I wrote:
> Whenever Radiator detects a user which it thinks may be already
> connected, it should call Nas.pm to verify the session using SNMP. If
> it does, we get our INFO messages followed by either "Simultaneous Use
> exceeded" or "Session has gone away". However, we also get some
> "Simultaneous Use exceeded" messages without our INFO messages first.
> In these cases, there is no actual user session but Radiator has
> rejected the login. There appears to be no way to clear the problem
> except to restart Radiator.
>
> Our INFO messages are unconditional if Nas.pm is called. So it seems
> that it must not be being called for some reason. Tracing through the
> code, I think that it should be called indirectly by the various
> Auth*.pm modules. We use our own internally developed Auth module for
> all authentications, so it seems likely that we have a bug in it. What
> could we be doing wrong which would cause Radiator not to verify a
> session only some of the time?
Some additional details. I've added an extra log message to
AuthGeneric.pm, just before the check for too many sessions:
# my new code...
&safeLog($self, $main::LOG_INFO,
"Querying $p->{OriginalUserName} for maximum $max_sessions");
# end of new code
if (Radius::SessGeneric::find($p->{Handler}->{SessionDatabase})->exceeded
($max_sessions, $p->{OriginalUserName}, $p))
{
return ($main::REJECT,
"Simultaneous-Use of $max_sessions exceeded");
}
I added a similar, but not identical, message just before the check for
the default number of sessions, even though we don't use the default.
In Nas.pm, the Livingston code has an additional log message at the
very beginning:
sub isOnlineLivingston
{
my ($name, $nas_id, $nas_port, $session_id, $client) = @_;
# my new code...
&main::log($main::LOG_INFO, "--- Checking $nas_id : $nas_port");
# end of new code
So you see that, if isOnlineLivingston is called, the message should
appear regardless of any problem further on in the subroutine. And
normally, the message does appear.
Within the last hour, I have the following sequence of messages in the
log (running at trace level 3).
Mon Dec 18 16:04:40 2000: INFO: Querying user for maximum 1
Mon Dec 18 16:04:40 2000: INFO: Access rejected for user: Simultaneous-Use of 1
exceeded
This is at a site which has only Livingstons and for which most checks
seem to work fine. Still running Radiator 2.16.3.
Dave Close Quik Internet
+1 949 548 2171 Costa Mesa California
[EMAIL PROTECTED] http://www.quik.com/
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
