(RADIATOR) Dynamic Vars
In my radius config file I have: Client DEFAULT . . PreHandlerHook file:/etc/raddb/prehandler.radhook /Client In /etc/raddb/prehandler.radhook I have: . . $p-add_attr('CCC-DB',testdb); . For my SessionDB I try to reference my %{CCC-DB} variable: SessionDatabase SQL Identifier SDB DBSourcedbi:mysql:%{CCC-DB}:db1.domain.com . . But it appears I can't reference it as it comes up with an error: Wed Aug 20 19:28:01 2003: ERR: do failed for 'delete from RADONLINE where NASIDENTIFIER='203.63.154.1' and NASPORT=01234': No Database Selected So I'm assuming that you can only reference certain %{attr} in certain cases. I want to be able to use the same sessionDB template and have it reference different databases as determined by the PreHandlerHook. I don't want to build 50 different SessionDatabase ... statements for all of our customers (since they all have different DBs). How can I accomplish this? Same problem exists for AuthBy SQL DBSource directives. I want the Prehandler to choose the database to connect to. Any pointers? Thanks, Nick Rogness === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Radiator performance on various platforms.
On Tue, 9 Jul 2002, Brian Morris wrote: From: Karl Gaissmaier [EMAIL PROTECTED] you should tell us what Authentication schemes you wil be using. I think the performance is only comparable using the same auth schemes. We have radiator running under Solaris 9. Charly, I am hoping to use Solaris 9 / MySql to authenticate around 20,000 users on a Sun Enterprise 250 (2x400Mhz UltraSparc CPU's with 2Gb RAM) We have no problem authenticating about ~16000+ users on a single dual pentium-pro 200 running FreeBSD. This is all auth'd out of flat files for now (Working on AuthBy SQL). Of course, there are weird things that happen once in a while (Like Radiator Blocking when you are doing a large change on the Database)...but overall I'm fairly pleased with the performance. Keep in mind that radius packets are generally small in relation to other types of traffic. The accounting logs and session database are stored on a MySQL box with about 5G used. Nick Rogness [EMAIL PROTECTED] - Don't mind me...I'm just sniffing your packets === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Radiator bug?
There appears to be a bug of sorts in the RewriteFunction call. Under high loads, radiator would stop answering Access-Requests. THe udp recv buffers would pin out. After further inspection, a level 4 trace actually says everything was OK (Access-Accept) but the NAS would never receive the packet. After weeks of troubleshooting we nailed it down to the Rewritefunction we were using. Handler Isp-Id=domain.com-CHAP . . . # this line is wrapping RewriteFunction sub { my ($a) = shift; my ($n) = `/usr/local/bin/getvdomain-chap $a domain.com db1.gwtc.net db2.gwtc.net`; return $n;} . . . /Handler During this outage, sockstat (or lsof) would show that when /usr/local/bin/getvdomain-chap was running, it too was listening on udp 1645 and 1646. Keep in mind that during low traffic periods it would work like a charm... This happens on several different UNIX OS's. However, getvdomain actually is suppose to talk to a DB, pull an id out of the database, and authenticate based on the system password for that id. I shutoff all that functionality when we started having problems. So all it did was return the username and we authenticated off a flat users file. This did not resolve the problem. I finally had to use a RewriteUsername clause which fixed the problem temporarily: RewriteUsername s/^([^@]+).*/$1/ The funny thing is, it says it is actually working. The username is being rewritten properly, etc. It just stops working, radpwtst displays no reply during this time. As soon as traffic is shifted away, it recovers and starts working again. A packet dump on the wire reviels that some packets are getting back to the NAS...in the order of 2/50. Please advise as I can not find any documentation on RewriteFunction...did it get taken out of the documentation or something? Radiator version 2.18.4. Nick Rogness [EMAIL PROTECTED] - Don't mind me...I'm just sniffing your packets === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) MySQL corruption
It appears after every modification performed by Radiator to a MySQL DB, corrupts the tables (RADONLINE and ACCOUNTING). How do I resolve this without running a cron job to repair it every X minutes. Run a different DB like postgreSQL Using AuthBy SQL (for Accounting) and SessionDB's (for RADONLINE). Perl DBI version is 1.20 Perl DBD-mysql version is 2.1004 perl version is v5.6.1 built for i386-freebsd Radiator Version is 2.18.4 All on FreeBSD 4.4-STABLE. Nick Rogness [EMAIL PROTECTED] - Don't mind me...I'm just sniffing your packets === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) MySQL corruption
On Thu, 31 Jan 2002, Hugh Irvine wrote: Hello Nick - This is the first time I have heard of such a thing. Take a look: // First on DB server mngmt1# myisamchk -c ACCOUNTING.MYI Checking MyISAM file: ACCOUNTING.MYI Data records: 48 Deleted blocks: 0 - check file-size - check key delete-chain - check record delete-chain - check index reference - check data record references index: 1 // Test Radiator server # radpwtst -s $host -user nick -password nick -secret secret sending Access-Request... OK sending Accounting-Request Start... OK sending Accounting-Request Stop... OK // Now look at DB Server again mngmt1# myisamchk -c ACCOUNTING.MYI Checking MyISAM file: ACCOUNTING.MYI Data records: 50 Deleted blocks: 0 - check file-size myisamchk: error: Size of datafile is: 7776 Should be: 8100 - check key delete-chain - check record delete-chain - check index reference - check data record references index: 1 myisamchk: error: Found key at page 1024 that points to record outside datafile MyISAM-table 'ACCOUNTING.MYI' is corrupted Fix it using switch -r or -o I would suspect that there is a problem with either the version of MySQL and/or the version of DBD-mysql. You should probably check the MySQL web site and also do a google search (www.google.com). I will do some research... regards Hugh On Thu, 31 Jan 2002 09:29, Nick Rogness wrote: It appears after every modification performed by Radiator to a MySQL DB, corrupts the tables (RADONLINE and ACCOUNTING). How do I resolve this without running a cron job to repair it every X minutes. Run a different DB like postgreSQL Using AuthBy SQL (for Accounting) and SessionDB's (for RADONLINE). Perl DBI version is 1.20 Perl DBD-mysql version is 2.1004 perl version is v5.6.1 built for i386-freebsd Radiator Version is 2.18.4 All on FreeBSD 4.4-STABLE. Nick Rogness [EMAIL PROTECTED] - Don't mind me...I'm just sniffing your packets === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. Nick Rogness [EMAIL PROTECTED] - Don't mind me...I'm just sniffing your packets === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) CHAP detection
How do I detect if the NAS sends a CHAP versus PAP request? An idea was to see if {CHAP-Password} is defined in the current Access-Request Packet. Will that work? Nick Rogness [EMAIL PROTECTED] - Don't mind me...I'm just sniffing your packets === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Framed-IP to CVX
I come from a Livingston world where sending an attribute of: Framed-IP-Address = 255.255.255.254, Told the portmaster to choose an IP from its Address pool for the Framed-IP. How is this done using a users file for the CVX? Nick Rogness [EMAIL PROTECTED] - Don't mind me...I'm just sniffing your packets === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.