Hello Ali -
On Thu, 25 May 2000, Postmaster wrote:
> Hugh,
>
> Here's the scenario:
> I started the radiator, let it run in trace4 and while it was idle, it
> looks from the logfile that the ASCEND MAX was sending some requests etc
> to radiator and radiator gave a few warnings and then I tried to connect
> to MAX as 'ali' and since, I typed 'wrong' pass, I was denied and then I
> connected just once as 'johndoe' and disconnected. But during this short
> time I was connected, I received multiple records in my flatfile
> accounting database for the very single session belonging to 'johndoe'. I
> need to know, if there is any way, that I can insert the accounting info
> only once for 'Start' and 'Stop' session and that too, if the login was
> attempt was successfull. How ?
>
> thanks,
> [EMAIL PROTECTED]
>
>
>
>
> Here's the user's(johndoe) profile:
>
> johndoe User-Password = "john123"
> Service-Type = Framed-User,
> Ascend-Metric = 2,
> Ascend-Maximum-Channels = 4,
> Ascend-Idle-Limit = 0,
> Framed-Protocol = MPP,
> Framed-Routing = None,
> Framed-Compression = Van-Jacobson-TCP-IP,
> Framed-Address = 206.29.1.1,
> Framed-Netmask = 255.255.255.0
>
>
> ------------------- Begin Log File ----------------------------------
> Wed May 24 22:13:12 2000: DEBUG: Reading users file
> /usr/ali/raddb/users_testmax
> Wed May 24 22:13:13 2000: INFO: Server started
> Wed May 24 22:18:29 2000: DEBUG: Packet dump:
> *** Received from 206.29.116.6 port 1034 ....
> Code: Ascend-Access-Event-Request
> Identifier: 235
> Authentic: <147><236><143><255><212><152><142><140><180><16>Rncq<20><12>
> Attributes:
> NAS-Identifier = 206.29.116.6
> Ascend-Number-Sessions = ""
>
> Wed May 24 22:18:29 2000: WARNING: Invalid request
> 'Ascend-Access-Event-Request'
> received from 206.29.116.6
>
The first thing I see is a great number of requests like the above. This is
some strange behaviour from the Ascend that I have never seen before. I suspect
that you can turn whatever it is off in the NAS software.
>
> Wed May 24 22:20:45 2000: DEBUG: Packet dump:
> *** Received from 206.29.116.6 port 1025 ....
> Code: Access-Request
> Identifier: 119
> Authentic: <19>i<250><250>?<15><245><228>Q6<196><155>}3<252><195>
> Attributes:
> User-Name = "ali"
> User-Password = "<171><225><246>VGd<161>"
> NAS-Identifier = 206.29.116.6
> NAS-Port = 20000
> NAS-Port-Type = Virtual
> Service-Type = Login-User
> State = ""
> Ascend-Third-Prompt = ""
> Client-Port-DNIS = "<225>"
> Acct-Session-Id = "269493553"
>
> Wed May 24 22:20:45 2000: DEBUG: Rewrote user name to ali
> Wed May 24 22:20:45 2000: DEBUG: Rewrote user name to ali
> Wed May 24 22:20:45 2000: DEBUG: Handling with Radius::AuthFILE
> Wed May 24 22:20:45 2000: DEBUG: Radius::AuthFILE looks for match with ali
> Wed May 24 22:20:45 2000: INFO: Access rejected for ali: No such user
> Wed May 24 22:20:45 2000: DEBUG: Packet dump:
> *** Sending to 206.29.116.6 port 1025 ....
> Code: Access-Reject
> Identifier: 119
> Authentic: <19>i<250><250>?<15><245><228>Q6<196><155>}3<252><195>
> Attributes:
> Reply-Message = "Request Denied"
> Reply-Message = "No such user"
>
The above shows a perfectly normal request that returns a "Reject". This is the
correct behaviour for Radiator as it has not found a user named "ali" in the
users file.
> Wed May 24 22:20:56 2000: DEBUG: Packet dump:
> *** Received from 206.29.116.6 port 1025 ....
> Code: Access-Request
> Identifier: 120
> Authentic: <10><31><220><242><175>[d<157>&|F<194><132>RLx
> Attributes:
> User-Name = "johndoe"
> User-Password = "9<132><254><154><215><24>m<129>"
> NAS-Identifier = 206.29.116.6
> NAS-Port = 20000
> NAS-Port-Type = Virtual
> Service-Type = Login-User
> State = ""
> Ascend-Third-Prompt = ""
> Client-Port-DNIS = "<225>"
> Acct-Session-Id = "269493553"
>
> Wed May 24 22:20:56 2000: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Wed May 24 22:20:56 2000: DEBUG: Rewrote user name to johndoe
> Wed May 24 22:20:56 2000: DEBUG: Rewrote user name to johndoe
> Wed May 24 22:20:56 2000: DEBUG: Handling with Radius::AuthFILE
> Wed May 24 22:20:56 2000: DEBUG: Radius::AuthFILE looks for match with
> johndoe
> Wed May 24 22:20:56 2000: DEBUG: Radius::AuthFILE ACCEPT:
> Wed May 24 22:20:56 2000: DEBUG: Access accepted for johndoe
> Wed May 24 22:20:56 2000: DEBUG: Packet dump:
> *** Sending to 206.29.116.6 port 1025 ....
> Code: Access-Accept
> Identifier: 120
> Authentic: <10><31><220><242><175>[d<157>&|F<194><132>RLx
> Attributes:
> Service-Type = Framed-User
> Ascend-Metric = 2
> Ascend-Maximum-Channels = 4
> Ascend-Idle-Limit = 0
> Framed-Protocol = MPP
> Framed-Routing = None
> Framed-Compression = Van-Jacobson-TCP-IP
> Framed-Address = 206.29.1.1
> Framed-Netmask = 255.255.255.0
>
Now this shows that you receive a request for "johndoe", but with a
Service-Type of "Login-User", probably because you have telneted to the box, or
because you have started a login session instead of a PPP session when you
connected. However, you return an Access-Accept with a Service-Type of
"Framed-User" - this may be confusing the NAS. In any case, Radiator accepts
the request as it should.
> Wed May 24 22:20:56 2000: DEBUG: Packet dump:
> *** Received from 206.29.116.6 port 1034 ....
> Code: Accounting-Request
> Identifier: 247
> Authentic: <209><28><29><146><185><185><221>b9<249>c<155><29><173>Y<10>
> Attributes:
> User-Name = "johndoe"
> NAS-Identifier = 206.29.116.6
> NAS-Port = 20000
> NAS-Port-Type = Virtual
> Acct-Status-Type = Start
> Acct-Delay-Time = 0
> Acct-Session-Id = "269493553"
> Acct-Authentic = RADIUS
> Client-Port-DNIS = "<2>"
> Framed-Protocol = PPP
> Framed-Address = 206.29.1.1
>
> Wed May 24 22:20:56 2000: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Wed May 24 22:20:56 2000: DEBUG: Rewrote user name to johndoe
> Wed May 24 22:20:56 2000: DEBUG: Rewrote user name to johndoe
> Wed May 24 22:20:56 2000: DEBUG: Handling with Radius::AuthFILE
> Wed May 24 22:20:56 2000: DEBUG: Adding session for johndoe, 206.29.116.6,
> 20000
> Wed May 24 22:20:56 2000: DEBUG: Accounting accepted
> Wed May 24 22:20:56 2000: DEBUG: Packet dump:
> *** Sending to 206.29.116.6 port 1034 ....
> Code: Accounting-Response
> Identifier: 247
> Authentic: <209><28><29><146><185><185><221>b9<249>c<155><29><173>Y<10>
> Attributes:
>
And thereafter you are seeing multiple Accounting-Requests from the NAS, each
one of which is being replied to normally by Radiator. I don't know why your
NAS keeps resending the requests, they arrive every 5 seconds, but Radiator
responds correctly. I think you will have to sort out your NAS before you can
go much further.
In general, you should only see a single Access-Request, followed by a single
Accounting Start and a single Accounting Stop.
hth
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
