(RADIATOR) Dynamic Vars

2003-08-21 Thread Nick Rogness 

In my radius config file I have:

Client DEFAULT
.
.
PreHandlerHook file:/etc/raddb/prehandler.radhook
/Client


In /etc/raddb/prehandler.radhook I have:

.
.
$p-add_attr('CCC-DB',testdb);
.


For my SessionDB I try to reference my %{CCC-DB} variable:

SessionDatabase SQL
Identifier  SDB
DBSourcedbi:mysql:%{CCC-DB}:db1.domain.com
.
.

But it appears I can't reference it as it comes up with an error:

Wed Aug 20 19:28:01 2003: ERR: do failed for 'delete from RADONLINE where
NASIDENTIFIER='203.63.154.1' and NASPORT=01234': No Database Selected

So I'm assuming that you can only reference certain %{attr} in certain
cases.  I want to be able to use the same sessionDB template and have it
reference different databases as determined by the PreHandlerHook.  I
don't want to build 50 different SessionDatabase ... statements for all
of our customers (since they all have different DBs).  How can I
accomplish this?

Same problem exists for AuthBy SQL DBSource directives.  I want the
Prehandler to choose the database to connect to.  Any pointers?

Thanks,

Nick Rogness

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) Radiator performance on various platforms.

2002-07-09 Thread Nick Rogness 

On Tue, 9 Jul 2002, Brian Morris wrote:

 From: Karl Gaissmaier [EMAIL PROTECTED]
  you should tell us what Authentication schemes you wil be using. I think
  the performance is only comparable using the same auth schemes.
  We have radiator running under Solaris 9.
 
 Charly,
 
 I am hoping to use Solaris 9 / MySql to authenticate around 20,000
 users on a Sun Enterprise 250 (2x400Mhz UltraSparc CPU's with 2Gb RAM)

We have no problem authenticating about ~16000+ users on a single
dual pentium-pro 200 running FreeBSD.  This is all auth'd out of
flat files for now (Working on AuthBy SQL).  Of course, there are
weird things that happen once in a while (Like Radiator Blocking
when you are doing a large change on the Database)...but overall
I'm fairly pleased with the performance.

Keep in mind that radius packets are generally small in relation
to other types of traffic.

The accounting logs and session database are stored on a MySQL box
with about 5G used.

Nick Rogness [EMAIL PROTECTED]
 - Don't mind me...I'm just sniffing your packets



===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) Radiator bug?

2002-02-26 Thread Nick Rogness 


There appears to be a bug of sorts in the RewriteFunction call.  Under
high loads, radiator would stop answering Access-Requests.  THe udp recv
buffers would pin out.  After further inspection, a level 4 trace
actually says everything was OK (Access-Accept) but the NAS would never
receive the packet.  After weeks of troubleshooting we nailed it down to
the Rewritefunction we were using.

Handler Isp-Id=domain.com-CHAP

.
.
.
# this line is wrapping
RewriteFunction sub { my ($a) = shift; my ($n) = 
`/usr/local/bin/getvdomain-chap $a domain.com db1.gwtc.net 
db2.gwtc.net`; return $n;}
.
.
.
/Handler


During this outage, sockstat (or lsof) would show that when
/usr/local/bin/getvdomain-chap was running, it too was listening on udp
1645 and 1646.  Keep in mind that during low traffic periods it would work
like a charm...

This happens on several different UNIX OS's.

However, getvdomain actually is suppose to talk to a DB, pull an id out of
the database, and authenticate based on the system password for that id.
I shutoff all that functionality when we started having problems. So all
it did was return the username and we authenticated off a flat users file.
This did not resolve the problem.

I finally had to use a RewriteUsername clause which fixed the problem
temporarily:
 
RewriteUsername s/^([^@]+).*/$1/

The funny thing is, it says it is actually working.  The username is being
rewritten properly, etc.  It just stops working, radpwtst displays no
reply during this time.  As soon as traffic is shifted away, it recovers
and starts working again.  A packet dump on the wire reviels that some
packets are getting back to the NAS...in the order of 2/50.

Please advise as I can not find any documentation on RewriteFunction...did
it get taken out of the documentation or something?

Radiator version 2.18.4.


Nick Rogness [EMAIL PROTECTED]
 - Don't mind me...I'm just sniffing your packets

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) MySQL corruption

2002-01-30 Thread Nick Rogness 


It appears after every modification performed by Radiator to a MySQL DB, 
corrupts the tables (RADONLINE and ACCOUNTING).  How do I resolve
this without running a cron job to repair it every X minutes.  Run a
different DB like postgreSQL

Using AuthBy SQL (for Accounting) and SessionDB's (for RADONLINE).

Perl DBI version is 1.20
Perl DBD-mysql version is 2.1004
perl version is v5.6.1 built for i386-freebsd
Radiator Version is 2.18.4

All on FreeBSD 4.4-STABLE.

Nick Rogness [EMAIL PROTECTED]
 - Don't mind me...I'm just sniffing your packets

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) MySQL corruption

2002-01-30 Thread Nick Rogness 

On Thu, 31 Jan 2002, Hugh Irvine wrote:

 
 Hello Nick -
 
 This is the first time I have heard of such a thing. 

Take a look:

// First on DB server 

mngmt1# myisamchk -c ACCOUNTING.MYI
Checking MyISAM file: ACCOUNTING.MYI
Data records:  48   Deleted blocks:   0
- check file-size
- check key delete-chain
- check record delete-chain
- check index reference
- check data record references index: 1


// Test Radiator server 

# radpwtst -s $host -user nick -password nick -secret secret
sending Access-Request...
OK
sending Accounting-Request Start...
OK
sending Accounting-Request Stop...
OK


// Now look at DB Server again 

mngmt1# myisamchk -c ACCOUNTING.MYI
Checking MyISAM file: ACCOUNTING.MYI
Data records:  50   Deleted blocks:   0
- check file-size
myisamchk: error: Size of datafile is: 7776  Should be: 8100
- check key delete-chain
- check record delete-chain
- check index reference
- check data record references index: 1
myisamchk: error: Found key at page 1024 that points to record outside
datafile
MyISAM-table 'ACCOUNTING.MYI' is corrupted
Fix it using switch -r or -o



 I would suspect that there is a problem with either the version of
 MySQL and/or the version of DBD-mysql. You should probably check the
 MySQL web site and also do a google search (www.google.com).

I will do some research...

 
 regards
 
 Hugh
 
 
 On Thu, 31 Jan 2002 09:29, Nick Rogness wrote:
  It appears after every modification performed by Radiator to a MySQL DB,
  corrupts the tables (RADONLINE and ACCOUNTING).  How do I resolve
  this without running a cron job to repair it every X minutes.  Run a
  different DB like postgreSQL
 
  Using AuthBy SQL (for Accounting) and SessionDB's (for RADONLINE).
 
  Perl DBI version is 1.20
  Perl DBD-mysql version is 2.1004
  perl version is v5.6.1 built for i386-freebsd
  Radiator Version is 2.18.4
 
  All on FreeBSD 4.4-STABLE.
 
  Nick Rogness [EMAIL PROTECTED]
   - Don't mind me...I'm just sniffing your packets
 
  ===
  Archive at http://www.open.com.au/archives/radiator/
  Announcements on [EMAIL PROTECTED]
  To unsubscribe, email '[EMAIL PROTECTED]' with
  'unsubscribe radiator' in the body of the message.
 
 -- 
 Radiator: the most portable, flexible and configurable RADIUS server
 anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
 -
 Nets: internetwork inventory and management - graphical, extensible,
 flexible with hardware, software, platform and database independence.
 ===
 Archive at http://www.open.com.au/archives/radiator/
 Announcements on [EMAIL PROTECTED]
 To unsubscribe, email '[EMAIL PROTECTED]' with
 'unsubscribe radiator' in the body of the message.
 

Nick Rogness [EMAIL PROTECTED]
 - Don't mind me...I'm just sniffing your packets

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) CHAP detection

2002-01-29 Thread Nick Rogness 


How do I detect if the NAS sends a CHAP versus PAP request?

An idea was to see if {CHAP-Password} is defined in the current
Access-Request Packet.  Will that work?

Nick Rogness [EMAIL PROTECTED]
 - Don't mind me...I'm just sniffing your packets

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) Framed-IP to CVX

2002-01-09 Thread Nick Rogness 


I come from a Livingston world where sending an attribute of:

Framed-IP-Address = 255.255.255.254,

Told the portmaster to choose an IP from its Address pool for the
Framed-IP.  How is this done using a users file for the CVX?

Nick Rogness [EMAIL PROTECTED]
 - Don't mind me...I'm just sniffing your packets

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.