Re: [RADIATOR] ::Accounting Request Proxying for Remote OSS Systems::
Hi..
Thank you Sir, I'll try to use the existing identifier on AuthBy SQL clause.
Regards,
-Original Message-
From: Hugh Irvine [mailto:h...@open.com.au]
Sent: Monday, November 03, 2014 2:08 AM
To: Mohammed Alhaj Ali
Cc: Heikki Vatiainen; radiator@open.com.au
Subject: Re: [RADIATOR] ::Accounting Request Proxying for Remote OSS Systems::
Hello -
You need to reference both AuthBy clauses in your Handler:
AuthBy SQL
# Add Identifier for reference in accounting Handler
Identifier SQLAccounting
AccountingTable zooomonline.ZOOOM_ACCOUNTING
AcctColumnDef USERNAME,User-Name,%A
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef acctterminatecause, Acct-Terminate-Cause
AcctColumnDef NASIDENTIFIER,NAS-Identifier
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
AcctInsertQuery insert into %0 (ACCOUNT_ID, DATE_TIME, %1) values
(zooomonline.ZOOOM_ACCOUNTING_SEQ.nextval, SYSDATE, %2)
# AddToReply Service-Type=Framed-User, Framed-Protocol=PPP,
Framed-MTU=1492, Session-Timeout = until Expiration
AddToReply Service-Type=Framed-User, Framed-Protocol=PPP, Framed-MTU=1492
AuthColumnDef 0,User-Password, check
# AuthColumnDef 1,Expiration, check
AuthColumnDef 1,Session-Timeout, reply
AuthColumnDef 2,Simultaneous-Use, check
AuthColumnDef 3,GENERIC, reply
# AuthSelect select PASSWORD, to_char(EXPIRATION, '-mm-dd
HH24:MI:SS') EXPIRATION, MAXSESSIONS, REPLYATTR, Session_Timeout
Session-Timeout from zooomonline.view_zooom_user_auth where
upper(USERNAME)=upper('%n')
AuthSelect select PASSWORD, (Session_Timeout) EXPIRATION, MAXSESSIONS,
REPLYATTR, Session_Timeout Session-Timeout from
zooomonline.view_zooom_user_auth where upper(USERNAME)=upper('%n')
CachePasswordExpiry 86400
ConnectionAttemptFailedHook sub {my $self = shift;my $dbsource =
shift;my $dbusername = shift;my $dbauth = shift;$self-log($main::LOG_ERR,
Could not connect to SQL database with DBI-connect $dbsource, $dbusername,
$dbauth: $@ $DBI::errstr);}
DBAuth zooomonline2009
DBSource dbi:ODBC:DSLPROD
DBUsername zooomonline
DateFormat %b %e, %Y %H:%M
EAPAnonymous anonymous
EAPContextTimeout 1000
EAPFAST_PAC_Lifetime 7776000
EAPFAST_PAC_Reprovision 2592000
EAPTLS_MaxFragmentSize 2048
EAPTLS_PEAPVersion 1
EAPTLS_SessionResumption 1
EAPTLS_SessionResumptionLimit 43200
EAPTLS_VerifyDepth 1
FailureBackoffTime 600
Identifier ZooomAuth
NoConnectionsHook sub { my $self = shift;$self-log($main::LOG_ERR,
Could not connect to any SQL database. Request is ignored. Backing off for
$self-{FailureBackoffTime} seconds);}
NullPasswordMatchesAny 1
PasswordPrompt password
SIPDigestRealm DefaultSipRealm
Timeout 60
/AuthBy
Handler Request-Type=Accounting-Request
AuthByPolicy ContinueAlways
AuthBy RADIUS
Secret 123456
Host 1.2.3.1
Host 1.2.3.2
AuthPort 1812
AcctPort 1813
IgnoreAccountingResponse
/AuthBy
# store accounting in SQL
# use the Identifier to reference the AuthBy SQL clause
AuthBy SQLAccounting
/Handler
hope that helps
regards
Hugh
On 2 Nov 2014, at 20:24, Mohammed Alhaj Ali m.al...@itc.sa wrote:
Hi,
I'm trying to setup only accounting request proxying for remote OSS systems,
as well to keep accounting messages to be written on SQL database with the
original AuthBy SQL. I applied the below configuration, and I had received
the accounting on the remote system, but I loss accounting update on the sql
database table...
Need urgent advice.
Configuration:
AuthBy SQL
AccountingTable zooomonline.ZOOOM_ACCOUNTING
AcctColumnDef USERNAME,User-Name,%A
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef acctterminatecause, Acct-Terminate-Cause
AcctColumnDef NASIDENTIFIER,NAS-Identifier
AcctColumnDef
Re: [RADIATOR] ::Accounting Request Proxying for Remote OSS Systems::
Hello -
Quite right - I didn’t notice you already had one.
regards
Hugh
On 4 Nov 2014, at 23:22, Mohammed Alhaj Ali m.al...@itc.sa wrote:
Hi..
Thank you Sir, I'll try to use the existing identifier on AuthBy SQL clause.
Regards,
-Original Message-
From: Hugh Irvine [mailto:h...@open.com.au]
Sent: Monday, November 03, 2014 2:08 AM
To: Mohammed Alhaj Ali
Cc: Heikki Vatiainen; radiator@open.com.au
Subject: Re: [RADIATOR] ::Accounting Request Proxying for Remote OSS Systems::
Hello -
You need to reference both AuthBy clauses in your Handler:
AuthBy SQL
# Add Identifier for reference in accounting Handler
Identifier SQLAccounting
AccountingTable zooomonline.ZOOOM_ACCOUNTING
AcctColumnDef USERNAME,User-Name,%A
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef acctterminatecause, Acct-Terminate-Cause
AcctColumnDef NASIDENTIFIER,NAS-Identifier
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
AcctInsertQuery insert into %0 (ACCOUNT_ID, DATE_TIME, %1) values
(zooomonline.ZOOOM_ACCOUNTING_SEQ.nextval, SYSDATE, %2)
# AddToReply Service-Type=Framed-User, Framed-Protocol=PPP,
Framed-MTU=1492, Session-Timeout = until Expiration
AddToReply Service-Type=Framed-User, Framed-Protocol=PPP,
Framed-MTU=1492
AuthColumnDef 0,User-Password, check
# AuthColumnDef 1,Expiration, check
AuthColumnDef 1,Session-Timeout, reply
AuthColumnDef 2,Simultaneous-Use, check
AuthColumnDef 3,GENERIC, reply
# AuthSelect select PASSWORD, to_char(EXPIRATION, '-mm-dd
HH24:MI:SS') EXPIRATION, MAXSESSIONS, REPLYATTR, Session_Timeout
Session-Timeout from zooomonline.view_zooom_user_auth where
upper(USERNAME)=upper('%n')
AuthSelect select PASSWORD, (Session_Timeout) EXPIRATION, MAXSESSIONS,
REPLYATTR, Session_Timeout Session-Timeout from
zooomonline.view_zooom_user_auth where upper(USERNAME)=upper('%n')
CachePasswordExpiry 86400
ConnectionAttemptFailedHook sub {my $self = shift;my $dbsource =
shift;my $dbusername = shift;my $dbauth = shift;$self-log($main::LOG_ERR,
Could not connect to SQL database with DBI-connect $dbsource, $dbusername,
$dbauth: $@ $DBI::errstr);}
DBAuth zooomonline2009
DBSource dbi:ODBC:DSLPROD
DBUsername zooomonline
DateFormat %b %e, %Y %H:%M
EAPAnonymous anonymous
EAPContextTimeout 1000
EAPFAST_PAC_Lifetime 7776000
EAPFAST_PAC_Reprovision 2592000
EAPTLS_MaxFragmentSize 2048
EAPTLS_PEAPVersion 1
EAPTLS_SessionResumption 1
EAPTLS_SessionResumptionLimit 43200
EAPTLS_VerifyDepth 1
FailureBackoffTime 600
Identifier ZooomAuth
NoConnectionsHook sub { my $self = shift;$self-log($main::LOG_ERR,
Could not connect to any SQL database. Request is ignored. Backing off for
$self-{FailureBackoffTime} seconds);}
NullPasswordMatchesAny 1
PasswordPrompt password
SIPDigestRealm DefaultSipRealm
Timeout 60
/AuthBy
Handler Request-Type=Accounting-Request
AuthByPolicy ContinueAlways
AuthBy RADIUS
Secret 123456
Host 1.2.3.1
Host 1.2.3.2
AuthPort 1812
AcctPort 1813
IgnoreAccountingResponse
/AuthBy
# store accounting in SQL
# use the Identifier to reference the AuthBy SQL clause
AuthBy SQLAccounting
/Handler
hope that helps
regards
Hugh
On 2 Nov 2014, at 20:24, Mohammed Alhaj Ali m.al...@itc.sa wrote:
Hi,
I'm trying to setup only accounting request proxying for remote OSS systems,
as well to keep accounting messages to be written on SQL database with the
original AuthBy SQL. I applied the below configuration, and I had
received the accounting on the remote system, but I loss accounting update
on the sql database table...
Need urgent advice.
Configuration:
AuthBy SQL
AccountingTable zooomonline.ZOOOM_ACCOUNTING
AcctColumnDef USERNAME,User-Name,%A
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
Re: [RADIATOR] ::Accounting Request Proxying for Remote OSS Systems::
Hello -
You need to reference both AuthBy clauses in your Handler:
AuthBy SQL
# Add Identifier for reference in accounting Handler
Identifier SQLAccounting
AccountingTable zooomonline.ZOOOM_ACCOUNTING
AcctColumnDef USERNAME,User-Name,%A
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef acctterminatecause, Acct-Terminate-Cause
AcctColumnDef NASIDENTIFIER,NAS-Identifier
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
AcctInsertQuery insert into %0 (ACCOUNT_ID, DATE_TIME, %1) values
(zooomonline.ZOOOM_ACCOUNTING_SEQ.nextval, SYSDATE, %2)
# AddToReply Service-Type=Framed-User, Framed-Protocol=PPP,
Framed-MTU=1492, Session-Timeout = until Expiration
AddToReply Service-Type=Framed-User, Framed-Protocol=PPP, Framed-MTU=1492
AuthColumnDef 0,User-Password, check
# AuthColumnDef 1,Expiration, check
AuthColumnDef 1,Session-Timeout, reply
AuthColumnDef 2,Simultaneous-Use, check
AuthColumnDef 3,GENERIC, reply
# AuthSelect select PASSWORD, to_char(EXPIRATION, '-mm-dd
HH24:MI:SS') EXPIRATION, MAXSESSIONS, REPLYATTR, Session_Timeout
Session-Timeout from zooomonline.view_zooom_user_auth where
upper(USERNAME)=upper('%n')
AuthSelect select PASSWORD, (Session_Timeout) EXPIRATION, MAXSESSIONS,
REPLYATTR, Session_Timeout Session-Timeout from
zooomonline.view_zooom_user_auth where upper(USERNAME)=upper('%n')
CachePasswordExpiry 86400
ConnectionAttemptFailedHook sub {my $self = shift;my $dbsource =
shift;my $dbusername = shift;my $dbauth = shift;$self-log($main::LOG_ERR,
Could not connect to SQL database with DBI-connect $dbsource, $dbusername,
$dbauth: $@ $DBI::errstr);}
DBAuth zooomonline2009
DBSource dbi:ODBC:DSLPROD
DBUsername zooomonline
DateFormat %b %e, %Y %H:%M
EAPAnonymous anonymous
EAPContextTimeout 1000
EAPFAST_PAC_Lifetime 7776000
EAPFAST_PAC_Reprovision 2592000
EAPTLS_MaxFragmentSize 2048
EAPTLS_PEAPVersion 1
EAPTLS_SessionResumption 1
EAPTLS_SessionResumptionLimit 43200
EAPTLS_VerifyDepth 1
FailureBackoffTime 600
Identifier ZooomAuth
NoConnectionsHook sub { my $self = shift;$self-log($main::LOG_ERR,
Could not connect to any SQL database. Request is ignored. Backing off for
$self-{FailureBackoffTime} seconds);}
NullPasswordMatchesAny 1
PasswordPrompt password
SIPDigestRealm DefaultSipRealm
Timeout 60
/AuthBy
Handler Request-Type=Accounting-Request
AuthByPolicy ContinueAlways
AuthBy RADIUS
Secret 123456
Host 1.2.3.1
Host 1.2.3.2
AuthPort 1812
AcctPort 1813
IgnoreAccountingResponse
/AuthBy
# store accounting in SQL
# use the Identifier to reference the AuthBy SQL clause
AuthBy SQLAccounting
/Handler
hope that helps
regards
Hugh
On 2 Nov 2014, at 20:24, Mohammed Alhaj Ali m.al...@itc.sa wrote:
Hi,
I'm trying to setup only accounting request proxying for remote OSS systems,
as well to keep accounting messages to be written on SQL database with the
original AuthBy SQL. I applied the below configuration, and I had received
the accounting on the remote system, but I loss accounting update on the sql
database table...
Need urgent advice.
Configuration:
AuthBy SQL
AccountingTable zooomonline.ZOOOM_ACCOUNTING
AcctColumnDef USERNAME,User-Name,%A
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef acctterminatecause, Acct-Terminate-Cause
AcctColumnDef NASIDENTIFIER,NAS-Identifier
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
AcctInsertQuery insert into %0 (ACCOUNT_ID, DATE_TIME, %1) values
(zooomonline.ZOOOM_ACCOUNTING_SEQ.nextval, SYSDATE, %2)
# AddToReply Service-Type=Framed-User, Framed-Protocol=PPP,
Framed-MTU=1492, Session-Timeout = until Expiration
AddToReply
Re: [RADIATOR] Accounting logs in mysql or oracle db
Hi, Can some one please help us to configure radiator to push Radius accounting logs into mysql or oracle databases ? some sample configs may help us. have you read the ref.pdf RADIATOR reference guide from the OSC site? if so, what configuration have you currently got so that we can see where you're not on track ? alan ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] Accounting logs in mysql or oracle db
Hello Manish - See goodies/sql.cfg in the distribution and section 5.31 in the Radiator 4.11 reference manual (doc/ref.pdf). regards Hugh On 20 Jun 2013, at 15:22, Arya, Manish Kumar m.a...@yahoo.com wrote: Hi, Can some one please help us to configure radiator to push Radius accounting logs into mysql or oracle databases ? some sample configs may help us. Regards, -Manish ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator -- Hugh Irvine h...@open.com.au Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] Accounting records are not written to database
Thanks Hugh. It's working now! The Socket6.pm module needed to be installed. Tue Nov 6 09:28:28 2012: DEBUG: Handling request with Handler 'NAS-Identifier=Juniper_E320_2' Tue Nov 6 09:28:28 2012: DEBUG: SQLSDB Deleting session for fritzsamuels1, 208.138.43.125, 805307373 Tue Nov 6 09:28:28 2012: DEBUG: do query is: 'delete from ACTIVE_SESSIONS where USER_NAME='fritzsamuels1' and NAS_IP_ADDRESS='208.138.43.125' and NAS_PORT_ID='TenGigabitEthernet 3/0/0.941005:94-1005'': Tue Nov 6 09:28:28 2012: DEBUG: Query is: 'select NAS_IP_ADDRESS='208.138.43.125',NAS_PORT_ID='TenGigabitEthernet 3/0/0.941005:94-1005',ACCT_SESSION_ID='erx TenGigabitEthernet 3/0/0.941005:94-1005:1831600483' from ACTIVE_SESSIONS where USER_NAME='fritzsamuels1'': Tue Nov 6 09:28:28 2012: WARNING: SQLSDB Could not find a Client for NAS 1 to double-check Simultaneous-Use. Perhaps you do not have a reverse DNS for that NAS? Tue Nov 6 09:28:28 2012: INFO: Access rejected for fritzsamuels1: MaxSessions exceeded The CounQuery is like that since I expect only a single entry per user. Simultaneous-Use should be one (1). Rohan On Tue, 6 Nov 2012 16:28:01 +1100 Hugh Irvine h...@open.com.au wrote: Hello Rohan - To see what is happening with the crash you should run radiusd from the command line so you can see the relevant Perl messages. Something like this (with your local pathnames): /usr/bin/perl /usr/local/bin/radiusd -foreground -log_stdout -trace 4 -config_file /etc/radiator/radius.cfg BTW - I don't think your CountQuery is correct as it will never find all existing sessions for that particular user. regards Hugh On 6 Nov 2012, at 09:30, rohan.he...@cwjamaica.com wrote: Hugh, re: server crash see config and log files attached. Rohan On Sat, 3 Nov 2012 09:06:44 +1100 Hugh Irvine h...@open.com.au wrote: Hello Rohan - The easiest way to do this is to store only the Stop records, and calculate the start time from the attributes present in the accounting stop request. Something like this (the value is in epoch seconds): Timestamp - Acct-Session-Time - Acct-Delay-Time For the crash I will need to see the logfile that immediately precedes it together with the configuration file you are using. regards Hugh On 3 Nov 2012, at 02:24, rohan.he...@cwjamaica.com wrote: Hugh, Now that records are being written to the database, I want a single record per session that includes both Stop and Start times like below. User_Name, NAS_IP_Address, NAS_Port, Framed_IP_Address, Acct_Start_Time, Acct_Stop_Time, Acct_Session_ID jwilliams12 208.138.43.123 805306450 72.27.33.224 Nov 2, 2012 12:21:04 AM Nov 2, 2012 1:21:16 AM, erx TenGigabitEthernet 3/0/0.37:123-82:1830880926 So the record is added to the accounting database at the end of a session and includes both Stop and Start times. Added to that is the issue I have where Radiator crashes when I try to use the Simultaneous-Use features. Thanks. On Fri, 2 Nov 2012 17:46:58 +1100 Hugh Irvine h...@open.com.au wrote: Hello Rohan - Can you please explain exactly what you are trying to do? It is normal for you to get two records in your accounting table, as that is what you have configured. If you can tell us what you are trying to achieve we will be able to make sensible suggestions. regards Hugh On 2 Nov 2012, at 09:38, rohan.he...@cwjamaica.com wrote: Thanks Michael, I was able to go further with the advice using the AuthByPolicy and AuthBy GROUP under the existing Handler. Only that two records are added to my accounting database for a single session - one at Start and one at Stop. Handler NAS-Identifier=Juniper_E320_2 AddToRequest SERVICESTATUS = ACTIVE SessionDatabase SQLSDB # MaxSessions 1 RejectHasReason AuthByPolicy ContinueAlways AuthBy SQLAccounting AuthBy GROUP AuthByPolicy ContinueWhileIgnore AuthBy xDSL /AuthBy Regards, Rohan On Thu, 01 Nov 2012 17:45:18 -0400 Michael wrote: Looks like your AuthBy xDSL is accepting, therefore since the default AuthByPolicy is ContinueWhileIgnore, it will stop at the xDSL authby and the AuthBy SQLAccounting is not processed. I personally handle accounting in a separate handler. To me, handling accounting and authorization in the same handler is tricky. Michael On 01/11/12 05:07 PM, rohan.he...@cwjamaica.com wrote: Hugh, Config and logs attached. And the application crashed when testing Simultaneous-Use for both configurations below. In my AuthBy config: DefaultSimultaneousUse 1 With AuthAttrDef Simultaneous-Use,Simultaneous-Use,check Or In my Handler: MaxSessions 1 On Fri, 2 Nov 2012 07:19:09 +1100 Hugh Irvine wrote: Hello Rohan - We will need to see the
Re: [RADIATOR] Accounting records are not written to database
Hello Rohan - The session database and the MaxSessions and/or Simultaneous-Use directives are designed to limit a particular user to some predetermined number of sessions at the same time (typically one). To do this, Radiator maintains a state table in the session database of all sessions for which an accounting start has been received. When the session ends, the session entry is removed from the session database, and Radiator also does a delete when a new access request is received as a housekeeping exercise. You should check your use of the session database by testing using a call from a test user (and leaving it up), checking the entry in the session database, then making another call from the same test user and again checking what happens with the session database. If simultaeous use is set to one, the first call should result in an entry being added to the session database, and the second call should result in a reject because there is already an entry present for that test user. hope that helps regards Hugh On 7 Nov 2012, at 01:57, rohan.he...@cwjamaica.com wrote: Thanks Hugh. It's working now! The Socket6.pm module needed to be installed. Tue Nov 6 09:28:28 2012: DEBUG: Handling request with Handler 'NAS-Identifier=Juniper_E320_2' Tue Nov 6 09:28:28 2012: DEBUG: SQLSDB Deleting session for fritzsamuels1, 208.138.43.125, 805307373 Tue Nov 6 09:28:28 2012: DEBUG: do query is: 'delete from ACTIVE_SESSIONS where USER_NAME='fritzsamuels1' and NAS_IP_ADDRESS='208.138.43.125' and NAS_PORT_ID='TenGigabitEthernet 3/0/0.941005:94-1005'': Tue Nov 6 09:28:28 2012: DEBUG: Query is: 'select NAS_IP_ADDRESS='208.138.43.125',NAS_PORT_ID='TenGigabitEthernet 3/0/0.941005:94-1005',ACCT_SESSION_ID='erx TenGigabitEthernet 3/0/0.941005:94-1005:1831600483' from ACTIVE_SESSIONS where USER_NAME='fritzsamuels1'': Tue Nov 6 09:28:28 2012: WARNING: SQLSDB Could not find a Client for NAS 1 to double-check Simultaneous-Use. Perhaps you do not have a reverse DNS for that NAS? Tue Nov 6 09:28:28 2012: INFO: Access rejected for fritzsamuels1: MaxSessions exceeded The CounQuery is like that since I expect only a single entry per user. Simultaneous-Use should be one (1). Rohan On Tue, 6 Nov 2012 16:28:01 +1100 Hugh Irvine h...@open.com.au wrote: Hello Rohan - To see what is happening with the crash you should run radiusd from the command line so you can see the relevant Perl messages. Something like this (with your local pathnames): /usr/bin/perl /usr/local/bin/radiusd -foreground -log_stdout -trace 4 -config_file /etc/radiator/radius.cfg BTW - I don't think your CountQuery is correct as it will never find all existing sessions for that particular user. regards Hugh On 6 Nov 2012, at 09:30, rohan.he...@cwjamaica.com wrote: Hugh, re: server crash see config and log files attached. Rohan On Sat, 3 Nov 2012 09:06:44 +1100 Hugh Irvine h...@open.com.au wrote: Hello Rohan - The easiest way to do this is to store only the Stop records, and calculate the start time from the attributes present in the accounting stop request. Something like this (the value is in epoch seconds): Timestamp - Acct-Session-Time - Acct-Delay-Time For the crash I will need to see the logfile that immediately precedes it together with the configuration file you are using. regards Hugh On 3 Nov 2012, at 02:24, rohan.he...@cwjamaica.com wrote: Hugh, Now that records are being written to the database, I want a single record per session that includes both Stop and Start times like below. User_Name, NAS_IP_Address, NAS_Port, Framed_IP_Address, Acct_Start_Time, Acct_Stop_Time, Acct_Session_ID jwilliams12 208.138.43.123 805306450 72.27.33.224 Nov 2, 2012 12:21:04 AM Nov 2, 2012 1:21:16 AM, erx TenGigabitEthernet 3/0/0.37:123-82:1830880926 So the record is added to the accounting database at the end of a session and includes both Stop and Start times. Added to that is the issue I have where Radiator crashes when I try to use the Simultaneous-Use features. Thanks. On Fri, 2 Nov 2012 17:46:58 +1100 Hugh Irvine h...@open.com.au wrote: Hello Rohan - Can you please explain exactly what you are trying to do? It is normal for you to get two records in your accounting table, as that is what you have configured. If you can tell us what you are trying to achieve we will be able to make sensible suggestions. regards Hugh On 2 Nov 2012, at 09:38, rohan.he...@cwjamaica.com wrote: Thanks Michael, I was able to go further with the advice using the AuthByPolicy and AuthBy GROUP under the existing Handler. Only that two records are added to my accounting database for a single session - one at Start and one at Stop. Handler NAS-Identifier=Juniper_E320_2 AddToRequest SERVICESTATUS = ACTIVE SessionDatabase SQLSDB # MaxSessions 1
Re: [RADIATOR] Accounting records are not written to database
Hugh, re: server crash see config and log files attached. Rohan On Sat, 3 Nov 2012 09:06:44 +1100 Hugh Irvine h...@open.com.au wrote: Hello Rohan - The easiest way to do this is to store only the Stop records, and calculate the start time from the attributes present in the accounting stop request. Something like this (the value is in epoch seconds): Timestamp - Acct-Session-Time - Acct-Delay-Time For the crash I will need to see the logfile that immediately precedes it together with the configuration file you are using. regards Hugh On 3 Nov 2012, at 02:24, rohan.he...@cwjamaica.com wrote: Hugh, Now that records are being written to the database, I want a single record per session that includes both Stop and Start times like below. User_Name, NAS_IP_Address, NAS_Port, Framed_IP_Address, Acct_Start_Time, Acct_Stop_Time, Acct_Session_ID jwilliams12 208.138.43.123 805306450 72.27.33.224 Nov 2, 2012 12:21:04 AM Nov 2, 2012 1:21:16 AM, erx TenGigabitEthernet 3/0/0.37:123-82:1830880926 So the record is added to the accounting database at the end of a session and includes both Stop and Start times. Added to that is the issue I have where Radiator crashes when I try to use the Simultaneous-Use features. Thanks. On Fri, 2 Nov 2012 17:46:58 +1100 Hugh Irvine h...@open.com.au wrote: Hello Rohan - Can you please explain exactly what you are trying to do? It is normal for you to get two records in your accounting table, as that is what you have configured. If you can tell us what you are trying to achieve we will be able to make sensible suggestions. regards Hugh On 2 Nov 2012, at 09:38, rohan.he...@cwjamaica.com wrote: Thanks Michael, I was able to go further with the advice using the AuthByPolicy and AuthBy GROUP under the existing Handler. Only that two records are added to my accounting database for a single session - one at Start and one at Stop. Handler NAS-Identifier=Juniper_E320_2 AddToRequest SERVICESTATUS = ACTIVE SessionDatabase SQLSDB # MaxSessions 1 RejectHasReason AuthByPolicy ContinueAlways AuthBy SQLAccounting AuthBy GROUP AuthByPolicy ContinueWhileIgnore AuthBy xDSL /AuthBy Regards, Rohan On Thu, 01 Nov 2012 17:45:18 -0400 Michael wrote: Looks like your AuthBy xDSL is accepting, therefore since the default AuthByPolicy is ContinueWhileIgnore, it will stop at the xDSL authby and the AuthBy SQLAccounting is not processed. I personally handle accounting in a separate handler. To me, handling accounting and authorization in the same handler is tricky. Michael On 01/11/12 05:07 PM, rohan.he...@cwjamaica.com wrote: Hugh, Config and logs attached. And the application crashed when testing Simultaneous-Use for both configurations below. In my AuthBy config: DefaultSimultaneousUse 1 With AuthAttrDef Simultaneous-Use,Simultaneous-Use,check Or In my Handler: MaxSessions 1 On Fri, 2 Nov 2012 07:19:09 +1100 Hugh Irvine wrote: Hello Rohan - We will need to see the configuration file (no secrets) together with a trace 4 debug showing what is happening. regards Hugh On 2 Nov 2012, at 05:53, wrote: Hello, Why doesn't the following work? Identifier SQLAccounting DBSource dbi:mysql:inetdb_test DBUsername inet DBAuth inet@inetdb #Disable SQL authentication AuthSelect HandleAcctStatusTypes Start,Stop AccountingTable ARCH_ACCOUNTING AcctColumnDef USER_NAME,User-Name AcctColumnDef ACCT_START_TIME,Timestamp,integer AcctColumnDef ACCT_STOP_TIME,Timestamp,integer AcctColumnDef ACCT_STATUS_TYPE,Acct-Status-Type,integer AcctColumnDef ACCT_DELAY_TIME,Acct-Delay-Time,integer AcctColumnDef ACCT_INPUT_OCTETS,Acct-Input-Octets,integer AcctColumnDef ACCT_OUTPUT_OCTETS,Acct-Output-Octets,integer AcctColumnDef ACCT_SESSION_ID,Acct-Session-Id AcctColumnDef ACCT_SESSION_TIME,Acct-Session-Time,integer AcctColumnDef ACCT_TERMINATE_CAUSE,Acct-Terminate-Cause,integer AcctColumnDef FRAMED_IP_ADDRESS,Framed-IP-Address AcctColumnDef NAS_IDENTIFIER,NAS-Identifier AcctColumnDef NAS_PORT,NAS-Port,integer AcctColumnDef CALLED_STATION_ID,Called-Station-Id AcctColumnDef CALLING_STATION_ID,Calling-Station-Id SQLRecoveryFile %L/sqlaccounting.sql Specifying the following in my Handler does not work. I don't even see any trace in my logs set at level 4 or 5. AuthBy SQLAccounting However my sessions database work with the following. SessionDatabase SQLSDB Thanks much. Regards, Rohan ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] Accounting records are not written to database
Hi, On Mon, 5 Nov 2012, rohan.he...@cwjamaica.com wrote: Hugh, re: server crash see config and log files attached. What exactly do you mean when you say the server crashes ? I cannot find any perl exceptions in the logs and nothing at first sight in the config that would cause anything like that. The only time the radiator process had died on me is when I have a syntax error in a hook or module. Greetings Christian Rohan On Sat, 3 Nov 2012 09:06:44 +1100 Hugh Irvine h...@open.com.au wrote: Hello Rohan - The easiest way to do this is to store only the Stop records, and calculate the start time from the attributes present in the accounting stop request. Something like this (the value is in epoch seconds): Timestamp - Acct-Session-Time - Acct-Delay-Time For the crash I will need to see the logfile that immediately precedes it together with the configuration file you are using. regards Hugh On 3 Nov 2012, at 02:24, rohan.he...@cwjamaica.com wrote: Hugh, Now that records are being written to the database, I want a single record per session that includes both Stop and Start times like below. User_Name, NAS_IP_Address, NAS_Port, Framed_IP_Address, Acct_Start_Time, Acct_Stop_Time, Acct_Session_ID jwilliams12 208.138.43.123 805306450 72.27.33.224 Nov 2, 2012 12:21:04 AM Nov 2, 2012 1:21:16 AM, erx TenGigabitEthernet 3/0/0.37:123-82:1830880926 So the record is added to the accounting database at the end of a session and includes both Stop and Start times. Added to that is the issue I have where Radiator crashes when I try to use the Simultaneous-Use features. Thanks. On Fri, 2 Nov 2012 17:46:58 +1100 Hugh Irvine h...@open.com.au wrote: Hello Rohan - Can you please explain exactly what you are trying to do? It is normal for you to get two records in your accounting table, as that is what you have configured. If you can tell us what you are trying to achieve we will be able to make sensible suggestions. regards Hugh On 2 Nov 2012, at 09:38, rohan.he...@cwjamaica.com wrote: Thanks Michael, I was able to go further with the advice using the AuthByPolicy and AuthBy GROUP under the existing Handler. Only that two records are added to my accounting database for a single session - one at Start and one at Stop. Handler NAS-Identifier=Juniper_E320_2 AddToRequest SERVICESTATUS = ACTIVE SessionDatabase SQLSDB # MaxSessions 1 RejectHasReason AuthByPolicy ContinueAlways AuthBy SQLAccounting AuthBy GROUP AuthByPolicy ContinueWhileIgnore AuthBy xDSL /AuthBy Regards, Rohan On Thu, 01 Nov 2012 17:45:18 -0400 Michael wrote: Looks like your AuthBy xDSL is accepting, therefore since the default AuthByPolicy is ContinueWhileIgnore, it will stop at the xDSL authby and the AuthBy SQLAccounting is not processed. I personally handle accounting in a separate handler. To me, handling accounting and authorization in the same handler is tricky. Michael On 01/11/12 05:07 PM, rohan.he...@cwjamaica.com wrote: Hugh, Config and logs attached. And the application crashed when testing Simultaneous-Use for both configurations below. In my AuthBy config: DefaultSimultaneousUse 1 With AuthAttrDef Simultaneous-Use,Simultaneous-Use,check Or In my Handler: MaxSessions 1 On Fri, 2 Nov 2012 07:19:09 +1100 Hugh Irvine wrote: Hello Rohan - We will need to see the configuration file (no secrets) together with a trace 4 debug showing what is happening. regards Hugh On 2 Nov 2012, at 05:53, wrote: Hello, Why doesn't the following work? Identifier SQLAccounting DBSource dbi:mysql:inetdb_test DBUsername inet DBAuth inet@inetdb #Disable SQL authentication AuthSelect HandleAcctStatusTypes Start,Stop AccountingTable ARCH_ACCOUNTING AcctColumnDef USER_NAME,User-Name AcctColumnDef ACCT_START_TIME,Timestamp,integer AcctColumnDef ACCT_STOP_TIME,Timestamp,integer AcctColumnDef ACCT_STATUS_TYPE,Acct-Status-Type,integer AcctColumnDef ACCT_DELAY_TIME,Acct-Delay-Time,integer AcctColumnDef ACCT_INPUT_OCTETS,Acct-Input-Octets,integer AcctColumnDef ACCT_OUTPUT_OCTETS,Acct-Output-Octets,integer AcctColumnDef ACCT_SESSION_ID,Acct-Session-Id AcctColumnDef ACCT_SESSION_TIME,Acct-Session-Time,integer AcctColumnDef ACCT_TERMINATE_CAUSE,Acct-Terminate-Cause,integer AcctColumnDef FRAMED_IP_ADDRESS,Framed-IP-Address AcctColumnDef NAS_IDENTIFIER,NAS-Identifier AcctColumnDef NAS_PORT,NAS-Port,integer AcctColumnDef CALLED_STATION_ID,Called-Station-Id AcctColumnDef CALLING_STATION_ID,Calling-Station-Id SQLRecoveryFile %L/sqlaccounting.sql Specifying the following in my Handler does not work. I don't even see any trace in my logs set at level 4 or 5. AuthBy SQLAccounting However my sessions database work
Re: [RADIATOR] Accounting records are not written to database
Hello Rohan - To see what is happening with the crash you should run radiusd from the command line so you can see the relevant Perl messages. Something like this (with your local pathnames): /usr/bin/perl /usr/local/bin/radiusd -foreground -log_stdout -trace 4 -config_file /etc/radiator/radius.cfg BTW - I don't think your CountQuery is correct as it will never find all existing sessions for that particular user. regards Hugh On 6 Nov 2012, at 09:30, rohan.he...@cwjamaica.com wrote: Hugh, re: server crash see config and log files attached. Rohan On Sat, 3 Nov 2012 09:06:44 +1100 Hugh Irvine h...@open.com.au wrote: Hello Rohan - The easiest way to do this is to store only the Stop records, and calculate the start time from the attributes present in the accounting stop request. Something like this (the value is in epoch seconds): Timestamp - Acct-Session-Time - Acct-Delay-Time For the crash I will need to see the logfile that immediately precedes it together with the configuration file you are using. regards Hugh On 3 Nov 2012, at 02:24, rohan.he...@cwjamaica.com wrote: Hugh, Now that records are being written to the database, I want a single record per session that includes both Stop and Start times like below. User_Name, NAS_IP_Address, NAS_Port, Framed_IP_Address, Acct_Start_Time, Acct_Stop_Time, Acct_Session_ID jwilliams12 208.138.43.123 805306450 72.27.33.224 Nov 2, 2012 12:21:04 AM Nov 2, 2012 1:21:16 AM, erx TenGigabitEthernet 3/0/0.37:123-82:1830880926 So the record is added to the accounting database at the end of a session and includes both Stop and Start times. Added to that is the issue I have where Radiator crashes when I try to use the Simultaneous-Use features. Thanks. On Fri, 2 Nov 2012 17:46:58 +1100 Hugh Irvine h...@open.com.au wrote: Hello Rohan - Can you please explain exactly what you are trying to do? It is normal for you to get two records in your accounting table, as that is what you have configured. If you can tell us what you are trying to achieve we will be able to make sensible suggestions. regards Hugh On 2 Nov 2012, at 09:38, rohan.he...@cwjamaica.com wrote: Thanks Michael, I was able to go further with the advice using the AuthByPolicy and AuthBy GROUP under the existing Handler. Only that two records are added to my accounting database for a single session - one at Start and one at Stop. Handler NAS-Identifier=Juniper_E320_2 AddToRequest SERVICESTATUS = ACTIVE SessionDatabase SQLSDB # MaxSessions 1 RejectHasReason AuthByPolicy ContinueAlways AuthBy SQLAccounting AuthBy GROUP AuthByPolicy ContinueWhileIgnore AuthBy xDSL /AuthBy Regards, Rohan On Thu, 01 Nov 2012 17:45:18 -0400 Michael wrote: Looks like your AuthBy xDSL is accepting, therefore since the default AuthByPolicy is ContinueWhileIgnore, it will stop at the xDSL authby and the AuthBy SQLAccounting is not processed. I personally handle accounting in a separate handler. To me, handling accounting and authorization in the same handler is tricky. Michael On 01/11/12 05:07 PM, rohan.he...@cwjamaica.com wrote: Hugh, Config and logs attached. And the application crashed when testing Simultaneous-Use for both configurations below. In my AuthBy config: DefaultSimultaneousUse 1 With AuthAttrDef Simultaneous-Use,Simultaneous-Use,check Or In my Handler: MaxSessions 1 On Fri, 2 Nov 2012 07:19:09 +1100 Hugh Irvine wrote: Hello Rohan - We will need to see the configuration file (no secrets) together with a trace 4 debug showing what is happening. regards Hugh On 2 Nov 2012, at 05:53, wrote: Hello, Why doesn't the following work? Identifier SQLAccounting DBSource dbi:mysql:inetdb_test DBUsername inet DBAuth inet@inetdb #Disable SQL authentication AuthSelect HandleAcctStatusTypes Start,Stop AccountingTable ARCH_ACCOUNTING AcctColumnDef USER_NAME,User-Name AcctColumnDef ACCT_START_TIME,Timestamp,integer AcctColumnDef ACCT_STOP_TIME,Timestamp,integer AcctColumnDef ACCT_STATUS_TYPE,Acct-Status-Type,integer AcctColumnDef ACCT_DELAY_TIME,Acct-Delay-Time,integer AcctColumnDef ACCT_INPUT_OCTETS,Acct-Input-Octets,integer AcctColumnDef ACCT_OUTPUT_OCTETS,Acct-Output-Octets,integer AcctColumnDef ACCT_SESSION_ID,Acct-Session-Id AcctColumnDef ACCT_SESSION_TIME,Acct-Session-Time,integer AcctColumnDef ACCT_TERMINATE_CAUSE,Acct-Terminate-Cause,integer AcctColumnDef FRAMED_IP_ADDRESS,Framed-IP-Address AcctColumnDef NAS_IDENTIFIER,NAS-Identifier AcctColumnDef NAS_PORT,NAS-Port,integer AcctColumnDef CALLED_STATION_ID,Called-Station-Id
Re: [RADIATOR] Accounting records are not written to database
Hugh, After some additional advice I realize that how Radiator adds the the records makes perfect sense. Since I have the option of inserting Interim records as well. So you can ignore. But I would still would like to know why Simultaneous-Use or Maxsessions does not work and crash the application during my tests. Regards, Rohan On Fri, 02 Nov 2012 10:24:07 -0500 rohan.he...@cwjamaica.com wrote: Hugh, Now that records are being written to the database, I want a single record per session that includes both Stop and Start times like below. User_Name, NAS_IP_Address, NAS_Port, Framed_IP_Address, Acct_Start_Time, Acct_Stop_Time, Acct_Session_ID jwilliams12 208.138.43.123 805306450 72.27.33.224 Nov 2, 2012 12:21:04 AM Nov 2, 2012 1:21:16 AM, erx TenGigabitEthernet 3/0/0.37:123-82:1830880926 So the record is added to the accounting database at the end of a session and includes both Stop and Start times. Added to that is the issue I have where Radiator crashes when I try to use the Simultaneous-Use features. Thanks. On Fri, 2 Nov 2012 17:46:58 +1100 Hugh Irvine h...@open.com.au wrote: Hello Rohan - Can you please explain exactly what you are trying to do? It is normal for you to get two records in your accounting table, as that is what you have configured. If you can tell us what you are trying to achieve we will be able to make sensible suggestions. regards Hugh On 2 Nov 2012, at 09:38, rohan.he...@cwjamaica.com wrote: Thanks Michael, I was able to go further with the advice using the AuthByPolicy and AuthBy GROUP under the existing Handler. Only that two records are added to my accounting database for a single session - one at Start and one at Stop. Handler NAS-Identifier=Juniper_E320_2 AddToRequest SERVICESTATUS = ACTIVE SessionDatabase SQLSDB # MaxSessions 1 RejectHasReason AuthByPolicy ContinueAlways AuthBy SQLAccounting AuthBy GROUP AuthByPolicy ContinueWhileIgnore AuthBy xDSL /AuthBy Regards, Rohan On Thu, 01 Nov 2012 17:45:18 -0400 Michael wrote: Looks like your AuthBy xDSL is accepting, therefore since the default AuthByPolicy is ContinueWhileIgnore, it will stop at the xDSL authby and the AuthBy SQLAccounting is not processed. I personally handle accounting in a separate handler. To me, handling accounting and authorization in the same handler is tricky. Michael On 01/11/12 05:07 PM, rohan.he...@cwjamaica.com wrote: Hugh, Config and logs attached. And the application crashed when testing Simultaneous-Use for both configurations below. In my AuthBy config: DefaultSimultaneousUse 1 With AuthAttrDef Simultaneous-Use,Simultaneous-Use,check Or In my Handler: MaxSessions 1 On Fri, 2 Nov 2012 07:19:09 +1100 Hugh Irvine wrote: Hello Rohan - We will need to see the configuration file (no secrets) together with a trace 4 debug showing what is happening. regards Hugh On 2 Nov 2012, at 05:53, wrote: Hello, Why doesn't the following work? Identifier SQLAccounting DBSource dbi:mysql:inetdb_test DBUsername inet DBAuth inet@inetdb #Disable SQL authentication AuthSelect HandleAcctStatusTypes Start,Stop AccountingTable ARCH_ACCOUNTING AcctColumnDef USER_NAME,User-Name AcctColumnDef ACCT_START_TIME,Timestamp,integer AcctColumnDef ACCT_STOP_TIME,Timestamp,integer AcctColumnDef ACCT_STATUS_TYPE,Acct-Status-Type,integer AcctColumnDef ACCT_DELAY_TIME,Acct-Delay-Time,integer AcctColumnDef ACCT_INPUT_OCTETS,Acct-Input-Octets,integer AcctColumnDef ACCT_OUTPUT_OCTETS,Acct-Output-Octets,integer AcctColumnDef ACCT_SESSION_ID,Acct-Session-Id AcctColumnDef ACCT_SESSION_TIME,Acct-Session-Time,integer AcctColumnDef ACCT_TERMINATE_CAUSE,Acct-Terminate-Cause,integer AcctColumnDef FRAMED_IP_ADDRESS,Framed-IP-Address AcctColumnDef NAS_IDENTIFIER,NAS-Identifier AcctColumnDef NAS_PORT,NAS-Port,integer AcctColumnDef CALLED_STATION_ID,Called-Station-Id AcctColumnDef CALLING_STATION_ID,Calling-Station-Id SQLRecoveryFile %L/sqlaccounting.sql Specifying the following in my Handler does not work. I don't even see any trace in my logs set at level 4 or 5. AuthBy SQLAccounting However my sessions database work with the following. SessionDatabase SQLSDB Thanks much. Regards, Rohan ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator -- Hugh Irvine h...@open.com.au Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external,
Re: [RADIATOR] Accounting records are not written to database
Hello Rohan - The easiest way to do this is to store only the Stop records, and calculate the start time from the attributes present in the accounting stop request. Something like this (the value is in epoch seconds): Timestamp - Acct-Session-Time - Acct-Delay-Time For the crash I will need to see the logfile that immediately precedes it together with the configuration file you are using. regards Hugh On 3 Nov 2012, at 02:24, rohan.he...@cwjamaica.com wrote: Hugh, Now that records are being written to the database, I want a single record per session that includes both Stop and Start times like below. User_Name, NAS_IP_Address, NAS_Port, Framed_IP_Address, Acct_Start_Time, Acct_Stop_Time, Acct_Session_ID jwilliams12 208.138.43.123 805306450 72.27.33.224 Nov 2, 2012 12:21:04 AM Nov 2, 2012 1:21:16 AM, erx TenGigabitEthernet 3/0/0.37:123-82:1830880926 So the record is added to the accounting database at the end of a session and includes both Stop and Start times. Added to that is the issue I have where Radiator crashes when I try to use the Simultaneous-Use features. Thanks. On Fri, 2 Nov 2012 17:46:58 +1100 Hugh Irvine h...@open.com.au wrote: Hello Rohan - Can you please explain exactly what you are trying to do? It is normal for you to get two records in your accounting table, as that is what you have configured. If you can tell us what you are trying to achieve we will be able to make sensible suggestions. regards Hugh On 2 Nov 2012, at 09:38, rohan.he...@cwjamaica.com wrote: Thanks Michael, I was able to go further with the advice using the AuthByPolicy and AuthBy GROUP under the existing Handler. Only that two records are added to my accounting database for a single session - one at Start and one at Stop. Handler NAS-Identifier=Juniper_E320_2 AddToRequest SERVICESTATUS = ACTIVE SessionDatabase SQLSDB # MaxSessions 1 RejectHasReason AuthByPolicy ContinueAlways AuthBy SQLAccounting AuthBy GROUP AuthByPolicy ContinueWhileIgnore AuthBy xDSL /AuthBy Regards, Rohan On Thu, 01 Nov 2012 17:45:18 -0400 Michael wrote: Looks like your AuthBy xDSL is accepting, therefore since the default AuthByPolicy is ContinueWhileIgnore, it will stop at the xDSL authby and the AuthBy SQLAccounting is not processed. I personally handle accounting in a separate handler. To me, handling accounting and authorization in the same handler is tricky. Michael On 01/11/12 05:07 PM, rohan.he...@cwjamaica.com wrote: Hugh, Config and logs attached. And the application crashed when testing Simultaneous-Use for both configurations below. In my AuthBy config: DefaultSimultaneousUse 1 With AuthAttrDef Simultaneous-Use,Simultaneous-Use,check Or In my Handler: MaxSessions 1 On Fri, 2 Nov 2012 07:19:09 +1100 Hugh Irvine wrote: Hello Rohan - We will need to see the configuration file (no secrets) together with a trace 4 debug showing what is happening. regards Hugh On 2 Nov 2012, at 05:53, wrote: Hello, Why doesn't the following work? Identifier SQLAccounting DBSource dbi:mysql:inetdb_test DBUsername inet DBAuth inet@inetdb #Disable SQL authentication AuthSelect HandleAcctStatusTypes Start,Stop AccountingTable ARCH_ACCOUNTING AcctColumnDef USER_NAME,User-Name AcctColumnDef ACCT_START_TIME,Timestamp,integer AcctColumnDef ACCT_STOP_TIME,Timestamp,integer AcctColumnDef ACCT_STATUS_TYPE,Acct-Status-Type,integer AcctColumnDef ACCT_DELAY_TIME,Acct-Delay-Time,integer AcctColumnDef ACCT_INPUT_OCTETS,Acct-Input-Octets,integer AcctColumnDef ACCT_OUTPUT_OCTETS,Acct-Output-Octets,integer AcctColumnDef ACCT_SESSION_ID,Acct-Session-Id AcctColumnDef ACCT_SESSION_TIME,Acct-Session-Time,integer AcctColumnDef ACCT_TERMINATE_CAUSE,Acct-Terminate-Cause,integer AcctColumnDef FRAMED_IP_ADDRESS,Framed-IP-Address AcctColumnDef NAS_IDENTIFIER,NAS-Identifier AcctColumnDef NAS_PORT,NAS-Port,integer AcctColumnDef CALLED_STATION_ID,Called-Station-Id AcctColumnDef CALLING_STATION_ID,Calling-Station-Id SQLRecoveryFile %L/sqlaccounting.sql Specifying the following in my Handler does not work. I don't even see any trace in my logs set at level 4 or 5. AuthBy SQLAccounting However my sessions database work with the following. SessionDatabase SQLSDB Thanks much. Regards, Rohan ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator -- Hugh Irvine h...@open.com.au Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL,
Re: [RADIATOR] Accounting records are not written to database
Hugh, So does it mean that I wouldn't need to process the Start record as defined by: HandleAcctStatusTypes Start,Stop? And in this way a session only gets inserted into the database only if the Stop record is processed? On Sat, 3 Nov 2012 09:06:44 +1100 Hugh Irvine h...@open.com.au wrote: Hello Rohan - The easiest way to do this is to store only the Stop records, and calculate the start time from the attributes present in the accounting stop request. Something like this (the value is in epoch seconds): Timestamp - Acct-Session-Time - Acct-Delay-Time For the crash I will need to see the logfile that immediately precedes it together with the configuration file you are using. regards Hugh On 3 Nov 2012, at 02:24, rohan.he...@cwjamaica.com wrote: Hugh, Now that records are being written to the database, I want a single record per session that includes both Stop and Start times like below. User_Name, NAS_IP_Address, NAS_Port, Framed_IP_Address, Acct_Start_Time, Acct_Stop_Time, Acct_Session_ID jwilliams12 208.138.43.123 805306450 72.27.33.224 Nov 2, 2012 12:21:04 AM Nov 2, 2012 1:21:16 AM, erx TenGigabitEthernet 3/0/0.37:123-82:1830880926 So the record is added to the accounting database at the end of a session and includes both Stop and Start times. Added to that is the issue I have where Radiator crashes when I try to use the Simultaneous-Use features. Thanks. On Fri, 2 Nov 2012 17:46:58 +1100 Hugh Irvine h...@open.com.au wrote: Hello Rohan - Can you please explain exactly what you are trying to do? It is normal for you to get two records in your accounting table, as that is what you have configured. If you can tell us what you are trying to achieve we will be able to make sensible suggestions. regards Hugh On 2 Nov 2012, at 09:38, rohan.he...@cwjamaica.com wrote: Thanks Michael, I was able to go further with the advice using the AuthByPolicy and AuthBy GROUP under the existing Handler. Only that two records are added to my accounting database for a single session - one at Start and one at Stop. Handler NAS-Identifier=Juniper_E320_2 AddToRequest SERVICESTATUS = ACTIVE SessionDatabase SQLSDB # MaxSessions 1 RejectHasReason AuthByPolicy ContinueAlways AuthBy SQLAccounting AuthBy GROUP AuthByPolicy ContinueWhileIgnore AuthBy xDSL /AuthBy Regards, Rohan On Thu, 01 Nov 2012 17:45:18 -0400 Michael wrote: Looks like your AuthBy xDSL is accepting, therefore since the default AuthByPolicy is ContinueWhileIgnore, it will stop at the xDSL authby and the AuthBy SQLAccounting is not processed. I personally handle accounting in a separate handler. To me, handling accounting and authorization in the same handler is tricky. Michael On 01/11/12 05:07 PM, rohan.he...@cwjamaica.com wrote: Hugh, Config and logs attached. And the application crashed when testing Simultaneous-Use for both configurations below. In my AuthBy config: DefaultSimultaneousUse 1 With AuthAttrDef Simultaneous-Use,Simultaneous-Use,check Or In my Handler: MaxSessions 1 On Fri, 2 Nov 2012 07:19:09 +1100 Hugh Irvine wrote: Hello Rohan - We will need to see the configuration file (no secrets) together with a trace 4 debug showing what is happening. regards Hugh On 2 Nov 2012, at 05:53, wrote: Hello, Why doesn't the following work? Identifier SQLAccounting DBSource dbi:mysql:inetdb_test DBUsername inet DBAuth inet@inetdb #Disable SQL authentication AuthSelect HandleAcctStatusTypes Start,Stop AccountingTable ARCH_ACCOUNTING AcctColumnDef USER_NAME,User-Name AcctColumnDef ACCT_START_TIME,Timestamp,integer AcctColumnDef ACCT_STOP_TIME,Timestamp,integer AcctColumnDef ACCT_STATUS_TYPE,Acct-Status-Type,integer AcctColumnDef ACCT_DELAY_TIME,Acct-Delay-Time,integer AcctColumnDef ACCT_INPUT_OCTETS,Acct-Input-Octets,integer AcctColumnDef ACCT_OUTPUT_OCTETS,Acct-Output-Octets,integer AcctColumnDef ACCT_SESSION_ID,Acct-Session-Id AcctColumnDef ACCT_SESSION_TIME,Acct-Session-Time,integer AcctColumnDef ACCT_TERMINATE_CAUSE,Acct-Terminate-Cause,integer AcctColumnDef FRAMED_IP_ADDRESS,Framed-IP-Address AcctColumnDef NAS_IDENTIFIER,NAS-Identifier AcctColumnDef NAS_PORT,NAS-Port,integer AcctColumnDef CALLED_STATION_ID,Called-Station-Id AcctColumnDef CALLING_STATION_ID,Calling-Station-Id SQLRecoveryFile %L/sqlaccounting.sql Specifying the following in my Handler does not work. I don't even see any trace in my logs set at level 4 or 5. AuthBy SQLAccounting However my sessions database work with the following. SessionDatabase SQLSDB Thanks much. Regards, Rohan
Re: [RADIATOR] Accounting records are not written to database
Hello Rohan - On 3 Nov 2012, at 09:39, rohan.he...@cwjamaica.com wrote: Hugh, So does it mean that I wouldn't need to process the Start record as defined by: HandleAcctStatusTypes Start,Stop? Yes - you would just use HandleAcctStatusTypes Stop And in this way a session only gets inserted into the database only if the Stop record is processed? Correct. regards Hugh On Sat, 3 Nov 2012 09:06:44 +1100 Hugh Irvine h...@open.com.au wrote: Hello Rohan - The easiest way to do this is to store only the Stop records, and calculate the start time from the attributes present in the accounting stop request. Something like this (the value is in epoch seconds): Timestamp - Acct-Session-Time - Acct-Delay-Time For the crash I will need to see the logfile that immediately precedes it together with the configuration file you are using. regards Hugh On 3 Nov 2012, at 02:24, rohan.he...@cwjamaica.com wrote: Hugh, Now that records are being written to the database, I want a single record per session that includes both Stop and Start times like below. User_Name, NAS_IP_Address, NAS_Port, Framed_IP_Address, Acct_Start_Time, Acct_Stop_Time, Acct_Session_ID jwilliams12 208.138.43.123 805306450 72.27.33.224 Nov 2, 2012 12:21:04 AM Nov 2, 2012 1:21:16 AM, erx TenGigabitEthernet 3/0/0.37:123-82:1830880926 So the record is added to the accounting database at the end of a session and includes both Stop and Start times. Added to that is the issue I have where Radiator crashes when I try to use the Simultaneous-Use features. Thanks. On Fri, 2 Nov 2012 17:46:58 +1100 Hugh Irvine h...@open.com.au wrote: Hello Rohan - Can you please explain exactly what you are trying to do? It is normal for you to get two records in your accounting table, as that is what you have configured. If you can tell us what you are trying to achieve we will be able to make sensible suggestions. regards Hugh On 2 Nov 2012, at 09:38, rohan.he...@cwjamaica.com wrote: Thanks Michael, I was able to go further with the advice using the AuthByPolicy and AuthBy GROUP under the existing Handler. Only that two records are added to my accounting database for a single session - one at Start and one at Stop. Handler NAS-Identifier=Juniper_E320_2 AddToRequest SERVICESTATUS = ACTIVE SessionDatabase SQLSDB # MaxSessions 1 RejectHasReason AuthByPolicy ContinueAlways AuthBy SQLAccounting AuthBy GROUP AuthByPolicy ContinueWhileIgnore AuthBy xDSL /AuthBy Regards, Rohan On Thu, 01 Nov 2012 17:45:18 -0400 Michael wrote: Looks like your AuthBy xDSL is accepting, therefore since the default AuthByPolicy is ContinueWhileIgnore, it will stop at the xDSL authby and the AuthBy SQLAccounting is not processed. I personally handle accounting in a separate handler. To me, handling accounting and authorization in the same handler is tricky. Michael On 01/11/12 05:07 PM, rohan.he...@cwjamaica.com wrote: Hugh, Config and logs attached. And the application crashed when testing Simultaneous-Use for both configurations below. In my AuthBy config: DefaultSimultaneousUse 1 With AuthAttrDef Simultaneous-Use,Simultaneous-Use,check Or In my Handler: MaxSessions 1 On Fri, 2 Nov 2012 07:19:09 +1100 Hugh Irvine wrote: Hello Rohan - We will need to see the configuration file (no secrets) together with a trace 4 debug showing what is happening. regards Hugh On 2 Nov 2012, at 05:53, wrote: Hello, Why doesn't the following work? Identifier SQLAccounting DBSource dbi:mysql:inetdb_test DBUsername inet DBAuth inet@inetdb #Disable SQL authentication AuthSelect HandleAcctStatusTypes Start,Stop AccountingTable ARCH_ACCOUNTING AcctColumnDef USER_NAME,User-Name AcctColumnDef ACCT_START_TIME,Timestamp,integer AcctColumnDef ACCT_STOP_TIME,Timestamp,integer AcctColumnDef ACCT_STATUS_TYPE,Acct-Status-Type,integer AcctColumnDef ACCT_DELAY_TIME,Acct-Delay-Time,integer AcctColumnDef ACCT_INPUT_OCTETS,Acct-Input-Octets,integer AcctColumnDef ACCT_OUTPUT_OCTETS,Acct-Output-Octets,integer AcctColumnDef ACCT_SESSION_ID,Acct-Session-Id AcctColumnDef ACCT_SESSION_TIME,Acct-Session-Time,integer AcctColumnDef ACCT_TERMINATE_CAUSE,Acct-Terminate-Cause,integer AcctColumnDef FRAMED_IP_ADDRESS,Framed-IP-Address AcctColumnDef NAS_IDENTIFIER,NAS-Identifier AcctColumnDef NAS_PORT,NAS-Port,integer AcctColumnDef CALLED_STATION_ID,Called-Station-Id AcctColumnDef CALLING_STATION_ID,Calling-Station-Id SQLRecoveryFile %L/sqlaccounting.sql Specifying the following in my Handler does not work. I don't even see any trace in
Re: [RADIATOR] Accounting records are not written to database
Thanks. That technique works! Except that I used below.
ACCT_START_TIME,%b-0%{Acct-Session-Time},literal
The field is NULL if I used type integer-date (below).
mcatra1 | Juniper_E320_2 | 805307373 | 208.131.170.180 | NULL
| Nov 2, 2012 18:35
Regards,
Rohan
On Sat, 3 Nov 2012 10:29:30 +1100
Hugh Irvine h...@open.com.au wrote:
Hello Rohan -
On 3 Nov 2012, at 09:39, rohan.he...@cwjamaica.com wrote:
Hugh,
So does it mean that I wouldn't need to process the Start record as defined
by: HandleAcctStatusTypes Start,Stop?
Yes - you would just use
HandleAcctStatusTypes Stop
And in this way a session only gets inserted into the database only if the
Stop record is processed?
Correct.
regards
Hugh
On Sat, 3 Nov 2012 09:06:44 +1100
Hugh Irvine h...@open.com.au wrote:
Hello Rohan -
The easiest way to do this is to store only the Stop records, and calculate
the start time from the attributes present in the accounting stop request.
Something like this (the value is in epoch seconds):
Timestamp - Acct-Session-Time - Acct-Delay-Time
For the crash I will need to see the logfile that immediately precedes it
together with the configuration file you are using.
regards
Hugh
On 3 Nov 2012, at 02:24, rohan.he...@cwjamaica.com wrote:
Hugh,
Now that records are being written to the database, I want a single record
per session that includes both Stop and Start times like below.
User_Name, NAS_IP_Address, NAS_Port, Framed_IP_Address, Acct_Start_Time,
Acct_Stop_Time, Acct_Session_ID
jwilliams12 208.138.43.123 805306450 72.27.33.224 Nov 2, 2012 12:21:04 AM
Nov 2, 2012 1:21:16 AM, erx TenGigabitEthernet 3/0/0.37:123-82:1830880926
So the record is added to the accounting database at the end of a session
and includes both Stop and Start times.
Added to that is the issue I have where Radiator crashes when I try to use
the Simultaneous-Use features.
Thanks.
On Fri, 2 Nov 2012 17:46:58 +1100
Hugh Irvine h...@open.com.au wrote:
Hello Rohan -
Can you please explain exactly what you are trying to do?
It is normal for you to get two records in your accounting table, as that
is what you have configured.
If you can tell us what you are trying to achieve we will be able to make
sensible suggestions.
regards
Hugh
On 2 Nov 2012, at 09:38, rohan.he...@cwjamaica.com wrote:
Thanks Michael,
I was able to go further with the advice using the AuthByPolicy and
AuthBy GROUP under the existing Handler. Only that two records are added
to my accounting database for a single session - one at Start and one at
Stop.
Handler NAS-Identifier=Juniper_E320_2
AddToRequest SERVICESTATUS = ACTIVE
SessionDatabase SQLSDB
# MaxSessions 1
RejectHasReason
AuthByPolicy ContinueAlways
AuthBy SQLAccounting
AuthBy GROUP
AuthByPolicy ContinueWhileIgnore
AuthBy xDSL
/AuthBy
Regards,
Rohan
On Thu, 01 Nov 2012 17:45:18 -0400
Michael wrote:
Looks like your AuthBy xDSL is accepting, therefore since the default
AuthByPolicy is ContinueWhileIgnore, it will stop at the xDSL authby
and the AuthBy SQLAccounting is not processed.
I personally handle accounting in a separate handler. To me, handling
accounting and authorization in the same handler is tricky.
Michael
On 01/11/12 05:07 PM, rohan.he...@cwjamaica.com wrote:
Hugh,
Config and logs attached.
And the application crashed when testing Simultaneous-Use for both
configurations below.
In my AuthBy config:
DefaultSimultaneousUse 1 With AuthAttrDef
Simultaneous-Use,Simultaneous-Use,check
Or
In my Handler:
MaxSessions 1
On Fri, 2 Nov 2012 07:19:09 +1100
Hugh Irvine wrote:
Hello Rohan -
We will need to see the configuration file (no secrets) together with
a trace 4 debug showing what is happening.
regards
Hugh
On 2 Nov 2012, at 05:53, wrote:
Hello,
Why doesn't the following work?
Identifier SQLAccounting
DBSource dbi:mysql:inetdb_test
DBUsername inet
DBAuth inet@inetdb
#Disable SQL authentication
AuthSelect
HandleAcctStatusTypes Start,Stop
AccountingTable ARCH_ACCOUNTING
AcctColumnDef USER_NAME,User-Name
AcctColumnDef ACCT_START_TIME,Timestamp,integer
AcctColumnDef ACCT_STOP_TIME,Timestamp,integer
AcctColumnDef ACCT_STATUS_TYPE,Acct-Status-Type,integer
AcctColumnDef ACCT_DELAY_TIME,Acct-Delay-Time,integer
AcctColumnDef ACCT_INPUT_OCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCT_OUTPUT_OCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCT_SESSION_ID,Acct-Session-Id
AcctColumnDef ACCT_SESSION_TIME,Acct-Session-Time,integer
AcctColumnDef ACCT_TERMINATE_CAUSE,Acct-Terminate-Cause,integer
AcctColumnDef
Re: [RADIATOR] Accounting records are not written to database
Hello Rohan - We will need to see the configuration file (no secrets) together with a trace 4 debug showing what is happening. regards Hugh On 2 Nov 2012, at 05:53, rohan.he...@cwjamaica.com wrote: Hello, Why doesn't the following work? Identifier SQLAccounting DBSource dbi:mysql:inetdb_test DBUsername inet DBAuth inet@inetdb #Disable SQL authentication AuthSelect HandleAcctStatusTypes Start,Stop AccountingTable ARCH_ACCOUNTING AcctColumnDef USER_NAME,User-Name AcctColumnDef ACCT_START_TIME,Timestamp,integer AcctColumnDef ACCT_STOP_TIME,Timestamp,integer AcctColumnDef ACCT_STATUS_TYPE,Acct-Status-Type,integer AcctColumnDef ACCT_DELAY_TIME,Acct-Delay-Time,integer AcctColumnDef ACCT_INPUT_OCTETS,Acct-Input-Octets,integer AcctColumnDef ACCT_OUTPUT_OCTETS,Acct-Output-Octets,integer AcctColumnDef ACCT_SESSION_ID,Acct-Session-Id AcctColumnDef ACCT_SESSION_TIME,Acct-Session-Time,integer AcctColumnDef ACCT_TERMINATE_CAUSE,Acct-Terminate-Cause,integer AcctColumnDef FRAMED_IP_ADDRESS,Framed-IP-Address AcctColumnDef NAS_IDENTIFIER,NAS-Identifier AcctColumnDef NAS_PORT,NAS-Port,integer AcctColumnDef CALLED_STATION_ID,Called-Station-Id AcctColumnDef CALLING_STATION_ID,Calling-Station-Id SQLRecoveryFile %L/sqlaccounting.sql Specifying the following in my Handler does not work. I don't even see any trace in my logs set at level 4 or 5. AuthBy SQLAccounting However my sessions database work with the following. SessionDatabase SQLSDB Thanks much. Regards, Rohan ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator -- Hugh Irvine h...@open.com.au Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] Accounting records are not written to database
Hugh, Config and logs attached. And the application crashed when testing Simultaneous-Use for both configurations below. In my AuthBy config: DefaultSimultaneousUse 1 With AuthAttrDef Simultaneous-Use,Simultaneous-Use,check Or In my Handler: MaxSessions 1 On Fri, 2 Nov 2012 07:19:09 +1100 Hugh Irvine h...@open.com.au wrote: Hello Rohan - We will need to see the configuration file (no secrets) together with a trace 4 debug showing what is happening. regards Hugh On 2 Nov 2012, at 05:53, rohan.he...@cwjamaica.com wrote: Hello, Why doesn't the following work? Identifier SQLAccounting DBSource dbi:mysql:inetdb_test DBUsername inet DBAuth inet@inetdb #Disable SQL authentication AuthSelect HandleAcctStatusTypes Start,Stop AccountingTable ARCH_ACCOUNTING AcctColumnDef USER_NAME,User-Name AcctColumnDef ACCT_START_TIME,Timestamp,integer AcctColumnDef ACCT_STOP_TIME,Timestamp,integer AcctColumnDef ACCT_STATUS_TYPE,Acct-Status-Type,integer AcctColumnDef ACCT_DELAY_TIME,Acct-Delay-Time,integer AcctColumnDef ACCT_INPUT_OCTETS,Acct-Input-Octets,integer AcctColumnDef ACCT_OUTPUT_OCTETS,Acct-Output-Octets,integer AcctColumnDef ACCT_SESSION_ID,Acct-Session-Id AcctColumnDef ACCT_SESSION_TIME,Acct-Session-Time,integer AcctColumnDef ACCT_TERMINATE_CAUSE,Acct-Terminate-Cause,integer AcctColumnDef FRAMED_IP_ADDRESS,Framed-IP-Address AcctColumnDef NAS_IDENTIFIER,NAS-Identifier AcctColumnDef NAS_PORT,NAS-Port,integer AcctColumnDef CALLED_STATION_ID,Called-Station-Id AcctColumnDef CALLING_STATION_ID,Calling-Station-Id SQLRecoveryFile %L/sqlaccounting.sql Specifying the following in my Handler does not work. I don't even see any trace in my logs set at level 4 or 5. AuthBy SQLAccounting However my sessions database work with the following. SessionDatabase SQLSDB Thanks much. Regards, Rohan ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator -- Hugh Irvine h...@open.com.au Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. Rohan Henry Server Administrator LIME Phone (876) 936-4819 Mobile (876) 997-0729 Thu Nov 1 15:54:20 2012: DEBUG: Packet dump: *** Received from 208.138.43.125 port 5 Packet length = 275 01 30 01 13 0d be 33 79 1a c8 7e 15 4b 7f 71 ee 2a e1 0e 6d 02 12 99 65 62 a0 7c 20 4b 79 ed e0 ee 67 94 69 7c d8 01 09 6d 63 61 74 72 61 31 2c 38 65 72 78 20 54 65 6e 47 69 67 61 62 69 74 45 74 68 65 72 6e 65 74 20 33 2f 30 2f 30 2e 39 34 31 30 30 35 3a 39 34 2d 31 30 30 35 3a 31 38 33 30 38 32 30 39 33 30 06 06 00 00 00 02 07 06 00 00 00 01 1a 1f 00 00 13 0a 18 19 70 70 70 6f 65 20 30 30 3a 39 30 3a 64 30 3a 33 30 3a 33 65 3a 37 63 1f 36 23 4a 75 6e 69 70 65 72 5f 45 33 32 30 5f 32 23 4c 69 6e 6b 20 54 6f 20 43 61 72 6c 2d 4d 50 4c 53 5f 50 45 2d 4e 6f 64 65 2d 35 2f 32 2f 32 23 31 30 30 35 3d 06 00 00 00 0f 05 06 30 00 03 ed 57 29 54 65 6e 47 69 67 61 62 69 74 45 74 68 65 72 6e 65 74 20 33 2f 30 2f 30 2e 39 34 31 30 30 35 3a 39 34 2d 31 30 30 35 04 06 d0 8a 2b 7d 20 10 4a 75 6e 69 70 65 72 5f 45 33 32 30 5f 32 Code: Access-Request Identifier: 48 Authentic: 131903y26200~21K127q238*22514m Attributes: User-Password = 153eb160| Ky237224238g148i|216 User-Name = mcatra1 Acct-Session-Id = erx TenGigabitEthernet 3/0/0.941005:94-1005:1830820930 Service-Type = Framed-User Framed-Protocol = PPP Unisphere-Pppoe-Description = pppoe 00:90:d0:30:3e:7c Calling-Station-Id = #Juniper_E320_2#Link To Carl-MPLS_PE-Node-5/2/2#1005 NAS-Port-Type = Ethernet NAS-Port = 805307373 NAS-Port-Id = TenGigabitEthernet 3/0/0.941005:94-1005 NAS-IP-Address = 208.138.43.125 NAS-Identifier = Juniper_E320_2 Thu Nov 1 15:54:20 2012: DEBUG: Handling request with Handler 'NAS-Identifier=Juniper_E320_2' Thu Nov 1 15:54:20 2012: DEBUG: SQLSDB Deleting session for mcatra1, 208.138.43.125, 805307373 Thu Nov 1 15:54:20 2012: DEBUG: do query is: 'delete from ACTIVE_SESSIONS where USER_NAME='mcatra1' and NAS_IP_ADDRESS='208.138.43.125' and NAS_PORT_ID='TenGigabitEthernet 3/0/0.941005:94-1005'': Thu Nov 1 15:54:20 2012: DEBUG: Query is: 'select NAS_IP_ADDRESS='208.138.43.125',NAS_PORT_ID='TenGigabitEthernet 3/0/0.941005:94-1005',ACCT_SESSION_ID='erx TenGigabitEthernet 3/0/0.941005:94-1005:1830820930' from ACTIVE_SESSIONS where USER_NAME='mcatra1'': Thu Nov 1 15:54:20 2012: DEBUG: Handling with Radius::AuthLDAP2: xDSL Thu Nov 1 15:54:20 2012: INFO: Connecting to olympias1 socrates:389 Thu Nov 1 15:54:20 2012: INFO: Attempting to bind to LDAP
Re: [RADIATOR] Accounting records are not written to database
Looks like your AuthBy xDSL is accepting, therefore since the default AuthByPolicy is ContinueWhileIgnore, it will stop at the xDSL authby and the AuthBy SQLAccounting is not processed. I personally handle accounting in a separate handler. To me, handling accounting and authorization in the same handler is tricky. Handler Request-Type = Accounting-Request, Acct-Status-Type = Start|Stop Michael On 01/11/12 05:07 PM, rohan.he...@cwjamaica.com wrote: Hugh, Config and logs attached. And the application crashed when testing Simultaneous-Use for both configurations below. In my AuthBy config: DefaultSimultaneousUse 1 With AuthAttrDef Simultaneous-Use,Simultaneous-Use,check Or In my Handler: MaxSessions 1 On Fri, 2 Nov 2012 07:19:09 +1100 Hugh Irvineh...@open.com.au wrote: Hello Rohan - We will need to see the configuration file (no secrets) together with a trace 4 debug showing what is happening. regards Hugh On 2 Nov 2012, at 05:53,rohan.he...@cwjamaica.com wrote: Hello, Why doesn't the following work? Identifier SQLAccounting DBSource dbi:mysql:inetdb_test DBUsername inet DBAuth inet@inetdb #Disable SQL authentication AuthSelect HandleAcctStatusTypes Start,Stop AccountingTable ARCH_ACCOUNTING AcctColumnDef USER_NAME,User-Name AcctColumnDef ACCT_START_TIME,Timestamp,integer AcctColumnDef ACCT_STOP_TIME,Timestamp,integer AcctColumnDef ACCT_STATUS_TYPE,Acct-Status-Type,integer AcctColumnDef ACCT_DELAY_TIME,Acct-Delay-Time,integer AcctColumnDef ACCT_INPUT_OCTETS,Acct-Input-Octets,integer AcctColumnDef ACCT_OUTPUT_OCTETS,Acct-Output-Octets,integer AcctColumnDef ACCT_SESSION_ID,Acct-Session-Id AcctColumnDef ACCT_SESSION_TIME,Acct-Session-Time,integer AcctColumnDef ACCT_TERMINATE_CAUSE,Acct-Terminate-Cause,integer AcctColumnDef FRAMED_IP_ADDRESS,Framed-IP-Address AcctColumnDef NAS_IDENTIFIER,NAS-Identifier AcctColumnDef NAS_PORT,NAS-Port,integer AcctColumnDef CALLED_STATION_ID,Called-Station-Id AcctColumnDef CALLING_STATION_ID,Calling-Station-Id SQLRecoveryFile %L/sqlaccounting.sql Specifying the following in my Handler does not work. I don't even see any trace in my logs set at level 4 or 5. AuthBy SQLAccounting However my sessions database work with the following. SessionDatabase SQLSDB Thanks much. Regards, Rohan ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator -- Hugh Irvine h...@open.com.au Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. Rohan Henry Server Administrator LIME Phone (876) 936-4819 Mobile (876) 997-0729 ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] Accounting records are not written to database
Thanks Michael, I was able to go further with the advice using the AuthByPolicy and AuthBy GROUP under the existing Handler. Only that two records are added to my accounting database for a single session - one at Start and one at Stop. Handler NAS-Identifier=Juniper_E320_2 AddToRequest SERVICESTATUS = ACTIVE SessionDatabase SQLSDB # MaxSessions 1 RejectHasReason AuthByPolicy ContinueAlways AuthBy SQLAccounting AuthBy GROUP AuthByPolicy ContinueWhileIgnore AuthBy xDSL /AuthBy Regards, Rohan On Thu, 01 Nov 2012 17:45:18 -0400 Michael wrote: Looks like your AuthBy xDSL is accepting, therefore since the default AuthByPolicy is ContinueWhileIgnore, it will stop at the xDSL authby and the AuthBy SQLAccounting is not processed. I personally handle accounting in a separate handler. To me, handling accounting and authorization in the same handler is tricky. Michael On 01/11/12 05:07 PM, rohan.he...@cwjamaica.com wrote: Hugh, Config and logs attached. And the application crashed when testing Simultaneous-Use for both configurations below. In my AuthBy config: DefaultSimultaneousUse 1 With AuthAttrDef Simultaneous-Use,Simultaneous-Use,check Or In my Handler: MaxSessions 1 On Fri, 2 Nov 2012 07:19:09 +1100 Hugh Irvine wrote: Hello Rohan - We will need to see the configuration file (no secrets) together with a trace 4 debug showing what is happening. regards Hugh On 2 Nov 2012, at 05:53, wrote: Hello, Why doesn't the following work? Identifier SQLAccounting DBSource dbi:mysql:inetdb_test DBUsername inet DBAuth inet@inetdb #Disable SQL authentication AuthSelect HandleAcctStatusTypes Start,Stop AccountingTable ARCH_ACCOUNTING AcctColumnDef USER_NAME,User-Name AcctColumnDef ACCT_START_TIME,Timestamp,integer AcctColumnDef ACCT_STOP_TIME,Timestamp,integer AcctColumnDef ACCT_STATUS_TYPE,Acct-Status-Type,integer AcctColumnDef ACCT_DELAY_TIME,Acct-Delay-Time,integer AcctColumnDef ACCT_INPUT_OCTETS,Acct-Input-Octets,integer AcctColumnDef ACCT_OUTPUT_OCTETS,Acct-Output-Octets,integer AcctColumnDef ACCT_SESSION_ID,Acct-Session-Id AcctColumnDef ACCT_SESSION_TIME,Acct-Session-Time,integer AcctColumnDef ACCT_TERMINATE_CAUSE,Acct-Terminate-Cause,integer AcctColumnDef FRAMED_IP_ADDRESS,Framed-IP-Address AcctColumnDef NAS_IDENTIFIER,NAS-Identifier AcctColumnDef NAS_PORT,NAS-Port,integer AcctColumnDef CALLED_STATION_ID,Called-Station-Id AcctColumnDef CALLING_STATION_ID,Calling-Station-Id SQLRecoveryFile %L/sqlaccounting.sql Specifying the following in my Handler does not work. I don't even see any trace in my logs set at level 4 or 5. AuthBy SQLAccounting However my sessions database work with the following. SessionDatabase SQLSDB Thanks much. Regards, Rohan ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator -- Hugh Irvine h...@open.com.au Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. Rohan Henry Server Administrator LIME Phone (876) 936-4819 Mobile (876) 997-0729 ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator Rohan Henry Server Administrator LIME Phone (876) 936-4819 Mobile (876) 997-0729 ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] Accounting into microsoft SQL server
Hello Nuno - Try something like this: Realm /ubi.pt/i AuthByPolicy ContinueAlways AuthBy SQL …… # disable authentication AuthSelect # set up accounting AccountingTable ….. …… /AuthBy AuthBy RADIUS Identifier PEAP_IAS Secret AuthPort 1812 AcctPort 1813 Retries 3 #AutoMPPEKeys SSLeayTrace 4 Host ubidc1.ubi.pt Host ubidc2.ubi.pt AcctLogFileName %L/detail /AuthBy /Realm Realm /pessoal.ubi.pt/i RewriteUsername s/^([^@]+).*/$1/ AuthByPolicy ContinueAlways AuthBy SQL …… # disable authentication AuthSelect # set up accounting AccountingTable ….. …… /AuthBy AuthBy LDAP2 Identifier Pessoal Hostpessoaldc1.pessoal.ubi.pt Port389 AuthDN cn=ldap,cn=Users,dc=ubi,dc=pt AuthPasswordx BaseDN ou=PessoalUser,dc=pessoal,dc=ubi,dc=pt Scope sub UsernameAttrcn ServerChecksPassword /AuthBy /Realm See section 5.30 in the Radiator 4.8 reference manual (doc/ref.pdf). regards Hugh On 9 Sep 2011, at 20:52, Nuno Marques wrote: Hello, I have this two realms which successfully authenticate and both record accounting into a local file. What I wish do to is that the radiator sends the accounting information directly into SQL server. I’ve tried many “personal possible solutions” but ended up discovering that the commands that work with SQL aren’t available in Authby RADIUS or Authby LDAP2. I should add we do not have SQL database for authentication. Is there any cookbook with the solution? Any contribution are greatly appreciated. Thanks in advance, Nuno Marques Realm /ubi.pt/i AuthBy RADIUS Identifier PEAP_IAS Secret AuthPort 1812 AcctPort 1813 Retries 3 #AutoMPPEKeys SSLeayTrace 4 Host ubidc1.ubi.pt Host ubidc2.ubi.pt AcctLogFileName %L/detail /AuthBy /Realm Realm /pessoal.ubi.pt/i RewriteUsername s/^([^@]+).*/$1/ AuthBy LDAP2 Identifier Pessoal Hostpessoaldc1.pessoal.ubi.pt Port389 AuthDN cn=ldap,cn=Users,dc=ubi,dc=pt AuthPasswordx BaseDN ou=PessoalUser,dc=pessoal,dc=ubi,dc=pt Scope sub UsernameAttrcn ServerChecksPassword /AuthBy /Realm UBI amiga do ambiente: Antes de imprimir este e-mail pense bem se tem mesmo que o fazer. As árvores sĂŁo um bem imprescindĂvel. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator -- Hugh Irvine h...@open.com.au Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] Accounting process dying
Hi Jim, On Fri, 28 Jan 2011, Jim wrote: snipp/ Thanks that's was very useful. I have done some more debugging and its apparent that whenever the process dies the last thing it was doing was a SQL update to a MS-SQL server. Doing some digging and it looks like we are connecting to MS-SQL via Freetds. Radiator connection: Identifier MSSQL-SessionDB DBSourcedbi:Sybase:MSDBServerX DBUsername dbuser DBAuth dbpassword Timeout 5 /usr/local/freetds/etc/freetds.conf: [MSDBServerX] host = x.x.x.x port = 1433 tds version = 7.0 I think the FreeTDS version we have maybe to recent as its newer than the FAQ recommends - although the FAQ says As of September 2003... What is the best way, if there is one, to connect to a Windows MS-SQL 2008 server? I have no Idea how well maintained FreeTDS is these days. Last time I saw it 10 years ago it had lots of issues. I also do not know if they have kept up with MS-SQL and it's development. As an alternative you might want to try DBD::proxy together with DBD::OBDC on your Windows Server. Greetings Christian -- Christian Kratzer CK Software GmbH Email: c...@cksoft.de Wildberger Weg 24/2 Phone: +49 7032 893 997 - 0 D-71126 Gaeufelden Fax: +49 7032 893 997 - 9 HRB 245288, Amtsgericht Stuttgart Web: http://www.cksoft.de/ Geschaeftsfuehrer: Christian Kratzer ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: (RADIATOR) Accounting Local and forwarding using rewriteusername problems
Hello Sergio - You will need to use an AuthBy GROUP with the RewriteUsername inside: Handler Request-Type=Accounting-Request,Realm=test AuthByPolicy ContinueAlways AuthBy authBySQL_InsertCallAcct AcctLogFileName %L/radiusd_acct-%Y%m%d.log AuthBy GROUP RewriteUsername s/^([EMAIL PROTECTED]).*/$1/ AuthBy authByRADIUS_Realm_Test /AuthBy /Handler regards Hugh On Friday, Oct 10, 2003, at 01:57 Australia/Melbourne, Sergio GĂłmez ((E-mail)) wrote: Hi everybody, I have problems using Local and forwarding accounting. First of all here you have a piece of mi cfg file for the 'test' realm: AuthBy SQL Identifier authBySQL_InsertCallAcct DBSource dbi:ODBC:radius_databasex DBUsername testuser DBAuth testpass AccountingTable TestCalls AcctColumnDef NASIdentifier,NAS-IP-Address AcctColumnDef NasPort,NAS-Port,integer AcctColumnDef AcctSessionID,Acct-Session-Id AcctColumnDef AcctStatusType,Acct-Status-Type,integer AcctColumnDef UserName,User-Name AcctColumnDef AcctSessionTime,Acct-Session-Time,integer AcctColumnDef NASPortDNIS,Called-Station-Id AcctColumnDef CallingStationId,Calling-Station-Id /AuthBy AuthBy RADIUS Identifier authByRADIUS_Realm_Test #IgnoreAccountingResponse Host111.111.111.111 Secret testsecret AuthPort1812 AcctPort1813 Retries 3 RetryTimeout10 /AuthBy Handler Request-Type=Access-Request,Service-Type=Framed-User,Realm=test AcctLogFileName %L/radiusd_auth-%Y%m%d.log RewriteUsername s/^([EMAIL PROTECTED]).*/$1/ AuthBy authByRADIUS_Realm_Test /Handler Handler Request-Type=Accounting-Request,Realm=test AuthByPolicyContinueAlways AuthBy authBySQL_InsertCallAcct AcctLogFileName %L/radiusd_acct-%Y%m%d.log RewriteUsername s/^([EMAIL PROTECTED]).*/$1/ AuthBy authByRADIUS_Realm_Test /Handler I have a DB where I want to store all accounting as my cisco gives me, but my client wants to recieve Auth and Acct forwarding without realm in the usernames. When I use this configuration, the username field in my DB is stored without realm... I don't know why... Please I need HELP Thanks to all, Sergio GĂłmez de Travesedo Rojas. Baytechnologies === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Accounting Question
Hello Chris - You can use as many checks as you wish in a Handler (keeping in mind performance issues). Handler NAS-IP-Address = n.n.n.n, Whatever = Something, . Have a look at section 6.16 in the Radiator 3.5 reference manual. regards Hugh On Friday, Jan 24, 2003, at 21:28 Australia/Melbourne, Chris Kay wrote: Is there a way to do this with 2 arguments EG Handler NAS-IP-Address = XXX.XXX.XXX.XXX Something = Something -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Hugh Irvine Sent: Friday, 24 January 2003 4:08 PM To: Chris Kay Cc: [EMAIL PROTECTED] Subject: Re: (RADIATOR) Accounting Question Hello Chris - The simplest way to do this is with Handlers: Handler NAS-IP-Address = XXX.XXX.XXX.XXX . /Handler Handler . . /Handler Note that you should not mix Realms and Handlers in the same configuration file. regards Hugh On Friday, Jan 24, 2003, at 13:12 Australia/Melbourne, Chris Kay wrote: Question I have is this I am wanting to know if there is a hook or something that could be made to ignore account from a certain NAS-IP With a supplier I have accounting records coming from the NAS and a Proxy, I would just like to keep the accounting records from the Proxy.. So if IP address does not equal XXX.XXX.XXX.XXX I would like it to ignore accounting records only Can this be done - Chris Kay (Systems Development) Techex Communications Website: www.techex.com.au Email: [EMAIL PROTECTED] Telephone: 1300 88 111 2 - Fax: 1300 882 221 - === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Accounting Question
Is there a way to do this with 2 arguments EG Handler NAS-IP-Address = XXX.XXX.XXX.XXX Something = Something -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Hugh Irvine Sent: Friday, 24 January 2003 4:08 PM To: Chris Kay Cc: [EMAIL PROTECTED] Subject: Re: (RADIATOR) Accounting Question Hello Chris - The simplest way to do this is with Handlers: Handler NAS-IP-Address = XXX.XXX.XXX.XXX . /Handler Handler . . /Handler Note that you should not mix Realms and Handlers in the same configuration file. regards Hugh On Friday, Jan 24, 2003, at 13:12 Australia/Melbourne, Chris Kay wrote: Question I have is this I am wanting to know if there is a hook or something that could be made to ignore account from a certain NAS-IP With a supplier I have accounting records coming from the NAS and a Proxy, I would just like to keep the accounting records from the Proxy.. So if IP address does not equal XXX.XXX.XXX.XXX I would like it to ignore accounting records only Can this be done - Chris Kay (Systems Development) Techex Communications Website: www.techex.com.au Email: [EMAIL PROTECTED] Telephone: 1300 88 111 2 - Fax: 1300 882 221 - === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) accounting without authentication can't write data to postgres
Hello Dennis -
Thanks for sending the configuration file and the debug trace.
It looks to me like there is an error occuring with your SQL server due
to the contents of the attributes you are trying to record.
You should check the SQL server log to see what is happening.
regards
Hugh
On Wednesday, Jan 22, 2003, at 20:23 Australia/Melbourne, Dennis
Methelev wrote:
hi, all!
my radiator can't record accounting requests to postgres database.
in Authby SQL AuthSelect sets without 'select' statement (as seen
in reference) - authentication not need.
please help.
radiator 3.5 (test use)
[config fragment]
AuthBy SQL
Identifier SQLVOIPACCOUNTING
DBSourcedbi:Pg:dbname=radius
DBUsername ***
DBAuth ***
AuthSelect
AccountingTable VOIPACCOUNTING
#AccountingStopsOnly
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTINPUTPACKETS,Acct-Input-Packets,integer
AcctColumnDef ACCTOUTPUTPACKETS,Acct-Output-Packets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef NASIDENTIFIER,NAS-IP-Address
AcctColumnDef NASPORT,Cisco-NAS-Port
AcctColumnDef DNIS,Called-Station-Id
AcctColumnDef CLID,Calling-Station-Id
/AuthBy
SessionDatabase SQL
Identifier SDBVOIP
DBSourcedbi:Pg:dbname=radius
DBUsername ***
DBAuth ***
AddQuery insert into VOIPONLINE (USERNAME, NASIDENTIFIER, NASPORT, \
ACCTSESSIONID, \
TIME_STAMP) values ('%{User-Name}', '%N',
'%{Cisco-NAS-Port}', '%{Acct-Session-Id}',\
%{Timestamp} )
DeleteQuery delete from VOIPONLINE where USERNAME='%{User-Name}' and
NASPORT='%{Cisco-NAS-Port}'
/SessionDatabase
Handler NAS-IP-Address=(myvoipdeviceip)
AythBy SQLVOIPACCOUNTING
SessionDatabase SDBVOIP
/Handler
[log fragment]
Wed Jan 22 13:12:58 2003: DEBUG: Packet dump:
*** Received from .. port 1646
Packet length = 237
Code: Accounting-Request
Identifier: 37
Authentic:
29188025215120025141H18819135147197
Attributes:
NAS-IP-Address = ..
Cisco-NAS-Port = CAS 1/0:1:17
NAS-Port-Type = Async
User-Name = 22..
Called-Station-Id = 23..
Calling-Station-Id = 22..
Acct-Status-Type = Start
Service-Type = Login-User
Acct-Session-Id = 36/13:12:43.141 SAMT Wed Jan 22
2003/../F039911C 78DA00C5 0 4F8450F/answer/Telephony/F039911C
78DA00C5 0 4F8450F
Acct-Delay-Time = 15
Wed Jan 22 13:12:58 2003: DEBUG: Handling request with Handler
'NAS-IP-Address=..'
Wed Jan 22 13:12:58 2003: DEBUG: SDBVOIP Adding session for 22..,
.., Wed Jan 22 13:12:58 2003: DEBUG: do query is: delete from
VOIPONLINE where USERNAME='22..' and NASPORT='CAS 1/0:1:17'
Wed Jan 22 13:12:58 2003: DEBUG: do query is: insert into VOIPONLINE
(USERNAME, NASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP) values
('22..', '..', 'CAS 1/0:1:17', '36/13:12:43.141 SAMT Wed Jan
22 2003/../F039911C 78DA00C5 0
4F8450F/answer/Telephony/F039911C 78DA00C5 0 4F8450F',1043226763 )
Wed Jan 22 13:13:00 2003: DEBUG: Packet dump:
*** Received from .. port 1646
Packet length = 528
Code: Accounting-Request
Identifier: 38
Authentic: T+23114Y'21526Jw167I26175o142
Attributes:
NAS-IP-Address = ..
Cisco-NAS-Port = CAS 1/0:1:17
NAS-Port-Type = Async
User-Name = 22..
Called-Station-Id = 23..
Calling-Station-Id = 22..
Acct-Status-Type = Stop
Service-Type = Login-User
Acct-Session-Id = 36/13:12:43.141 SAMT Wed Jan 22
2003/../F039911C 78DA00C5 0 4F8450F/answer/Telephony/13:12:43.175
SAMT Wed Jan 22 2003/13:12:45.405 SAMT Wed Jan 22 2003/10//F039911C
78DA00C5 0 4F8450F
Acct-Input-Octets = 0
Acct-Output-Octets = 0
Acct-Input-Packets = 0
Acct-Output-Packets = 0
Acct-Session-Time = 2
cisco-avpair = subscriber=Unknown
cisco-avpair = h323-ivr-out=Tariff:Unknown
cisco-avpair = pre-bytes-in=0
cisco-avpair = pre-bytes-out=0
cisco-avpair = pre-paks-in=0
cisco-avpair = pre-paks-out=0
cisco-avpair = nas-rx-speed=0
cisco-avpair = nas-tx-speed=0
Acct-Delay-Time = 15
Wed Jan 22 13:13:00 2003: DEBUG: Handling request with Handler
'NAS-IP-Address=..'
Wed Jan 22 13:13:00 2003: DEBUG: SDBVOIP Deleting session for
22.., .., Wed Jan 22 13:13:00 2003: DEBUG: do query is: delete
from VOIPONLINE where USERNAME='22..' and NASPORT='CAS 1/0:1:17'
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
--
Re: (RADIATOR) accounting without authentication can't write datato postgres
Hugh Irvine wrote: Hello Dennis - Thanks for sending the configuration file and the debug trace. It looks to me like there is an error occuring with your SQL server due to the contents of the attributes you are trying to record. You should check the SQL server log to see what is happening. regards Hugh Thanx, Hugh. problem solved. config fragment following. (RTFM) Handler NAS-IP-Address=.. SessionDatabase SDBVOIP AuthBy SQL DBSourcedbi:Pg:dbname=radius DBUsername *** DBAuth *** AuthSelect AccountingTable VOIPACCOUNTING AcctColumnDef USERNAME,User-Name . /AuthBy /Handler === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) accounting without authentication can't write data to postgres
Hi,
You may want to check ALL (ALL!) the column names you have defined in
radiator's config file to be sure that they match what you have in your REAL
database.
Also, make sure the column format supports what you intend to put into them.
From my own experience:
I had a column called TIME in an Oracle table and defined the same column in
one of
my AuthBy SQL sections. Later I decided the proper name for the column
should be
SESSIONTIME, so I changed it in the radius config file but forgot to alter
the actual
Oracle table's definition.
I then discovered that radiator wasn't logging my accounting records - to
make matters
worse, radiator was logging accounting-start records which does not containg
a value
for the Acct-Session-Time attribute which is what I intended to put in the
SESSIONTIME
column! But no accounting-stop records were being logged - strange eh? One
would have
thought the SQL statement would fail altogether !
Regards,
Tunde Itayemi.
- Original Message -
From: Hugh Irvine [EMAIL PROTECTED]
To: Dennis Methelev [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Thursday, January 23, 2003 11:07 AM
Subject: Re: (RADIATOR) accounting without authentication can't write data
to postgres
Hello Dennis -
Thanks for sending the configuration file and the debug trace.
It looks to me like there is an error occuring with your SQL server due
to the contents of the attributes you are trying to record.
You should check the SQL server log to see what is happening.
regards
Hugh
On Wednesday, Jan 22, 2003, at 20:23 Australia/Melbourne, Dennis
Methelev wrote:
hi, all!
my radiator can't record accounting requests to postgres database.
in Authby SQL AuthSelect sets without 'select' statement (as seen
in reference) - authentication not need.
please help.
radiator 3.5 (test use)
[config fragment]
AuthBy SQL
Identifier SQLVOIPACCOUNTING
DBSourcedbi:Pg:dbname=radius
DBUsername ***
DBAuth ***
AuthSelect
AccountingTable VOIPACCOUNTING
#AccountingStopsOnly
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTINPUTPACKETS,Acct-Input-Packets,integer
AcctColumnDef ACCTOUTPUTPACKETS,Acct-Output-Packets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef NASIDENTIFIER,NAS-IP-Address
AcctColumnDef NASPORT,Cisco-NAS-Port
AcctColumnDef DNIS,Called-Station-Id
AcctColumnDef CLID,Calling-Station-Id
/AuthBy
SessionDatabase SQL
Identifier SDBVOIP
DBSourcedbi:Pg:dbname=radius
DBUsername ***
DBAuth ***
AddQuery insert into VOIPONLINE (USERNAME, NASIDENTIFIER, NASPORT, \
ACCTSESSIONID, \
TIME_STAMP) values ('%{User-Name}', '%N',
'%{Cisco-NAS-Port}', '%{Acct-Session-Id}',\
%{Timestamp} )
DeleteQuery delete from VOIPONLINE where USERNAME='%{User-Name}' and
NASPORT='%{Cisco-NAS-Port}'
/SessionDatabase
Handler NAS-IP-Address=(myvoipdeviceip)
AythBy SQLVOIPACCOUNTING
SessionDatabase SDBVOIP
/Handler
[log fragment]
Wed Jan 22 13:12:58 2003: DEBUG: Packet dump:
*** Received from .. port 1646
Packet length = 237
Code: Accounting-Request
Identifier: 37
Authentic:
29188025215120025141H18819135147197
Attributes:
NAS-IP-Address = ..
Cisco-NAS-Port = CAS 1/0:1:17
NAS-Port-Type = Async
User-Name = 22..
Called-Station-Id = 23..
Calling-Station-Id = 22..
Acct-Status-Type = Start
Service-Type = Login-User
Acct-Session-Id = 36/13:12:43.141 SAMT Wed Jan 22
2003/../F039911C 78DA00C5 0 4F8450F/answer/Telephony/F039911C
78DA00C5 0 4F8450F
Acct-Delay-Time = 15
Wed Jan 22 13:12:58 2003: DEBUG: Handling request with Handler
'NAS-IP-Address=..'
Wed Jan 22 13:12:58 2003: DEBUG: SDBVOIP Adding session for 22..,
.., Wed Jan 22 13:12:58 2003: DEBUG: do query is: delete from
VOIPONLINE where USERNAME='22..' and NASPORT='CAS 1/0:1:17'
Wed Jan 22 13:12:58 2003: DEBUG: do query is: insert into VOIPONLINE
(USERNAME, NASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP) values
('22..', '..', 'CAS 1/0:1:17', '36/13:12:43.141 SAMT Wed Jan
22 2003/../F039911C 78DA00C5 0
4F8450F/answer/Telephony/F039911C 78DA00C5 0 4F8450F',1043226763 )
Wed Jan 22 13:13:00 2003: DEBUG: Packet dump:
*** Received from .. port 1646
Packet length = 528
Code: Accounting-Request
Re: (RADIATOR) Accounting Question
Hello Chris - The simplest way to do this is with Handlers: Handler NAS-IP-Address = XXX.XXX.XXX.XXX . /Handler Handler . . /Handler Note that you should not mix Realms and Handlers in the same configuration file. regards Hugh On Friday, Jan 24, 2003, at 13:12 Australia/Melbourne, Chris Kay wrote: Question I have is this I am wanting to know if there is a hook or something that could be made to ignore account from a certain NAS-IP With a supplier I have accounting records coming from the NAS and a Proxy, I would just like to keep the accounting records from the Proxy.. So if IP address does not equal XXX.XXX.XXX.XXX I would like it to ignore accounting records only Can this be done - Chris Kay (Systems Development) Techex Communications Website: www.techex.com.au Email: [EMAIL PROTECTED] Telephone: 1300 88 111 2 - Fax: 1300 882 221 - === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) accounting double up avoidance
Hello Brad - This is a difficult problem, however, accounting records with a non-zero Acct-Delay-Time attribute will have the Timestamp attribute automatically corrected (ie. the Timestamp reflects the time the event occured, not the time it was sent). You should be able to use this fact in the indexes you mention below. Otherwise, you should post-process the stop records and remove the duplicates then. regards Hugh Just wanted some opinions on accounting double up avoidance. We are using mysql with radiator and currently we get double ups mainly from VISP services (due to congestion) and sometimes from our local NAS's We are using the bog standard insert statements. We have dupintervals at 10 secs for all clients At first I thought it would be simple to have a unique index in the accounting table based on the account session id but as we know our cisco NAS's don't give a unique account session id. I then thought maybe a concatenation of acct sessionid, nasport and curdate()(or something like that) as a unique index in the table. Then this would leave the insert queries failing on double ups How would radiator handle this? Our double ups at best are sometimes ten times in a row (the radius data comes across the wan for VISP) I know this wouldn't be really great but when you look to other methods that I have thought of below I thought maybe a replace based on the same concatenated unique index above in a where clause would work but then account start and stop times shift right with every double up as they are based on timestamp - acct-sessiontime(starttime) and timestamp(stop time) I did notice in the doco the example of using the AcctInsertQuery with a update or insert query. Again I can see that this will move the acctstart stop times right with every double up. Anyway thats where I am at. Any feedback or comments would be appreciated -- Brad Lilly Ph +61244218555 Fax +61244218500 --- -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS etc on Unix, Windows, MacOS etc. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Accounting Log file format
Hello Shan - You would use an AcctFileFormat specification in your Realm or Handler. Section 6.16.5 in the Radiator 3.3.1 reference manual (doc/ref.html). Alternatively you could write a hook to do the same thing. regards Hugh On Thursday, November 7, 2002, at 03:14 PM, Mike McCauley wrote: -- Forwarded Message -- Subject: BOUNCE [EMAIL PROTECTED]:Non-member submission from [S H A N [EMAIL PROTECTED]] Date: Wed, 6 Nov 2002 17:14:25 -0600 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] From [EMAIL PROTECTED] Wed Nov 6 17:14:24 2002 Received: from smtp12.singnet.com.sg (smtp12.singnet.com.sg [165.21.6.32]) by server1.open.com.au (8.11.0/8.11.0) with ESMTP id gA6NENC03921 for [EMAIL PROTECTED]; Wed, 6 Nov 2002 17:14:24 -0600 Received: from singapura.singnet.com.sg (singapura.singnet.com.sg [165.21.10.10]) by smtp12.singnet.com.sg (8.12.6/8.12.6) with ESMTP id gA746kLE016649 for [EMAIL PROTECTED]; Thu, 7 Nov 2002 12:06:46 +0800 Received: (from shanali@localhost) by singapura.singnet.com.sg (8.8.5/8.7.2) id MAA26714 for [EMAIL PROTECTED]; Thu, 7 Nov 2002 12:06:40 +0800 (SST) Date: Thu, 7 Nov 2002 12:06:40 +0800 From: S H A N [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Accounting Log file format Message-ID: [EMAIL PROTECTED] Mail-Followup-To: [EMAIL PROTECTED] Mime-Version: 1.0 Content-Type: multipart/mixed; boundary=EVF5PPMfhYS0aIcm Content-Disposition: inline User-Agent: Mutt/1.4i --EVF5PPMfhYS0aIcm Content-Type: text/plain; charset=us-ascii Content-Disposition: inline hi, attached is the derised format of accounting log file format. what would be the best way in radiator to accomplish the same? thanks -- S H A N --EVF5PPMfhYS0aIcm Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename=detail Content-Transfer-Encoding: quoted-printable Date,Time,User-Name,NAS-IP-Address,NAS-Port,Service- Type,Frame= d-Protocol,Framed-IP-Address,Framed-IP-Netmask,Framed- Routing,Filte= r-Id,Framed-MTU,Framed-Compression,Login-IP-Host,Login- Service,Lo= gin-TCP-Port,Callback-Number,Callback-Id,Framed-Route,Framed- IPX-Ne= twork,Class,Vendor-Specific,Session-Timeout,Idle- Timeout,Terminat= ion-Action,Called-Station-Id,Calling-Station-Id,NAS- Identifier,Prox= y-State,Login-LAT-Service,Login-LAT-Node,Login-LAT- Group,Framed-App= leTalk-Link,Framed-AppleTalk-Network,Framed-AppleTalk-Zone,Acct- Statu= s-Type,Acct-Delay-Time,Acct-Input-Octets,Acct-Output- Octets,Acct-Se= ssion-Id,Acct-Authentic,Acct-Session-Time,Acct-Input- Packets,Acct-O= utput-Packets,Acct-Terminate-Cause,Acct-Multi-Session-Id,Acct- Link-Co= unt,NAS-Port-Type,Port-Limit,Login-LAT-Port,Ascend-User-Acct- Type,= Ascend-User-Acct-Host,Ascend-User-Acct-Port,Ascend-User-Acct- Key,Asc= end-User-Acct-Base,Ascend-User-Acct-Time,Ascend-Event- Type,Ascend-Ses= sion-Svr-Key,Ascend-Multilink-ID,Ascend-Num-In-Multilink,Ascend- First= -Dest,Ascend-Pre-Input-Octets,Ascend-Pre-Output-Octets,Ascend- Pre-Inp= ut-Packets,Ascend-Pre-Output-Packets,Ascend-Disconnect- Cause,Ascend-C= onnect-Progress,Ascend-Data-Rate,Ascend-PreSession-Time,Ascend- Number= -Sessions 2001-02- 04,11:26:37,user3.domain,xxx.xxx.xxx.227,20102,,1,xxx.xxx.= xxx.13,ou=3DCompanyA,,,Start,1459617792,,, 307= 404956,RADIUS,,,Async,, 2001-02- 04,11:50:38,user2.domain,xxx.xxx.xxx.227,20103,,1,xxx.xxx.= xxx.14,ou=3DCompanyA,,,Start,905969664,,, 3074= 04957,RADIUS,,,Async,, 2001-02- 04,12:50:37,user3.domain,xxx.xxx.xxx.227,20102,,1,xxx.xxx.= xxx.13,ou=3DCompanyA,,,Stop,1207959552,343 857,= 571682,307404956,RADIUS,5056,6685,1596Async,224. 0.0.= 2,385,242,9,13,185,60,26400,25, 2001-02- 04,12:51:15,user2.domain,xxx.xxx.xxx.227,20103,,1,xxx.xxx.= xxx.14,ou=3DCompanyA,,,Stop,33554432,78719 5,75= 90014,307404957,RADIUS,3690,16800,7522Async,129. 10.1= .11,385,236,8,12,45,60,28800,35, 2001-02- 04,15:16:27,user1.domain,xxx.xxx.xxx.227,20102,,1,xxx.xxx.= xxx.15Start,0,,,307404959,RADIUS ,,,= Async,, 2001-02- 04,15:19:29,user1.domain,xxx.xxx.xxx.227,20102,,1,xxx.xxx.= xxx.15Stop,0,3757,17881,307404959,RAD IUS= ,181,84,88Async,203.120.90.40,427,248,11,12,45,60,2 8800= ,30, 2001-02- 04,18:08:11,user2.domain,xxx.xxx.xxx.227,20102,,1,xxx.xxx.= xxx.16,ou=3DCompanyA,,,Start,0,,,30740496 1,= RADIUS,,,Async,, 2001-02- 04,18:21:50,user2.domain,xxx.xxx.xxx.227,20102,,1,xxx.xxx.= xxx.16,ou=3DCompanyA,,,Stop,0,1439934,2615 41,= 307404961,RADIUS,819,27008,1946Async,224.0.0.2,3 93,2= 42,11,13,45,60,26400,35, 2001-02- 04,20:13:33,user4.domain,xxx.xxx.xxx.227,20102,,1,xxx.xxx.= xxx.17Start,385875968,,,307404964,RAD IUS=
Re: (RADIATOR) Accounting Handled
Hello Ray -
Your configuration file looks OK.
You will see the microseconds logged in the timestamps in the trace 4
debug so you can see how long each operation is taking. This will give
you a good idea where things are slow.
regards
Hugh
On Thursday, August 22, 2002, at 09:36 AM, [EMAIL PROTECTED] wrote:
Hi,
I have configured Accounting Handled and also LogMicroseconds under
the Global Parameter Realm this is how it goes.
Foreground
AuthPort 1645
AcctPort 1646
LogDir /data/LOGFILE
LogFile %L/%Y-%m-%d-%H-logfile.log
DbDir /usr/local/etc/raddb
Trace 4
SocketQueueLength 100
LogMicroseconds
Client localhost
Secret mysecret
DupInterval 60
/Client
Handler Called-Station-Id = 1234567
AccountingHandled
MaxSessions 1
SessionDatabase TEST
#RewriteUsername tr/A-Z/a-z/
AcctLogFileName %L/TEST/%Y-%m-%d-detail
PasswordLogFileName %L/TEST/%Y-%m-%d-password
AcctLogFileFormat %m %d %Y %H:%M:%S NAS-IP-Address=%{NAS-IP-
Address} NAS-Port=%{NAS-Port} User-Name=%{User-Name} Called-Station-Id=%
{Called-Station-Id} Calling-Station-Id=%{Calling-Station-Id} Acct-
Status-Type=%{Acct-Status-Type} Service-Type=%{Service-Type} Acct-
Session-Id=%{Acct-Session-Id} Framed-Protocol=%{Framed-Protocol} Framed-
IP-Address=%{Framed-IP-Address} Acct-Session-Time=%{Acct-Session-Time}
Tunnel-Server-Auth-ID=%{Tunnel-Server-Auth-ID} Acct-Terminate-Cause=%
{Acct-Terminate-Cause}
PreAuthHook file:%D/sample.hook
AuthBy SQL
.
.
.
.
/AuthBy
/Handler
I would just like to ask if my configuration is right? Is there
something that would see something different in my logfile?
Ray
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
NB: I am travelling this week, so there may be delays in our
correspondence.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Accounting Handled
Hello Ray - The AccountingHandled parameter just causes an Accounting-Respnse to be sent immediately. You will still receive all accounting requests sent to this Radiator instance. regards Hugh On Monday, August 19, 2002, at 05:13 PM, [EMAIL PROTECTED] wrote: Hi, On Accounting Handled parameters can I still get an accounting stop? Is the Accounting Handled parameter is only use for retransmission request? Ray === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Accounting On
Hello Andreas - What you describe should already happen automatically. Could you please send me a copy of your configuration file (no secrets) together with a trace 4 debug showing what happens currently. thanks Hugh On Thu, 18 Apr 2002 18:44, Andreas Häggander wrote: Hi ! We are using Radiator for IPSec-VPN Clients connecting towards a Nortem BSN 5000 (Also callaed Shasta). We are also using a sessiondatabase (MySql) to make sure that a user can´t connect more than twice. If the Shasta are restarted or something happens and it reboots, there is no Stop-record sent to Radiator and all of the Users in the sessiondatabase in not logg out. But when the Shasta is back in business it sends out a Accounting ON record to Radiator. I can see this in the Accounting database, there is Accounting in that field instead of Start/Stop. What i want to do is to capture this Accounting ON record which are sent to Radiator, and clear the online database when this is captured. Any ideas ? Cheers /Andreas === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Accounting Data
Hello Shane - You can use ODBC in an AuthBy SQL clause to write to any ODBC database including Access. Have a look at section 23.7 in the Radiator 2.19 reference manual. regards Hugh On Tue, 19 Mar 2002 09:49, Shane Malden wrote: I have just started to record Accounting Data sent from our NAS to a flat file. Is it possible to store this into a MDB (MS Access) file or is it only possible to SQL? I am interested in running reports on this Data to see who uses it the most, Time and Data wise. Our Systems are all NT so anyone with any information, it would be appreciated. Regards, Shane _ Join the worldÂ’s largest e-mail service with MSN Hotmail. http://www.hotmail.com === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Accounting of NT authentication request
Hello Gionata - I am not sure I understand your question. Even if you are using an AuthBy NT clause for authentication, you can still write the accounting packets to a file or database. regards Hugh On Tue, 19 Mar 2002 03:10, [EMAIL PROTECTED] wrote: Hi all, in version 2.18 there is not the possibility to log the accounting of authentication request from Authen NT. Is this function enable in the new release ? Thanks Gionata Lamia Networking Services/Systems Integrations T-Systems Italia S.p.A. Strada 2 Palazzo D 20090 - Assago - MI Phone: +39 02 89248240 Fax: +39 02 89248231 Mobile: +39 348 4521210 e-mail: [EMAIL PROTECTED] Internet: http://www.T-Systems.it === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Accounting logs problem
Hello Merad - It is usually easier to do this sort of thing with Handlers instead of Realms. Something like this: # define separate Handlers for accounting and authentication Handler Request-Type = Accounting-Request, Realm = client.domain # do accounting . /Handler Handler Realm = client.domain # do authentication . /Handler regards Hugh On Wed, 20 Feb 2002 20:52, Merad Abdelkrim wrote: Hi all, I have a radiator version 2.18.4 installed on an OpenBSD 2.7. I have Realms authenticated by LDAP For that I use the rewriteUsername feature. My problem is that in the accounting logs I don't have the field login@realm but only login It's a bloquing problem cause we must make accountings by realm in way to establish bills. If someone have a solution for me I will appreciate. Thanks a lot Here an extract of my radius.cfg : Realm client.domaine RewriteUsername s/^([^@]+).*/$1/ AuthBy LDAP2 # The LDAP host to connect to # If not set, defaults to localhost Host aaa.bbb.ccc.ddd # If not set, defaults to 389 # Can be a numeric port number or a service name # from /etc/services # Port 389 # Not supported yet. #UseSSL #AuthDN #AuthPassword # The base DN at which to start the search BaseDN ou=client.domaine,o=co,c=FR # The LDAP host to connect to # If not set, defaults to localhost Hostaa.bb.cc.dd # If not set, defaults to 389 # Can be a numeric port number or a service name # from /etc/services # Port 389 # Not supported yet. #UseSSL #AuthDN #AuthPassword # The base DN at which to start the search BaseDN ou=xxx,o=,c=zzz # The attribute to match against User-Name UsernameAttrlogin # The attribute that contains a plaintext password PasswordAttrpassword # Optional attribute that contains an # encrypted password to use instead of PasswordAttr # EncryptedPasswordAttr sn # Optional attribute that contains check # items for the user # Optional attribute that contains reply # items for the user # Optional attribute that contains reply # items for the user #ReplyAttr mail /AuthBy # Log accounting to the detail file in LogDir AcctLogFileName %L/%Y%m%d_%H00.act /Realm Merad Abdelkrim E-Brands Tel 0171081631 Mob 0622287223 7 Allée de l'Arche 92677 Courbevoie Cedex - La Défense Tour Cèdre - 15ième étage === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) accounting log format
Salut Merad - Ca va la vie? On Tue, 15 Jan 2002 03:55, [EMAIL PROTECTED] wrote: Hi, I have a Radiator 2.18.4 installed on an OpenBSD. I have a realm authenticated by LDAP2. To make this, I had to use the RewriteUsername to strip the Realm before send it to the LDAP. My problem is that in the accounting logs the realm doesn't appear. I only get the login which is a problem for me because I have to count the connection by realm. There are a variety of ways to do this and the answer depends on what else you are doing in your configuration file. If you send me a copy of your configuration file (no secrets) and a description of your requirements I will be happy to take a look and make some suggestions. A+ Hugues -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Accounting responses.
Hello Ian - On Tuesday 02 October 2001 17:51, Ian Burgess wrote: Hi I have got involved in a radiator config. Everything is running. We are adding more network functionality (DSL) connections. The Telco insists that the Accounting response to the stop record have certain attributes reflected back to him. (this is for a billing reason not a technical reason) I cannot find how I stipulate the reply attributes for an accounting response. How do I achieve this. The answer to this depends on what else you are doing and what exactly is required in the Accounting response. Can you send me a copy of your existing configuration file (no secrets) together with a description of what is required? BTW - it seems very strange to me that the telco needs attributes in the accounting response, as presumably it was the telco that generated the accounting stop in the first place? thanks Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Accounting Start-Stops
Hello Jaime -
Just use an AccountingStopsOnly in your AuthBy SQL clause.
AuthBy SQL
AccountingStopsOnly
..
/AuthBy
Have a look at section 6.28.12 in the Radiator 2.18.4 reference manual.
regards
Hugh
On Thursday 20 September 2001 22:22, Jaime Elizaga Jr. wrote:
Hi Everyone,
We are currently running Radiator 2.18.4 with MySQL.
I do notice that with ACCOUNTING, there are two records generated for every
user session, one is when the user connects and the other is when it the
user disconnects. In just a small amount of time, our accounting database
has grown to very big, about 200,000 records within two months of
operation. Within half a year, we can generate as much as 1,000,000
records. I also notice that both the records pertaining to a user session
is almost identical except for the timestamp, status type and session time.
This means that we are having redundant records.
Is there a way to have the Accounting to insert a record upon a user's
connection and just update that same record upon the user's disconnection?
There will be some modified fields like the Timestamp will be changed to
Time_Start and add another column like Time_Stop.
My config file looks something like this:
Foreground
LogStdout
LogDir /var/log/radius
LogFile /var/log/radius/%m/%d%Y-trace
FingerProg /usr/bin/finger
PidFile /var/run/radius.pid
DictionaryFile /usr/local/etc/dictionary
Trace 4
Client xxx.xxx.xxx.xxx
Secret yyyxxx
DupInterval 3
/Client
Realm DEFAULT
AcctLogFileName /var/log/radius/default/details
PasswordLogFileName /var/log/radius/Test/%m%d%Y-passlog
AuthBy SQL
# Adjust DBSource, DBUsername, DBAuth to suit your DB
DBSource dbi:mysql:XXXDb
DBUsername xx
DBAuth x
AuthSelect select PASSWORD, TIMELEFT from SUBSCRIBERS where
USERNAME='%n' AuthColumnDef 0,User-Password,check
AuthColumnDef 1,Session-Timeout,reply
DefaultReplyService-Type=Framed-User, Framed-Protocol=PPP,
Framed-Routing=None AccountingTable ACCOUNTING
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIMESTAMP,Timestamp,integer
AcctColumnDef STATUS_TYPE,Acct-Status-Type
AcctColumnDef SESSION_ID,Acct-Session-Id
AcctColumnDef SESSION_TIME,Acct-Session-Time,integer
AcctColumnDef TERMINATE_CAUSE,Ascend-Disconnect-Cause,integer
AcctColumnDef NAS_IDENTIFIER,NAS-IP-Address
AcctColumnDef NAS_PORT,NAS-Port,integer
AcctColumnDef IP_ADDRESS,Framed-IP-Address
AcctColumnDef CALLER_ID,Calling-Station-Id
AcctColumnDef CALLED_STATION,Called-Station-Id
AcctSQLStatement update SUBSCRIBERS set
TIMELEFT=TIMELEFT-0%{Acct-Session-Time} \ where USERNAME='%n'
/AuthBy
/Realm
I am thinking if it is possible to have two accounting sequences wherein
one would take care of accounting start and the other would take care of
the accounting stops.
AccountingTable ACCOUNTING
AccountingStartsOnly
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIMESTART,Timestamp,integer
AcctColumnDef STATUS_TYPE,Acct-Status-Type
AcctColumnDef SESSION_ID,Acct-Session-Id
AcctColumnDef SESSION_TIME,Acct-Session-Time,integer
AcctColumnDef TERMINATE_CAUSE,Ascend-Disconnect-Cause,integer
AcctColumnDef NAS_IDENTIFIER,NAS-IP-Address
AcctColumnDef NAS_PORT,NAS-Port,integer
AcctColumnDef IP_ADDRESS,Framed-IP-Address
AcctColumnDef CALLER_ID,Calling-Station-Id
AcctColumnDef CALLED_STATION,Called-Station-Id
AccountingStopsOnly
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIMESTOP,Timestamp,integer
AcctColumnDef STATUS_TYPE,Acct-Status-Type
AcctColumnDef SESSION_ID,Acct-Session-Id
AcctColumnDef SESSION_TIME,Acct-Session-Time,integer
AcctColumnDef TERMINATE_CAUSE,Ascend-Disconnect-Cause,integer
AcctColumnDef NAS_IDENTIFIER,NAS-IP-Address
AcctColumnDef NAS_PORT,NAS-Port,integer
AcctColumnDef IP_ADDRESS,Framed-IP-Address
AcctColumnDef CALLER_ID,Calling-Station-Id
AcctColumnDef CALLED_STATION,Called-Station-Id
AcctSQLStatement update SUBSCRIBERS set
TIMELEFT=TIMELEFT-0%{Acct-Session-Time} \ where USERNAME='%n'
Is there any other means that is more efficient in dealing about with this
type of scenario? Please enlighten me.
Thank you very much,
Jaime Elizaga Jr.
Content-Type: text/html; charset=iso-8859-1; name=Attachment: 1
Content-Transfer-Encoding: quoted-printable
Content-Description:
--
Radiator: the most portable, flexible and configurable RADIUS server
Re: (RADIATOR) accounting on radiator
Hello Lloyd - I am not sure I understand your question - could you give me a bit more detail please? thanks Hugh On Wednesday 19 September 2001 16:06, lloyd dagoc wrote: hello, have a question, if we are proxying to another radius server and we want to have accounting on us, do we have to forward accounting to them before proxying of not? which is better (forward accounting or not) if we are proxying to another server ? thanks so much lloyd dagoc === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Accounting
Hello Javaid - At 15:43 +0500 01/6/30, [EMAIL PROTECTED] wrote: Hi every body, I need to know the procedure for how radiator's Accounting logs could be transfered to another server like MS SQL Server ie i am not interested in saving accounting logs in local database like oracle , mysql onto the same machine on which radiator is installed.So how remote database server could be defined and configured into radiator.Straightforwardly, could anybody tell me that radiator's accounting logs may be sent to a separate machine having MS SQL Server Database? If possible then pls let me know how . It is very simple to connect to any type of database on a remote machine, all you have to do is specify a DBSource line that includes the remote host. In any case you will need to install the DBI module together with the DBD module for your database. You will also need the database client libraries for the database that you have chosen. Have a look at sections 6.26 and 23 in the Radiator 2.18.2 reference manual. regards Hugh -- NB: I am travelling this week, so there may be delays in our correspondence. Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) accounting flat file to CSV ?
Hi Neale, It's an awful thing to do since the CSV "column names" are "embedded" in the original file and fields are non positional, and some records have more fields than others... I'm answering (late, since I haven't read the list for quite a few days), cause I made a perl script some time ago to handle something quite similar. I had to convert an LDIFF (LDAP Interchange File Format) file (with all objects of the same objectclass) to a table with the attribute names as column headings. I made a "quick and VERY dirty" perl script to handle it. It does a couple of very nasty things but gets the job done. It will need modifications to handle the radius accounting format... It doesn't handle the timestamp line, I don't think it handles whitespace before the attribute name and (this is the worst part) it builds the table in memory as an array of hashes... I had only 10,000 records so it wasn't a problem, but radius accounting logs can get really large... I did it this way to be able to construct the heading line on top, since I couldn't know all of the attribute names until I process all of the records... however it shouldn't be very hard to modify it to generate the records to a file on the fly while generating the column headings array, close that file, write that array to another file and append the first file to the second one. If you are interested, I can send you the script... with ABSOLUTELY NO GUARANTEES (other than it worked once for LDIF :-)... El 9 Apr 2001, a las 19:39, Hugh Irvine escribi: Hello Neale - Have you had a look in the goodies directory to see if there is anything there? Otherwise I am sure someone on the list has done this at lease once. regards Hugh At 13:45 +1000 01/4/9, Neale Banks wrote: G'day Hugh, On Fri, 6 Apr 2001, Hugh Irvine wrote: Hello Neale - On Thursday 05 April 2001 10:15, Neale Banks wrote: Greetings all, Not exclusively Radiator-relevant, but probably RADIUS+Perl relevant... Does anyone have any pointer to anything to convert flat-file accounting records to comma-separated format? You can use the AcctLogFileName and AcctLogFileFormat to specify any format you wish. Sections 6.15.4 and 6.15.5 in the Radiator 2.18 reference manual. Alternatively, any other solutions to the need to tabulate a user's STOP records to run some elementary stats over their sessions times and disconnect reasons? It would probably be simpler to write the data to an SQL database directly and use an SQL report externally. Whilst these would both be good solutions for new records, unfortunately my current "challenge" is to extract some statistics from historical data which is in traditional flat-file accounting records. I'd be grateful of any suggestions anyone has regarding this. Thanks, Neale. -- NB: I am travelling this week, so there may be delays in our correspondence. Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Accounting data not going anywhere!
Hello Jamz - Could you please send me the name of the registered owner of the company that purchased this copy of Radiator? thanks very much regards Hugh At 17:50 +0930 01/4/9, [EMAIL PROTECTED] wrote: Hello, I am trying to configure Radiator to log accounting data to my postgres database. The Authorization works fine, rejects and accepts okay. However no accounting data arrives in the named accounting table. If in my AuthBy SQL section I override the default accounting column names, I get an error in the trace where it tries to run an INSERT statement with no VALUES, i.e.: INSERT INTO radius_accounting () VALUES () gets a syntax error on ')' shrug Thanks in Advance. Jamz. my radius.cfg looks like: # Set this to the database directory. It should contain these files: # dictionary The dictionary for your NAS DbDir /usr/local/etc/raddb #AuthPort 1645 AuthPort16450 #AcctPort 1646 AcctPort16460 #Foreground #LogStdout # User a lower trace level in production systems: Trace 4 SnmpgetProg /usr/local/bin/snmpget # This clause defines a single client to listen to Client adl-5300-1.airnet.com.au NasType Cisco Secret xx DefaultRealm airnet.com.au /Client Client DEFAULT Secret mysecret DupInterval 0 DefaultRealm airnet.com.au /Client Realm airnet.com.au # Take realm off the end of the username before Auth. RewriteUsername s/^([^@]+).*/$1/ AuthBy SQL # AuthSelect with empty string means dont do auth AuthSelect select PASSWORD, CHECKATTR, REPLYATTR FROM subscriber WHERE username =%0 DBSourcedbi:Pg:host=dbhost;dbname=bmf DBUsername radius DBAuth x AccountingTable radius_accounting /AuthBy /Realm The output is as follows: [root@radius Radiator-2.18]# radpwtst -user cmma -password xx -auth_port 16450 -acct_port 16460 -delay_time 3 -output_octets 3000 sending Access-Request... OK sending Accounting-Request Start... OK sending Accounting-Request Stop... OK Mon Apr 9 17:45:27 2001: DEBUG: Packet dump: *** Received from 127.0.0.1 port 1035 Code: Access-Request Identifier: 27 Authentic: 1234567890123456 Attributes: User-Name = "cmma" Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 Called-Station-Id = "123456789" Calling-Station-Id = "987654321" NAS-Port-Type = Async User-Password = "154234+152159l4146211_9160216}x153" Mon Apr 9 17:45:27 2001: DEBUG: Handling request with Handler 'Realm=airnet.com.au' Mon Apr 9 17:45:27 2001: DEBUG: Rewrote user name to cmma Mon Apr 9 17:45:27 2001: DEBUG: Deleting session for cmma, 203.63.154.1, 1234 Mon Apr 9 17:45:27 2001: DEBUG: Handling with Radius::AuthSQL Mon Apr 9 17:45:27 2001: DEBUG: Handling with Radius::AuthSQL Mon Apr 9 17:45:27 2001: DEBUG: Query is: select PASSWORD, CHECKATTR, REPLYATTR FROM subscriber WHERE username ='cmma' Mon Apr 9 17:45:27 2001: DEBUG: Radius::AuthSQL looks for match with cmma Mon Apr 9 17:45:27 2001: DEBUG: Radius::AuthSQL ACCEPT: Mon Apr 9 17:45:27 2001: DEBUG: Access accepted for cmma Mon Apr 9 17:45:27 2001: DEBUG: Packet dump: *** Sending to 127.0.0.1 port 1035 Code: Access-Accept Identifier: 27 Authentic: 1234567890123456 Attributes: Service-Type = Framed-User Framed-Compression = Van-Jacobson-TCP-IP Mon Apr 9 17:45:27 2001: DEBUG: Packet dump: *** Received from 127.0.0.1 port 1035 Code: Accounting-Request Identifier: 28 Authentic: ^21716822215254170O146%247l137153q3 Attributes: User-Name = "cmma" Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 NAS-Port-Type = Async Acct-Session-Id = "1234" Acct-Status-Type = Start Called-Station-Id = "123456789" Calling-Station-Id = "987654321" Mon Apr 9 17:45:27 2001: DEBUG: Handling request with Handler 'Realm=airnet.com.au' Mon Apr 9 17:45:27 2001: DEBUG: Rewrote user name to cmma Mon Apr 9 17:45:27 2001: DEBUG: Adding session for cmma, 203.63.154.1, 1234 Mon Apr 9 17:45:27 2001: DEBUG: Handling with Radius::AuthSQL Mon Apr 9 17:45:27 2001: DEBUG: Handling accounting with Radius::AuthSQL Mon Apr 9 17:45:27 2001: DEBUG: Accounting accepted Mon Apr 9 17:45:27 2001: DEBUG: Packet dump: *** Sending to 127.0.0.1 port 1035 Code: Accounting-Response Identifier: 28 Authentic: ^21716822215254170O146%247l137153q3 Attributes: Mon Apr 9 17:45:27 2001: DEBUG: Packet dump: *** Received from 127.0.0.1 port 1035 Code: Accounting-Request Identifier: 29 Authentic: 138?14022915317234OC18192230y10147 Attributes: User-Name = "cmma" Service-Type = Framed-User NAS-IP-Address =
Re: (RADIATOR) accounting flat file to CSV ?
Hello Neale - Have you had a look in the goodies directory to see if there is anything there? Otherwise I am sure someone on the list has done this at lease once. regards Hugh At 13:45 +1000 01/4/9, Neale Banks wrote: G'day Hugh, On Fri, 6 Apr 2001, Hugh Irvine wrote: Hello Neale - On Thursday 05 April 2001 10:15, Neale Banks wrote: Greetings all, Not exclusively Radiator-relevant, but probably RADIUS+Perl relevant... Does anyone have any pointer to anything to convert flat-file accounting records to comma-separated format? You can use the AcctLogFileName and AcctLogFileFormat to specify any format you wish. Sections 6.15.4 and 6.15.5 in the Radiator 2.18 reference manual. Alternatively, any other solutions to the need to tabulate a user's STOP records to run some elementary stats over their sessions times and disconnect reasons? It would probably be simpler to write the data to an SQL database directly and use an SQL report externally. Whilst these would both be good solutions for new records, unfortunately my current "challenge" is to extract some statistics from historical data which is in traditional flat-file accounting records. I'd be grateful of any suggestions anyone has regarding this. Thanks, Neale. -- NB: I am travelling this week, so there may be delays in our correspondence. Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Accounting-Response problem
Title: Re: (RADIATOR) Accounting-Response
problem
Hello Ganbold -
I will need to see a trace 4 debug from Radiator showing what is
happening.
thanks
Hugh
At 19:11 +0800 01/4/9, ganbold wrote:
Hi,
I have
problem with Radiator-2.18 in FreeBSD 4.0. All modules
installed.
All is
working fine except Radiator is not sending accounting-response after
receivingaccounting-request from NAS.
Here is my
radiator config file.
#
radius.cfg
Foreground
Trace5
AuthPort1645
AcctPort1646
LogDir/var/log/radius
DbDir/usr/local/var/radius
LogFile%L/logfile
DictionaryFile %D/dictionary
#DictionaryFile %D/dictionary.cisco
#DictionaryFile %D/dictionary.ascend
#DictionaryFile %D/dictionary.ascend2
FingerProg
/usr/bin/finger
SnmpgetProg /usr/local/bin/snmpget
#RewriteUsernametr/[A-Z]/[a-z]/
#RewriteUsernames/\S+//g
#PreClientHooksub { print Here I am in
PreClentHook\n; }
#StartupHook sub {print here I am in StartupHook
$_[0]\n;}
Client
x.x.x.x
Secretxxx
DupInterval 0
NoIgnoreDuplicates Access-Request
NasType Cisco
#NasType Ascend
#RewriteUsernames/^([^@]+).*/$1/
#RewriteUsernametr/[A-Z]/[a-z]/
StatusServerShowClientDetails
/Client
Client
z.z.z.z
Secretxxx
DupInterval 0
NoIgnoreDuplicates Access-Request
NasType Cisco
#NasType Ascend
#RewriteUsernames/^([^@]+).*/$1/
#RewriteUsernametr/[A-Z]/[a-z]/
StatusServerShowClientDetails
/Client
Client
DEFAULT
Secretxxx
DupInterval 0
NoIgnoreDuplicates Access-Request
NasType Cisco
#NasType Ascend
#RewriteUsernames/^([^@]+).*/$1/
#RewriteUsernametr/[A-Z]/[a-z]/
StatusServerShowClientDetails
/Client
###
Realm DEFAULT
#Handler
#RewriteUsernames/^([^@]+).*/$1/
#RewriteUsernametr/[A-Z]/[a-z]/
MaxSessions1
#AcctLogFileName%L/detail
#AcctLogFileFormat %{Timestamp} %{Acct-Session-Id}
%{User-Name}
#WtmpFileName %L/wtmp
#PasswordLogFileName %L/password.log
RejectHasReason
AuthByPolicy ContinueWhileIgnore
AccountingHandled
SessionDatabase SQL1
AuthBy SQL
DBSourcedbi:mysql:radius
DBUsernameroot
DBAuthxxx
#AuthSelect select PASSWORD,CHECKATTR,REPLYATTR
from SUBSCRIBERS where USERNAME='%n'
AuthSelect select PASSWORD,REPLYATTR,TIMELEFT from
SUBSCRIBERS where USERNAME='%n'
AuthColumnDef 0, User-Password, check
AuthColumnDef 1, GENERIC, reply
AuthColumnDef 2, Session-Timeout,
reply
AddToReply
Framed-Protocol = PPP,Service-Type = Framed-User,Framed-MTU =
1500,Framed-Compression = Van-Jacobson-TCP-IP
AccountingTableACCOUNTING
AccountingStopsOnly
AcctColumnDefUSERNAME,User-Name
AcctColumnDefTIME_STAMP,Timestamp,integer
AcctColumnDefACCTSTATUSTYPE,Acct-Status-Type
AcctColumnDefACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDefACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDefACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDefACCTSESSIONID,Acct-Session-Id
AcctColumnDefACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDefACCTTERMINATECAUSE,Acct-Terminate-Cause
AcctColumnDefNASIDENTIFIER,NAS-Identifier
AcctColumnDefNASPORT,NAS-Port,integer
AcctColumnDefFRAMEDIPADDRESS,Framed-IP-Address
AcctColumnDefCALLINGSTATIONID,Calling-Station-Id
AcctSQLStatement update SUBSCRIBERS set
TIMELEFT=TIMELEFT-%{Acct-Session-Time} where
USERNAME='%n'
RejectEmptyPassword
AcctFailedLogFileName %L/misseddetails
/AuthBy
AuthBy RADIUS
Hostxxx.net
Secretxxx
AuthPort 1645
AcctPort 1646
Retries 4
RetryTimeout 5
CachePasswords
RejectEmptyPassword
#AcctLogFileName %L/misseddetails2
/AuthBy
##
PostAuthHook
file:%D/CheckBlockTimeLeft
/Realm
#/Handler
ClientListSQL
DBSourcedbi:mysql:radius
DBUsernameroot
DBAuthxxx
/ClientListSQL
SessionDatabase SQL
DBSourcedbi:mysql:radius
DBUsernameroot
DBAuthxxx
# Optional identifier. Its just a name
Identifier SQL1
AddQuery
insert into RADONLINE (USERNAME,NASIDENTIFIER,NASPORT,ACCTSESSIONID,TIME_STAMP,FRAMEDIPADDRESS,NASPORTTYPE,SERVICETYPE) values('%n','%N',%{NAS-Port},'%{Acct-Session-Id}',%{Timestamp},'%{Framed-IP-Address}','%{Port-Type}','%{Service-Type}')
DeleteQuery delete from RADONLINE where USERNAME='%n' and
NASIDENTIFIER='%N' and NASPORT=%{NAS-Port}
ClearNasQuery delete from RADONLINE where NASIDENTIFIER='%N'
CountQuery select NASIDENTIFIER,NASPORT,ACCTSESSIONID from RADONLINE
where USERNAME='%n'
/SessionDatabase
# Log to a
file
Log FILE
Filename %L/mylog
Trace 5
/Log
# Log to
syslog (Unix only)
Log SYSLOG
Facility user
Trace 4
/Log
#Log
SQL
# Defines how to connect to the database. See examples above
#DBSourcedbi:mysql:radius
#DBUsernamemikem
#DBAuthfred
# Trace level to use (allows same values as the global Trace
level)
#Trace 4
#/Log
#
--
NB:
I am travelling this week, so there may be delays in our
correspondence
Re: (RADIATOR) accounting flat file to CSV ?
G'day Hugh, On Fri, 6 Apr 2001, Hugh Irvine wrote: Hello Neale - On Thursday 05 April 2001 10:15, Neale Banks wrote: Greetings all, Not exclusively Radiator-relevant, but probably RADIUS+Perl relevant... Does anyone have any pointer to anything to convert flat-file accounting records to comma-separated format? You can use the AcctLogFileName and AcctLogFileFormat to specify any format you wish. Sections 6.15.4 and 6.15.5 in the Radiator 2.18 reference manual. Alternatively, any other solutions to the need to tabulate a user's STOP records to run some elementary stats over their sessions times and disconnect reasons? It would probably be simpler to write the data to an SQL database directly and use an SQL report externally. Whilst these would both be good solutions for new records, unfortunately my current "challenge" is to extract some statistics from historical data which is in traditional flat-file accounting records. I'd be grateful of any suggestions anyone has regarding this. Thanks, Neale. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) accounting flat file to CSV ?
Hello Neale - On Thursday 05 April 2001 10:15, Neale Banks wrote: Greetings all, Not exclusively Radiator-relevant, but probably RADIUS+Perl relevant... Does anyone have any pointer to anything to convert flat-file accounting records to comma-separated format? You can use the AcctLogFileName and AcctLogFileFormat to specify any format you wish. Sections 6.15.4 and 6.15.5 in the Radiator 2.18 reference manual. Alternatively, any other solutions to the need to tabulate a user's STOP records to run some elementary stats over their sessions times and disconnect reasons? It would probably be simpler to write the data to an SQL database directly and use an SQL report externally. hth Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Accounting Packets
Hello Cassidy - Just to be clear about the Class attribute: the Class attribute is returned to a NAS in an Access-Accept (in response to an Access-Request). The Class attribute is then *always* (according to the RFC) included by the NAS in all subsequent accounting packets for that session. In other words, Radiator would be configured to send a Class attribute in response to an access request, and the NAS would then include the Class attribute in the accounting requests. hth Hugh On Tuesday 06 February 2001 10:17, Cassidy B. Larson wrote: Howdy all! Once again I got a stumper that seems to be 'stumping' me.. I've been in the process of installing a new filtering box, XStop R2000.. they take the class attribute string and that determines what filtering settings a particular user gets (if any).. Problem being, they tell me that the Class attribute is not getting sent with the first accounting packet and therefore the filtering box doesn't see any filtering info for that ip.. How can I configure Radiator to send the Class string with the first Accounting packet? (from their email) From what we have found it looks like your dial up server is sending the packets in pieces rather than together. You will need to configure your dial up server to send each of the packets as a hole. Would this be a configuration problem with Radiator or our TotalControl units? Has anybody gotten a r2000 unit to work with Radiator? Thanks for any info/help, Cassidy Larson InfoWest === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Accounting log problem
Hello Toni -
I think your NAS is not correctly configured. The reason you don't see an
accounting log is because you are not receiving any accounting packets from the
NAS.
hth
Hugh
On Tue, 14 Nov 2000, Toni Riekkinen wrote:
Hello,
I've problem with accounting logs, I can't get any accounting log at all,
not in plain detail-file nor in our database. Authentication works just fine
from users-file or database.
I've Solaris 8 (5.8) and Oracle8i Release 2 (8.1.6). I've installed timeout
patch.
This is my current radius.cfg with database support:
As I said, I've also tried for example with "AcctLogFileName
/opt/radius/log/detail" and authentication from users file, no help.
Foreground
LogStdout
LogDir /opt/radius/log
DbDir /opt/radius/raddb
LogFile %L/radiusd.log
Trace 4
Client DEFAULT
Secret
DupInterval 5
NasType Cisco
StatusServerShowClientDetails
/Client
Realm DEFAULT
MaxSessions 1
AuthBy SQL
DBSourcedbi:Oracle:X
DBUsername X
DBAuth X
AuthSelect select accesspw from kpy_customers where
accesslogin='%n'
AccountingTable kpy_radaccount
# AcctColumnDef aika,Timestamp,formatted-date,to_date\
# ('%e %m %Y %H:%M:%S', 'DD MM HH24:MI:SS')
AcctColumnDef user_name,User-Name
AcctColumnDef nas_ip_address,NAS-IP-Address
AcctColumnDef nas_port,NAS-Port,integer
AcctColumnDef framed_ip_address,Framed-IP-Address
AcctColumnDef called_station_id,Called-Station-Id
AcctColumnDef nas_port_type,NAS-Port-Type
AcctColumnDef acct_input_octets,Acct-Input-Octets,integer
AcctColumnDef
acct_output_octets,Acct-Output-Octets,integer
AcctColumnDef acct_session_id,Acct-Session-Id
AcctColumnDef acct_session_time,Acct-Session-Time,integer
AcctColumnDef acct_terminate_cause,Acct-Terminate-Cause
Timeout 15
AddToReply Service-Type=Framed-User,
Framed-Protocol=PPP, Framed-Routing = None, Framed-MTU = 1500,
Framed-Compression = Van-Jacobson-TCP-IP
/AuthBy
/Realm
--
With tracelevel 4, I get this:
--
Mon Nov 13 16:10:22 2000: DEBUG: Packet dump:
*** Received from xxx.xxx.xxx.xxx port 1645
Code: Access-Request
Identifier: 43
Authentic: k145515209T$250150'223zN167189217
Attributes:
NAS-IP-Address = xxx.xxx.xxx.xxx
NAS-Port = 30001
NAS-Port-Type = ISDN
User-Name = "testi1"
Called-Station-Id = "173636057"
Calling-Station-Id = "0173643572"
CHAP-Password = "X"
Service-Type = Framed-User
Framed-Protocol = PPP
Mon Nov 13 16:10:22 2000: DEBUG: Handling request with Handler
'Realm=DEFAULT'
Mon Nov 13 16:10:22 2000: DEBUG: Deleting session for testi1,
xxx.xxx.xxx.xxx, 30001
Mon Nov 13 16:10:22 2000: DEBUG: Handling with Radius::AuthSQL
Mon Nov 13 16:10:26 2000: DEBUG: Handling with Radius::AuthSQL
Mon Nov 13 16:10:26 2000: DEBUG: Query is: select accesspw from
kpy_customers where accesslogin='testi1'
Mon Nov 13 16:10:26 2000: DEBUG: Radius::AuthSQL looks for match with testi1
Mon Nov 13 16:10:26 2000: DEBUG: Radius::AuthSQL ACCEPT:
Mon Nov 13 16:10:26 2000: DEBUG: Access accepted for testi1
Mon Nov 13 16:10:26 2000: DEBUG: Packet dump:
*** Sending to xxx.xxx.xxx.xxx port 1645
Code: Access-Accept
Identifier: 43
Authentic: k145515209T$250150'223zN167189217
Attributes:
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-Routing = None
Framed-MTU = 1500
Framed-Compression = Van-Jacobson-TCP-IP
--
What I have configured wrong? I believe I should see atleast some
AcctColumnDef information at debug, but there is nothing?
Also I'd like to get BOTH accounting logging methods work at same time, to
database and into detail-file. Though even another of those would be nice
for start... :)
++Toni
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL
Re: (RADIATOR) accounting
Title: Re: (RADIATOR) accounting Hello Lina - At 10:50 +0100 00/11/10, Lina NAKHLE wrote: Hello, I have Radiator running on NT server and I'm using the AUTHBY LDAPSDK. I have couple of queries and I'm wondering if anybody can help me: 1) For billing purpose, I need to retrieve a field called 'CCAN' from LDAP and added to the accounting logs (the START and STOP tickets) if the user authenticated successfully. 2) I need to create a new accounting file every 5 minutes. 1) Use an AuthAttrDef and put the contents of the CCAN field into the radius Class attribute (the Class attribute will be included in all subsequent accounting packets for the session). AuthAttrDef CCAN, Class, reply 2) Use the special characters to create your accounting log file names. AcctLogFileName %L/detail-%Y-%m-%d-%H-%M This will create a new file (in the log directory) every minute of the form detail-2000-11-11-07-01 You can then do whatever is required every 5 minutes. hth Hugh -- -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
Re: (RADIATOR) Accounting
I get that from Connect-Info. I guess it would depend on what information your NAS is sending over, but a quick look with trace 4 of what information is getting sent from your NAS should show what Attribute has the information you want. I use this: AcctColumnDef CONNECTINFO,Connect-Info (Of course I had to add the CONNECTINFO field to the ACCOUNTING table) A search of your dictionary for the word connect should pull up any usable Attributes [ronh@shore]$grep -i connec /etc/Radiator/dictionary ATTRIBUTE Connect-Info77 string ATTRIBUTE Connect-Rate1007integer -- Ron Hensley ([EMAIL PROTECTED]) CCNA #10082337 Network Administrator - ICNet Internet Services -- On Thu, 12 Oct 2000, Matthias Fechner (Temp) wrote: Hi i need in the accounting the connection speed(like 64000 for one isdn-channel or 128000 for two isdn channel). With the Line: AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause I can specify the column in the database, but what keyword(variable) i need(the name) for the connectionspeed? Matthias Fechner === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) accounting with a cisco 7206
On Tue, 29 Aug 2000, FlintHillsTechnical Support wrote: we have started a new ISP service where users dial into to a remote NAS that then authenticates the user across an L2F tunnel through our Cisco 7206. We can authenticate the user and allow access, however in the initial accounting record the Cisco does not seem to pass the ip address it has assigned to the user. It does pass this info when the session is ended though. Has anyone seen this behavior and know how we can obtain the ip address when the user gets on, not when the user disconnects? Yes. It's something with the Start accounting packet on Cisco NAS's. You have to configure the Cisco NAS for sending an "update" packet: This is the Start packet: Mon Aug 28 00:11:08 2000 NAS-IP-Address = xxx.xxx.xxx.xxx NAS-Port = 98 NAS-Port-Type = Async User-Name = "xx@xxx" Called-Station-Id = "x" Calling-Station-Id = "x" Acct-Status-Type = Start Acct-Authentic = RADIUS Service-Type = Framed-User Acct-Session-Id = "A5A7" Framed-Protocol = PPP Acct-Delay-Time = 0 Timestamp = 967414268 And this is the Update packet, where you can see the IP address: Mon Aug 28 00:11:11 2000 NAS-IP-Address = xxx.xxx.xxx.xxx NAS-Port = 98 NAS-Port-Type = Async User-Name = "xx@xxx" Called-Station-Id = "x" Calling-Station-Id = "x" Acct-Status-Type = Alive Acct-Authentic = RADIUS Service-Type = Framed-User Acct-Session-Id = "A5A7" Framed-Protocol = PPP Framed-IP-Address = 212.7.51.180 Acct-Delay-Time = 0 Timestamp = 967414271 Saludos JesusR. - JesĂşs RodrĂguez Systems Network Manager World Online [EMAIL PROTECTED] http://www.worldonline.es Tel. + (34) 93-2257350 - === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) accounting with a cisco 7206
Frank, If you want to just receive an update for new information eg. ip address, use this command aaa accounting update newinfo If you want accounting records periodically, use aaa accounting update periodic interval where interval is in minutes, eg aaa accounting update periodic 10 will send accounting records every 10 minutes. In IOS 12.0(5)T and higher, update periodic sends octets in, octets out, packets in and packets out in the update record. Could be handy if NAS crashes, then all you have to do is change the last update record for that user from Acct-Status-Type = Alive to Acct-Status-Type = Stop and you now have a stop record. Regards, Matt At 10:27 AM 29/08/00 -0500, you wrote: we have started a new ISP service where users dial into to a remote NAS that then authenticates the user across an L2F tunnel through our Cisco 7206. We can authenticate the user and allow access, however in the initial accounting record the Cisco does not seem to pass the ip address it has assigned to the user. It does pass this info when the session is ended though. Has anyone seen this behavior and know how we can obtain the ip address when the user gets on, not when the user disconnects? TIA Frank === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. --- Matthew Nichols Network / Systems Engineer HunterLink Pty Ltd Newcastle NSW Australia Phone: +61 2 4969 0122 Fax: +61 2 4969 0133 Reply To: [EMAIL PROTECTED] PGP Public Key: http://moonah.hunterlink.net.au/~matt/pgp/pgpkey.html HunterLink Web Site: http://www.hunterlink.net.au === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Accounting to two Radiator servers.
Hello Vincent - Does anybody know of a way to get a Cisco NAS (specifically an AS5300) to report to two radiator servers simultaneously? If not, what is the best way to get this done through Radiator? Basically there are two companies which must share accounting information from one gateway, and save it into their independent systems for settlement purposes. Any help would be greatly appreciated. It is very simple to do with Radiator, but some additional details on exactly what you have in mind would help. In any case, something like this would work: # define two AuthBy clauses, one local, one remote # this example assumes local SQL, but could be anything AuthBy RADIUS Identifier Remote-Radius Host remote.radius.host Secret . . /AuthBy AuthBy SQL Identifier Local-SQL DBSource DBUsername DBAuth . /AuthBy Handler Request-Type = Accounting-Request AuthByPolicy ContinueAlways AuthBy Remote-Radius AuthBy Local-SQL /Handler Handler . . /Handler The above is just an example, but if you send me a bit more detail I'll be able to make better suggestions. hth Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Accounting with MySQL
Hello Robin - On Sun, 11 Jun 2000, Robin Gruyters wrote: Hi, Got a question, I see that with SQL accounting the date and time is not saved in the SQL database. Why?!? And isit possible to add this? You can add whatever you wish in the accounting records using the AcctColumnDef statements. Have a look at section 6.25.12 in the Radiator 2.16 reference manual. regards Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Accounting
Hey Robin, It needs the dictionary b/c the attributes and "values" come numerically from Radiator: #1 = #2 So to be friendly, Radiator looks them up in the dictionary and logs the "friendly" values in the detail (accounting) file instead of the number: Framed-Protocol = PPP Dave -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Robin Gruyters Sent: Thursday, June 08, 2000 7:45 AM To: [EMAIL PROTECTED] Subject: (RADIATOR) Accounting Hi, Got a question, i got a problem with the accounting to SQL. Not a problem to log to the SQL server but with the dictionaries. We use two different companies for dail-in, one company uses the Nortel (dictionary) and the otherone the USR (dictionary.usr). First i've set it up for the Nortel, ok works fine! *great* But now I want the USR also log to the same machine on the same SQL system. But is i'm trying to start it, I get error messages like: Thu Jun 8 12:52:12 2000: ERR: Attribute number 39000 (vendor 429) is not defined in your dictionary Thu Jun 8 12:52:12 2000: ERR: Attribute number 39001 (vendor 429) is not defined in your dictionary Thu Jun 8 12:52:12 2000: ERR: Attribute number 39051 (vendor 429) is not defined in your dictionary Thu Jun 8 12:52:12 2000: ERR: Attribute number 38998 (vendor 429) is not defined in your dictionary Why does the Accounting need the dictionary? -- Regards, Robin Gruyters - [EMAIL PROTECTED] - WISH BV - nic-hdl: RG3771-RIPE http://www.wish.net - tel: +31(0)413242500 - fax. +31(0)208762628 PGP key ID DEB8C991 - Head Engineering / Web Designer / B.O.F.H. BOFH excuse: monitor resolution too high === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Accounting
On Thu, Jun 08, 2000 at 10:04:06AM -0400, Dave Kitabjian wrote: Hey Robin, It needs the dictionary b/c the attributes and "values" come numerically from Radiator: #1 = #2 So to be friendly, Radiator looks them up in the dictionary and logs the "friendly" values in the detail (accounting) file instead of the number: Framed-Protocol = PPP Dave Ok, but isit possible to use two dictionaries? -- Regards, Robin Gruyters - [EMAIL PROTECTED] - WISH BV - nic-hdl: RG3771-RIPE http://www.wish.net - tel: +31(0)413242500 - fax. +31(0)208762628 PGP key ID DEB8C991 - Head Engineering / Web Designer / B.O.F.H. BOFH excuse: Electrons on a bender === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Accounting
Hello Robin - On Fri, 09 Jun 2000, Robin Gruyters wrote: On Thu, Jun 08, 2000 at 10:04:06AM -0400, Dave Kitabjian wrote: Hey Robin, It needs the dictionary b/c the attributes and "values" come numerically from Radiator: #1 = #2 So to be friendly, Radiator looks them up in the dictionary and logs the "friendly" values in the detail (accounting) file instead of the number: Framed-Protocol = PPP Dave Ok, but isit possible to use two dictionaries? It is not possible at this time to use more than one dictionary file, however one dictionary file can contain definitions for any number of vendors. The standard Radiator dictionary has definitions for Cisco, USR, Ascend, Annex, etc., etc. hth Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Accounting database retry agressiveness...
Hello Danny - On Tue, 02 May 2000, Danny Whitesel wrote: Last Friday, the server that houses our Rodopi database had a massive hardware failure. As of yet, I am not 100% sure just what the extents of the damage is. Most of the server was replaced just to get it back online as quick as possible. To make a long story short, it was down for 6 days. Ouch! Our Radiator Radius server reports accounting data to the aformentioned Rodopi database. Authentication is pulled off of a Linux MySQL server, so our users were still able to connect. Ironically enough, even though Rodopi has provisions for serving up Radius right from it's own database, I chose to serve Radius from a seperate out of concern for "What if the Rodopi machine goes down?". Nice when it goes in your favor isn't it? Once the Rodopi machine got back online, one of the NT admins noticed that radiusd was no longer connecting and reporting accounting data. I sent a -HUP to radiusd...nothing. Only after completely killing and restarting radiusd, did it resume reporting accounting data to the Rodopi database. I'm just curious what the timeouts and/or agressiveness of the accounting database connectivity is? The default is to wait 10 minutes before trying another connection. Check sections 6.24.4 Timeout and 6.24.5 FailureBackoffTime in the Radiator 2.15 reference manual. Also...While I'm on the subject of database connectivity, this same NT admin noticed and commented on how radiusd connects and stays connected to the Rodopi database constantly. He is of the opinion that radiusd(and any other clients, for that matter) should connect and disconnect for every query/write. He feels that performance is not an issue since database servers are designed to, and expect to, take rapid connects, queries/writes and disconnects. "That's their job.", he says. Though I have an opinion on the subject, I promised I would just pose the question to the list and see what you guys had to say. What you about you, Hugh? What is the official word from the development team on this issue? Radiator opens a connection to the SQL server and keeps it open for as long as possible. If the connection goes down, Radiator will reopen the connection according to the aforementioned timeouts and again keeps the connection open for as long as possible. Mike's view tends to be that Radiator should be handling radius requests first and foremost, rather than wasting time trying to contact SQL hosts. hth Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Accounting question
Hello Tuncay - On Sun, 30 Apr 2000, Tuncay MARGILIC wrote: I want to insert the IP or the name of the radius server to the accounting table. how can I describe this with AcctColumnDef? You will need the appropriate column in the Accounting table to begin with, then specify an AcctSQLStatement something like this: AuthBy SQL DBSource DBUsername DBAuth AuthSelect . AccountingTable . AcctColumDef AcctSQLStatement insert into ACCOUNTING (HOSTNAME) values (%h) . /AuthBy Have a look at section 6.24 in the Radiator 2.15 reference manual. hth Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Accounting for Realms?
Thanks for the note. My servers (one in C, the other VB) which parse and upload the detail records are expecting a standard Livingston-style accounting record, one attribute per line. They get mapped one-to-one with SQL Columns, and then get inserted. Attaching special treatment for the attribute named "Username" would be a hack, and would spoil the elegance and flexibility of this approach :( Since Radiator is so flexible, I was hoping that something this straightforward and common would be doable from within Radiator. If not, then I may end up putting in the hack. Dave -Original Message- From: Hugh Irvine [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 25, 2000 6:22 PM To: Dave Kitabjian; '' Subject: RE: (RADIATOR) Accounting for Realms? On Tue, 25 Apr 2000, Dave Kitabjian wrote: Thanks for the tip. From a Radiator point of view, we are simply logging to a standard "detail" file. (However, from our *system's* point of view, we parse that file and upload it into a Sql database. Don't worry about this; I'll handle those details.) So I just need the detail file to appear correct. Yes, I would rather log "UserName and Realm". What I'm asking is *how*? Username doesn't appear to strip off the Realm for accounting, even after a Rewrite; and the Realm doesn't appear anywhere else in the accounting record. How can I split them apart from within Radiator ? Why not just split into UserName and Realm when you parse the file? Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Accounting for Realms?
Hello Dave -
On Wed, 26 Apr 2000, Dave Kitabjian wrote:
Thanks for the note.
My servers (one in C, the other VB) which parse and upload the detail
records are expecting a standard Livingston-style accounting record, one
attribute per line. They get mapped one-to-one with SQL Columns, and
then get inserted.
Attaching special treatment for the attribute named "Username" would be
a hack, and would spoil the elegance and flexibility of this approach :(
Since Radiator is so flexible, I was hoping that something this
straightforward and common would be doable from within Radiator. If not,
then I may end up putting in the hack.
I misunderstood your situation - I thought as you were already processing the
files externally, adding another step would be easy.
In any case, you can use the AcctLogFileName and AcctLogFileFormat parameters
to specify whatever you wish in the accounting file output. I am not sure from
your descriptions how the username comes in (nor how it is processed), but you
can specify %{Realm} to get the Realm output to the file. Have a look at
sections 6.13.4 and 6.13.5 in the Radiator 2.15 reference manual.
regards
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Accounting for Realms?
Thanks for the tip. From a Radiator point of view, we are simply logging to a standard "detail" file. (However, from our *system's* point of view, we parse that file and upload it into a Sql database. Don't worry about this; I'll handle those details.) So I just need the detail file to appear correct. Yes, I would rather log "UserName and Realm". What I'm asking is *how*? Username doesn't appear to strip off the Realm for accounting, even after a Rewrite; and the Realm doesn't appear anywhere else in the accounting record. How can I split them apart from within Radiator ? Also, I'm still curious how the rest of you handle logging realms? Thanks! Dave -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Hugh Irvine Sent: Monday, April 24, 2000 8:12 PM To: Dave Kitabjian; '[EMAIL PROTECTED]' Subject: Re: (RADIATOR) Accounting for Realms? Hello Dave - On Tue, 25 Apr 2000, Dave Kitabjian wrote: What is the proper or best way to handle Accounting for Realms? It appears that, by default, regardless of whether the Username is rewritten, the Realm is just tagged onto the Username for Accounting: [EMAIL PROTECTED] and that's what gets exported to the Accounting record (and inserted into our database) as Username. This raises a few questions for me: 1) Since I'm performing RewriteUserName in the GLOBAL section, shouldn't this affect what is saved as the Accounting record's Username attribute, so that only "joe" gets logged, rather than "[EMAIL PROTECTED]"? 2) How does the "rest of the world" log realm info? I could have sworn that at one point earlier in my development, that I saw this info broken down into "User-Id" and "User-Realm". It seems more logical to me to store this info into two db columns: UserName Realm -- but that's not practical unless the Accounting record breaks it up accordingly. If I strip off the Realm with: # Strip off the realm: RewriteUsername s/^([^@]+).*/$1/ can I add it to the Accounting attribute list somehow? If you are using an SQL database, you can write whatever AcctSQLStatements are appropriate for your installation. If you would rather log UserName and Realm as you show above, that's fine. hth Hugh === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Accounting for Realms?
On Tue, 25 Apr 2000, Dave Kitabjian wrote: Thanks for the tip. From a Radiator point of view, we are simply logging to a standard "detail" file. (However, from our *system's* point of view, we parse that file and upload it into a Sql database. Don't worry about this; I'll handle those details.) So I just need the detail file to appear correct. Yes, I would rather log "UserName and Realm". What I'm asking is *how*? Username doesn't appear to strip off the Realm for accounting, even after a Rewrite; and the Realm doesn't appear anywhere else in the accounting record. How can I split them apart from within Radiator ? Why not just split into UserName and Realm when you parse the file? Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Accounting for Realms?
Hello Dave - On Tue, 25 Apr 2000, Dave Kitabjian wrote: What is the proper or best way to handle Accounting for Realms? It appears that, by default, regardless of whether the Username is rewritten, the Realm is just tagged onto the Username for Accounting: [EMAIL PROTECTED] and that's what gets exported to the Accounting record (and inserted into our database) as Username. This raises a few questions for me: 1) Since I'm performing RewriteUserName in the GLOBAL section, shouldn't this affect what is saved as the Accounting record's Username attribute, so that only "joe" gets logged, rather than "[EMAIL PROTECTED]"? 2) How does the "rest of the world" log realm info? I could have sworn that at one point earlier in my development, that I saw this info broken down into "User-Id" and "User-Realm". It seems more logical to me to store this info into two db columns: UserName Realm -- but that's not practical unless the Accounting record breaks it up accordingly. If I strip off the Realm with: # Strip off the realm: RewriteUsername s/^([^@]+).*/$1/ can I add it to the Accounting attribute list somehow? If you are using an SQL database, you can write whatever AcctSQLStatements are appropriate for your installation. If you would rather log UserName and Realm as you show above, that's fine. hth Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Accounting Stop Problem
On Tue, 18 Apr 2000, Rafael Ortega wrote: |o| I've been experiencing some trouble with Radiator and our TNT Max. |o| Two of our TNT boxes are sending the STOP accounting request |o| without the username, IP, etc. information, only the request id |o| (while the other two boxes work just fine). We compared the |o| config in the NAS for possible differences, but can't find any. Which versions of TAOS are running on the TNTs? We get the same Accounting-Request Stop packets without usernames and we've learned to just match IP addresses and ports rather than rely on username (acceptable so long as we don't miss succeeding Stop then Start packets) L L Richi Plana 8^) ,-,-. ,-,-. ,-,-. ,-,-. ,- LL LL Systems Administrator / / \ \ / / \ \ / / \ \ / / \ \ / / L Mosaic Communications, Inc. \ \ / / \ \ / / \ \ / / \ \ / / L mailto:[EMAIL PROTECTED] `-'-' `-'-' `-'-' `-'-' === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Accounting Stop Problem
On Tue, Apr 18, 2000 at 10:43:21AM -0500, Rafael Ortega wrote: Hello, all I've been experiencing some trouble with Radiator and our TNT Max. Two of our TNT boxes are sending the STOP accounting request without the username, IP, etc. information, only the request id (while the other two boxes work just fine). We compared the config in the NAS for possible differences, but can't find any. I've seen NAS that will send Stops (with no matching Start) for people who try to login (and fail) with CHAP. Otherwise it's a TNT software problem - same version on all systems? [EMAIL PROTECTED] === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Accounting?
Hello Colin - On Tue, 11 Apr 2000, colinc wrote: Hi there, We would like to authenticate users via a linux password file but also like to keep a record of the accounting for the users on the mysql database or a separate file. Authentication is working fine, but is there a way to keep a record of the accounting for each user. I noticed that the manual says that AuthBy UNIX does not log accounting requests. This is very easy to accomplish - something like this: # configuration to authenticate from UNIX and log accounting to SQL # note the use of AuthByPolicy to execute both AuthBy's # and empty AuthSelect to disable SQL authentication Realm AuthByPolicy ContinueAlways AuthBy SQL DBSource DBUsername DBAuth AuthSelect AccountingTable . AcctColumnDef . AcctColumnDef . . /AuthBy AuthBy UNIX . /AuthBy /Realm Have a look at sections 6.19.1 and 6.24 in the Radiator 2.15 manual. hth Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Accounting trigger a flag?
Hello Stephen - On Tue, 11 Apr 2000, Stephen Chen wrote: Is there a way for Radiator accounting to write to a database field ONCE when the user is authenticated for the first time? We need to do this so we know when the customer is actually up for the first time for billing purposes. The initial Accounting Start is the only true indication of a successful connection. Just because an authentication was successful does not mean that a connection was actually established, as there can be problems with modems or PPP itself falling over before the connection comes up. Many of our customers actually just use the Accounting Stop records (which contain session duration - Acct-Session-Time) for their accounting, as it is impossible to reconcile all Accounting Starts to Accounting Stops in any case. All of that said, if you really want to do what you describe, you will have to write a PostAuthHook to implement the database update. There are some example hooks in the Radiator 2.15 patches area that you can use as a starting point. regards Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Accounting Stop error;
Title: RE: (RADIATOR) Accounting Stop error;
Probably there is a type mismatch for the table field and the cisco attribute. Can you give us the describtion of the table. Like Desc tablename for oracle. I made the same mistake for the terminatecause field and changed the type to integer on radius.cfg
Have a look at the ACCTTERMINATECAUSE NASIDENTIFIER fields. Check the types!!!
Tuncay Margilic
Tel:+90 216 459 27 44
SIEMENS BUSINESS SERVICES
-Original Message-
From: OKAN ARISU [mailto:[EMAIL PROTECTED]]
Sent: Monday, March 13, 2000 5:43 PM
To: [EMAIL PROTECTED]
Subject: (RADIATOR) Accounting Stop error;
Hi Everbody,
We use Cisco 5300 and Radiator 2.14.1. Users are able to authenticate. Radiator writes the start record into the accounting table. But when the connection finished by the remote client it gives an insert error about stop record like below; Should i change my cfg file or can it be another reason causing this problem?
Thanks alot.
Best Regards.
Mon Mar 13 00:01:19 2000: ERR: do failed for 'insert into ACCOUNTING
(USERNAME, TIME_STAMP, ACCTSTATUSTYPE, ACCTDELAYTIME, ACCTINPUTOCTETS, ACCTOUTPUTOCTETS, ACCTSESSIONID, ACCTSESSIONTIME, ACCTTERMINATECAUSE, NASIDENTIFIER, NASPORT, FRAMEDIPADDRESS)
values
('BRAVEHEART', 952898478, 'Stop', 1, 4754, 1785, '289619229', 124, 'User-Request', 'RAN53', 20127, '212.156.205.242')': ORA-01722: invalid number (DBD ERROR: OCIStmtExecute)
Mon Mar 13 00:01:19 2000: ERR: do failed for 'insert into ACCOUNTING
(USERNAME, TIME_STAMP, ACCTSTATUSTYPE, ACCTDELAYTIME, ACCTINPUTOCTETS, ACCTOUTPUTOCTETS, ACCTSESSIONID, ACCTSESSIONTIME, ACCTTERMINATECAUSE, NASIDENTIFIER, NASPORT, FRAMEDIPADDRESS)
values
('BRAVEHEART', 952898478, 'Stop', 1, 4754, 1785, '289619229', 124, 'User-Request', 'RAN53', 20127, '212.156.205.242')': ORA-01722: invalid number (DBD ERROR: OCIStmtExecute)
Mon Mar 13 00:01:49 2000: ERR: do failed for 'insert into ACCOUNTING
(USERNAME, TIME_STAMP, ACCTSTATUSTYPE, ACCTDELAYTIME, ACCTINPUTOCTETS, ACCTOUTPUTOCTETS, ACCTSESSIONID, ACCTSESSIONTIME, ACCTTERMINATECAUSE, NASPORT, FRAMEDIPADDRESS)
values
('ikula', 952898509, 'Stop', 0, 649055, 5356976, '1186', 6335, 'Lost-Carrier', 87, '10.10.1.92')': ORA-01722: invalid number (DBD ERROR: OCIStmtExecute)
Mon Mar 13 00:01:49 2000: ERR: do failed for 'insert into ACCOUNTING
(USERNAME, TIME_STAMP, ACCTSTATUSTYPE, ACCTDELAYTIME, ACCTINPUTOCTETS, ACCTOUTPUTOCTETS, ACCTSESSIONID, ACCTSESSIONTIME, ACCTTERMINATECAUSE, NASPORT, FRAMEDIPADDRESS)
values
('ikula', 952898509, 'Stop', 0, 649055, 5356976, '1186', 6335, 'Lost-Carrier', 87, '10.10.1.92')': ORA-01722: invalid number (DBD ERROR: OCIStmtExecute)
Our cfg file is;
**
Foreground
LogStdout
Trace 4
LogDir /software/Radiator-2.14.1/Logfiles/
LogFile %L/%d-%m-%Y-logfile
DbDir .
Client xx.xx.xx.xx
Secret mysecret
# Her bir RAS client icin baska bir havuz yapilabilir
FramedGroupBaseAddress xx.xx.xx.xx
FramedGroupBaseAddress xx.xx.xx.xx
NasType Cisco
DupInterval 2
/Client
ClientListSQL
DBSource dbi:Oracle:basari.world
DBUsername gizli
DBAuth gizli123
/ClientListSQL
SessionDatabase SQL
DBSource dbi:Oracle:basari.world
DBUsername
DBAuth
/SessionDatabase
Realm
PasswordLogFileName %L/%d-%m-%Y-password.log
AuthByPolicy ContinueWhileReject
AuthBy SQL
AddToReply Service-Type = Framed-User,
DefaultSimultaneousUse 1
FramedGroup 0
# Adjust DBSource, DBUsername, DBAuth to suit your DB
DBSource dbi:Oracle:basari.world
DBUsername
DBAuth
# You may want to tailor these for your ACCOUNTING table
AccountingTable ACCOUNTING
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
AcctColumnDef NASIDENTIFIER,NAS-Identifier
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
/AuthBy
AuthBy FILE
FramedGroup 0
Filename ./userlistbasar
DefaultSimultaneousUse 3
/AuthBy
/Realm
*
==Archive at http://www.starport.net/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Accounting Stop error;
Title: RE: (RADIATOR) Accounting Stop error;
sorry just for ACCTTERMINATECAUSE :))
-Original Message-
From: Tuncay MARGILIC
Sent: Monday, March 13, 2000 8:46 PM
To: 'OKAN ARISU'; [EMAIL PROTECTED]
Subject: RE: (RADIATOR) Accounting Stop error;
Probably there is a type mismatch for the table field and the cisco attribute. Can you give us the describtion of the table. Like Desc tablename for oracle. I made the same mistake for the terminatecause field and changed the type to integer on radius.cfg
Have a look at the ACCTTERMINATECAUSE NASIDENTIFIER fields. Check the types!!!
Tuncay Margilic
Tel:+90 216 459 27 44
SIEMENS BUSINESS SERVICES
-Original Message-
From: OKAN ARISU [mailto:[EMAIL PROTECTED]]
Sent: Monday, March 13, 2000 5:43 PM
To: [EMAIL PROTECTED]
Subject: (RADIATOR) Accounting Stop error;
Hi Everbody,
We use Cisco 5300 and Radiator 2.14.1. Users are able to authenticate. Radiator writes the start record into the accounting table. But when the connection finished by the remote client it gives an insert error about stop record like below; Should i change my cfg file or can it be another reason causing this problem?
Thanks alot.
Best Regards.
Mon Mar 13 00:01:19 2000: ERR: do failed for 'insert into ACCOUNTING
(USERNAME, TIME_STAMP, ACCTSTATUSTYPE, ACCTDELAYTIME, ACCTINPUTOCTETS, ACCTOUTPUTOCTETS, ACCTSESSIONID, ACCTSESSIONTIME, ACCTTERMINATECAUSE, NASIDENTIFIER, NASPORT, FRAMEDIPADDRESS)
values
('BRAVEHEART', 952898478, 'Stop', 1, 4754, 1785, '289619229', 124, 'User-Request', 'RAN53', 20127, '212.156.205.242')': ORA-01722: invalid number (DBD ERROR: OCIStmtExecute)
Mon Mar 13 00:01:19 2000: ERR: do failed for 'insert into ACCOUNTING
(USERNAME, TIME_STAMP, ACCTSTATUSTYPE, ACCTDELAYTIME, ACCTINPUTOCTETS, ACCTOUTPUTOCTETS, ACCTSESSIONID, ACCTSESSIONTIME, ACCTTERMINATECAUSE, NASIDENTIFIER, NASPORT, FRAMEDIPADDRESS)
values
('BRAVEHEART', 952898478, 'Stop', 1, 4754, 1785, '289619229', 124, 'User-Request', 'RAN53', 20127, '212.156.205.242')': ORA-01722: invalid number (DBD ERROR: OCIStmtExecute)
Mon Mar 13 00:01:49 2000: ERR: do failed for 'insert into ACCOUNTING
(USERNAME, TIME_STAMP, ACCTSTATUSTYPE, ACCTDELAYTIME, ACCTINPUTOCTETS, ACCTOUTPUTOCTETS, ACCTSESSIONID, ACCTSESSIONTIME, ACCTTERMINATECAUSE, NASPORT, FRAMEDIPADDRESS)
values
('ikula', 952898509, 'Stop', 0, 649055, 5356976, '1186', 6335, 'Lost-Carrier', 87, '10.10.1.92')': ORA-01722: invalid number (DBD ERROR: OCIStmtExecute)
Mon Mar 13 00:01:49 2000: ERR: do failed for 'insert into ACCOUNTING
(USERNAME, TIME_STAMP, ACCTSTATUSTYPE, ACCTDELAYTIME, ACCTINPUTOCTETS, ACCTOUTPUTOCTETS, ACCTSESSIONID, ACCTSESSIONTIME, ACCTTERMINATECAUSE, NASPORT, FRAMEDIPADDRESS)
values
('ikula', 952898509, 'Stop', 0, 649055, 5356976, '1186', 6335, 'Lost-Carrier', 87, '10.10.1.92')': ORA-01722: invalid number (DBD ERROR: OCIStmtExecute)
Our cfg file is;
**
Foreground
LogStdout
Trace 4
LogDir /software/Radiator-2.14.1/Logfiles/
LogFile %L/%d-%m-%Y-logfile
DbDir .
Client xx.xx.xx.xx
Secret mysecret
# Her bir RAS client icin baska bir havuz yapilabilir
FramedGroupBaseAddress xx.xx.xx.xx
FramedGroupBaseAddress xx.xx.xx.xx
NasType Cisco
DupInterval 2
/Client
ClientListSQL
DBSource dbi:Oracle:basari.world
DBUsername gizli
DBAuth gizli123
/ClientListSQL
SessionDatabase SQL
DBSource dbi:Oracle:basari.world
DBUsername
DBAuth
/SessionDatabase
Realm
PasswordLogFileName %L/%d-%m-%Y-password.log
AuthByPolicy ContinueWhileReject
AuthBy SQL
AddToReply Service-Type = Framed-User,
DefaultSimultaneousUse 1
FramedGroup 0
# Adjust DBSource, DBUsername, DBAuth to suit your DB
DBSource dbi:Oracle:basari.world
DBUsername
DBAuth
# You may want to tailor these for your ACCOUNTING table
AccountingTable ACCOUNTING
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
AcctColumnDef NASIDENTIFIER,NAS-Identifier
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
/AuthBy
AuthBy FILE
FramedGroup 0
Filename ./userlistbasar
DefaultSimultaneousUse 3
/AuthBy
/Realm
*
==Archive at http://www.starport.net/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Accounting Table Problem
Hello Okan - On Tue, 07 Mar 2000, OKAN ARISU wrote: Hi everbody, We use Cisco 5300 and Radiator 2.14.1. Users are able to authenticate. Radiator also writes the accounting information to Radonline table. But i have a problem with ACCOUNTING table, radiator is not send to any insert information statement. And i can't see any accounting information in the accounting table. Should i do some change on the .cfg file or someting else? ** Foreground LogStdout Trace 4 LogDir /software/Radiator-2.14.1/Logfiles/ LogFile %L/%d-%m-%Y-logfile DbDir . Client xx.xx.xx.xx Secret mysecret # Her bir RAS client icin baska bir havuz yapilabilir FramedGroupBaseAddress xx.xx.xx.xx FramedGroupBaseAddress xx.xx.xx.xx NasType Cisco DupInterval 2 /Client ClientListSQL DBSource dbi:Oracle:basari.world DBUsername gizli DBAuth gizli123 /ClientListSQL SessionDatabase SQL DBSource dbi:Oracle:basari.world DBUsername DBAuth /SessionDatabase Realm PasswordLogFileName %L/%d-%m-%Y-password.log AuthByPolicy ContinueWhileReject AuthBy FILE FramedGroup 0 Filename ./userlistbasar DefaultSimultaneousUse 3 /AuthBy AuthBy SQL AddToReply Service-Type = Framed-User, DefaultSimultaneousUse 1 FramedGroup 0 # Adjust DBSource, DBUsername, DBAuth to suit your DB DBSource dbi:Oracle:basari.world DBUsername DBAuth # You may want to tailor these for your ACCOUNTING table AccountingTable ACCOUNTING AcctColumnDef USERNAME,User-Name AcctColumnDef TIME_STAMP,Timestamp,integer AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer AcctColumnDef ACCTSESSIONID,Acct-Session-Id AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause AcctColumnDef NASIDENTIFIER,NAS-Identifier AcctColumnDef NASPORT,NAS-Port,integer AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address /AuthBy /Realm The reason this is happening is because the AuthBy FILE accepts the accounting request so the AuthBy SQL never sees it. Try changing to this: AuthByPolicy ContinueAlways hth Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Accounting requests and online sessions.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On a related topic - this is the reason that many people use AccountingStopsOnly in their accounting database - because it is impossible to always match every Start and Stop (one of the disadvantages of UDP). Just a little question: Is it possible then to enforce MaxSessions just with AccountingStopsOnly? Thx for your help. -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.1 for non-commercial use http://www.pgp.com iQA/AwUBOIM80WXwKH++xlSbEQInCQCgukaHZ0aOZyvujTHyYJ9HiyAr5PoAoNEg HahuxgHDYC4tRu4uU+H+6IAu =JxAS -END PGP SIGNATURE- === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Accounting requests and online sessions.
Hello Arturo - On Tue, 18 Jan 2000, Arturo Pina wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On a related topic - this is the reason that many people use AccountingStopsOnly in their accounting database - because it is impossible to always match every Start and Stop (one of the disadvantages of UDP). Just a little question: Is it possible then to enforce MaxSessions just with AccountingStopsOnly? Thx for your help. Yes - the MaxSessions are checked against the Access-Request's, which happen before the Accounting-Request's. The normal sequence of events is this: 1. user dials the NAS 2. some NAS's can check the Calling-Station-Id and/or Called-Station-Id before answering the phone 3. NAS answers the phone 4. modem training sequence occurs 5. NAS starts PPP negotiation 6. NAS does authentication as part of PPP (CHAP or PAP usually) 7. NAS sends radius Access-Request to Radiator (which does Sim-Use) 7a Radiator updates SessionDatabase (delete only) 8. if Access-Accept, complete PPP negotiation (if not disconnect) 9. if PPP completes successfully, NAS sends Accounting-Request (Start) 9a. Radiator updates SessionDatabase and writes accounting record 10. when call completes, NAS sends Accounting-Request (Stop) 10a. Radiator updates SessionDatabase and writes accounting record NB. Radiator manipulates the SessionDatabase independently to writing the accounting records If you need any other help feel free to ask questions. cheers Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Accounting requests and online sessions.
Hola Antonio, Antonio Coloma wrote: Hi everybody, We have detected that a session is added to the DatabaseSession only when Radiator gets an Start accounting-request, not when it receives an Access Request and this request is accepted. Why? Shouldn't add to session database when user is accepted? Accepting an Access Request is not a warranty of a started session, and this is because in Radius there isn't a clear difference between authentication and authorization phases. The information that NAS will use for some authorization check is received in the Radius Access Request ACK, and with this information NAS can deny the access because an authorization fault. A very common example: NAS sends access-request after LCP authentication ( pap, chap or ms-chap ), but before IPCP negotiation. Radius server acks this user-password and includes peer IP address information in the packet. This isn't authentication information, it's authorization info. In this moment NAS starts IPCP negotiation, but if there is no agree about the peer ip address negotiated, it's considered an authorization error and the user refused, and the session has never started. The only thing that NAS can do in this situation is to send an Stop-without-previous-Start accounting record for the Radius server information. This stop-without-start accounting record is VERY important for Radius server if the server is managing ip address pools or it can't free the asigned ip address for the failed session. What happens If the start accounting-request arrives later than the stop accounting request? I suppose this is a intrinsic danger of Radius stateless orientation. :( FĂ©lix __ DATAGRAMA SERVICIOS GLOBALES IP C/ Acer 30 Pho: +34 93 223 00 98 08038 Barcelona ( SPAIN )Fax: +34 93 223 12 66 mailto:[EMAIL PROTECTED] http://www.datagrama.net __ Ăż Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Accounting question..
Hello Dmitry - On Sat, 25 Dec 1999, Dmitry Niqiforoff wrote: Mike McCauley wrote: Probably the best way to handle this kind of thing is to use the radius Class attribute. If you set the Class attribute in the reply to an access request, then the NAS will send that same string back in the Class attribue for the accounting requests. Then you can use Handler Class=whatever to choose how to handle each category of accounting request I've tried this. It does work, but for accounting only. How do I set some permissions and restrictions for user in certain groups based on those groups? I mean, if I would like to deny users in group "testgroup" to use my USR TotalControl access server or to use certain realms, how do I do this? Perhaps you could explain your requirements in more detail and include a copy of your configuration file (no secrets) and I will see if I can help you. thanks Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Accounting question..
Hello Dmitry, On Dec 24, 11:07am, Dmitry Niqiforoff wrote: Subject: Re: (RADIATOR) Accounting question.. [ Attachment (text/plain): 1653 bytes Character set: koi8-r plain text ] -- End of excerpt from Dmitry Niqiforoff Mike McCauley wrote: Probably the best way to handle this kind of thing is to use the radius Class attribute. If you set the Class attribute in the reply to an access request, then the NAS will send that same string back in the Class attribue for the accounting requests. Then you can use Handler Class=whatever to choose how to handle each category of accounting request Thanks, I'll try it today. What do You think about config-wide user-defined variables? It would be just fine if the Radiator has it :) An interesting thought: do you mean a % variable that you can use like %n or %M etc, but whose value you can set up yourself? Also, I would like to adapt Radiator for my old ICRADIUS database. There is attribute-value pairs stored for users or for groups of users in a different records. Lets say, user "user" has "Service-Type" as attribute name and "Framed-User" as its value in one database record, and "Framed-IP-Address" and "195.128.154.125" in another, and we have to collect them all from the table and set up for "check" or "reply" items in "Access-Accept" (select concat(attribute, " = ", value, ",") from radcheck where username="user", for example). Is there a way to do that with Radiator? Hmmm, we havent seen that one before. Sounds like it would need a new AuthBy module. They are quite easy to build: you usually only have to implemenet one function. BTW, it would be helpful if you did not post HTML to the list: not everyone uses HTML mail agents. Oops... Sorry - I didn't notice that. There must be something wrong with my "Netscape Messenger" at my office... Alas, its still happening. P.S. At first look Radiator is a very powerful AAA server. But it is a little bit complicated to configure, but it is the most powerful RADIUS server I ever seen yet. Thank you for your kind remarks. Cheers. -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Accounting question..
Mike McCauley wrote: Probably the best way to handle this kind of thing is to use the radius Class attribute. If you set the Class attribute in the reply to an access request, then the NAS will send that same string back in the Class attribue for the accounting requests. Then you can use Handler Class=whatever to choose how to handle each category of accounting request Thanks, I'll try it today. What do You think about config-wide user-defined variables? It would be just fine if the Radiator has it :) Also, I would like to adapt Radiator for my old ICRADIUS database. There is attribute-value pairs stored for users or for groups of users in a different records. Lets say, user "user" has "Service-Type" as attribute name and "Framed-User" as its value in one database record, and "Framed-IP-Address" and "195.128.154.125" in another, and we have to collect them all from the table and set up for "check" or "reply" items in "Access-Accept" (select concat(attribute, " = ", value, ",") from radcheck where username="user", for example). Is there a way to do that with Radiator? BTW, it would be helpful if you did not post HTML to the list: not everyone uses HTML mail agents. Oops... Sorry - I didn't notice that. There must be something wrong with my "Netscape Messenger" at my office... P.S. At first look Radiator is a very powerful AAA server. But it is a little bit complicated to configure, but it is the most powerful RADIUS server I ever seen yet. -- Regards, Dmitry Niqiforoff [tel. +7 8462 427427] Kraft-S, JSC. Samara, Russia === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Accounting question..
Mike McCauley wrote: Probably the best way to handle this kind of thing is to use the radius Class attribute. If you set the Class attribute in the reply to an access request, then the NAS will send that same string back in the Class attribue for the accounting requests. Then you can use Handler Class=whatever to choose how to handle each category of accounting request I've tried this. It does work, but for accounting only. How do I set some permissions and restrictions for user in certain groups based on those groups? I mean, if I would like to deny users in group "testgroup" to use my USR TotalControl access server or to use certain realms, how do I do this? -- Regards, Dmitry Niqiforoff [tel. +7 8462 427427] Kraft-S, JSC. Samara, Russia === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Accounting
Title: RE: (RADIATOR) Accounting Ferdi, You should install perl modules DBI and DBD:Oracle Then configure in radius.cfg the SessionDatabase SQL (Manual page 22) It works great. Regards, Ferhat -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Ferdi Tasik Sent: Wednesday, December 15, 1999 3:18 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: (RADIATOR) Accounting Hi, Mike I want to ask about accounting radiator : 1. How to connect from accounting to oracle database? Is there any script? 2. Can Oracle connect directly from accounting? Regards, Ferdi Tasik __ Do You Yahoo!? Thousands of Stores. Millions of Products. All in one place. Yahoo! Shopping: http://shopping.yahoo.com === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Accounting
Hello Ferdi - On Thu, 16 Dec 1999, Ferdi Tasik wrote: Hi, Mike I want to ask about accounting radiator : 1. How to connect from accounting to oracle database? Is there any script? 2. Can Oracle connect directly from accounting? Yes Oracle can be used directly by Radiator. You will need the DBI and DBD-Oracle modules from CPAN: http://www.perl.com/CPAN-local/modules/by-module/DBI/DBI-1.13.tar.gz http://www.perl.com/CPAN-local/modules/by-module/DBD/DBD-Oracle-1.03.tar.gz There are also examples and scripts in the Radiator distribution - the file radius.cfg is fully commented with an Oracle configuration example and there is a sample SQL create script in the file goodies/ansiCreate.sql. You should also have a look at the FAQ: http://www.open.com.au/radiator/faq.html there is a detailled example on setting up a connection to Oracle therein. hth Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Accounting log
Hello Philip - On Thu, 28 Oct 1999, Philip Buckley wrote: Hi Everyone, I have problem where I want Radiator to log one particular user or a group of users. Can this be done. Thanks in advance for your help. Not at the moment, no. You can only set up different logging for different Realms or Handlers. Improved configurability for logging is on the to-do list. cheers Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsod === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Accounting from USR equipment...
Unfortunately, that's the same list I have. There's no Vendor Attribute 12 in there. (0x000C) -- Roy Hooper ([EMAIL PROTECTED]) Sr. Systems Administrator Network Operations Cyberus Online Inc. -- An eisa.com company www.cyberus.com www.eisa.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Darwin A. Bawasanta Sent: Tuesday, October 19, 1999 2:27 AM To: Roy Hooper Cc: [EMAIL PROTECTED] Subject: Re: (RADIATOR) Accounting from USR equipment... Hello Roy, i got here my list of VENDORATTR 429, i hope this will be of help to you. VENDORATTR 429 Last-Number-Dialed-Out 0x0066 string VENDORATTR 429 Last-Number-Dialed-In-DNIS 0x00E8 string VENDORATTR 429 Last-Callers-Number-ANI 0x00E9 string VENDORATTR 429 Channel 0xBF38 integer VENDORATTR 429 Event-Id0xBFBE integer VENDORATTR 429 Event-Date-Time 0xBF2F date VENDORATTR 429 Call-Start-Date-Time0xBFF7 date VENDORATTR 429 Call-End-Date-Time 0xBFF6 date VENDORATTR 429 Default-DTE-Data-Rate 0x005E integer VENDORATTR 429 Initial-Rx-Link-Data-Rate 0xBF2D integer VENDORATTR 429 Final-Rx-Link-Data-Rate 0xBF2C integer VENDORATTR 429 Initial-Tx-Link-Data-Rate 0x006A integer VENDORATTR 429 Final-Tx-Link-Data-Rate 0x006B integer VENDORATTR 429 Chassis-Temperature 0xBF31 integer VENDORATTR 429 Chassis-Temp-Threshold 0xBE84 integer VENDORATTR 429 Actual-Voltage 0xBF32 integer VENDORATTR 429 Expected-Voltage0xBF33 integer VENDORATTR 429 Power-Supply-Number 0xBF34 integer VENDORATTR 429 Card-Type 0xBE85 integer VENDORATTR 429 Chassis-Slot0xBF39 integer VENDORATTR 429 Sync-Async-Mode 0x0067 integer VENDORATTR 429 Originate-Answer-Mode 0x0068 integer VENDORATTR 429 Modulation-Type 0x006C integer VENDORATTR 429 Connect-Term-Reason 0x009B integer VENDORATTR 429 Failure-to-Connect-Reason 0x0069 integer VENDORATTR 429 Equalization-Type 0x006F integer VENDORATTR 429 Fallback-Enabled0x0070 integer VENDORATTR 429 Connect-Time-Limit 0xBFE7 integer VENDORATTR 429 Number-of-Rings-Limit 0xBFE6 integer VENDORATTR 429 DTE-Data-Idle-Timout0x0048 integer VENDORATTR 429 Characters-Sent 0x0071 integer VENDORATTR 429 Characters-Received 0x0072 integer VENDORATTR 429 Blocks-Sent 0x0075 integer VENDORATTR 429 Blocks-Received 0x0076 integer VENDORATTR 429 Blocks-Resent 0x0077 integer VENDORATTR 429 Retrains-Requested 0x0078 integer VENDORATTR 429 Retrains-Granted0x0079 integer VENDORATTR 429 Line-Reversals 0x007A integer VENDORATTR 429 Number-Of-Characters-Lost 0x007B integer VENDORATTR 429 Number-of-Blers 0x007D integer VENDORATTR 429 Number-of-Link-Timeouts 0x007E integer VENDORATTR 429 Number-of-Fallbacks 0x007F integer VENDORATTR 429 Number-of-Upshifts 0x0080 integer VENDORATTR 429 Number-of-Link-NAKs 0x0081 integer VENDORATTR 429 DTR-False-Timeout 0x00BE integer VENDORATTR 429 Fallback-Limit 0x00BF integer VENDORATTR 429 Block-Error-Count-Limit 0x00C0 integer VENDORATTR 429 DTR-True-Timeout0x00DA integer VENDORATTR 429 Security-Login-Limit0xBEDE integer VENDORATTR 429 Security-Resp-Limit 0xBEFA integer VENDORATTR 429 DTE-Ring-No-Answer-Limit0xBF17 integer VENDORATTR 429 Back-Channel-Data-Rate 0x007C integer VENDORATTR 429 Simplified-MNP-Levels 0x0099 integer VENDORATTR 429 Simplified-V42bis-Usage 0x00C7 integer VENDORATTR 429 Mbi_Ct_PRI_Card_Slot0x0184 integer VENDORATTR 429 Mbi_Ct_TDM_Time_Slot0x0185 integer VENDORATTR 429 Mbi_Ct_PRI_Card_Span_Line 0x0186 integer VENDORATTR 429 Mbi_Ct_BChannel_Used0x0187 integer VENDORATTR 429 Physical-State 0xBE77 integer VENDORATTR 429 Packet-Bus-Session 0xBF14 integer VENDORATTR 429 Server-Time 0xF000 date VENDORATTR 429 Channel-Connected-To0xBE5D integer VENDORATTR 429 Slot-Connected-To 0xBE5E integer VENDORATTR 429 Device-Connected
Re: (RADIATOR) Accounting from USR equipment...
Hello Roy, i got here my list of VENDORATTR 429, i hope this will be of help to you. VENDORATTR 429 Last-Number-Dialed-Out 0x0066 string VENDORATTR 429 Last-Number-Dialed-In-DNIS 0x00E8 string VENDORATTR 429 Last-Callers-Number-ANI 0x00E9 string VENDORATTR 429 Channel 0xBF38 integer VENDORATTR 429 Event-Id0xBFBE integer VENDORATTR 429 Event-Date-Time 0xBF2F date VENDORATTR 429 Call-Start-Date-Time0xBFF7 date VENDORATTR 429 Call-End-Date-Time 0xBFF6 date VENDORATTR 429 Default-DTE-Data-Rate 0x005E integer VENDORATTR 429 Initial-Rx-Link-Data-Rate 0xBF2D integer VENDORATTR 429 Final-Rx-Link-Data-Rate 0xBF2C integer VENDORATTR 429 Initial-Tx-Link-Data-Rate 0x006A integer VENDORATTR 429 Final-Tx-Link-Data-Rate 0x006B integer VENDORATTR 429 Chassis-Temperature 0xBF31 integer VENDORATTR 429 Chassis-Temp-Threshold 0xBE84 integer VENDORATTR 429 Actual-Voltage 0xBF32 integer VENDORATTR 429 Expected-Voltage0xBF33 integer VENDORATTR 429 Power-Supply-Number 0xBF34 integer VENDORATTR 429 Card-Type 0xBE85 integer VENDORATTR 429 Chassis-Slot0xBF39 integer VENDORATTR 429 Sync-Async-Mode 0x0067 integer VENDORATTR 429 Originate-Answer-Mode 0x0068 integer VENDORATTR 429 Modulation-Type 0x006C integer VENDORATTR 429 Connect-Term-Reason 0x009B integer VENDORATTR 429 Failure-to-Connect-Reason 0x0069 integer VENDORATTR 429 Equalization-Type 0x006F integer VENDORATTR 429 Fallback-Enabled0x0070 integer VENDORATTR 429 Connect-Time-Limit 0xBFE7 integer VENDORATTR 429 Number-of-Rings-Limit 0xBFE6 integer VENDORATTR 429 DTE-Data-Idle-Timout0x0048 integer VENDORATTR 429 Characters-Sent 0x0071 integer VENDORATTR 429 Characters-Received 0x0072 integer VENDORATTR 429 Blocks-Sent 0x0075 integer VENDORATTR 429 Blocks-Received 0x0076 integer VENDORATTR 429 Blocks-Resent 0x0077 integer VENDORATTR 429 Retrains-Requested 0x0078 integer VENDORATTR 429 Retrains-Granted0x0079 integer VENDORATTR 429 Line-Reversals 0x007A integer VENDORATTR 429 Number-Of-Characters-Lost 0x007B integer VENDORATTR 429 Number-of-Blers 0x007D integer VENDORATTR 429 Number-of-Link-Timeouts 0x007E integer VENDORATTR 429 Number-of-Fallbacks 0x007F integer VENDORATTR 429 Number-of-Upshifts 0x0080 integer VENDORATTR 429 Number-of-Link-NAKs 0x0081 integer VENDORATTR 429 DTR-False-Timeout 0x00BE integer VENDORATTR 429 Fallback-Limit 0x00BF integer VENDORATTR 429 Block-Error-Count-Limit 0x00C0 integer VENDORATTR 429 DTR-True-Timeout0x00DA integer VENDORATTR 429 Security-Login-Limit0xBEDE integer VENDORATTR 429 Security-Resp-Limit 0xBEFA integer VENDORATTR 429 DTE-Ring-No-Answer-Limit0xBF17 integer VENDORATTR 429 Back-Channel-Data-Rate 0x007C integer VENDORATTR 429 Simplified-MNP-Levels 0x0099 integer VENDORATTR 429 Simplified-V42bis-Usage 0x00C7 integer VENDORATTR 429 Mbi_Ct_PRI_Card_Slot0x0184 integer VENDORATTR 429 Mbi_Ct_TDM_Time_Slot0x0185 integer VENDORATTR 429 Mbi_Ct_PRI_Card_Span_Line 0x0186 integer VENDORATTR 429 Mbi_Ct_BChannel_Used0x0187 integer VENDORATTR 429 Physical-State 0xBE77 integer VENDORATTR 429 Packet-Bus-Session 0xBF14 integer VENDORATTR 429 Server-Time 0xF000 date VENDORATTR 429 Channel-Connected-To0xBE5D integer VENDORATTR 429 Slot-Connected-To 0xBE5E integer VENDORATTR 429 Device-Connected-To 0xBE5F integer VENDORATTR 429 NFAS-ID 0xBE60 integer VENDORATTR 429 Q931-Call-Reference-Value 0xBE61 integer VENDORATTR 429 Call-Event-Code 0xBE62 integer VENDORATTR 429 DS0 0xBE63 integer VENDORATTR 429 DS0s0xBE64 string VENDORATTR 429 Gateway-IP-Address 0xBE66 ipaddr VENDORATTR 429 PW_USR_IFilter_IP 0x9000 string VENDORATTR 429 PW_USR_IFilter_IPX 0x9001 string VENDORATTR 429
Re: (RADIATOR) Accounting Hooks
Hi Pete - On Fri, 08 Oct 1999, Pete Black wrote: Where can a list of attributes that are in each acct packet be obtained? Pete. Check the file called "dictionary" in the main Radiator distribution directory. All of the radius attributes are defined therein. If you mean "what attributes *should* be in radius packets?", check the RFC's for Radius RFC 2138/2139. Note that all the vendors do different things with their versions of radius, and they are also constantly changing their dictionary definitions. hth Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Accounting Hooks
Hi Pete - On Thu, 07 Oct 1999, Pete Black wrote: %_This is good, although we require that at the end of the month all existing records that don't have a stop record at the turn of the month get truncated at 00:00h the next day. Would it be possible to have some sort of hook that intercepted the incoming acct packet, then check if it's start record is in the previous month, create the truncated record, create a new Start record at the beginning of the month and then put down the modified Stop record? I'm not sure that you would want to do it that way. You might do something like this: Handler ... AcctLogFileName %L/accounting.%m.%Y AcctLogFileFormat . .. /Handler This will write to a file called "accounting.10.1999" for the month of October, then at midnight on the 31st it will roll to "accounting.11.1999". Your post-processing can then tidy up the loose ends at the beginning and end of the month. hth Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Accounting Hooks
That sound's like the simplest thing to do. It wouldn't be hard to do anyway since we already have a program that converts the raw logs in to the format that we would like. Once again, thanx. Pete. Hugh Irvine wrote: Hi Pete - On Thu, 07 Oct 1999, Pete Black wrote: %_This is good, although we require that at the end of the month all existing records that don't have a stop record at the turn of the month get truncated at 00:00h the next day. Would it be possible to have some sort of hook that intercepted the incoming acct packet, then check if it's start record is in the previous month, create the truncated record, create a new Start record at the beginning of the month and then put down the modified Stop record? I'm not sure that you would want to do it that way. You might do something like this: Handler ... AcctLogFileName %L/accounting.%m.%Y AcctLogFileFormat . .. /Handler This will write to a file called "accounting.10.1999" for the month of October, then at midnight on the 31st it will roll to "accounting.11.1999". Your post-processing can then tidy up the loose ends at the beginning and end of the month. hth Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody -- == _/ Pete Black: Network Administrator mailto:[EMAIL PROTECTED] _/ Dot Communications Pty Ltd http://www.dot.net.au/ == === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Accounting Hooks
Where can a list of attributes that are in each acct packet be obtained? Pete. Hugh Irvine wrote: Hi Pete - On Thu, 07 Oct 1999, Pete Black wrote: %_This is good, although we require that at the end of the month all existing records that don't have a stop record at the turn of the month get truncated at 00:00h the next day. Would it be possible to have some sort of hook that intercepted the incoming acct packet, then check if it's start record is in the previous month, create the truncated record, create a new Start record at the beginning of the month and then put down the modified Stop record? I'm not sure that you would want to do it that way. You might do something like this: Handler ... AcctLogFileName %L/accounting.%m.%Y AcctLogFileFormat . .. /Handler This will write to a file called "accounting.10.1999" for the month of October, then at midnight on the 31st it will roll to "accounting.11.1999". Your post-processing can then tidy up the loose ends at the beginning and end of the month. hth Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- == _/ Pete Black: Network Administrator mailto:[EMAIL PROTECTED] _/ Dot Communications Pty Ltd http://www.dot.net.au/ == === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Accounting Hooks
Hi Pete - On Wed, 06 Oct 1999, Pete Black wrote: Is there any way to put in a post accounting hook? We need to create another accounting log file in our own format on the fly and we need to know if we can do it via a hook or by altering the code itself. The simplest way to do this is in your Handler(s) or Realms(s): Handler ... AcctLogFileName . AcctLogFileFormat . .. /Handler You can specify as many files with as many formats as you wish. See Section 6.13.4 and 6.13.5 in the Radiator 2.14.1 reference manual. hth Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Accounting file reporting tools needed.
Hi Paul - On Tue, 28 Sep 1999, Paul van der Zwan wrote: I have been asked to find a way to report the number of active ports in a configurable timestep. Something like a report for all hours or all 5 min periods showing the max number of active ports in that interval. They want it generated at any time/interval.. How would I best handle this ?? At the moment Radiator is only logging accounting records to a standard detail file ( 70 MB per day and expected to grow a factor of 10 in the coming months) or should I switch to SQL accounting. (Anybody handling hundreds of megabytes of accounting date / day this way ?? ) Any suggestions ?? I have some perl code to parse detail files but I doubt it would scale to the required sizes My suggestion here would be to set up a SessionDatabase in SQL and then just write a little script to query it every 5 minutes and store the data for later analysis. You could even have a look at the radwho.cgi script for inspiration. hth Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Accounting
Hello Chris - On Fri, 03 Sep 1999, Chris Knight wrote: Howdy, A client of ours is running Radiator, and I need to get the Accounting data into a SQL server for billing purposes. Because of management and responsibility requirements, I have to get the data from the accounting log file, play with it in Perl, and put it into the SQL Server. I'm not able to use the SQL logging features of Radiator. I would be tempted to set up a Radiator proxy running SQL accounting, and configure the client Radiator to proxy only the accounting packets to it. That way you retain your management and responsibility requirements, and you can use all of the Radiator features to log to an SQL database. You might inform your client that this is how all roaming systems work, for example. I've got a couple of questions relating to the implementation I need to do. First, is the Acct-Session-Id truly unique for each session? Secondly, if multiple Radiator servers are running - both servicing the same set of NASes - will the Acct-Session-Id still be unique, or do I need to catenate the Acct-Session-Id with the Radiator server IP address, for instance? Thirdly, out of curiosity, how is the last set of six digits for the Acct-Session-Id generated? I managed to figure out the first two sets all by myself :-) The Acct-Session-Id is generated by the NAS. However I would have thought that you would want to make sure that your User-Name's are unique and use those for your accounting. I need a unique reference, as I am seeing duplicate accounting entries in the log file. You always have the possibility of duplicate packets due to the UDP protocol used by radius. If you are logging to an SQL accounting database, the duplicate inserts will fail in any case. hth Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Accounting
Howdy, -Original Message- From: Hugh Irvine [mailto:[EMAIL PROTECTED]] Sent: Friday, 3 September 1999 18:33 To: [EMAIL PROTECTED]; Chris Knight; [EMAIL PROTECTED] Subject: Re: (RADIATOR) Accounting Hello Chris - On Fri, 03 Sep 1999, Chris Knight wrote: Howdy, A client of ours is running Radiator, and I need to get the Accounting data into a SQL server for billing purposes. Because of management and responsibility requirements, I have to get the data from the accounting log file, play with it in Perl, and put it into the SQL Server. I'm not able to use the SQL logging features of Radiator. I would be tempted to set up a Radiator proxy running SQL accounting, and configure the client Radiator to proxy only the accounting packets to it. That way you retain your management and responsibility requirements, and you can use all of the Radiator features to log to an SQL database. You might inform your client that this is how all roaming systems work, for example. I've got to convince the client to upgrade to a site license however. I can see the sense in it though. Jee, I wonder why you suggested that?... :-) I've got a couple of questions relating to the implementation I need to do. First, is the Acct-Session-Id truly unique for each session? Secondly, if multiple Radiator servers are running - both servicing the same set of NASes - will the Acct-Session-Id still be unique, or do I need to catenate the Acct-Session-Id with the Radiator server IP address, for instance? Thirdly, out of curiosity, how is the last set of six digits for the Acct-Session-Id generated? I managed to figure out the first two sets all by myself :-) The Acct-Session-Id is generated by the NAS. However I would have thought that you would want to make sure that your User-Name's are unique and use those for your accounting. Yes, that's currently happening, but I'm looking for a unique attribute(s) on which to key the data to stop charging the customer twice (or more) for the same session. My first coding attempt simply entered STOP events where the appropriate number of attributes were present and contained acceptable values. This didn't stop duplicate accounting entries. I need a unique reference, as I am seeing duplicate accounting entries in the log file. You always have the possibility of duplicate packets due to the UDP protocol used by radius. If you are logging to an SQL accounting database, the duplicate inserts will fail in any case. Yes, this duplicate packet entry is very annoying. I would very much like to log directly to the SQL server, but that isn't happening - yet. I'm assuming that the duplicate inserts fail due to a unique constraint on the AccountSessionID field. Please correct me if I'm wrong. Also, if the NAS creates the AcctSessionID, what stops two NASes sending Radiator (or any other RADIUS server, for that matter) the same AcctSessionID? hth Sort of. If you can verify my assumption above, then yes it does. Look forward to hearing from you. Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody Regards, Chris Knight Systems Administrator AIMS Independent Computer Professionals Tel: +61 3 6334 6664 Fax: +61 3 6331 7032 Mob: +61 419 528 795 Web: http://www.aims.com.au === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Accounting
On Sep 3, 6:32pm, Hugh Irvine wrote: Subject: Re: (RADIATOR) Accounting Hello Chris - On Fri, 03 Sep 1999, Chris Knight wrote: Howdy, A client of ours is running Radiator, and I need to get the Accounting data into a SQL server for billing purposes. Because of management and responsibility requirements, I have to get the data from the accounting log file, play with it in Perl, and put it into the SQL Server. I'm not able to use the SQL logging features of Radiator. I would be tempted to set up a Radiator proxy running SQL accounting, and configure the client Radiator to proxy only the accounting packets to it. That way you retain your management and responsibility requirements, and you can use all of the Radiator features to log to an SQL database. You might inform your client that this is how all roaming systems work, for example. I've got a couple of questions relating to the implementation I need to do. First, is the Acct-Session-Id truly unique for each session? Secondly, if multiple Radiator servers are running - both servicing the same set of NASes - will the Acct-Session-Id still be unique, or do I need to catenate the Acct-Session-Id with the Radiator server IP address, for instance? Thirdly, out of curiosity, how is the last set of six digits for the Acct-Session-Id generated? I managed to figure out the first two sets all by myself :-) The Acct-Session-Id is generated by the NAS. However I would have thought that you would want to make sure that your User-Name's are unique and use those for your accounting. Acct-Session-Id cannot be regarded as unique. Most NASs will usually start Acct-Session-Id again from 0 when it reboots. It is more usual to use a unique key composed of something like Acct-Session-Id, username and time. Cheers. -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) accounting session start times
Hi Arnie,
On Jul 14, 4:58pm, Arnie Roberts wrote:
Subject: (RADIATOR) accounting session start times
Hi all,
I would like to add accounting entries to a simple database.
To keep things simple I would prefer to only log Stop requests
and not Start requests, thereby giving me one record per session.
Is there a way in which I can log the start time of the session?
I was thinking of something like
AcctColumnDef StartTime,Timestamp - Acct-Session-Time
That wont work Im afraid.
There are 2 ways you can deal with this:
1. Add a PreAuthHook that will calculte and add a new pseudo-attribute from
Timestamp and AcctSessionTime. In your AcctColumnDef, specify that new
pseudo-attribute.
2. Use AcctSQLStatement to specify the entire SQL statement you wish to
execute, something like this:
AcccountingStopsOnly
AcctSQLStatement insert into ACCOUNTING (..., StartTime, ) values\
(..., %{Timestamp} - %{Acct-Session-Time}, .)
However, we are somewhat of the view that you are better off saving the
original data in your SQL database, rather than computing a new data point (and
denormalising your database somewhat). You can always do the calulation when
viewing the data.
Hope that helps.
Cheers.
thanks
Arnie
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
-- End of excerpt from Arnie Roberts
--
Mike McCauley [EMAIL PROTECTED]
Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au
Phone +61 3 9598-0985 Fax +61 3 9598-0955
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
NT, Rhapsody
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Accounting do Database via ODBC
Hi Michael,
On Jul 9, 10:37am, Michael Gatti wrote:
Subject: (RADIATOR) Accounting do Database via ODBC
Ladies Gentilmen:
I'm trying to do something here that I'm not sure that it could work. I have
radiator working just fine here at my ISP and know I what to implement some new
functions to him. I'm trying to make radiator send the accounting information
to a Data Base (very simple one - Access) via an ODBC driver and still create
the accounting log files. bellow is my CONFIG FILE, I know it my be very wierd,
but that's why I'm asking for some help. When I run he command line:
c:\ perl radiusd -confi_file=maxntdb.cfg I receive a lot of:
The basic problem with that config file, is that you are using = sign between
the parameters and arguments:
Identifier=NTSystem
should be
Identifier NTSystem
Sat Jul 10 10:28:45 1999: ERR: Unknown keyword 'Identifier=NTSystem' in
maxntdb.cfg line 39
Sat Jul 10 10:28:45 1999: ERR: Unknown keyword 'Auth-Type=System' in
maxntdb.cfg line 40
That one does not belong here at all.
Here is how I think you should set it up:
Realm DEFAULT
# Limit all users in this realm to max of 1 session
MaxSessions 1
# Send accounting only to SQL
AuthBy SQL
# No authentication
AuthSelect
# Connect to ODBC on localhost
DBSource dbi:Acessos:localhost
# Heres how you can convert Timestamps into a format that Oracle likes
AcctColumnDef TIME_STAMP,Timestamp,formatted-date,to_date('%e %m %Y
%H:%M:%S', 'DD MM HH24:MI:SS')
# AcctColumnDef COLUMN,Attribute[,type][,format]
AcctColumnDef SessionID,Acct-Session-Id
AcctColumnDef TIME_STAMP,Timestamp
AcctColumnDef StatusType,Acct-Status-Type
AcctColumnDef UserName,User-Name
AcctColumnDef SessionTime,Acct-Session-Time,integer
# Store accounting records in Acessos
AccountingTableAcessos
/AuthBy
# Now authenticate from NT
AuthBy NT
Domain mydomain
DomainController hostname
/AuthBy
# Log all accounting into daily log files in LogDir
AcctLogFileName=%L\%Y%m%d.act
/Realm
Hope that helps.
Cheers.
Sat Jul 10 10:28:45 1999: ERR: Unknown keyword 'Domain=mydomain' in
maxntdb.cfg line 41
Sat Jul 10 10:28:45 1999: ERR: Unknown keyword 'DomainController=hostname' in
maxntdb.cfg line 42
Sat Jul 10 10:28:45 1999: ERR: Unknown keyword
'AcctLogFileName=%L\%Y%m%d.act' in maxntdb.cfg line 44
Sat Jul 10 10:28:45 1999: ERR: Unknown keyword
'DBSource=dbi:Acessos:localhost' in maxntdb.cfg line 46
Sat Jul 10 10:28:45 1999: ERR: Unknown keyword
'AcctColumnDef=TIME_STAMP,Timestamp,formatted-date,to_date('%e' in maxntdb.cfg
line 48
Sat Jul 10 10:28:46 1999: ERR: Unknown keyword
'AcctColumnDef=SessionID,Acct-Session-Id' in maxntdb.cfg line 50
Sat Jul 10 10:28:46 1999: ERR: Unknown keyword
'AcctColumnDef=TIME_STAMP,Timestamp' in maxntdb.cfg line 51
Sat Jul 10 10:28:46 1999: ERR: Unknown keyword
'AcctColumnDef=StatusType,Acct-Status-Type' in maxntdb.cfg line 52
Sat Jul 10 10:28:46 1999: ERR: Unknown keyword
'AcctColumnDef=UserName,User-Name' in maxntdb.cfg line 53
Sat Jul 10 10:28:46 1999: ERR: Unknown keyword
'AcctColumnDef=SessionTime,Acct-Session-Time,integer' in maxntdb.cfg line 54
Sat Jul 10 10:28:46 1999: ERR: Unknown keyword 'AccountingTable=Acessos' in
maxntdb.cfg line 56
Sat Jul 10 10:28:47 1999: INFO: Server started
- CONFIG FILE
# maxntdb.cfg
Foreground
LogStdout
Trace 5
AuthPort1645
AcctPort1646
LogDir c:\radiator\malbanet\log
LogFile %L\%Y%m%d.log
DbDir C:\winnt\profiles\administrator\personal
DictionaryFile %D\dictionary.nt
# You will probably want to change this to suit your site.
Client localhost
Secret mysecret
DupInterval 0
/Client
Client XXX.YYY.ZZZ.xxx
Secret mysecret
DupInterval 0
/Client
Client XXX.YYY.ZZZ.xxx
Secret mysecret
DupInterval 0
/Client
Client XXX.YYY.ZZZ.xxx
Secret mysecret
DupInterval 0
/Client
Realm DEFAULT
# Limit all users in this realm to max of 1 session
MaxSessions 1
AuthBy NT
Identifier=NTSystem
Auth-Type=System
Domain=mydomain
DomainController=hostname
# Log all accounting into daily log files in LogDir
AcctLogFileName=%L\%Y%m%d.act
# Connect to ODBC on localhost
DBSource=dbi:Acessos:localhost
# Heres how you can convert Timestamps into a format that Oracle likes
AcctColumnDef=TIME_STAMP,Timestamp,formatted-date,to_date('%e %m %Y
%H:%M:%S', 'DD MM HH24:MI:SS')
# AcctColumnDef COLUMN,Attribute[,type][,format]
AcctColumnDef=SessionID,Acct-Session-Id
AcctColumnDef=TIME_STAMP,Timestamp
AcctColumnDef=StatusType,Acct-Status-Type
AcctColumnDef=UserName,User-Name
AcctColumnDef=SessionTime,Acct-Session-Time,integer
# Store accounting records in Acessos
AccountingTable=Acessos
/AuthBy
/Realm
[ Attachment (text/x-html): 6192 bytes
Character set: iso-8859-1
Encoded with "quoted-printable" ]
Re: (RADIATOR) accounting
Hi Kim, On Jul 11, 4:05pm, Kim Wilsleff Kristensen wrote: Subject: (RADIATOR) accounting Hi Can anyone give me an example of how to log accounting to an microsoft SQL-database Are you running Radiator on NT? 1. Create a database and tables, see the example in goodies/sybaseCreate.sql 2. Create a SQL login and passwrod to access that database 3. Install ODBC 4. Create an ODBC DSN to connect to the databse you made in 1 5. Configure your Radiator something like this: Realm DEFAULT AuthByPolicy ContinueAlways # Just save accounting to SQL AuthBy SQL # Adjust DBSource, DBUsername, DBAuth to suit your DB DBSourcedbi:ODBC:yourdsnname DBUsername username DBAuth login # No authentication AuthSelect # You may want to tailor these for your ACCOUNTING table AccountingTable ACCOUNTING AcctColumnDef USERNAME,User-Name AcctColumnDef TIME_STAMP,Timestamp,integer AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer AcctColumnDef ACCTSESSIONID,Acct-Session-Id AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer AcctColumnDef ACCTTERMINATECAUSE,Acct_Terminate-Cause AcctColumnDef NASIDENTIFIER,NAS-Identifier AcctColumnDef NASPORT,NAS-Port,integer AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address /AuthBy # Authenticate from NT (or whatever you like) AuthBy NT Domain whatever /AuthBy /Realm If you want to get to MS-SQL from Unix, check the Radiator FAQ at http://www.open.com.au/radiator/faq.html Hope that helps. Cheers. -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Accounting to SQL w/out authenticating via SQL
Hi, On Jul 1, 9:27pm, postmaster wrote: Subject: Re: (RADIATOR) Accounting to SQL w/out authenticating via SQL Mike, Will the same scenario work for 'AuthBy File' but do the SQL Accounting ? Yes, no problem. Thanks. [EMAIL PROTECTED] On Fri, 2 Jul 1999, Mike McCauley wrote: Date: Fri, 2 Jul 1999 09:37:19 -0500 From: Mike McCauley [EMAIL PROTECTED] To: John Coy [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: (RADIATOR) Accounting to SQL w/out authenticating via SQL Hello John, On Jul 1, 11:50am, John Coy wrote: Subject: (RADIATOR) Accounting to SQL w/out authenticating via SQL Is there a way to configure Radiator to log accounting records to SQL without requiring authentication to occur via SQL? I have radiator configured for Proxy for several realms, but I'd like to capture the accounting records for those realms into an SQL (Oracle) database. The manual for AuthBy SQL is unclear if you can just use that for accounting. Yes, no problem. If you define AuthSelect to be empty, then SQL will not do authentication at all (it will REJECT), eg: Realm whatever AuthByPolicy ContinueAlways AuthBy SQL # Disable authentication AuthSelect # But do accounting AccountingTable ACCOUTNING AcctColumnDef USERNAME,User-Name TIME_STAMP,Timestamp,integer . /AuthBy AuthBy RADIUS Host xx ... /AuthBy /Realm Hope that helps. Cheers. -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- End of excerpt from postmaster -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Accounting dictionary for netserver card
IgnoreAcctSignature seems to have rectified the accting interference. Thanks, Oliver On Mon, 7 Jun 1999, Mike McCauley wrote: Hi Oliver, On Jun 4, 4:57pm, O Stockhammer wrote: Subject: Re: (RADIATOR) Accounting dictionary for netserver card These are from the logfile: Fri Jun 4 16:44:12 1999: ERR: Attribute number 0 (vendor ) is not defined in your dictionary That is quite bizarre, there is no such attribute Fri Jun 4 16:45:18 1999: ERR: Attribute number 73 (vendor ) is not defined in your dictionary So is that. Fri Jun 4 16:45:18 1999: ERR: Attribute number 116 (vendor ) is not defined in your dictionary That is supposedly Ascend-Appletalk-Route Fri Jun 4 16:46:24 1999: ERR: Attribute number 240 (vendor ) is not defined in your dictionary That is supposedly Ascend-Add-Seconds Thu Jun 3 20:31:37 1999: ERR: Attribute number 144 (vendor ) is not defined in your dictionary That is Ascend-Assign-IP-Client That all looks very strange, almost as if the incoming packet is corrupted in being incorrectly interpreted. Can you send a hex packet dump of one of these requests? You can get het packet dumps at trace level 5. These are the logs from the SQL log: 928528731 4 Rewrote user name to kaligula 928528731 4 Handling with Radius::AuthSQL 928528731 4Handling with Radius::AuthUNIX 928528731 4Radius::AuthUNIX looks for match with kaligula 928528731 4 Radius::AuthUNIX ACCEPT: 928528731 4 Access accepted for kaligula 928528736 1 Bad authenticator in request from 207.240.140.6 (207.240.140.6) This is what I get at trace level 5. I am logging both to a logfile and MySQL and accounting is going to both a detail file and MySQL. Accounting works for my other chassies using Hyperarc cards. It seems lime auth is working, but accounting is complaining about "Bad authenticator". This is usually an indication that you need IgnoreAcctSignature set for that NAS. But in the light of the very strange results above, it may be something else. The packet dump will help. Im sorry you are having this trouble. I hope we get you on the air soon. Cheers. Thanks, Oliver On Fri, 4 Jun 1999, Mike McCauley wrote: Hi Oliver, can you send us a fragment of your radiator log file at trace level 4, showing what happens when you receive accounting packets from your Netserver. I would exepct to see Radiator complaining about missing dictionary entries. That will help us track down the missing attributes. Cheers. On Jun 3, 8:49pm, O Stockhammer wrote: Subject: (RADIATOR) Accounting dictionary for netserver card Hello, We are using both Netserver and Hyperarc TotalControl Cards. Radiator is authenticating fine off of both but the Netserver Cards are missing entries for the dictionary file and therefore no accounting happens for them. For some reason I am missing entries in the dictionary file for the netserver card. I am using your dictionary.usr file that you provided. What entries do I need for accounting to work? I think it has to do with the vendor specific entries like USR-Chassis-Call-Slot = 0 rather than Chassis-Call-Slot = 0 which is in the dictionary file Thank you, Oliver Stockhammer Systems The Internet Channel === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- End of excerpt from O Stockhammer -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- End of excerpt from O Stockhammer -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, pa
Re: (RADIATOR) Accounting dictionary for netserver card
Hi Oliver, On Jun 4, 4:57pm, O Stockhammer wrote: Subject: Re: (RADIATOR) Accounting dictionary for netserver card These are from the logfile: Fri Jun 4 16:44:12 1999: ERR: Attribute number 0 (vendor ) is not defined in your dictionary That is quite bizarre, there is no such attribute Fri Jun 4 16:45:18 1999: ERR: Attribute number 73 (vendor ) is not defined in your dictionary So is that. Fri Jun 4 16:45:18 1999: ERR: Attribute number 116 (vendor ) is not defined in your dictionary That is supposedly Ascend-Appletalk-Route Fri Jun 4 16:46:24 1999: ERR: Attribute number 240 (vendor ) is not defined in your dictionary That is supposedly Ascend-Add-Seconds Thu Jun 3 20:31:37 1999: ERR: Attribute number 144 (vendor ) is not defined in your dictionary That is Ascend-Assign-IP-Client That all looks very strange, almost as if the incoming packet is corrupted in being incorrectly interpreted. Can you send a hex packet dump of one of these requests? You can get het packet dumps at trace level 5. These are the logs from the SQL log: 928528731 4 Rewrote user name to kaligula 928528731 4 Handling with Radius::AuthSQL 928528731 4Handling with Radius::AuthUNIX 928528731 4Radius::AuthUNIX looks for match with kaligula 928528731 4 Radius::AuthUNIX ACCEPT: 928528731 4 Access accepted for kaligula 928528736 1 Bad authenticator in request from 207.240.140.6 (207.240.140.6) This is what I get at trace level 5. I am logging both to a logfile and MySQL and accounting is going to both a detail file and MySQL. Accounting works for my other chassies using Hyperarc cards. It seems lime auth is working, but accounting is complaining about "Bad authenticator". This is usually an indication that you need IgnoreAcctSignature set for that NAS. But in the light of the very strange results above, it may be something else. The packet dump will help. Im sorry you are having this trouble. I hope we get you on the air soon. Cheers. Thanks, Oliver On Fri, 4 Jun 1999, Mike McCauley wrote: Hi Oliver, can you send us a fragment of your radiator log file at trace level 4, showing what happens when you receive accounting packets from your Netserver. I would exepct to see Radiator complaining about missing dictionary entries. That will help us track down the missing attributes. Cheers. On Jun 3, 8:49pm, O Stockhammer wrote: Subject: (RADIATOR) Accounting dictionary for netserver card Hello, We are using both Netserver and Hyperarc TotalControl Cards. Radiator is authenticating fine off of both but the Netserver Cards are missing entries for the dictionary file and therefore no accounting happens for them. For some reason I am missing entries in the dictionary file for the netserver card. I am using your dictionary.usr file that you provided. What entries do I need for accounting to work? I think it has to do with the vendor specific entries like USR-Chassis-Call-Slot = 0 rather than Chassis-Call-Slot = 0 which is in the dictionary file Thank you, Oliver Stockhammer Systems The Internet Channel === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- End of excerpt from O Stockhammer -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- End of excerpt from O Stockhammer -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Accounting dictionary for netserver card
These are from the logfile: Fri Jun 4 16:44:12 1999: ERR: Attribute number 0 (vendor ) is not defined in your dictionary Fri Jun 4 16:45:18 1999: ERR: Attribute number 73 (vendor ) is not defined in your dictionary Fri Jun 4 16:45:18 1999: ERR: Attribute number 116 (vendor ) is not defined in your dictionary Fri Jun 4 16:46:24 1999: ERR: Attribute number 240 (vendor ) is not defined in your dictionary Thu Jun 3 20:31:37 1999: ERR: Attribute number 144 (vendor ) is not defined in your dictionary These are the logs from the SQL log: 928528731 4 Rewrote user name to kaligula 928528731 4 Handling with Radius::AuthSQL 928528731 4Handling with Radius::AuthUNIX 928528731 4Radius::AuthUNIX looks for match with kaligula 928528731 4 Radius::AuthUNIX ACCEPT: 928528731 4 Access accepted for kaligula 928528736 1 Bad authenticator in request from 207.240.140.6 (207.240.140.6) This is what I get at trace level 5. I am logging both to a logfile and MySQL and accounting is going to both a detail file and MySQL. Accounting works for my other chassies using Hyperarc cards. Thanks, Oliver On Fri, 4 Jun 1999, Mike McCauley wrote: Hi Oliver, can you send us a fragment of your radiator log file at trace level 4, showing what happens when you receive accounting packets from your Netserver. I would exepct to see Radiator complaining about missing dictionary entries. That will help us track down the missing attributes. Cheers. On Jun 3, 8:49pm, O Stockhammer wrote: Subject: (RADIATOR) Accounting dictionary for netserver card Hello, We are using both Netserver and Hyperarc TotalControl Cards. Radiator is authenticating fine off of both but the Netserver Cards are missing entries for the dictionary file and therefore no accounting happens for them. For some reason I am missing entries in the dictionary file for the netserver card. I am using your dictionary.usr file that you provided. What entries do I need for accounting to work? I think it has to do with the vendor specific entries like USR-Chassis-Call-Slot = 0 rather than Chassis-Call-Slot = 0 which is in the dictionary file Thank you, Oliver Stockhammer Systems The Internet Channel === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- End of excerpt from O Stockhammer -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
