Message-ID: <06a601c1ea33$7dd7c950$14c22cc7@photon> From: "Josh Hillman" <admin-maillist@talstar.com> Subject: Re: [Emerald] Users staying online Date: Mon, 22 Apr 2002 15:25:41 -0400
Oops... Vilmos, I gave you incorrect information on the first script. Use
this:
UPDATE ServerPorts
SET SNMPUser = '.1.3.6.1.4.1.529.12.3.1.4.'
instead of what I mentioned a few minutes ago:
UPDATE ServerPorts
SET SNMPUser = '.1.3.6.1.4.1.529.12.3.1.4.' + convert(varchar(5), Port+1)
I'm not sure how I messed that up...
Josh
----- Original Message -----
From: "Josh Hillman" <admin-maillist@talstar.com>
To: <emerald@iea-software.com>
Sent: Monday, April 22, 2002 3:18 PM
Subject: Re: [Emerald] Users staying online
>
> ----- Original Message -----
> From: "Vilmos Branyik" <vbranyik@piopc.com>
> > Thanks for the detailed reply, but could you answer a few more
questions?
> >
> > All my units are MAX 40xx so is the below script correct?
> >
> > UPDATE ServerPorts
> > SET SNMPUser = '.1.3.6.1.4.1.529.12.3.1.4.5.'
>
> Use this script:
>
> UPDATE ServerPorts
> SET SNMPUser = '.1.3.6.1.4.1.529.12.3.1.4.' + convert(varchar(5), Port+1)
>
> > I can enter this using MS Query (I'm running SQL 6.5)
>
> You can do it that way or use ISQL/w.
>
> > On the Max it looks like SNMP is already setup. Here is what is already
in
> > SNMP Options under 90-900 Mod Config:
> >
> > Read Comm=public
> > R/W Comm Enable=Yes
> > R/W Comm=write
> > Security=no
> > RD Mgr1=0.0.0.0
> > RD Mgr2=0.0.0.0
> > RD Mgr3=0.0.0.0
> > RD Mgr4=0.0.0.0
> > RD Mgr5=0.0.0.0
> > WR Mgr1=0.0.0.0
> > WR Mgr2=0.0.0.0
> > WR Mgr3=0.0.0.0
> > WR Mgr4=0.0.0.0
> > WR Mgr5=0.0.0.0
> > Queue Depth=0
>
> IMMEDIATELY change the "Read Comm" AND the "R/W Comm" to something else
> (think of them as passwords). The last thing you want is to have anyone
out
> there to have your SNMP read/write community name. Remember that messages
> to this list are available on the web shortly after their posted, so if
you
> don't change those community names now, you put your maxes at a serious
> security risk.
>
> > I pretty sure I should enable security, it doesn't look like I have any
> now.
> > So if there is a hole I don't want to leave it open.
>
> You can leave the "Security" option set to "No". SNMP concurrency control
> will work with it set to no.
>
> > If I enable security should I change the Read Com value to something
else?
>
> See above.
>
> > Or would it be OK to leave it as public. Also do I need to include the
IP
> > address of the server that is running Radius in the RD Mgr1 and WR Mgr1
> > values?
>
> Leave the RD and WR Mgr settings as 0.0.0.0. Actually, of all of the
things
> you displayed, you only need to change the two community names.
>
> > Do I need to set up a SNMP Trap?
>
> No.
>
> > Lastly, I didn't quite understand the RadCheckOnlineSNMP procedure. Is
it
> > already built into the system or is that something I have to add? If I
> have
> > to add it, where do I do that?
>
> That, I don't remember. You can take a look in SQL Enterprise Manager,
> though in 6.5, I don't remember where. Here's my stored procedure (from
> Emerald 2.5):
>
> CREATE PROCEDURE RadCheckOnlineSNMP @Username varchar(64) AS
> SELECT s.IPAddress,
> s.ServerType,
> s.Community,
> sp.SNMPUser,
> sp.AcctSessionID
> FROM Servers s, ServerPorts sp
> WHERE s.ServerID = sp.ServerID
> AND Username=@Username
> AND AcctStatusType=1
>
> UNION
>
> SELECT NASIdentifier, 0, NULL, NULL, NULL
> FROM RadRoamPorts
> WHERE Username=@Username
>
>
> > Thanks for your help and sorry about the delay in reposting. I got
called
> > out for a week.
>
> You're welcome. Get those community names changed!
>
> Oh, once you change the community names, run this:
>
> UPDATE Servers SET Community = 'abcxyz'
>
> (changing abcxyz to whatever your new community name is)
>
> Josh
>
> > -----Original Message-----
> > From: Josh Hillman [mailto:admin-maillist@talstar.com]
> > Sent: Tuesday, April 16, 2002 8:31 AM
> > To: emerald@iea-software.com
> > Subject: Re: [Emerald] Users staying online
> >
> >
> > Matt,
> >
> > See this:
> > http://www.iea-software.com/radiusnt/faqs/SNMP-Concurrency.html
> >
> > We've been using the SNMP concurrency control with our Max 40xx units
for
> > quite some time and have never had any problems with it.
> >
> > Use this SQL script to update your ServerPorts table, changing the last
> line
> > as needed (see further below):
> >
> > UPDATE ServerPorts
> > SET SNMPUser = '.1.3.6.1.4.1.529.12.3.1.4.' + convert(varchar(5),
Port+1)
> > WHERE ServerID = 1234
> >
> > If all of your NASes are Ascend Max 40xx units, then you can just
comment
> > out or delete the "WHERE..." line. Otherwise, enter the appropriate
> > ServerID value there for each of your Maxes. You can use "SELECT * FROM
> > Servers" to see the details for each of them.
> >
> > Be sure to read the rest of the info on that webpage I mentioned,
> especially
> > the part regarding "RadCheckOnlineSNMP"
> >
> > You will also need to make sure that you have RadiusNT configured
> correctly.
> > Go into the Admin and make sure that "SNMP Concurrency" or something
like
> > that (can't remember what it is in RadiusNT 2.5) is selected as well as
> any
> > other concurrency control options. If any changes are made, you'll have
> to
> > restart RadiusNT. Because you're using Ascend equipment, you will
> probably
> > have to fix this registry entry after saving your RadiusNT config. As
far
> > as I know, IEA Software never fixed the 2.5 admin to handle this entry
> > correctly. You can make a file named (whatever.reg) and enter the
> following
> > lines in it, then just double-click on the file on your RadiusNT server.
> > Or, just go into the registry and fix the entry before starting
RadiusNT:
> >
> > REGEDIT4
> >
> > [HKEY_LOCAL_MACHINE\SOFTWARE\IEA\RadiusNT]
> > "AllowMalformed"="3"
> >
> >
> > Also, make sure that your Maxes have the latest version TAOS. For the
> 40xx
> > series, the latest version at the time that I'm writing this is 7.0.28:
> > ftp://ftp.ascend.com/pub/Software-Releases/Max/Release-7.0.X/
> > This was released on 2/13/02. Prior to that, 7.0.26 was the latest
> version
> > for quite some time.
> >
> > Josh
> >
> >
> > ----- Original Message -----
> > From: "Vilmos Branyik" <vbranyik@piopc.com>
> > To: <emerald@iea-software.com>
> > Sent: Monday, April 15, 2002 9:50 PM
> > Subject: [Emerald] Users staying online
> >
> >
> > > In the past several days we have been having a problem with users
> staying
> > > online even though they have been disconnected.
> > >
> > > I can clear them on the online view and they are then able to login.
> > >
> > > I saw some information about SNMP Concurrency control but it really
> didn't
> > > make a lot of sense to me.
> > >
> > > We are using Emerald 2.5.342 and Ascend Max 4000 series access
servers.
> > >
> > > Do I have to enable SNMP or is there some other way to fix this. If I
> have
> > > to do this is there some sort of step by step guide to getting this
> > feature
> > > to work?
> > >
> > > Thanks in advance for any help you can give me.
> > >
> > > Matt Branyik
> > >
> > > Pioneer PC Associates
> > > www.piopc.net
> > > ------------
> > >
> > <snip>
> > ------------
> >
> > This is a user supported list. If you require assistance from IEA
> Software's
> > Support Engineers, please check out our Support resources at
> > http://www.iea-software.com/support.
> >
> > For more information about this list (including removal) go to:
> > http://www.iea-software.com/support/maillists/liststart
>
> ------------
>
> This is a user supported list. If you require assistance from IEA
Software's
> Support Engineers, please check out our Support resources at
> http://www.iea-software.com/support.
>
> For more information about this list (including removal) go to:
> http://www.iea-software.com/support/maillists/liststart
>
.