Re: (RADIATOR) Bug in NAS-Address-Port-List?
quot;
User-Name = "[EMAIL PROTECTED]"
Client-Id = 216.41.76.18
NAS-Port = 4
NAS-Port-Type = Async
Acct-Status-Type = Start
Acct-Authentic = RADIUS
Connect_Info = 858862128
Called-Station-Id = "9783364950"
Calling-Station-Id = "9787775389"
Class = "cybertours.com"
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Address = 216.41.76.164
Acct-Delay-Time = 12252
Proxy-State =
8u13528216)L184$006!2151447G1-2o1431631209i)
Fri Jan 7 01:25:44 2000: DEBUG: Check if Handler Acct-Status-Type=/.+/ should be used
to handle this request
Fri Jan 7 01:25:44 2000: DEBUG: dump:Code: Accounting-Request
Identifier: 37
Authentic: 237161Q1311317620828j.cJP160246[
Attributes:
Acct-Session-Id = "1C002EBF"
User-Name = "[EMAIL PROTECTED]"
Client-Id = 216.41.76.18
NAS-Port = 4
NAS-Port-Type = Async
Acct-Status-Type = Start
Acct-Authentic = RADIUS
Connect_Info = 858862128
Called-Station-Id = "9783364950"
Calling-Station-Id = "9787775389"
Class = "cybertours.com"
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Address = 216.41.76.164
Acct-Delay-Time = 12252
Proxy-State =
8u13528216)L184$006!2151447G1-2o1431631209i)
Fri Jan 7 01:25:44 2000: DEBUG: Handling request with Handler 'Acct-Status-Type=/.+/'
Fri Jan 7 01:25:44 2000: DEBUG: Adding session for [EMAIL PROTECTED], 216.41.76.18,
4
Phil Freed [EMAIL PROTECTED]
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) No accounting replies
Whups - I spoke too soon. It appears that this didn't solve anything
after all. Any other thoughts?
On Fri, 07 Jan 2000, Phil Freed wrote:
We have just put up the latest Radiator code, and have
completely revamped our config to take advantage of the
nifty new stuff. But we're having problems with accounting
packets. Radiator gets the packets, but according to "snoop"
it never replies to them.
Note: this means that the problem is _not_ with the NAS.
It never gets any ACKs because Radiator isn't sending any.
So the NAS (correctly) keeps resending the packets.
Here are the salient portions of our config.
Client x
Secret x
IgnoreAcctSignature
DupInterval 0
/Client
The IgnoreAcctSignature and DupInterval lines are there
for debugging only; they should go away when everything's
working.
# Handle All the Accounting requests
Handler Acct-Status-Type=/.+/
AcctLogFileName %L/%R%c-%Y%m%d
AccountingHandled
/Handler
This is the first handler in the config file.
According to the log, it is properly intercepting
the accounting packets.
Finally, here is our PreClientHook:
sub{
## lc() the username and remove junk characters.
## If the user has entered a realm, normalize it.
# We don't need to re-create this hash for every packet
if (!defined %main::loa_realm2class) {
%main::loa_realm2class = (
'realm1'= 'class1',
'realm2'= 'class2',
'realm3'= 'class2',
: : : : : :
);
}
my $p = ${$_[0]};
my ($user, $realm);
($user = lc $p-getUserName) =~ tr/[\\,*\$:'"\x00-\x20\x7F-\x1FF]//d;
($user, $realm) = split ('@', $user);
if ($realm) {
$realm = ( $main::loa_realm2class{$realm} or $realm);
$p-changeUserName("$user\@$realm");
}
}
-
And here is a bit from the log file. The daemon has
just been killed and restarted
Fri Jan 7 01:25:40 2000: DEBUG: Reading users file /usr/local/etc/raddb/users.isdn
Fri Jan 7 01:25:40 2000: DEBUG: Reading users file /usr/local/etc/raddb/users.isdn
Fri Jan 7 01:25:42 2000: INFO: Server started
Fri Jan 7 01:25:43 2000: DEBUG: Packet dump:
*** Received from 209.113.155.4 port 1651
Code: Accounting-Request
Identifier: 36
Authentic: 3221d237140171152147VKov219}171139
Attributes:
Acct-Session-Id = "1C002EBF"
User-Name = "[EMAIL PROTECTED]"
Client-Id = 216.41.76.18
NAS-Port = 4
NAS-Port-Type = Async
Acct-Status-Type = Stop
Acct-Session-Time = 1553
Acct-Authentic = RADIUS
Connect_Info = 858862128
Acct-Input-Octets = 20479
Acct-Output-Octets = 274291
Called-Station-Id = "9783364950"
Calling-Station-Id = "9787775389"
Class = "cybertours.com"
Acct-Terminate-Cause = ACCT_TERM_USER_REQUEST
Livingston = "User Request - PPP Term Req"
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Address = 216.41.76.164
Acct-Delay-Time = 10699
Proxy-State =
8u13528216)L184$f0I\22117431P204141165}\21919
217174
Fri Jan 7 01:25:43 2000: DEBUG: Check if Handler Acct-Status-Type=/.+/ should be
used to handl
e this request
Fri Jan 7 01:25:43 2000: DEBUG: dump:Code: Accounting-Request
Identifier: 36
Authentic: 3221d237140171152147VKov219}171139
Attributes:
Acct-Session-Id = "1C002EBF"
User-Name = "[EMAIL PROTECTED]"
Client-Id = 216.41.76.18
It looks to me like the regexp in your Handler is causing problems.
You might like to try this:
Handler Request-Type = Accounting-Request
/Handler
Note that the Request-Type support is in the Radiator 2.14.1 patches area:
http://www.open.com.au/radiator/downloads/patches-2.14.1/patches.README
6/9/99 Rolled the AddToReplyIfNotExist.patch into the base code. This code
was contributed by Vincent Gillet [EMAIL PROTECTED], and implemnets
the AddToReplyIfNotExist parameter, which will append an attribute
to a reply if and only if it the attribute is not already present.
AlsoaAdded new check item Request-Type. This is mostly useful
in Handlers, to allow you to trigger on different types of
requests.
Download AuthGeneric.pm and AttrVal.pm from here.
hth
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
NT, Rhapsody
Phil Freed [EMAIL PROTECTED]
===
Archive at http://www.th
(RADIATOR) Bug in NAS-Address-Port-List?
This may or may not be related my accounting record problem. (I suspect not.) I need a special handler for slot 6 on one of my NASs. I have the following sections in my radius.cfg: #Handler NAS-Address-Port-List=%D/ports.isdn,Chassis-Call-Slot=6 Handler Client-Id=208.153.18.227,Chassis-Call-Slot=6 Handler Client-Id=208.153.18.227 The first item is commented out because it kills radius with the message Can't call method "log" on unblessed reference at /usr/local/lib/perl5/site_perl/5.005/Radius/AuthGeneric.pm line 644. The second one should do just what I want, but it doesn't work. (See log entries below.) The third item is just there for debugging - but it mystifies rather than enlightens. Apparently, it matches the wrong packets altogether. Note that the handler is *supposed* to match the client x.227, but the log shows that it matches x.225 . I'm afraid I'm stumped. Am I missing something obvious here? ### From radius.cfg: ## This kills radius: #Handler NAS-Address-Port-List=%D/ports.isdn,Chassis-Call-Slot=6 # PreAuthHook file:"/usr/local/etc/preauth.hook" #AcctLogFileName %L/x%R-%c-%Y%m%d # PasswordLogFileName %L/$R:%Y%m.pass # AuthBy FILE # Filename%D/users.isdn # /AuthBy #/Handler # This is what I want: Handler Client-Id=208.153.18.227,Chassis-Call-Slot=6 PreAuthHook file:"/usr/local/etc/preauth.hook" AcctLogFileName %L/x%R-%c-%Y%m%d PasswordLogFileName %L/$R:%Y%m.pass AuthBy FILE Filename%D/users.isdn /AuthBy /Handler Handler Client-Id=208.153.18.227 PreAuthHook file:"/usr/local/etc/preauth.hook" AcctLogFileName %L/x%R-%c-%Y%m%d PasswordLogFileName %L/$R:%Y%m.pass AuthBy FILE Filename%D/users.isdn /AuthBy /Handler ### From the log: *** Received from 208.130.42.53 port 45016 Code: Access-Request Identifier: 242 Authentic: 1234567890123456 Attributes: User-Name = "philtest" Service-Type = Framed-User Client-Id = 208.153.18.227 NAS-Port = 1234 NAS-Port-Type = Async User-Password = "1732122024914111g133130Cl216u'1542 47" Chassis-Call-Slot = 6 Fri Jan 7 04:53:18 2000: DEBUG: Check if Handler Request-Type = Accounting-Request should be used to handle this request Fri Jan 7 04:53:18 2000: DEBUG: Check if Handler Client-Id=208.153.18.227,Chassis-Call-Slot=6 shou ld be used to handle this request Fri Jan 7 04:53:18 2000: DEBUG: Check if Handler Client-Id=208.153.18.227 should be used to handle this request Fri Jan 7 04:53:18 2000: DEBUG: Check if Handler Realm=psdu.net should be used to handle this requ est etc... -- Fri Jan 7 04:59:43 2000: DEBUG: Packet dump: *** Received from 208.153.18.225 port 1645 Code: Access-Request Identifier: 48 Authentic: 10230y247135218142234,SqA203$153172 Attributes: User-Name = "marier" User-Password = "`1388166'a1702521662474M14722624513" Client-Id = 208.153.18.225 NAS-Port = 781 Acct-Session-Id = "51147957" USR-Interface-Index = 2037 Service-Type = Framed-User Framed-Protocol = PPP Chassis-Call-Slot = 4 Chassis-Call-Span = 1 Chassis-Call-Channel = 13 Calling-Station-Id = "" Called-Station-Id = "6428000" NAS-Port-Type = Async Fri Jan 7 04:59:43 2000: DEBUG: Check if Handler Request-Type = Accounting-Request should be used to handle this request Fri Jan 7 04:59:43 2000: DEBUG: Check if Handler Client-Id=208.153.18.227,Chassis-Call-Slot=6 shou ld be used to handle this request Fri Jan 7 04:59:43 2000: DEBUG: Check if Handler Client-Id=208.153.18.227 should be used to handle this request Fri Jan 7 04:59:43 2000: DEBUG: Handling request with Handler 'Client-Id=208.153.18.227' etc Phil Freed [EMAIL PROTECTED] === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) No accounting replies
tput-Octets = 274291 Called-Station-Id = "9783364950" Calling-Station-Id = "9787775389" Class = "cybertours.com" Acct-Terminate-Cause = ACCT_TERM_USER_REQUEST Livingston = "User Request - PPP Term Req" Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Address = 216.41.76.164 Acct-Delay-Time = 10699 Proxy-State = 8u13528216)L184$f0I\22117431P204141165}\21919217174 Fri Jan 7 01:25:43 2000: DEBUG: Check if Handler Acct-Status-Type=/.+/ should be used to handle this request Fri Jan 7 01:25:43 2000: DEBUG: dump:Code: Accounting-Request Identifier: 36 Authentic: 3221d237140171152147VKov219}171139 Attributes: Acct-Session-Id = "1C002EBF" User-Name = "[EMAIL PROTECTED]" Client-Id = 216.41.76.18 NAS-Port = 4 NAS-Port-Type = Async Acct-Status-Type = Stop Acct-Session-Time = 1553 Acct-Authentic = RADIUS Connect_Info = 858862128 Acct-Input-Octets = 20479 Acct-Output-Octets = 274291 Called-Station-Id = "9783364950" Calling-Station-Id = "9787775389" Class = "cybertours.com" Acct-Terminate-Cause = ACCT_TERM_USER_REQUEST Livingston = "User Request - PPP Term Req" Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Address = 216.41.76.164 Acct-Delay-Time = 10699 Proxy-State = 8u13528216)L184$f0I\22117431P204141165}\21919217174 Fri Jan 7 01:25:43 2000: DEBUG: Handling request with Handler 'Acct-Status-Type=/.+/' Fri Jan 7 01:25:43 2000: DEBUG: Deleting session for [EMAIL PROTECTED], 216.41.76.18, 4 Fri Jan 7 01:25:44 2000: DEBUG: Packet dump: *** Received from 209.113.155.4 port 1651 Code: Accounting-Request Identifier: 37 Authentic: 237161Q1311317620828j.cJP160246[ Attributes: Acct-Session-Id = "1C002EBF" User-Name = "[EMAIL PROTECTED]" Client-Id = 216.41.76.18 NAS-Port = 4 NAS-Port-Type = Async Acct-Status-Type = Start Acct-Authentic = RADIUS Connect_Info = 858862128 Called-Station-Id = "9783364950" Calling-Station-Id = "9787775389" Class = "cybertours.com" Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Address = 216.41.76.164 Acct-Delay-Time = 12252 Proxy-State = 8u13528216)L184$006!2151447G1-2o1431631209i) Fri Jan 7 01:25:44 2000: DEBUG: Check if Handler Acct-Status-Type=/.+/ should be used to handle this request Fri Jan 7 01:25:44 2000: DEBUG: dump:Code: Accounting-Request Identifier: 37 Authentic: 237161Q1311317620828j.cJP160246[ Attributes: Acct-Session-Id = "1C002EBF" User-Name = "[EMAIL PROTECTED]" Client-Id = 216.41.76.18 NAS-Port = 4 NAS-Port-Type = Async Acct-Status-Type = Start Acct-Authentic = RADIUS Connect_Info = 858862128 Called-Station-Id = "9783364950" Calling-Station-Id = "9787775389" Class = "cybertours.com" Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Address = 216.41.76.164 Acct-Delay-Time = 12252 Proxy-State = 8u13528216)L184$006!2151447G1-2o1431631209i) Fri Jan 7 01:25:44 2000: DEBUG: Handling request with Handler 'Acct-Status-Type=/.+/' Fri Jan 7 01:25:44 2000: DEBUG: Adding session for [EMAIL PROTECTED], 216.41.76.18, 4 Phil Freed [EMAIL PROTECTED] === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Re: your mail
interesting. Do you all feel its a good idea to "lowercase and chop" all usernames like this, and just let the user have "[EMAIL PROTECTED]" incorrectly in their dial up config, or do you think its better to correct for it? I think the RewriteUsername would cut down alot of tech support calls, and really its harmless so long as its only their dialup config that is braindead and not their mail config etc. I think it's not a good idea. Remeber that the password will not be touched, so if your customer forgot to turn off caps lock, the authentication will fail anyway, and support calls will happen. FWIW, we like to automatically LC() the realm. Enough of our users think that their e-mail address ought to be upper case - or lower case - or proper case - that we decided it was simpler to accept them all. Especially since our name has odd capitalization anyway (cyberTours. Yup - sure looks funny at the beginnig of a sentence.) Phil Freed [EMAIL PROTECTED] === To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) NAS Identitier as domain
Hugh Irvine [EMAIL PROTECTED] recently suggested: It might be simpler to set up your Client clauses with DNS names, then use Client-Id in your accounting records. # Configure Client clause with DNS name, something like this: Client NAS.city.indo.net.id /Client I've often considered doing this, but I'm not sure that I like the idea of performing a DNS lookup on each packet. Does Radiator cache DNS info? If so, does it 1) Do any lookups when reading the config file? 2) Time out DNS caches as appropriate? 3) Flush DNS caches on a kill -HUP? Thanks. --phil "All my life, I always wanted to be somebody. Now I see that I should have been more specific." === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
