RE: (RADIATOR) NULL usernames in Radius Packets
Just a followup. We indeed were ignoring those types of packets since
we don't have a handler where username is NULL (we check based on
realms). So we added:
Handler
RejectHasReason
AuthBy INTERNAL
DefaultResult REJECT
AcctResult ACCEPT
/AuthBy
/Handler
And this seems to have helped. From what I can tell, others have also
had problems with TNT sending NULL usernames.
Thanks again,
mahesh
-Original Message-
From: Hugh Irvine [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 01, 2003 10:27 PM
To: Mahesh Neelakanta
Cc: [EMAIL PROTECTED]
Subject: Re: (RADIATOR) NULL usernames in Radius Packets
Hello Mahesh -
Yes it does look like the NAS has been trying to send this accounting
for a long time.
What does the trace 4 debug from Radiator show? Perhaps your
configuration file is not processing the request and it is simply being
being ignored and retried forever.
regards
Hugh
On Thursday, Oct 2, 2003, at 02:20 Australia/Melbourne, Mahesh
Neelakanta wrote:
Elias and Hugh,
Thanks for your responses. We had though about this but what we are
getting is a Start Accounting packet (captured from radstock):
NAS-IP-Address Len 6 XX.XX.XX.XX
NAS-Port-IdLen 6 111
NAS-Port-Type Len 6 Async
Acct-Status-Type Len 6 Start
Acct-Delay-TimeLen 6 75841
Acct-Session-IdLen 12 432625102*
Acct-Authentic Len 6 Local
Idle-Timeout Len 6 0
Ascend-Modem-PortNoLen 6 21
Ascend-Modem-SlotNoLen 6 7
Ascend-Modem-ShelfNo Len 6 1
Calling-Station-Id Len 12 2122859024
Called-Station-Id Len 6
What is strange is the Acct-Autentic (Local?) and the
Acct-Delay-Time (over 21 hours). We believe this is definitely a
local
RAS issue but are not sure what it could be. It's almost as if the RAS
has a HUGE backlog of old accounting which it is trying to re-send but
only sends a portion of the full information.
We did set acct-drop-stop-on-auth-fail = no to no avail.
mahesh
-Original Message-
From: Elias [mailto:[EMAIL PROTECTED]
Sent: Tuesday, September 30, 2003 11:10 PM
To: Mahesh Neelakanta
Cc: Hugh Irvine
Subject: Re: (RADIATOR) NULL usernames in Radius Packets
***
Your mail has been scanned by TMnet VirusWall.
***
Hi Mahesh,
We've had the same thing happen to us before. Its actually a
configuration
on the tnt boxes. If I remember correctly it will send an Stop
accounting
packet with a blank username if the line gets dropped prematurely
(before a
proper connection gets established).
- Elias -
- Original Message -
From: Hugh Irvine [EMAIL PROTECTED]
To: Mahesh Neelakanta [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Wednesday, October 01, 2003 6:41 AM
Subject: Re: (RADIATOR) NULL usernames in Radius Packets
***
Your mail has been scanned by TMnet VirusWall.
***
Hello Mahesh -
Unless you are using a RewriteUsername, Radiator does not do anything
with the username. I suspect that the NAS is sending an empty
username,
but without seeing a copy of your configuration file (no secrets) and
a
trace 4 debug from Radiator showing what is happening it is not
possible to say any more.
regards
Hugh
On Wednesday, Oct 1, 2003, at 07:02 Australia/Melbourne, Mahesh
Neelakanta wrote:
Hello,
We are seeing the following error in radiator.log:
Tue Sep 30 16:56:20 2003: ERR: do failed for 'insert into RADONLINE
(USERNAME, NASIDENTIFIER, NASPORT,ACCTSESSIONID, TIMESTAMP,
FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE,CALLERID,CLIENTPORTDNIS)
values ('', 'XX.XX.XX.XX', 01071,'432626086', to_date('30 09 2003
16:56:20', 'DD MM HH24:MI:SS'), '','Async',
'','2126823450','5000')': ORA-01400: cannot insert NULL into
(RADIUS.RADONLINE.USERNAME) (DBD ERROR: OCIStmtExecute)
From what we can tell, the RAS XX.XX.XX.XX is sending us start or
stop
packets with no username. Is there something in the configuration
(on
the radiator side or the ras, which is a lucent tnt) which could
cause
this. My guess is that it is a RAS issue but we are not sure
what/why
this is occuring.
mahesh
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence
RE: (RADIATOR) NULL usernames in Radius Packets
Elias and Hugh,
Thanks for your responses. We had though about this but what we are
getting is a Start Accounting packet (captured from radstock):
NAS-IP-Address Len 6 XX.XX.XX.XX
NAS-Port-IdLen 6 111
NAS-Port-Type Len 6 Async
Acct-Status-Type Len 6 Start
Acct-Delay-TimeLen 6 75841
Acct-Session-IdLen 12 432625102*
Acct-Authentic Len 6 Local
Idle-Timeout Len 6 0
Ascend-Modem-PortNoLen 6 21
Ascend-Modem-SlotNoLen 6 7
Ascend-Modem-ShelfNo Len 6 1
Calling-Station-Id Len 12 2122859024
Called-Station-Id Len 6
What is strange is the Acct-Autentic (Local?) and the
Acct-Delay-Time (over 21 hours). We believe this is definitely a local
RAS issue but are not sure what it could be. It's almost as if the RAS
has a HUGE backlog of old accounting which it is trying to re-send but
only sends a portion of the full information.
We did set acct-drop-stop-on-auth-fail = no to no avail.
mahesh
-Original Message-
From: Elias [mailto:[EMAIL PROTECTED]
Sent: Tuesday, September 30, 2003 11:10 PM
To: Mahesh Neelakanta
Cc: Hugh Irvine
Subject: Re: (RADIATOR) NULL usernames in Radius Packets
***
Your mail has been scanned by TMnet VirusWall.
***
Hi Mahesh,
We've had the same thing happen to us before. Its actually a
configuration
on the tnt boxes. If I remember correctly it will send an Stop
accounting
packet with a blank username if the line gets dropped prematurely
(before a
proper connection gets established).
- Elias -
- Original Message -
From: Hugh Irvine [EMAIL PROTECTED]
To: Mahesh Neelakanta [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Wednesday, October 01, 2003 6:41 AM
Subject: Re: (RADIATOR) NULL usernames in Radius Packets
***
Your mail has been scanned by TMnet VirusWall.
***
Hello Mahesh -
Unless you are using a RewriteUsername, Radiator does not do anything
with the username. I suspect that the NAS is sending an empty
username,
but without seeing a copy of your configuration file (no secrets) and
a
trace 4 debug from Radiator showing what is happening it is not
possible to say any more.
regards
Hugh
On Wednesday, Oct 1, 2003, at 07:02 Australia/Melbourne, Mahesh
Neelakanta wrote:
Hello,
We are seeing the following error in radiator.log:
Tue Sep 30 16:56:20 2003: ERR: do failed for 'insert into RADONLINE
(USERNAME, NASIDENTIFIER, NASPORT,ACCTSESSIONID, TIMESTAMP,
FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE,CALLERID,CLIENTPORTDNIS)
values ('', 'XX.XX.XX.XX', 01071,'432626086', to_date('30 09 2003
16:56:20', 'DD MM HH24:MI:SS'), '','Async',
'','2126823450','5000')': ORA-01400: cannot insert NULL into
(RADIUS.RADONLINE.USERNAME) (DBD ERROR: OCIStmtExecute)
From what we can tell, the RAS XX.XX.XX.XX is sending us start or
stop
packets with no username. Is there something in the configuration
(on
the radiator side or the ras, which is a lucent tnt) which could
cause
this. My guess is that it is a RAS issue but we are not sure
what/why
this is occuring.
mahesh
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) NULL usernames in Radius Packets
Hello Mahesh -
Unless you are using a RewriteUsername, Radiator does not do anything
with the username. I suspect that the NAS is sending an empty username,
but without seeing a copy of your configuration file (no secrets) and a
trace 4 debug from Radiator showing what is happening it is not
possible to say any more.
regards
Hugh
On Wednesday, Oct 1, 2003, at 07:02 Australia/Melbourne, Mahesh
Neelakanta wrote:
Hello,
We are seeing the following error in radiator.log:
Tue Sep 30 16:56:20 2003: ERR: do failed for 'insert into RADONLINE
(USERNAME, NASIDENTIFIER, NASPORT,ACCTSESSIONID, TIMESTAMP,
FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE,CALLERID,CLIENTPORTDNIS)
values ('', 'XX.XX.XX.XX', 01071,'432626086', to_date('30 09 2003
16:56:20', 'DD MM HH24:MI:SS'), '','Async',
'','2126823450','5000')': ORA-01400: cannot insert NULL into
(RADIUS.RADONLINE.USERNAME) (DBD ERROR: OCIStmtExecute)
From what we can tell, the RAS XX.XX.XX.XX is sending us start or stop
packets with no username. Is there something in the configuration (on
the radiator side or the ras, which is a lucent tnt) which could cause
this. My guess is that it is a RAS issue but we are not sure what/why
this is occuring.
mahesh
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
