Re: (RADIATOR) MaxSessions issue, still a problem

Hugh Irvine Fri, 13 Jul 2001 18:31:22 -0700

Hello Dmitry -

I see.

I think you have two choices: first (prefered) is to change the proxy so it 
sends you all requests with the realm intact, and second is to add an 
additional proxy in front of your Radiator that only rewrites the usernames. 
The only way that the session database is going to work reliably is if it 
always gets the usernames in the same format.

regards

Hugh


On Friday 13 July 2001 20:58, Dmitry Kopylov wrote:
> Hello,
>
> and the problem here is that NAS generates the Access-Request in form
> "username@realm", proxy stripes off the the realmname and my Radiator
> receives just "username". Whereas the accounting request approaches the
> Radiator in its original form e.g. "username@realm". So the session
> database is built up based on the "username@realm" and not on the
> "username". The question here is if it's possible to rewrite the User-Name
> in Accounting request?  Or maybe there is another solution?
>
> regards,
> Dmitry Kopylov
>
> -----Original Message-----
> From: Hugh Irvine [mailto:[EMAIL PROTECTED]]
> Sent: Friday, July 13, 2001 8:43 AM
> To: Vangelis Kyriakakis; [EMAIL PROTECTED]
> Subject: Re: (RADIATOR) MaxSessions issue, still a problem
>
>
>
> Hello Vangelis -
>
> Actually, an internal session database is exactly that - a session database
> held entirely in memory. The username in each request is what is used, as
> follows: Access-Request - check current sessions and reject if limit
> exceeded, Accounting Start - add new record, Accounting Start - delete
> record.
>
> regards
>
> Hugh
>
> On Thursday 12 July 2001 22:33, Vangelis Kyriakakis wrote:
> > I think the problem when you use the Internal session database is that it
> > uses the username from the Accounting file to count the number of
>
> sessions.
>
> > When a new user logs in it checks the rewritten username against the
> > session database. So it checks with the name uunoc and not with the
> > [EMAIL PROTECTED] and sees that it hasn't logged in again. I had the same
> > problem with small and capital letters.
> >    Maxsession 0 works always since it's no need to check the session
> > database...
> >
> >                    Vangelis
> >
> > Dmitry Kopylov wrote:
> > > Hi,
> > >
> > > I upgraded to the 18.2.2 but the problem with MaxSession still exists.
> > > Here is part of config and trace 4 output:
> > >
> > > <Handler Realm=bbeyond.nl>
> > >         RewriteUsername s/^([^@]+).*/$1/
> > >         MaxSessions 1
> > >         <AuthBy FILE>
> > >         </AuthBy>
> > >         AcctLogFileName %L/bbeyond/details
> > >         PasswordLogFileName %L/bbeyond/uunet-passwords.log
> > > </Handler>
> > >
> > > If I set MaxSessions 0, it works and rejects all sessions, but when I
>
> set
>
> > > MaxSessions to 1 it allows the second connection with the same
> > > username.
> > >
> > > MaxSessions 0:
> > >
> > > Thu Jul 12 11:30:06 2001: DEBUG: Reading users file
> > > /opt/radiator-2.18/raddb/users
> > > Thu Jul 12 11:30:06 2001: DEBUG: Reading users file
> > > /opt/radiator-2.18/raddb/users
> > > Thu Jul 12 11:30:06 2001: INFO: Server started: Radiator 2.18.2 on
> > > bbyrad1.bbeyond.nl
> > > Thu Jul 12 11:30:25 2001: DEBUG: Packet dump:
> > > *** Received from 62.177.149.2 port 1645 ....
> > > Code:       Access-Request
> > > Identifier: 102
> > > Authentic:  z<211><178><22><170><220><204><200><219>w6<5>;<11>>:
> > > Attributes:
> > >         User-Name = "[EMAIL PROTECTED]"
> > >         User-Password = "_<178><219>A<0><201><238><192>3<130><183>
> > > <28>@q<228>"
> > >         NAS-IP-Address = 213.116.1.14
> > >         NAS-Port = 70
> > >         NAS-Port-Type = Sync
> > >         Service-Type = Framed-User
> > >         Framed-Protocol = PPP
> > >         State = ""
> > >         Calling-Station-Id = "235652175"
> > >         Called-Station-Id = "0107110035"
> > >         Acct-Session-Id = "328619273"
> > >         Ascend-Data-Rate = 64000
> > >         Ascend-Xmit-Rate = 64000
> > >         Proxy-State =
> > > PX01<0><0><*z<211><178><22><170><220><204><200><219>w6<5>;
>
> <11>>:<0><2><6><149><213>t<1><14><0><0><0><0><0><0><0><0><0><0><0>F<0><2>
>
> > ><7> <20>
> >
> ><177><144><3><0><0><0><0><0><0><0><0><0><0><5><22><0><224><199><221>h<25
> >
> > > >1><
> > >
> > > 225>
> > > <236>&<13>XA<188>NY<153>O
> > >
> > > Thu Jul 12 11:30:25 2001: DEBUG: Check if Handler Realm=bbeyond.nl
>
> should
>
> > > be use
> > > d to handle this request
> > > Thu Jul 12 11:30:25 2001: DEBUG: Handling request with Handler
> > > 'Realm=bbeyond.nl
> > > '
> > > Thu Jul 12 11:30:25 2001: DEBUG: Rewrote user name to uunoc
> > > Thu Jul 12 11:30:25 2001: DEBUG:  Deleting session for
> > > [EMAIL PROTECTED], 213.116
> > > .1.14, 70
> > > Thu Jul 12 11:30:25 2001: INFO: Access rejected for uunoc: MaxSessions
> > > exceeded
> > > Thu Jul 12 11:30:25 2001: DEBUG: Packet dump:
> > > *** Sending to 62.177.149.2 port 1645 ....
> > > Code:       Access-Reject
> > > Identifier: 102
> > > Authentic:  z<211><178><22><170><220><204><200><219>w6<5>;<11>>:
> > > Attributes:
> > >         Reply-Message = "Request Denied"
> > >
> > > MaxSessions 1:
> > >
> > > Thu Jul 12 11:31:26 2001: NOTICE: SIGTERM received: stopping
> > > Thu Jul 12 11:31:28 2001: DEBUG: Reading users file
> > > /opt/radiator-2.18/raddb/users
> > > Thu Jul 12 11:31:28 2001: DEBUG: Reading users file
> > > /opt/radiator-2.18/raddb/users
> > > Thu Jul 12 11:31:29 2001: INFO: Server started: Radiator 2.18.2 on
> > > bbyrad1.bbeyond.nl
> > > Thu Jul 12 11:31:37 2001: DEBUG: Packet dump:
> > > *** Received from 62.177.149.1 port 1645 ....
> > > Code:       Access-Request
> > > Identifier: 173
> > > Authentic:  <242><12> <252>)<203>T<230><252><143>P<201><22>}9Y
> > > Attributes:
> > >         User-Name = "[EMAIL PROTECTED]"
> > >         User-Password = "e<218><137><3>\<17><241><230>gi<150>q <208>cn"
> > >         NAS-IP-Address = 213.116.1.30
> > >         NAS-Port = 2054
> > >         NAS-Port-Type = Sync
> > >         Service-Type = Framed-User
> > >         Framed-Protocol = PPP
> > >         State = ""
> > >         Calling-Station-Id = "235652175"
> > >         Called-Station-Id = "0107110035"
> > >         Acct-Session-Id = "347654980"
> > >         Ascend-Data-Rate = 64000
> > >         Ascend-Xmit-Rate = 64000
> > >         Proxy-State = PX01<0><0><9><254><242><12>
> > > <252>)<203>T<230><252><143>P<2
>
> 01><22>}9Y<0><2><6><140><213>t<1><30><0><0><0><0><0><0><0><0><0><0><8><6>
>
> > ><0> <2><
>
> 7><20>><177><144><3><0><0><0><0><0><0><0><0><0><0><5><22><0>u<151><253>^<
>
> > >30> H<18
> > > 5><142><234><10>v\w<187><218>n
> > >
> > > Thu Jul 12 11:31:37 2001: DEBUG: Check if Handler Realm=bbeyond.nl
>
> should
>
> > > be use
> > > d to handle this request
> > > Thu Jul 12 11:31:37 2001: DEBUG: Handling request with Handler
> > > 'Realm=bbeyond.nl
> > > '
> > > Thu Jul 12 11:31:37 2001: DEBUG: Rewrote user name to uunoc
> > > Thu Jul 12 11:31:37 2001: DEBUG:  Deleting session for
> > > [EMAIL PROTECTED], 213.116
> > > .1.30, 2054
> > > Thu Jul 12 11:31:37 2001: DEBUG: Handling with Radius::AuthFILE
> > > Thu Jul 12 11:31:37 2001: DEBUG: Radius::AuthFILE looks for match with
> > > uunoc Thu Jul 12 11:31:37 2001: DEBUG: Radius::AuthFILE ACCEPT:
> > > Thu Jul 12 11:31:37 2001: DEBUG: Access accepted for uunoc
> > > Thu Jul 12 11:31:37 2001: DEBUG: Packet dump:
> > > *** Sending to 62.177.149.1 port 1645 ....
> > > Code:       Access-Accept
> > > Identifier: 173
> > > Authentic:  <242><12> <252>)<203>T<230><252><143>P<201><22>}9Y
> > > Attributes:
> > >         Proxy-State = PX01<0><0><9><254><242><12>
> > > <252>)<203>T<230><252><143>P<2
>
> 01><22>}9Y<0><2><6><140><213>t<1><30><0><0><0><0><0><0><0><0><0><0><8><6>
>
> > ><0> <2><
>
> 7><20>><177><144><3><0><0><0><0><0><0><0><0><0><0><5><22><0>u<151><253>^<
>
> > >30> H<18
> > > 5><142><234><10>v\w<187><218>n
> > >         Service-Type = Framed-User
> > >         Framed-Protocol = PPP
> > > Thu Jul 12 11:32:09 2001: DEBUG: Packet dump:
> > > *** Received from 62.177.149.3 port 1645 ....
> > > Code:       Access-Request
> > > Identifier: 142
> > > Authentic:  <169>}<237><131><201><239><13>BCw<255><205><14><128><213>F
> > > Attributes:
> > >         User-Name = "[EMAIL PROTECTED]"
> > >         User-Password =
> > > "<229>jVD<174><222><25><10>U<246>o<242><229><3><7>*" NAS-IP-Address =
> > > 213.116.1.11
> > >         NAS-Port = 3209
> > >         NAS-Port-Type = Sync
> > >         Service-Type = Framed-User
> > >         Framed-Protocol = PPP
> > >         State = ""
> > >         Calling-Station-Id = "235652175"
> > >         Called-Station-Id = "0107110035"
> > >         Acct-Session-Id = "328849897"
> > >         Ascend-Data-Rate = 64000
> > >         Ascend-Xmit-Rate = 64000
> > >         Proxy-State =
> > > PX01<0><0>]<184><169>}<237><131><201><239><13>BCw<255><205
> >
> ><14><128><213>F<0><2><6><142><213>t<1><11><0><0><0><0><0><0><0><0><0><0>
> >
> > > ><12 <13
>
> 7><0><2><7><20>><177><144><3><0><0><0><0><0><0><0><0><0><0><5><22><0><130
>
> > >>s< 205>
> > >
> > > <<224><149>z<143>gH<147><173>k/<221><239>
> > >
> > > Thu Jul 12 11:32:09 2001: DEBUG: Check if Handler Realm=bbeyond.nl
>
> should
>
> > > be use
> > > d to handle this request
> > > Thu Jul 12 11:32:09 2001: DEBUG: Handling request with Handler
> > > 'Realm=bbeyond.nl
> > > '
> > > Thu Jul 12 11:32:09 2001: DEBUG: Rewrote user name to uunoc
> > > Thu Jul 12 11:32:09 2001: DEBUG:  Deleting session for
> > > [EMAIL PROTECTED], 213.116
> > > .1.11, 3209
> > > Thu Jul 12 11:32:09 2001: DEBUG: Handling with Radius::AuthFILE
> > > Thu Jul 12 11:32:09 2001: DEBUG: Radius::AuthFILE looks for match with
> > > uunoc Thu Jul 12 11:32:09 2001: DEBUG: Radius::AuthFILE ACCEPT:
> > > Thu Jul 12 11:32:09 2001: DEBUG: Access accepted for uunoc
> > > Thu Jul 12 11:32:09 2001: DEBUG: Packet dump:
> > > *** Sending to 62.177.149.3 port 1645 ....
> > > Code:       Access-Accept
> > > Identifier: 142
> > > Authentic:  <169>}<237><131><201><239><13>BCw<255><205><14><128><213>F
> > > Attributes:
> > >         Proxy-State =
> > > PX01<0><0>]<184><169>}<237><131><201><239><13>BCw<255><205
> >
> ><14><128><213>F<0><2><6><142><213>t<1><11><0><0><0><0><0><0><0><0><0><0>
> >
> > > ><12 <13
>
> 7><0><2><7><20>><177><144><3><0><0><0><0><0><0><0><0><0><0><5><22><0><130
>
> > >>s< 205>
> > >
> > > <<224><149>z<143>gH<147><173>k/<221><239>
> > >         Service-Type = Framed-User
> > >         Framed-Protocol = PPP
> > >
> > > Regards,
> > > Dmitry Kopylov
> > >
> > > Network Architect ISP/DSL
> > > BBned
> > > Saturnusstraat 40-44
> > > 2132 HB Hoofdorp
> > > Phone: +31 23 5659953
> > > Fax:     +31 23 5633356
> > > Mobile: +31 62 7047960
> > > ===
> > > Archive at http://www.open.com.au/archives/radiator/
> > > Announcements on [EMAIL PROTECTED]
> > > To unsubscribe, email '[EMAIL PROTECTED]' with
> > > 'unsubscribe radiator' in the body of the message.
> >
> > ===
> > Archive at http://www.open.com.au/archives/radiator/
> > Announcements on [EMAIL PROTECTED]
> > To unsubscribe, email '[EMAIL PROTECTED]' with
> > 'unsubscribe radiator' in the body of the message.

-- 
Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) MaxSessions issue, still a problem

Reply via email to
