Re: [RadiusNT] Concurrency Control Doesn't Work, Help...

Dale E. Reed Jr. ( (no email) )
Thu, 10 Feb 2000 20:13:58 -0800

TIA wrote:
>
> >> "Request from host cefd387c" or the "NAS-Identifier=206.253.56.124"?
> >> i.e."cefd387c" or the IP address?
> >
> >NAS-Identifier.
>
> Even though the ServerPorts table has the correct ServerID from the Servers
> Table listed and the exact ports that the NAS reports and again from the
> Servers table -- I can see that the Servers Table simply assigns a number (6
> in this case) to the Server field (in this case rtr3-beloit) and to the IP
> address (in this case 206.253.56.124) -- I need to manually alter this (the
> ServerID) in the ServerPorts table and make it the IP (Nas-Identifier)? I'm
> sure this can't be so...

No. NAS-Identifier matches to Servers.IPAddress. The ServerPorts and
Servers table relate on ServerID.

> I have ran this script numerous times and it does not change any of the
> ports in any way as they are exactly the same as reported by the NAS , as
> reported in the Servers Table, as reported in the ServerPorts table, and
> reported as well as in the Calls Table. They all report or coincide exactly.

First, are you getting accounting packets (type=4)? Secondly, do you
have
some kind of trigger or manual calls update enabled? If you don't have
one of those two, then the calls online (server ports) will not be
updated.

> Does the NAS Type have anything to do with it? It is a type 9 stated as a
> Cisco 5200 but is actually a Cisco 2511, (the QuickStart folks said this
> wouldn't make any difference and that Concurrency Control was a snap). Has

Thats fine.

> anyone else confirmed without a doubt that Concurrency Control works on any
> NAS and not just with radlogin? I'm certain that this is just something
> totally stupid that I can't seem to resolve. And gosh, it's taken me almost
> 3 months of tinkering to get this far! Which brings up another point,

One of the other things with Ciscos, is that they send a start
record with an update record following. If the trigger updates the
server ports table with the update, and you are lookin for start
records, you won't see them.

> (besides the "I'm an idiot" thing..), what if you have several NAS's in one
> location, does that mean even if Concurrency Control worked, couldn't
> someone simply dial into another NAS and bypass the Concurrency Control?
> From what I gather,Concurrency Control is set on a per NAS basis and not
> across the complete authentication system. Any help would be greatly
> appreciated

No. Concurrency control is based on the username, not the server. If
you look at the RadCheckOnline proc, you'll see its just for the name,
not the user.

-- 

Dale E. Reed Jr.      Emerald and RadiusNT__________________________________________IEA Software, Inc.    www.iea-software.com

For more information about this list (including removal) go to:http://www.iea-software.com/support/maillists/liststart