Hi Radius Gurus I have a problem with one not-so-typical situation. First of all, I am running daloradius on top of Freeradius: [root@radman ~]# radiusd -v radiusd: FreeRADIUS Version 2.1.7, for host i686-redhat-linux-gnu, built on Mar 31 2010 at 00:25:31 Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. I have just update my network topology and therefore I moved some NASes from one server to another. When I did this change, obviously I did it without worrying what could happen to the radiusd. So I simply moved the NASes on new IPs/servers and restarted the radiusd. Now I have the users trying to get into the network but they look "online" to radiusd on the old NASes. In few words the connection is refused because radiusd thinks that the user is ALREADY online on the "old NAS" (not true) and it does not permit the user to get into the network. So I have this teasing menu option in daloradius which is called "Cleanup Stale Sessions". I think it does exactly what I need but: 1) I do not want to break the radiusd 2) I do not want to loose my radius logs ("who had that IP that day..") 3) I do not know if this is the right "button" to click So I am asking you if you have any idea of how to solve this issue and if I should click that button Thank you in advance (radiusd log follows) ----------------------------------------------------------------------- Auth: Multiple logins (max 1) [MPP attempt]: [myuser@mynet.org] (from client xyz port 45118 cli 00:15:6D:5E:0A:82) ----------------------------------------------------------------------- -- Ing. Paolo Di Francesco Level7 s.r.l. unipersonale Sede operativa: Largo Montalto, 5 - 90144 Palermo C.F. e P.IVA 05940050825 Fax : +39-091-8772072 assistenza: (+39) 091-8776432 web: http://www.level7.it
Hi,
So I have this teasing menu option in daloradius which is called "Cleanup Stale Sessions". I think it does exactly what I need but:
1) I do not want to break the radiusd 2) I do not want to loose my radius logs ("who had that IP that day..") 3) I do not know if this is the right "button" to click
you can proably look at the source. i would guess that it would simply close any accounting sessions which dont have a stop already - though how it does that (ie what time period it looks for any accounts to be older than, i dont know - maybe a day, maybe the last minute). i'm going to guess it wont break radiusd (any further than yours is already ;-) ) i'm going to assume that all it does is close each session to ensure that simultaneous usage wont show that they are already on...you may need to flush the radwho i'm sure it'll help, after all, it is too teasing a button. much like a big red button that says 'dont press' ;-) alan
Hi Alan, hum... any freeradius script/comand that I could use instead of the teasing red button with the "don't press this button" written on it? :) Afterall I only want to "flush" the sessions older than 1 day
Hi,
So I have this teasing menu option in daloradius which is called "Cleanup Stale Sessions". I think it does exactly what I need but:
1) I do not want to break the radiusd 2) I do not want to loose my radius logs ("who had that IP that day..") 3) I do not know if this is the right "button" to click
you can proably look at the source. i would guess that it would simply close any accounting sessions which dont have a stop already - though how it does that (ie what time period it looks for any accounts to be older than, i dont know - maybe a day, maybe the last minute).
i'm going to guess it wont break radiusd (any further than yours is already ;-) )
i'm going to assume that all it does is close each session to ensure that simultaneous usage wont show that they are already on...you may need to flush the radwho
i'm sure it'll help, after all, it is too teasing a button. much like a big red button that says 'dont press' ;-)
alan
-- Ing. Paolo Di Francesco Level7 s.r.l. unipersonale Sede operativa: Largo Montalto, 5 - 90144 Palermo C.F. e P.IVA 05940050825 Fax : +39-091-8772072 assistenza: (+39) 091-8776432 web: http://www.level7.it
Hi,
Hi Alan,
hum... any freeradius script/comand that I could use instead of the teasing red button with the "don't press this button" written on it? :)
i'm guessing your system uses SQL (eg MySQL) in the backend for accounting..so its an sql command you'll be wanting rather than a freeradius command - check the wiki, i'm sure there is something there... alan
Hi Alan and all I am writing you to let you know that I solved this problem Yes, the auth was done with sql (sorry for not being more precise before) I surfed the tables and delete the NULL field in the right places (customers not being authenticated) It worked and I could feeel much more confortable of the "push this button". I could work on single entries and see if the error was stopping for each single user. So yes, the "damn line of code" works much better than the sexy button ;) Thanks to all for the suggestions.
Hi,
Hi Alan,
hum... any freeradius script/comand that I could use instead of the teasing red button with the "don't press this button" written on it? :)
i'm guessing your system uses SQL (eg MySQL) in the backend for accounting..so its an sql command you'll be wanting rather than a freeradius command - check the wiki, i'm sure there is something there...
alan
-- Ing. Paolo Di Francesco Level7 s.r.l. unipersonale Sede operativa: Largo Montalto, 5 - 90144 Palermo C.F. e P.IVA 05940050825 Fax : +39-091-8772072 assistenza: (+39) 091-8776432 web: http://www.level7.it
Snip "much like a big red button that says 'dont press' ;-)" Ah, I did that once just to see what would happen. I STRONGLY recommend against it..... No I really didn't, but it is REALLY tempting some days! <font size="1"> <div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'> </div> "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system." </font>
Hi Gary I did the same in many other situations, and not always I got the expected result. In some circumstances it was working, in others it was like the "press here to collapse the world" just with the stickers "press me honey" on top of it. Just wondering if somebody can point me to the right link, script or whatever to solve this problem... So I will not press the button! ;)
Snip
"much like a big red button that says 'dont press' ;-)"
Ah, I did that once just to see what would happen. I STRONGLY recommend against it.....
No I really didn't, but it is REALLY tempting some days!
<font size="1"> <div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'> </div> "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system." </font>
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Ing. Paolo Di Francesco Level7 s.r.l. unipersonale Sede operativa: Largo Montalto, 5 - 90144 Palermo C.F. e P.IVA 05940050825 Fax : +39-091-8772072 assistenza: (+39) 091-8776432 web: http://www.level7.it
On Tue, Jun 21, 2011 at 6:17 AM, Paolo Di Francesco <paolo.difrancesco@level7.it> wrote:
Hi Gary
I did the same in many other situations, and not always I got the expected result.
In some circumstances it was working, in others it was like the "press here to collapse the world" just with the stickers "press me honey" on top of it.
Just wondering if somebody can point me to the right link, script or whatever to solve this problem...
That depends on what you use to track simultaneous use. What's on "session" section of sites-available/default? Is it radutmp? sql? If it's radutmp, try "man radzap" and "man radwho". If it's sql, you should be able to just update your radacct table. What to update might be different in different implementation. IIRC the default schema marks ongoing session with a NULL on acctstoptime, so you could probably just update it to current time. My implementation is somewhat different, in that it stores Acct-Status-Type and use AcctStopTime to record the time the accounting packet was received. In any case, look at your radacct table and accounting queries (e.g. sql/mysql/dialup.conf), and you should be able to find out what to change. -- Fajar
Hi radius gurus, I am still having issues with this configuration. In few words I am still "cleaning" by hand some users but I would love that would be done by radius each time that it checks if the user is online or not. In few words: 1) the user is disconnected 2) the user tries to get into the net, and it knocks the NAS 3) the NAS knocks the radius saying "hey this guy wants to get in" 4) the radius asks to the NAS "hey the user is already online or not?" and the NAS says "no I have no user with that name" (checkrad) 5) but the radius thinks the user is still online somewhere because it shows online into the mysql database, therefore the answer is "no, this user is already online somewhere" So I am looking for some script/hint/whatever to CLEAN those users who are not online but still "online" into the mysql. Suggestions very welcome!
Hi Radius Gurus
I have a problem with one not-so-typical situation.
First of all, I am running daloradius on top of Freeradius:
[root@radman ~]# radiusd -v radiusd: FreeRADIUS Version 2.1.7, for host i686-redhat-linux-gnu, built on Mar 31 2010 at 00:25:31 Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
I have just update my network topology and therefore I moved some NASes from one server to another.
When I did this change, obviously I did it without worrying what could happen to the radiusd. So I simply moved the NASes on new IPs/servers and restarted the radiusd.
Now I have the users trying to get into the network but they look "online" to radiusd on the old NASes. In few words the connection is refused because radiusd thinks that the user is ALREADY online on the "old NAS" (not true) and it does not permit the user to get into the network.
So I have this teasing menu option in daloradius which is called "Cleanup Stale Sessions". I think it does exactly what I need but:
1) I do not want to break the radiusd 2) I do not want to loose my radius logs ("who had that IP that day..") 3) I do not know if this is the right "button" to click
So I am asking you if you have any idea of how to solve this issue and if I should click that button
Thank you in advance
(radiusd log follows)
-----------------------------------------------------------------------
Auth: Multiple logins (max 1) [MPP attempt]: [myuser@mynet.org] (from client xyz port 45118 cli 00:15:6D:5E:0A:82)
-----------------------------------------------------------------------
-- Ing. Paolo Di Francesco Level7 s.r.l. unipersonale Sede operativa: Largo Montalto, 5 - 90144 Palermo C.F. e P.IVA 05940050825 Fax : +39-091-8772072 assistenza: (+39) 091-8776432 web: http://www.level7.it
Please search before asking... I wrote at least 10 times about this problem .... On 8/8/2011 12:22 PM, Paolo Di Francesco wrote:
Hi radius gurus,
I am still having issues with this configuration. In few words I am still "cleaning" by hand some users but I would love that would be done by radius each time that it checks if the user is online or not.
In few words:
1) the user is disconnected 2) the user tries to get into the net, and it knocks the NAS 3) the NAS knocks the radius saying "hey this guy wants to get in" 4) the radius asks to the NAS "hey the user is already online or not?" and the NAS says "no I have no user with that name" (checkrad) 5) but the radius thinks the user is still online somewhere because it shows online into the mysql database, therefore the answer is "no, this user is already online somewhere"
So I am looking for some script/hint/whatever to CLEAN those users who are not online but still "online" into the mysql.
Suggestions very welcome!
Hi Radius Gurus
I have a problem with one not-so-typical situation.
First of all, I am running daloradius on top of Freeradius:
[root@radman ~]# radiusd -v radiusd: FreeRADIUS Version 2.1.7, for host i686-redhat-linux-gnu, built on Mar 31 2010 at 00:25:31 Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
I have just update my network topology and therefore I moved some NASes from one server to another.
When I did this change, obviously I did it without worrying what could happen to the radiusd. So I simply moved the NASes on new IPs/servers and restarted the radiusd.
Now I have the users trying to get into the network but they look "online" to radiusd on the old NASes. In few words the connection is refused because radiusd thinks that the user is ALREADY online on the "old NAS" (not true) and it does not permit the user to get into the network.
So I have this teasing menu option in daloradius which is called "Cleanup Stale Sessions". I think it does exactly what I need but:
1) I do not want to break the radiusd 2) I do not want to loose my radius logs ("who had that IP that day..") 3) I do not know if this is the right "button" to click
So I am asking you if you have any idea of how to solve this issue and if I should click that button
Thank you in advance
(radiusd log follows)
-----------------------------------------------------------------------
Auth: Multiple logins (max 1) [MPP attempt]: [myuser@mynet.org] (from client xyz port 45118 cli 00:15:6D:5E:0A:82)
-----------------------------------------------------------------------
we searched before asking, but we did not find any reference. If you have references of previous conversations, please send me the pointers privately. Thank you
Please search before asking...
I wrote at least 10 times about this problem ....
On 8/8/2011 12:22 PM, Paolo Di Francesco wrote:
Hi radius gurus,
I am still having issues with this configuration. In few words I am still "cleaning" by hand some users but I would love that would be done by radius each time that it checks if the user is online or not.
In few words:
1) the user is disconnected 2) the user tries to get into the net, and it knocks the NAS 3) the NAS knocks the radius saying "hey this guy wants to get in" 4) the radius asks to the NAS "hey the user is already online or not?" and the NAS says "no I have no user with that name" (checkrad) 5) but the radius thinks the user is still online somewhere because it shows online into the mysql database, therefore the answer is "no, this user is already online somewhere"
So I am looking for some script/hint/whatever to CLEAN those users who are not online but still "online" into the mysql.
Suggestions very welcome!
Hi Radius Gurus
I have a problem with one not-so-typical situation.
First of all, I am running daloradius on top of Freeradius:
[root@radman ~]# radiusd -v radiusd: FreeRADIUS Version 2.1.7, for host i686-redhat-linux-gnu, built on Mar 31 2010 at 00:25:31 Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
I have just update my network topology and therefore I moved some NASes from one server to another.
When I did this change, obviously I did it without worrying what could happen to the radiusd. So I simply moved the NASes on new IPs/servers and restarted the radiusd.
Now I have the users trying to get into the network but they look "online" to radiusd on the old NASes. In few words the connection is refused because radiusd thinks that the user is ALREADY online on the "old NAS" (not true) and it does not permit the user to get into the network.
So I have this teasing menu option in daloradius which is called "Cleanup Stale Sessions". I think it does exactly what I need but:
1) I do not want to break the radiusd 2) I do not want to loose my radius logs ("who had that IP that day..") 3) I do not know if this is the right "button" to click
So I am asking you if you have any idea of how to solve this issue and if I should click that button
Thank you in advance
(radiusd log follows)
-----------------------------------------------------------------------
Auth: Multiple logins (max 1) [MPP attempt]: [myuser@mynet.org] (from client xyz port 45118 cli 00:15:6D:5E:0A:82)
-----------------------------------------------------------------------
-- Ing. Paolo Di Francesco Level7 s.r.l. unipersonale Sede operativa: Largo Montalto, 5 - 90144 Palermo C.F. e P.IVA 05940050825 Fax : +39-091-8772072 assistenza: (+39) 091-8776432 web: http://www.level7.it
Paolo Di Francesco <paolo.difrancesco@level7.it> wrote:
we searched before asking, but we did not find any reference. If you have references of previous conversations, please send me the pointers privately.
http://lmgtfy.com/?q=site%3Ahttp%3A%2F%2Flists.cistron.nl%2Fpipermail%2Ffree... Cheers -- Alexander Clouter .sigmonster says: Got a dictionary? I want to know the meaning of life.
participants (6)
-
Alan Buxey -
Alexander Clouter -
Fajar A. Nugraha -
Gary Gatten -
Marinko Tarlać -
Paolo Di Francesco