(RADIATOR) Re: Link down Radiator at far end of the link showing user logged
Hello - You may want to consider enabling Radius Accounting Alives on your NAS equipment, and using the Alive packets for your biling purposes. There isn't anything that can be done in Radiator to verify NAS operation, and hence correct and/or collect billing information. regards Hugh On Thursday 09 August 2001 16:03, cistron wrote: Thanks Irvine, but if the NAS cannot be restarted due to some problems, then the Radiator will continously show that the users are logged on and they will be billed for those hours they have not used. Can you kindly suggest some solution. Thanks and Regards. Hugh Irvine wrote: Hello - On Wednesday 08 August 2001 21:42, cistron wrote: Dear friends, My Radiator Server and NAS client are at different location connected by lease line. In case the link goes down all those users who are connected from that link are shown as connected although they are not connected any more. Can Radiator do some polling to check whether the client is dead or alive. I am not sure what you are asking here. Normally, Radiator acts only as a server - it never checks whether a NAS is there or not. Just because the link between the Radiator host and the NAS goes down, it does not mean that users are disconnected from the NAS. If the NAS itself does go down, Radiator will receive a startup message from it when it restarts, and will clear the session database for the NAS automatically. If you want to do network health checks, you should probably look at some sort of network monitoring software (via SNMP or whatever). regards Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) filtered logs?
On 9 Aug 2001, at 12:15, Hugh Irvine wrote: the only way to understand what the NAS is doing is to look at a trace 4 debug from Radiator (or the output from your favourite packet sniffer) to see what attributes are present This may either be a help enquiry or a request for a new feature. ;) As noted above there are many instances were a high level trace of transactions for a particular user (or, in this case, for the class of users doing multilink PPP) are required to troubleshoot a config - or indeed just a user with a login problem. However, I find that in trying to follow the transactions for a single user on a production service with reasonably high traffic levels, I'm wading through loads of irrelevant transactions in trying to reconstruct the sequence of communications for a single user. What would be particularly useful is to be able to specify a temporary logfile which could be filtered for a particular username, or a particular class of connection, or a particular realm - as flexible as possible really. Then I could leave my standard logging as it is, and just have a *relevant* trace 4 or 5 for the particular problem I'm looking at for as long as I need it. I've faked this in the past by creating a troubleshooting realm and asking only the user with a problem to try connecting with that realm. Then I can test each of our AuthBY methods one at a time by altering the realm config, and generate a realm-specific log. But its a long-winded way to achieve it, and an artificial setup. (and I can't get a level 4 or 5 trace for the realm without increasing the 'global' level correspondingly and altering all my main logs for as long as I test). Are any alternatives possible? M. -- Mark O'Leary, Manchester Computing, UK PGP Key and Further Details: http://lucy.mcc.ac.uk/mark/mark.html === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR)
Good Morning, Ive been trying to bring up a second server to service a remote POP as a local Radius Server. Whenever Ive brought up the POP, which consists of 30 PRIs worth of lines (690 lines) things will work fine it seems, for a while, then all of the sudden we have only 1 out of 10 at best getting on. The rest show on our Bay Terminal servers as a call in progress, still waiting for a Radius Response of Yes or Not. That is, it shows a call but no username yet. On the radius log side we seem to get radius.log entries that users are being Authenticated and Accepted whom never make it on (Thus those no named entries on our Terminal Servers). So it sounds as if the Term Servers are sending the Auth Requests, Radius Server is getting it, and the Reply is never getting there perhaps. The Term Servers Are Bay Networks 5399s and the Radius Server is on a Sparc running Solaris 2.7 Can you tell me the step by step way to Intelligently get to the bottom of whats happening when this goes on? Id Imagine a combination of Trace 4 logs, and an Ethernet Sniffer on both sides to be assured traffic is making it back and forth. But as you have more then likely run into this before, Id like to hear thoughts on getting to the root of it the fastest and 'Gotchas' to be looking out for. Thanks much === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Multilink problem...
Hi all... I am using pool in sql, and i have problems with IPs and multilink... With my as5260 i obtain this access request for first channel.. Thu Aug 9 14:58:33 2001: DEBUG: Packet dump: *** Received from 212.64.160.x port 1645 Code: Access-Request Identifier: 9 Authentic: 209196245193206145253$183 Attributes: NAS-IP-Address = 212.64.160.x NAS-Port = 2 NAS-Port-Type = ISDN User-Name = cegara Called-Station-Id = 828111600 Calling-Station-Id = 928297265 User-Password = wegwegeg Service-Type = Framed-User Framed-Protocol = PPP And all is OK. Now i have to diference the next link, but the access request of my NAS is identic : Thu Aug 9 14:58:39 2001: DEBUG: Packet dump: *** Received from 212.64.160.x port 1645 Code: Access-Request Identifier: 12 Authentic: 8185].g224 Attributes: NAS-IP-Address = 212.64.160.x NAS-Port = 20001 NAS-Port-Type = ISDN User-Name = cegara Called-Station-Id = 828111600 Calling-Station-Id = 928297265 User-Password = 223255Mq Service-Type = Framed-User Framed-Protocol = PPP This is a second channel, why the access-request is identic? any special configuration for the NAS to send a multilink advice in the access-request? Best regards... Cesar Garcia. Dept. Sistemas, IdecNet S.A. Edificio IdecNet. C/Juan XXIII 44, Centro de Gestion de Red, E-35004, Las Palmas de Gran Canaria, Islas Canarias - Spain. Tfn: +34 828 111 000 Ext: 340 === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Two Accounting tables!!!
hello !!!
can i have two different accounting tables?
Here is what i am doing:-
i have two types of customers, Prepaid and the other is flat rate.
when the Prepaid users when they connect for the first time their start date
and expiry date are set and also the balance time gets deducted for every
session and the session information is stored in accountingtable.
when the flat rate customer connects only session information is to be
stored.
but since right now the AcctSQLStatement are one after the other, all of
them gets executed!
I want to separate this, any way to do it!
i have giving the sample configuration that i would ideally like to have!
(this one is not working though!)
here the accounting information of even FLAT RATE customers is going in
ACCOUNTINGTABLE instead OPTIGOLDACCOUNTING
so eventually when flat rate customers disconnects there are about 4 queries
which get executed unnecessarily (want to avoid this too)!
regards
Hakim
SAMPLE CONFIGURATOIN
AuthBy SQL
Identifier SQLAuthentication1
DBSourcedbi:ODBC:radius
DBUsername radius
DBAuth radius
# this is for the prepaid users
AuthSelect select PASSWORD,BALANCETIME from AUTHENTICATIONTABLE where
\
(USERNAME='%n' and BALANCETIME 0)
AuthColumnDef 0,Password,check
AuthColumnDef 1,Session-Timeout,reply
AddToReply Service-Type = Framed,Framed-Protocol = PPP
AccountingStopsOnly
AccountingTable ACCOUNTINGTABLE
AcctColumnDef USERNAME,User-Name
AcctColumnDef CALLDATE,Timestamp,integer-date
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type,integer
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef \
ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTTERMINATECAUSE,Acct_Terminate-Cause
AcctColumnDef NASIDENTIFIER,NAS-Identifier
AcctColumnDef NASIDENTIFIER,NAS-IP-Address
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef CLIENTIPADDRESS,Framed-IP-Address
#this is for the prepaid users
AcctSQLStatement update AUTHENTICATIONTABLE set BALANCETIME =
BALANCETIME-%{Acct-Session-Time} where USERNAME = '%n'
#couple of more sql statements here to set the startdate and expiry date on
first user
#AcctSQLStatement update authenticationtable set expriydate = GetDate() +
30 .
/AuthBy
AuthBy SQL
IdentifierSQLAuthentication2
DBSourcedbi:ODBC:radius
DBUsername radius
DBAuth radius
#this is for the flat rate customers
AuthSelect select password from CUSTOMERS where username='%n'
AuthColumnDef0,Password,check
AccountingStopsOnly
AccountingTable OPTIGOLDACCOUNTING
AcctColumnDef USERNAME,User-Name
AcctColumnDef CALLDATE,Timestamp,integer-date
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type,integer
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef \
ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTTERMINATECAUSE,Acct_Terminate-Cause
AcctColumnDef NASIDENTIFIER,NAS-Identifier
AcctColumnDef NASIDENTIFIER,NAS-IP-Address
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef CLIENTIPADDRESS,Framed-IP-Address
/AuthBy
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
(RADIATOR) SNMP
hello!!! i am installing perl on windows 2K server. have installed ActivePerl, any ideas on which module to install for SNMP. regards Hakim === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Radus Proxy
Hi Guys, Well, I got my wholesale system working great! Thanks for all the help Hugh. Anyways, I have a few wholesalers who have decided that they want to have backup radius proxy servers. This is how I am doing it. AuthBy GROUP Identifier AuthDNIS RewriteUsername s/^NET\/(.*)$/$1/ AuthBy RADIUS Host 216.177.x.xxx,216.177.x.yyy Secret G4-Net AuthPort 1645 AcctPort 1646 Retries 2 RetryTimeout 2 FailureBackoffTime 60 /AuthBy AuthLog fail AuthLog login RejectHasReason/AuthBy The primary server works in this case, but when the primary goes down, the backup does indeed start recieving requests, however, users do not get authenticated. The secondary server does authenticate the request, but Radiator does not pass the access accept through. Any ideas anyone? --Tom Tom DalyNetwork Operations AdministratorG4 Communications Corp. / Metro2000 Internet ServicesE: [EMAIL PROTECTED] / W3: www.metro2000.net
Re: (RADIATOR) SNMP
Hello Hakim - On Friday 10 August 2001 03:53, Hakim Tass wrote: hello!!! i am installing perl on windows 2K server. have installed ActivePerl, any ideas on which module to install for SNMP. This is from section 6.13 in the Radiator 2.18.2 reference manual: SNMPAgent requires SNMP_Session-0.68.tar.gz or later from ftp://ftp.switch.ch/software/sources/network/snmp/perl/ to be installed first. Tested with versions up to version SNMP_Session-0.83 You will have to check on the ActiveState web pages to see if they have a copy of this module, otherwise you will have to build it yourself. regards Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) filtered logs?
Hello Mark - Advanced logging features in Radiator have been requested quite often, and adding this functionality is on our list of things to do. However, it will probably only happen in Radiator 3.0 when we implement multi-threading and Diameter support (ie. it is some way off still). In the meantime you could use a Log SQL perhaps? Although I personally find grep to be as good as anything, and I agree that wading through large log files is not fun. regards Hugh On Thursday 09 August 2001 20:01, Mark O'Leary wrote: On 9 Aug 2001, at 12:15, Hugh Irvine wrote: the only way to understand what the NAS is doing is to look at a trace 4 debug from Radiator (or the output from your favourite packet sniffer) to see what attributes are present This may either be a help enquiry or a request for a new feature. ;) As noted above there are many instances were a high level trace of transactions for a particular user (or, in this case, for the class of users doing multilink PPP) are required to troubleshoot a config - or indeed just a user with a login problem. However, I find that in trying to follow the transactions for a single user on a production service with reasonably high traffic levels, I'm wading through loads of irrelevant transactions in trying to reconstruct the sequence of communications for a single user. What would be particularly useful is to be able to specify a temporary logfile which could be filtered for a particular username, or a particular class of connection, or a particular realm - as flexible as possible really. Then I could leave my standard logging as it is, and just have a *relevant* trace 4 or 5 for the particular problem I'm looking at for as long as I need it. I've faked this in the past by creating a troubleshooting realm and asking only the user with a problem to try connecting with that realm. Then I can test each of our AuthBY methods one at a time by altering the realm config, and generate a realm-specific log. But its a long-winded way to achieve it, and an artificial setup. (and I can't get a level 4 or 5 trace for the realm without increasing the 'global' level correspondingly and altering all my main logs for as long as I test). Are any alternatives possible? M. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Radus Proxy
Hello Tom - As usual, I will need to see all three configuration files (no secrets) together with trace 4 debugs from Radiator on all hosts showing the problem. I would suspect however, either a missing Client clause or a misconfigured shared secret on the second radius proxy target (second Host listed). regards Hugh On Friday 10 August 2001 08:04, Tom Daly wrote: Hi Guys, Well, I got my wholesale system working great! Thanks for all the help Hugh. Anyways, I have a few wholesalers who have decided that they want to have backup radius proxy servers. This is how I am doing it. AuthBy GROUP Identifier AuthDNIS RewriteUsername s/^NET\/(.*)$/$1/ AuthBy RADIUS Host 216.177.x.xxx,216.177.x.yyy Secret G4-Net AuthPort 1645 AcctPort 1646 Retries 2 RetryTimeout 2 FailureBackoffTime 60 /AuthBy AuthLog fail AuthLog login RejectHasReason /AuthBy The primary server works in this case, but when the primary goes down, the backup does indeed start recieving requests, however, users do not get authenticated. The secondary server does authenticate the request, but Radiator does not pass the access accept through. Any ideas anyone? --Tom Tom Daly Network Operations Administrator G4 Communications Corp. / Metro2000 Internet Services E: [EMAIL PROTECTED] / W3: www.metro2000.net Content-Type: text/html; charset=iso-8859-1; name=Attachment: 1 Content-Transfer-Encoding: quoted-printable Content-Description: -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Multilink problem...
Hello Cesar - This is really a question for Cisco, but when you get an answer from them please let us know so everyone can benefit. I do notice however, that the second request does have a different Nas-Port number, so the requests are not identical. It may be that you can check your session database and if there is already an entry for that NAS and a different Nas-Port, then you can assume that this is a multilink request (although you will need to be careful of prior lost stop packets). You could also perhaps reply with a different Class attribute in each case so you know which is which. Class = channel1 Class = channel2 hth Hugh On Friday 10 August 2001 00:17, Cesar Garcia wrote: Hi all... I am using pool in sql, and i have problems with IPs and multilink... With my as5260 i obtain this access request for first channel.. Thu Aug 9 14:58:33 2001: DEBUG: Packet dump: *** Received from 212.64.160.x port 1645 Code: Access-Request Identifier: 9 Authentic: 209196245193206145253$183 Attributes: NAS-IP-Address = 212.64.160.x NAS-Port = 2 NAS-Port-Type = ISDN User-Name = cegara Called-Station-Id = 828111600 Calling-Station-Id = 928297265 User-Password = wegwegeg Service-Type = Framed-User Framed-Protocol = PPP And all is OK. Now i have to diference the next link, but the access request of my NAS is identic : Thu Aug 9 14:58:39 2001: DEBUG: Packet dump: *** Received from 212.64.160.x port 1645 Code: Access-Request Identifier: 12 Authentic: 8185].g224 Attributes: NAS-IP-Address = 212.64.160.x NAS-Port = 20001 NAS-Port-Type = ISDN User-Name = cegara Called-Station-Id = 828111600 Calling-Station-Id = 928297265 User-Password = 223255Mq Service-Type = Framed-User Framed-Protocol = PPP This is a second channel, why the access-request is identic? any special configuration for the NAS to send a multilink advice in the access-request? Best regards... Cesar Garcia. Dept. Sistemas, IdecNet S.A. Edificio IdecNet. C/Juan XXIII 44, Centro de Gestion de Red, E-35004, Las Palmas de Gran Canaria, Islas Canarias - Spain. Tfn: +34 828 111 000 Ext: 340 === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Client and DefaultRealm
Hello Charles - Your understanding of DefaultRealm is incorrect. The DefaultRealm is only added to usernames with _no_ realm present in the request, which of course will never be the case with IPass (by definition IPass users all have realms, otherwise the request would never get to you). BTW - I would check with IPass to see why they are sending you requests for [EMAIL PROTECTED], if you have only specified [EMAIL PROTECTED]. I would suggest you use a RewriteUsername in the Client clause to always force the correct realm. # define IPass client Client RewriteUsername s/^([^@]+).*/$[EMAIL PROTECTED]/ . /Client Have a look at section 6.5.2 in the Radiator reference manual. regards Hugh On Friday 10 August 2001 08:00, Charles Sprickman wrote: Hi, We just got a big IPass bill for a user that's not 'enabled' for IPass. The way I'm forcing IPass users into a particular handler goes like so: # client for IPASS Client 216.223.192.x Secret DefaultRealm roam.inch.com /Client I assume this means that any request coming from the IPass server is re-written to be [EMAIL PROTECTED], regardless of what the user has entered as a realm. A handler farther down for the realm: Handler Realm=roam.inch.com # you have to get rid of everything after the @ RewriteUsername s/^([^@]+).*/$1/ SessionDatabase SDB_mysql # set high as IPass seems to drop acct-stops MaxSessions 3 AuthByPolicyContinueWhileReject # stick the accounting records in their own table # for now, run scripts to look for big usage, mail # daily usage summary, etc. AuthBy SQL_acctonly_ipass AuthBy Ipass_User # call an external program to open up mail relaying for # this user PostAuthHookfile:%D/pop-auth.pm /Handler The AuthBy Ipass_User: # This defines which Unix groups are allowed to dial via IPass. AuthBy FILE Identifier Ipass_User Filename/usr/local/etc/radiator/users_ipass /AuthBy My assumption here is that anything coming from the IPass client (which is just a box running their server that relays auth to them) will be tagged with the realm roam.inch.com, but it's not. The user specified the realm inch.com, which does exist, and passed right on to the handler for the inch.com realm and got in. There's no trace of them in our seperate accounting-only db that the roam.inch.com handler uses. I'll note that if the user does enter roam.inch.com as the realm, everything works as expected. If the user doesn't have an entry in the ipass users file, they are rejected. If they do, they are allowed in. Is the DefaultRealm Client clause broken? Or am I just going about this the completely wrong way? This is radiator 2.18.2. Thanks, Charles | Charles Sprickman | Internet Channel | INCH System Administration Team| (212)243-5200 | [EMAIL PROTECTED] | [EMAIL PROTECTED] === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR)
Hello Ron - I will need to see a copy of the configuration file (no secrets) together with a trace 4 debug from Radiator showing what is happening. thanks Hugh On Thursday 09 August 2001 21:17, Ron Hensley wrote: Good Morning, Ive been trying to bring up a second server to service a remote POP as a local Radius Server. Whenever Ive brought up the POP, which consists of 30 PRIs worth of lines (690 lines) things will work fine it seems, for a while, then all of the sudden we have only 1 out of 10 at best getting on. The rest show on our Bay Terminal servers as a call in progress, still waiting for a Radius Response of Yes or Not. That is, it shows a call but no username yet. On the radius log side we seem to get radius.log entries that users are being Authenticated and Accepted whom never make it on (Thus those no named entries on our Terminal Servers). So it sounds as if the Term Servers are sending the Auth Requests, Radius Server is getting it, and the Reply is never getting there perhaps. The Term Servers Are Bay Networks 5399s and the Radius Server is on a Sparc running Solaris 2.7 Can you tell me the step by step way to Intelligently get to the bottom of whats happening when this goes on? Id Imagine a combination of Trace 4 logs, and an Ethernet Sniffer on both sides to be assured traffic is making it back and forth. But as you have more then likely run into this before, Id like to hear thoughts on getting to the root of it the fastest and 'Gotchas' to be looking out for. Thanks much === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Two Accounting tables!!!
Hello Hakim -
You can certainly have two different accounting tables, but I will need to
see a copy of your configuration file (no secrets) to be able to suggest the
best way to implement it.
It is usually simplest to use Handlers and deal with accounting and
authorisation seperately, and use the Class attribute to identify the
accounting packets correctly.
regards
Hugh
On Friday 10 August 2001 03:50, Hakim Tass wrote:
hello !!!
can i have two different accounting tables?
Here is what i am doing:-
i have two types of customers, Prepaid and the other is flat rate.
when the Prepaid users when they connect for the first time their start
date and expiry date are set and also the balance time gets deducted for
every session and the session information is stored in accountingtable.
when the flat rate customer connects only session information is to be
stored.
but since right now the AcctSQLStatement are one after the other, all of
them gets executed!
I want to separate this, any way to do it!
i have giving the sample configuration that i would ideally like to have!
(this one is not working though!)
here the accounting information of even FLAT RATE customers is going in
ACCOUNTINGTABLE instead OPTIGOLDACCOUNTING
so eventually when flat rate customers disconnects there are about 4
queries which get executed unnecessarily (want to avoid this too)!
regards
Hakim
SAMPLE CONFIGURATOIN
###
#
AuthBy SQL
Identifier SQLAuthentication1
DBSourcedbi:ODBC:radius
DBUsername radius
DBAuth radius
# this is for the prepaid users
AuthSelect select PASSWORD,BALANCETIME from AUTHENTICATIONTABLE where
\
(USERNAME='%n' and BALANCETIME 0)
AuthColumnDef 0,Password,check
AuthColumnDef 1,Session-Timeout,reply
AddToReply Service-Type = Framed,Framed-Protocol = PPP
AccountingStopsOnly
AccountingTable ACCOUNTINGTABLE
AcctColumnDef USERNAME,User-Name
AcctColumnDef CALLDATE,Timestamp,integer-date
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type,integer
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef \
ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTTERMINATECAUSE,Acct_Terminate-Cause
AcctColumnDef NASIDENTIFIER,NAS-Identifier
AcctColumnDef NASIDENTIFIER,NAS-IP-Address
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef CLIENTIPADDRESS,Framed-IP-Address
#this is for the prepaid users
AcctSQLStatement update AUTHENTICATIONTABLE set BALANCETIME =
BALANCETIME-%{Acct-Session-Time} where USERNAME = '%n'
#couple of more sql statements here to set the startdate and expiry date
on first user
#AcctSQLStatement update authenticationtable set expriydate = GetDate() +
30 .
/AuthBy
AuthBy SQL
Identifier SQLAuthentication2
DBSourcedbi:ODBC:radius
DBUsername radius
DBAuth radius
#this is for the flat rate customers
AuthSelect select password from CUSTOMERS where username='%n'
AuthColumnDef0,Password,check
AccountingStopsOnly
AccountingTable OPTIGOLDACCOUNTING
AcctColumnDef USERNAME,User-Name
AcctColumnDef CALLDATE,Timestamp,integer-date
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type,integer
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef \
ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTTERMINATECAUSE,Acct_Terminate-Cause
AcctColumnDef NASIDENTIFIER,NAS-Identifier
AcctColumnDef NASIDENTIFIER,NAS-IP-Address
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef CLIENTIPADDRESS,Framed-IP-Address
/AuthBy
###
#
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL
