNet. C/Juan XXIII 44,
  Centro de Gestion de Red, E-35004,
  Las Palmas de Gran Canaria,
  Islas Canarias - Spain.
  Tfn:  +34 828 111 000 Ext: 340

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) MySQL connection failures

[Miguel A.L. Paraz]

On Mon, Aug 06, 2001 at 07:30:10PM +1000, Hugh Irvine wrote:
 What version of Radiator are you running? What version of Perl? What version 
 of DBI/DBD? What hardware/software platform? And when does the problem occur?

Radiator 2.18
Perl v.6.0
DBI 1.14
DBD::mysql 2.0415
MySQL 3.23.39
Linux kernel 2.2.19 on Pentium III 937 Mhz

 
 Could you also provide a copy of your configuration file (no secrets) 
 together with a trace 4 debug from Radiator showing the startup messages and 
 the problem occuring.

Fortunately, the problem did not recur so I won't be able to give trace 4 debug
messages.  Next time.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) multilink problem.

[Alessandro Chiolo]

 I am try to use multilink PPP 2, 3, 4 or more channels qith cisco as5260
and
 radiator.(last version)
 I am using radiator, to authenticate, ldap to store usernames, passwords,
 etc, and mysql for ip asignament and accounting.
 All is ok with 1 channel, but multilink have an error, 2 IPs are marked as
1
 in the radpool table (one per channel).
 How can i configure multilink correctly??

I see the same behaviour with our MAX TNT, so i think it's not NAS-related;
i've noticed that the ips are freed both correctly when the user
disconnects, so i thought i could live with it (the pool should have enough
IPs for all the channels used without multilink anyway, so this is not
really an issue). Of course if there's a clean solution i'd be glad to
implement it...

regards,
A.Chiolo

--
Alessandro Chiolo [EMAIL PROTECTED]
Network Manager, Easynet Italy
I'm Winston Wolf, I solve Problems.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

RE: (RADIATOR) IPASS problems

[Sola, Carlos Alberto]

Title: RE: (RADIATOR) IPASS problems





I have the same problem now, but when i was using a DEFAULT client (with nastype=ignore) it works fine



CAS



-Original Message-
From: Hugh Irvine [mailto:[EMAIL PROTECTED]]
Sent: Martes, 07 de Agosto de 2001 09:42 p.m.
To: Kyle; [EMAIL PROTECTED]
Subject: Re: (RADIATOR) IPASS problems




Hello Kyle -


I would need to see a trace 4 debug from Radiator to see why a Stop record 
did not cause the deletion of that users record from the session database.


The subsequent errors would seem to indicate that you have set a NasType in 
the Client clause, as that is the only time that Radiator will try to double 
check simultaneous use.


BTW - what version of Radiator are you using?


regards


Hugh


On Wednesday 08 August 2001 02:08, Kyle wrote:


  Hugh, or whoever else has an answer to this question:
 We are using IPASS authentication for our customers to be able to use
 remote NASs to dial into us, but not for other ISP's customers to use
 us as an access provider. The authentication for this is working great,
 and IPASS is authenticating against our radiator server. We are using
 radiators centralized user database to manage multiple sessions and such
 as well. Occasionaly when we have an user using IPASS, their session
 becomes frozen in the database. Our accounting record shows a stop,
 but it has not dropped from the session database. There are then errors
 similar to this in our logs:

 SDB1 Could not find a Client for NAS 206.115.158.21 to double-check
 Simultaneous-Use. Perhaps you do not have a reverse DNS for that NAS?

 NAS ip is always remote to our location, indicating it is an IPASS nas.
 Why is the session database not dropping the user correctly? Included is
 my realms.cfg file.



Content-Type: application/x-ns-proxy-autoconfig; charset=us-ascii; 
name=realms.cfg
Content-Transfer-Encoding: 7bit
Content-Description: 



-- 
Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) Configurations dudes...

[Cesar Garcia]

Hi Hugh.

I am System Admin and a big proyect has been charged to me...

We have 3 nodes interconecting with ATM.
In any node, we have cisco as5300, cisco 7505 and access for ADSL,
Modems and RDSI.
Our cisco register connections as Virtual, Async and ISDN respectively.

We want based our authentification system in LDAP for accounts
information (Username,Password,Permissions...) and SQL for pool
assignement and Session DATABASE.


In a 2 month, i get that auth with LDAP, Pool with SQL and Accounting in
SQL for this kind of acceses Async, ADSLs, and ISDN 1 channel.

Now , i am probing with 2 channel ISDN(Multilink), but i can see, that
any channel i up, assing 1 IP.

The NAS, use the second IP i up for virtual, and if i shutdown the
second channel, he free the second IP, that really is in use.

I am tryng to configure Session SQL, but i dont know how, i configure
SQL table how goodies define, but in the ref.pdf file, aren't examples.


We want that one radius in any node, use a local LDAP BD (that is
replied) (this is OK).
Use a central POOL BD with secondaries Mysqls BD for if principal BD
fail.( i dont know how)
Use session Database (i cant find information about it.)
Multilink, (how can i solution the problem of ips? 

This is my config file.

# ldap.cfg
#

#Foreground
#LogStdout  


Trace   4

#El puerto de radius authentication ha cambiado a 1812, 
#a tener en cuenta para el momento
#de probar, el puerto por defecto es el 1645
#AuthPort 1812

#El puerto de radius accounting ha cambiado a 1813,
#a tener en cuenta para el momento
#de probar, el puerto por defecto es el 1646
#AcctPort 1813


LogDir  /var/log/radius

DbDir   /var/radiator

LogFile %L/sys/%d-%m-%y-radiator.log

DictionaryFile /var/radiator/dictionary


# You will probably want to add other Clients to suit your site.
Client DEFAULT
Secret  mysecret
#Como actuar en caso de llamadas simultaneas, ignorar, tomamos por
defecto.
#   DupInterval 0
/Client

  SessionDatabase SQL
# Definimos el enlace para la base de datos de sesiones.
# Define el enlace, nombre de usuario y clave
Identifier PRINCIPAL
DBSource
dbi:mysql:database=acct;host=sistemas.idecnet.com
DBUsername acct
DBAuth h3lPm3n0w
AddQuery insert into RADONLINE (USERNAME, \
NASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP,\
FRAMEDADDRESS, PORTTYPE, \
SERVICETYPE) values ( %n ,  %N , %{NAS-Port}, 
%{Acct-Session-Id} , \
%{Timestamp},  %{Framed-IP-Address} ,  %{Port-Type} , 
%{Service-Type} )
  /SessionDatabase

AddressAllocator SQL
# This name allows us to refer to it from inside
# an AuthBy DYNADDRESS
Identifier PRINCIPAL

# For mysql, use something like this
DBSource dbi:mysql:database=radiator;host=ldap.idecnet.com
DBUsername  radiator
DBAuth  mypass

# If SessionTimeout is set by a previous AuthBy
# then that is used as the expiry time. Otherwise
# DefaultLeasePeriod (in seconds) is used.
# Defaults to 1 day
#DefaultLeasePeriod 86400

# How often we check the database for expired leases
# leases can expire if an acounting stop is lost
# or if the session goes longer than the lease
# we originally asked for. Defaults to 1 day.
LeaseReclaimInterval 86400

# Define the pools that are to be in our database
# defining pools here will make AddressAllocator SQL
# ensure that all the addresses are present in the database
# at startup. You dont have to define pools here. If you dont,
# AddressAllocator SQL will just use whatever addresses
# it finds in the RADPOOL table.
AddressPool pool1
Subnetmask  255.255.255.0
Range   212.xxx.xxx.129 212.xxx..xxx.140
/AddressPool
/AddressAllocator

Handler Acct-Status-Type = Stop 
AuthByPolicy ContinueWhileAccept
AcctLogFileName %L/acct/framed-%Y-%m-%d.detalle
AuthBy SQL
# Define el enlace, nombre de usuario y clave
DBSource
dbi:mysql:database=acct;host=sistemas.idecnet.com
DBUsername acct
DBAuth mypass
# Ignora los Auth y usa la tabla RADACCT para guardar
logs..
AuthSelect
AccountingStopsOnly
AccountingTable PPPUSERS
AcctColumnDef USERNAME,User-Name
AcctColumnDef NAS,NAS-IP-Address
AcctColumnDef ADDRESS,Framed-IP-Address
AcctColumnDef PORT,Cisco-NAS-Port
AcctColumnDef CALLERID,Calling-Station-Id
AcctColumnDef CALLEDID,Called-Station-Id
AcctColumnDef PROTOCOL,Framed-Protocol
AcctColumnDef PKTSIN,Acct-Input-Packets,integer

(RADIATOR) Undefined subroutine Radius::Radius::get_port

[Jaime Elizaga Jr.]

Hi Everyone!

I installed Slackware 8.0 on a new box. 
Perl5, MySQL and MD5 is installed by default by the Slackware Distro. I 
did not encounter installing Radiator, it passed all the test. I did a 
sample config and run radiusd and I got this response..


root# radiusdWed Aug 8 19:15:39 2001: 
DEBUG: Reading users file /usr/local/etc/blockedUndefined subroutine 
Radius::Radius::get_port called at /usr/bin/radiusd line 326.


My config is simple, just an auth by file.. 



--- start radius.cfg --- 

Foreground
LogStdoutTrace 
4AuthPort 
1645AcctPort 1646 
#AuthPort 
1812#AcctPort 1813 
LogDir 
/var/log/radiusLogFile 
/var/log/radius/%m/%d%Y-traceFingerProg 
/usr/bin/fingerPidFile 
/var/run/radius.pid
DictionaryFile 
/etc/radius/dictionarySnmpgetProg 
/usr/local/bin/snmpgetHandler  MaxSessions 
1  AcctLogFileName 
/var/log/radius/BlockNo/details 
WtmpFileName 
/var/log/radius/BlockNo/%u 
PasswordLogFileName 
/var/log/radius/BlockNo/%m%d%Y-passlog AuthBy 
FILE 
Filename 
/usr/local/etc/blocked 
/AuthBy/Handler

--- end radius.cfg 


What could this error mean?

Thanks in advance!

Jaime

Re: (RADIATOR) IPASS problems

[Kyle]

Hugh,
  I have included the database entry for the iPass NAS machine, which
has the same IP as the Radiator server, and a trace4 log file that was
captured over the course of several hours today. One user that stands
out and may make it easier for you to parse is tayer. I see two to
three good log in's from him, and then it hits the session error. We are
using version 2.18.2 of Radiator as well. Let me know what other
information I can give you that would help in diagnosing and solving
this problem.

Hugh Irvine wrote:
 
 Hello Kyle -
 
 I would need to see a trace 4 debug from Radiator to see why a Stop record
 did not cause the deletion of that users record from the session database.
 
 The subsequent errors would seem to indicate that you have set a NasType in
 the Client clause, as that is the only time that Radiator will try to double
 check simultaneous use.
 
 BTW - what version of Radiator are you using?
 
 regards
 
 Hugh

-- 
Kyle Hultman
[EMAIL PROTECTED]
Senior Network Engineer
Broadband Networks
(804) 817-7300 ext 305
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) Radiator and Juniper

[Imran Moin]

Hi all,

Does anyone know of the specific attributes that need
to be defined in the dictionary file for radiator to
be able to talk to Juniper router (M20). 

Thanks,
Imran.

__
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) Radiator and Juniper

[Hugh Irvine]

Hello Imran -

The standard Radiator dictionary should work for most things with Juniper 
hardware. You will have to check with Juniper if there are any 
vendor-specific attributes that they define, and if you find that there are 
some special Juniper attributes, please ask them for the definitions and send 
us a copy so we can add them to the distribution.

thanks

Hugh


On Thursday 09 August 2001 04:04, Imran Moin wrote:
 Hi all,

 Does anyone know of the specific attributes that need
 to be defined in the dictionary file for radiator to
 be able to talk to Juniper router (M20).

 Thanks,
 Imran.

 __
 Do You Yahoo!?
 Make international calls for as low as $.04/minute with Yahoo! Messenger
 http://phonecard.yahoo.com/
 ===
 Archive at http://www.open.com.au/archives/radiator/
 Announcements on [EMAIL PROTECTED]
 To unsubscribe, email '[EMAIL PROTECTED]' with
 'unsubscribe radiator' in the body of the message.

-- 
Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) Undefined subroutine Radius::Radius::get_port

[Hugh Irvine]

Hello Jaime -

On Thursday 09 August 2001 01:24, Jaime Elizaga Jr. wrote:

  Hi  Everyone!

 I installed Slackware 8.0 on a new box.  Perl5, MySQL and MD5 is installed
 by default by the Slackware Distro.  I did not encounter installing
 Radiator, it passed all the test.  I did a sample config and run radiusd
 and I got this response..


 root# radiusd
 Wed Aug  8 19:15:39 2001: DEBUG: Reading users file /usr/local/etc/blocked
 Undefined subroutine Radius::Radius::get_port called at /usr/bin/radiusd
 line 326.


It sounds like you have not done a make install for Radiator and you are 
running the radiusd command from a directory other than the Radiator 
distribution directory.

hth

Hugh


-- 
Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) Re: Configurations dudes...

[Hugh Irvine]

Hello Cesar -

You are really asking for consulting service here, so I have copied Joanne on 
this mail so she can send you the rates.

I will try to answer your questions, but if you want design and 
implementation work done it will have to be subject to a consulting contract.

On Thursday 09 August 2001 00:46, Cesar Garcia wrote:
 Hi Hugh.

 I am System Admin and a big proyect has been charged to me...

 We have 3 nodes interconecting with ATM.
 In any node, we have cisco as5300, cisco 7505 and access for ADSL,
 Modems and RDSI.
 Our cisco register connections as Virtual, Async and ISDN respectively.

 We want based our authentification system in LDAP for accounts
 information (Username,Password,Permissions...) and SQL for pool
 assignement and Session DATABASE.


 In a 2 month, i get that auth with LDAP, Pool with SQL and Accounting in
 SQL for this kind of acceses Async, ADSLs, and ISDN 1 channel.


Good work.

 Now , i am probing with 2 channel ISDN(Multilink), but i can see, that
 any channel i up, assing 1 IP.


An ISDN Multilink session should only use a single IP address. I suspect that 
you are not differentiating between the initial request and the subsequent 
request(s) and you are allocating an IP address each time. You should only 
allocate an IP address on the first request, and deallocate the address on 
the last channel disconnecting.

You will have to look at a trace 4 debug from Radiator to see what 
information is present in the requests, and set up the configuration file 
accordingly.

 The NAS, use the second IP i up for virtual, and if i shutdown the
 second channel, he free the second IP, that really is in use.


See above.

 I am tryng to configure Session SQL, but i dont know how, i configure
 SQL table how goodies define, but in the ref.pdf file, aren't examples.


There is an example in the sample configuration file called radius.cfg in 
the Radiator distribution.

Have a look at section 6.7 in the Radiator 2.18.2 manual.

What problem are you having?


 We want that one radius in any node, use a local LDAP BD (that is
 replied) (this is OK).
 Use a central POOL BD with secondaries Mysqls BD for if principal BD
 fail.( i dont know how)
 Use session Database (i cant find information about it.)
 Multilink, (how can i solution the problem of ips?


As mentioned above, if you would like me to help you with the design and 
implementation of your system, I am happy to do that, but you will have to 
contact Joanne for a consulting contract.

regards

Hugh


-- 
Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) CalledStation.pm and Identifier

[Hugh Irvine]

Hello Tom -

You should put the AuthBy clause before the CalledStationId clause, as 
Radiator does a single forward pass through the configuration file.

Ie. you have to define the AuthBy prior to refering to it in a Handler.

hth

Hugh

On Thursday 09 August 2001 10:13, Tom Daly wrote:

  Can someone look at this and tell my why this might result in the 
following
 error.

 CalledStationId DEFAULT
 AuthBy g4file
 /CalledStationId


 AuthBy FILE
 Identifier g4file
 Filename /usr/local/radius/etc/users
 /AuthBy

 This is the error:

 Wed Aug  8 19:50:26 2001: WARNING: Could not find an AuthBy clause with
 Identifier for AuthBy g4file Wed Aug  8 19:50:26 2001: DEBUG: Reading users
 file /usr/local/radius/etc/users Wed Aug  8 19:50:27 2001: INFO: Server
 started: Radiator 2.17.1 on admin.g4.net

 --Tom



 Tom Daly
 Network Operations Administrator
 G4 Communications Corp. / Metro2000 Internet Services
 E: [EMAIL PROTECTED] / W3: www.metro2000.net


Content-Type: text/html; charset=iso-8859-1; name=Attachment: 1
Content-Transfer-Encoding: quoted-printable
Content-Description: 


-- 
Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) Want to force a logoff at the end of a month

[Brian Morris]

Hi All,

If possible, I would like to return a max session time attribute to certain
customers to force them to logoff at the end of a calendar month (say at
23:59 on the last day of each month) this is so I can close off our
accounting files for billing purposes.

Is there a way I can configure radiator to dynamically set this attribute to
return the end of the current month?

Regards,  Brian Morris


===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

IMPORTANT Re: (RADIATOR) multilink problem.

[Hugh Irvine]

Hello Cesar, Hello Alessandro, Hello Everyone  -

The subject of multilink PPP (over ISDN or whatever) comes up now and again, 
so I thought it might be useful to explain a few things.

Firstly, there are two forms of utilising more than one link between two 
routers, either parallel IP links, or multi-link PPP. (For this discussion I 
will ignore bonded ISDN channels that some hardware supports, which in any 
case appears to both IP and PPP as a single link.)

In the case of parallel links, you essentially have completely seperate IP 
links and load sharing is accomplished by the IP routing protocol and/or the 
IP forwarding table. This is a layer 3 technology, implemented in the IP 
layer of the protocol stack. In this case, each link is handled completely 
seperately by the routers (or NAS(s)) and hence by Radiator.

In the case of Multilink PPP (over ISDN or whatever), the management of the 
multiple links is handled by PPP at layer 2. In this case, the IP layer only 
ever sees a single logical link. Problems occur in this scenario, because if 
the NAS is configured to do Radius authentication for each access request, 
then each additional channel that comes up in a Multilink PPP session will 
trigger a Radius authentication request (and probably subsequent accounting 
requests).

Obvioulsy, when dealing with the allocation of IP addresses and the 
maintenance of a session database, care is required to avoid problems such as 
allocating multiple IP addresses and incorrectly inserting and deleting user 
records.

Unfortunately, different NAS vendors implement the Radius protocol in 
different ways, so the only way to understand what the NAS is doing is to 
look at a trace 4 debug from Radiator (or the output from your favourite 
packet sniffer) to see what attributes are present in the initial access 
request, the subsequent access requests for additional Multilink PPP 
channels, and the related accounting packets.

Armed with the information gathered above, you can design a configuration 
file and a database schema to deal with the problems. Essentially what you 
are aiming to do is to recognise the initial access request from the NAS, and 
only allocate an IP address in response to the initial request. 

Accounting starts can either cause multiple records to be inserted into the 
session database (with link indicators), or the additional starts after the 
initial one can be used to increment a link count field in the user record. 
Accounting stops can be used in a similar fashion, to either decrement a link 
count in a user record, or only remove the corresponding record from the 
session database.

Finally, only the last accounting stop from the Multilink PPP session 
shutting down should be used to deallocate the IP address and remove the user 
record(s) from the session database.

Again, as each NAS does things differently, you will have to study the 
relevant NAS documentation and look at the corresponding Radius packet dumps 
to discover what information is actually in the various Radius requests. 

Once you have all of this information, you can design a suitable Radiator 
configuration file to do whatever is required.

As always, I am happy to answer questions and to assist in any way.

regards

Hugh


On Wednesday 08 August 2001 20:31, Alessandro Chiolo wrote:
  I am try to use multilink PPP 2, 3, 4 or more channels qith cisco as5260

 and

  radiator.(last version)
  I am using radiator, to authenticate, ldap to store usernames, passwords,
  etc, and mysql for ip asignament and accounting.
  All is ok with 1 channel, but multilink have an error, 2 IPs are marked
  as

 1

  in the radpool table (one per channel).
  How can i configure multilink correctly??

 I see the same behaviour with our MAX TNT, so i think it's not NAS-related;
 i've noticed that the ips are freed both correctly when the user
 disconnects, so i thought i could live with it (the pool should have enough
 IPs for all the channels used without multilink anyway, so this is not
 really an issue). Of course if there's a clean solution i'd be glad to
 implement it...

 regards,
 A.Chiolo

 --
 Alessandro Chiolo [EMAIL PROTECTED]
 Network Manager, Easynet Italy
 I'm Winston Wolf, I solve Problems.

 ===
 Archive at http://www.open.com.au/archives/radiator/
 Announcements on [EMAIL PROTECTED]
 To unsubscribe, email '[EMAIL PROTECTED]' with
 'unsubscribe radiator' in the body of the message.

-- 
Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) IPASS problems

[Hugh Irvine]

Hello Carlos -

Could you provide a little more detail please?

thanks

Hugh


On Wednesday 08 August 2001 23:00, Sola, Carlos Alberto wrote:

  I have the same problem now, but when i was using a DEFAULT client (with
 nastype=ignore) it works fine


 CAS


 -Original Message-
 From: Hugh Irvine [mailto:[EMAIL PROTECTED]]
 Sent: Martes, 07 de Agosto de 2001 09:42 p.m.
 To: Kyle; [EMAIL PROTECTED]
 Subject: Re: (RADIATOR) IPASS problems



 Hello Kyle -

 I would need to see a trace 4 debug from Radiator to see why a Stop record
 did not cause the deletion of that users record from the session database.

 The subsequent errors would seem to indicate that you have set a NasType in
 the Client clause, as that is the only time that Radiator will try to
 double

 check simultaneous use.

 BTW - what version of Radiator are you using?

 regards

 Hugh

 On Wednesday 08 August 2001 02:08, Kyle wrote:
   Hugh, or whoever else has an answer to this question:
 
  We are using IPASS authentication for our customers to be able to use
  remote NASs to dial into us, but not for other ISP's customers to use
  us as an access provider. The authentication for this is working great,
  and IPASS is authenticating against our radiator server. We are using
  radiators centralized user database to manage multiple sessions and such
  as well. Occasionaly when we have an user using IPASS, their session
  becomes frozen in the database. Our accounting record shows a stop,
  but it has not dropped from the session database. There are then errors
  similar to this in our logs:
 
  SDB1 Could not find a Client for NAS 206.115.158.21 to double-check
  Simultaneous-Use. Perhaps you do not have a reverse DNS for that NAS?
 
  NAS ip is always remote to our location, indicating it is an IPASS nas.
  Why is the session database not dropping the user correctly? Included is
  my realms.cfg file.

 
 Content-Type: application/x-ns-proxy-autoconfig; charset=us-ascii;
 name=realms.cfg
 Content-Transfer-Encoding: 7bit
 Content-Description:
 


Content-Type: text/html; charset=iso-8859-1; name=Attachment: 1
Content-Transfer-Encoding: 7bit
Content-Description: 


-- 
Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) Want to force a logoff at the end of a month

[Hugh Irvine]

Hello Brian -

On Thursday 09 August 2001 12:05, Brian Morris wrote:
 Hi All,

 If possible, I would like to return a max session time attribute to certain
 customers to force them to logoff at the end of a calendar month (say at
 23:59 on the last day of each month) this is so I can close off our
 accounting files for billing purposes.


You will have to write a PostAuthHook to calculate the value and add a 
Session-Timeout attribute with that value to the reply packet.

You should beware of this however, as some NAS equipment will have trouble 
with large numeric values for Session-Timeout. YMMV.

 Is there a way I can configure radiator to dynamically set this attribute
 to return the end of the current month?


A better way to deal with this problem may be to configure the NAS to send 
interim accounting packets (Accounting Alives), to periodically send updated 
accounting information. Many of our customers use this with services such as 
ADSL, semi-permanent ISDN, etc.

hth

Hugh


-- 
Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) IPASS problems

[Hugh Irvine]

Hello Kyle -

Thanks for sending the files and the user to check - it makes life *much* 
easier when digging through debugs.

There are at least two problems that I can see.

The first is that you are doing an AuthBy DYNADDRESS for requests from iPASS. 
This is a problem because iPASS does their own address allocation and the 
addresses that you allocate will never be used and will never be freed 
(except by timing out). You should not allocate IP addresses to iPASS 
requests.

The second problem is that there is confusion in the session database between 
the actual IP address of the NAS that sends the request, and the IP address 
of the iPASS host. You will need to decide whether you want to use a session 
database for iPASS users at all, and if so you will probably have to define a 
seperate session database for this purpose and use customised queries to make 
sure you use the correct IP addresses, etc.

hth

Hugh


On Thursday 09 August 2001 03:02, Kyle wrote:
 Hugh,
   I have included the database entry for the iPass NAS machine, which
 has the same IP as the Radiator server, and a trace4 log file that was
 captured over the course of several hours today. One user that stands
 out and may make it easier for you to parse is tayer. I see two to
 three good log in's from him, and then it hits the session error. We are
 using version 2.18.2 of Radiator as well. Let me know what other
 information I can give you that would help in diagnosing and solving
 this problem.

 Hugh Irvine wrote:
  Hello Kyle -
 
  I would need to see a trace 4 debug from Radiator to see why a Stop
  record did not cause the deletion of that users record from the session
  database.
 
  The subsequent errors would seem to indicate that you have set a NasType
  in the Client clause, as that is the only time that Radiator will try to
  double check simultaneous use.
 
  BTW - what version of Radiator are you using?
 
  regards
 
  Hugh

-- 
Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.