[RadiusNT Digest]

radiusnt-digest-request@iea-software.com
Fri, 3 Jul 1998 00:00:50 -0700

Message 1: Re: Ip address and concurrency
from Thomas Kernen <tkernen@deckpoint.ch>

Message 2: Re: Ip address and concurrency
from Dale Reed <daler@iea-software.com>

Message 3: Re: Ip address and concurrency
from Thomas Kernen <tkernen@deckpoint.ch>

Message 4: Re: NAS-Port-Type
from "Mourad Dahoumane" <mdahoumane@interway.lu>

Message 5: Re: OT: Transparent Proxy
from "Carlo Gibertini" <carlo@nw.com.br>

Message 6: *reload*
from "Greg Lowthian" <greg@isat.com>

Message 7: Re: NAS-Port-Type
from "Dale E. Reed Jr." <daler@iea-software.com>

Message 8: Re: Ip address and concurrency
from "Dale E. Reed Jr." <daler@iea-software.com>

Message 9: Re: NAS-Port-Type
from "Mourad Dahoumane" <mdahoumane@interway.lu>

..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.
| Message 1 |
'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'
Subject: Re: Ip address and concurrency
From: Thomas Kernen <tkernen@deckpoint.ch>
Date: Thu, 02 Jul 1998 10:42:05 +0200

Dale,

here is the debug of a user. Running Radius 2.2, SQL 6.5 and Max 4000

radrecv: Request from host c226a091 code=1, id=49, length=93
User-Name = "*****"
Challenge-Response = "\001\377\252u\232\353\212\274\204Y"
NAS-Identifier = 194.38.160.145
NAS-Port = 10115
NAS-Port-Type = Sync
User-Service = Framed-User
Framed-Protocol = PPP
State = ""
Acct-Session-Id = "267525730"
rad_authenticate_ODBC()
Challenge-Response = "\001\377\252u\232\353\212\274\204Y"

SQL Statement: Select DateAdd(Day, (ma.extension + ma.overdue),
maExpireDate),
DateAdd(Day, sa.extension, saExpireDate), sa.AccountID, sa.AccountType,
sa.Passw
ord, sa.Login, sa.Shell, sa.LoginLimit From MasterAccounts ma,
SubAccounts sa W
here (sa.Login='*****' or sa.Shell='*****') AND
ma.CustomerID=sa.CustomerID
and sa.Active<>0 and ma.Active<>0

Checking for duplicate logins.

SQL Statement: Select Count(*) from CallsOnline Where UserName='*****'
and Ac
ctStatusType=1

***** found on-line 0 time(s).

SQL Statement: Select ra.RadAttributeID, Name, Data, Value, Type From
RadConfig
s rc, RadAttributes ra Where ra.RadAttributeID=rc.RadAttributeID AND
rc.AccountI
D=678

Loading radius defaults for this type...

SQL Statement: Select ra.RadAttributeID, Name, Data, Value, Type From
RadATConf
igs rc, RadAttributes ra Where ra.RadAttributeID=rc.RadAttributeID AND
rc.Accou
ntType='PPP'

Framed-Protocol = PPP (1)
User-Service = Framed-User (2)
Session-Timeout = 900 (900)
Ascend-Idle-Limit = 900 (900)
Sending Ack of id 49 to c226a091 (saratoga.deckpoint.ch)
Framed-Protocol = PPP
User-Service = Framed-User
Session-Timeout = 900
Ascend-Idle-Limit = 900

Resp Time: 430 Auth: 104/0 -> 104 Acct: 206/0/0 -> 206
radrecv: Request from host c226a091 code=4, id=180, length=90
User-Name = "******"
NAS-Identifier = 194.38.160.145
NAS-Port = 10115
NAS-Port-Type = Sync
Acct-Status-Type = Start
Acct-Delay-Time = 0
Acct-Session-Id = "267525730"
Acct-Authentic = RADIUS
Framed-Protocol = PPP
Framed-Address = 0.0.0.0

SQL Statement: INSERT INTO Calls
(CallDate,UserName,NASIdentifier,NASPort,NASPo
rtType,AcctStatusType,AcctDelayTime,AcctSessionId,AcctAuthentic,FramedProtocol,F
ramedAddress) VALUES
(GetDate(),'*****','194.38.160.145',10115,1,1,0,'26752573
0',1,1,'0.0.0.0')

SQL Statement: UPDATE CallsOnline Set UserName='*****',
AcctStatusType=1, Cal
lDate=GetDate(), FramedAddress='0.0.0.0' WHERE
NASIdentifier='194.38.160.145' a
nd NASPort=10115

Sending Accounting Ack of id 180 to c226a091 (saratoga.deckpoint.ch)

Dale Reed wrote:
>
> Thomas Kernen wrote:
> >
> > Hello,
> >
> > I've noticed that my calls online table doesn't seem to receive the IP
> > addresses for all my users. At the NAS level it's all ok. Running
> > RadiusNT 2.2.
>
> Do you mean some have the IP and some dont? Does the -x15 debug show
> Framed-Address for all the accounting start records?
>
> > Also, using concurrency control to allow multiple connections with the
> > same user ID I noticed that only MP and MPP connections will allow
> > adding channel ie: 2 seperate users using the same ID cannot login at
> > the same time even if the account allows multiple logins.
>
> Make sure you have variable login limits enabled. Otherwise, RadiusNT
> ignores the Login Limit field and uses one for all users.
>
> --
> Dale E. Reed Jr. (daler@iea-software.com)
> _________________________________________________________________
> IEA Software, Inc. | RadiusNT, Emerald, and NT FAQs
> Internet Solutions for Today | http://www.iea-software.com

..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.
| Message 2 |
'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'
Subject: Re: Ip address and concurrency
From: Dale Reed <daler@iea-software.com>
Date: Thu, 02 Jul 1998 02:24:01 -0700

Thomas Kernen wrote:
>
> here is the debug of a user. Running Radius 2.2, SQL 6.5 and Max 4000
>
> radrecv: Request from host c226a091 code=4, id=180, length=90
> User-Name = "******"
> NAS-Identifier = 194.38.160.145
> NAS-Port = 10115
> NAS-Port-Type = Sync
> Acct-Status-Type = Start
> Acct-Delay-Time = 0
> Acct-Session-Id = "267525730"
> Acct-Authentic = RADIUS
> Framed-Protocol = PPP
> Framed-Address = 0.0.0.0

This looks like an issue with the MAX itself. Several people have noted
that the MAX runing 6.x has memory issues on not releasing IP addresses
from the pool. Its possible that this is the issue you are seeing.
I would ask Ascend tech support about it and they can probably make a
recommendation on how to solve it.

-- Dale E. Reed Jr.  (daler@iea-software.com)_________________________________________________________________       IEA Software, Inc.      |  RadiusNT, Emerald, and NT FAQs Internet Solutions for Today  |   http://www.iea-software.com

..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.| Message 3 |'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'Subject: Re: Ip address and concurrencyFrom: Thomas Kernen <tkernen@deckpoint.ch>Date: Thu, 02 Jul 1998 12:38:44 +0200

Dale Reed wrote:> > > > Also, using concurrency control to allow multiple connections with the> > same user ID I noticed that only MP and MPP connections will allow> > adding channel ie: 2 seperate users using the same ID cannot login at> > the same time even if the account allows multiple logins.> > Make sure you have variable login limits enabled. Otherwise, RadiusNT> ignores the Login Limit field and uses one for all users.>

Dale,

yes I do have variable login limits enabled. As I mentioned, if a userhas a login limit of 2, he will be able to do channel bundling. On theother hand if he wants to login twice from 2 separate computers hewouldn't be able to login with the second connection.

Thomas

..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.| Message 4 |'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'Subject: Re: NAS-Port-TypeFrom: "Mourad Dahoumane" <mdahoumane@interway.lu>Date: Thu, 2 Jul 1998 14:11:33 +0200

>If you are running in ODBC only mode, the text file doesn't matter.>Not sure if you meant something else above?

It was just for info.

>>>You need to make NAS-Port-Type a CHECK attribute, not a reply attribute.>You need RadiusNT 2.5 for this, and in the RadATConfigs table, the>NAS-Port-Type record should havde the RadCheck value set to 1. All>other records will have RadCheck set to either NULL or 0.

I am using 2.5 . I didn't find where in Emeradmin I can specify it as acheck attribute.Can you tell me where I should find this.

RadATConfigID AccountType RadAttributeID Data ValueRadVendorID RadVendorType RadCheck------------- --------------- -------------- ---------------------------------------------------------------------------------------------------- -----------129 ISDNPRO 6Framed-User 2 (null) (null) 1130 ISDNPRO 7 PPP1 (null) (null) 1131 ISDNPRO 61 ISDN2 (null) (null) 1132 ISDNPRO 62 11 (null) (null) 1

..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.| Message 5 |'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'Subject: Re: OT: Transparent ProxyFrom: "Carlo Gibertini" <carlo@nw.com.br>Date: Thu, 2 Jul 1998 11:39:38 -0300

Ops.. Sorry

Wrong list.

Carlo

-----Original Message-----From: Dale Reed <daler@iea-software.com>To: radiusnt@iea-software.com <radiusnt@iea-software.com>Date: Quarta-feira, 1 de Julho de 1998 20:17Subject: Re: OT: Transparent Proxy

>Carlo Gibertini wrote:>>>> I am looking for a transparent proxy solution.>>>> Can someone point me in the direction, and list the pro and cons of using>> this tecnologies?>>If you mean proxying RADIUS requests, then you are most likely>looking for the Server Proxy feature of RadiusNT 2.5. If not,>then you define what kind of proxy you are talking about (and>possibly on the ntisp list, not here).>>-->Dale E. Reed Jr. (daler@iea-software.com)>_________________________________________________________________> IEA Software, Inc. | RadiusNT, Emerald, and NT FAQs> Internet Solutions for Today | http://www.iea-software.com>

..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.| Message 6 |'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'Subject: *reload*From: "Greg Lowthian" <greg@isat.com>Date: Thu, 2 Jul 1998 10:55:40 -0700

I upgraded my last server to 2.5.124 and now the *reload*stops both the service and x-15

radrecv: Request from host d14d0706 code=1, id=240, length=60 NAS-IP-Address = 127.0.0.1 NAS-Port = 0 User-Name = "*reload*" Password ="j\2314\354\241\011\011t\254\237\252u9\200\267\312"rad_auth(): check_item: PW_EXPIRATIONChecking user record PW_PASSWORD typeauthPapPwdchkPwd->strvalue is 123456decrypted pwd is 123456

Loading users...

C:\radius>

..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.| Message 7 |'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'Subject: Re: NAS-Port-TypeFrom: "Dale E. Reed Jr." <daler@iea-software.com>Date: Thu, 02 Jul 1998 12:10:39 -0700

Mourad Dahoumane wrote:> > >You need to make NAS-Port-Type a CHECK attribute, not a reply attribute.> >You need RadiusNT 2.5 for this, and in the RadATConfigs table, the> >NAS-Port-Type record should havde the RadCheck value set to 1. All> >other records will have RadCheck set to either NULL or 0.>> I am using 2.5 . I didn't find where in Emeradmin I can specify it as a> check attribute.> Can you tell me where I should find this.

Unfortunately, you wont, sine Emerald 2.2 and lower does not supportsome of the extended features (like ODBC check attributes) thatRadiusNT 2.5 supports. One of the easiest ways to change it is touse MS Query (in your SQL group), connect to your database, selectthe RadConfigs table. Double click the * in the field list andit will put all the fields in the grid below. Now the good partis to select "Records...Allow Editing" from the pull down menu. You'llbasically have an excel like spreadsheet where you can make changedto the RadCheck column for the records you need.

-- Dale E. Reed Jr.  (daler@iea-software.com)_________________________________________________________________       IEA Software, Inc.      |  RadiusNT, Emerald, and NT FAQs Internet Solutions for Today  |   http://www.iea-software.com

..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.| Message 8 |'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'Subject: Re: Ip address and concurrencyFrom: "Dale E. Reed Jr." <daler@iea-software.com>Date: Thu, 02 Jul 1998 12:18:29 -0700

Thomas Kernen wrote:> > > > Also, using concurrency control to allow multiple connections with the> > > same user ID I noticed that only MP and MPP connections will allow> > > adding channel ie: 2 seperate users using the same ID cannot login at> > > the same time even if the account allows multiple logins.> >> > Make sure you have variable login limits enabled. Otherwise, RadiusNT> > ignores the Login Limit field and uses one for all users.> > yes I do have variable login limits enabled. As I mentioned, if a user> has a login limit of 2, he will be able to do channel bundling. On the> other hand if he wants to login twice from 2 separate computers he> wouldn't be able to login with the second connection.

If this is an Ascend, have you checked your shared profiles setting?

-- Dale E. Reed Jr.  (daler@iea-software.com)_________________________________________________________________       IEA Software, Inc.      |  RadiusNT, Emerald, and NT FAQs Internet Solutions for Today  |   http://www.iea-software.com

..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.| Message 9 |'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'Subject: Re: NAS-Port-TypeFrom: "Mourad Dahoumane" <mdahoumane@interway.lu>Date: Thu, 2 Jul 1998 23:15:14 +0200

WAOU!! It works !!

Thanks Dale

>Unfortunately, you wont, sine Emerald 2.2 and lower does not support>some of the extended features (like ODBC check attributes) that>RadiusNT 2.5 supports. One of the easiest ways to change it is to>use MS Query (in your SQL group), connect to your database, select>the RadConfigs table. Double click the * in the field list and>it will put all the fields in the grid below. Now the good part>is to select "Records...Allow Editing" from the pull down menu. You'll>basically have an excel like spreadsheet where you can make changed>to the RadCheck column for the records you need.>>-- >Dale E. Reed Jr. (daler@iea-software.com)>_________________________________________________________________> IEA Software, Inc. | RadiusNT, Emerald, and NT FAQs> Internet Solutions for Today | http://www.iea-software.com