RE: [RadiusNT] Multiple entries in Calls table for same stop reco

Amir Sadeghi ( sadeghi@vianet.at )
Wed, 7 Apr 1999 12:16:01 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Previous message: Justin Thomas: "[RadiusNT] Upgrade to SQL"
Next message: Herman verschooten: "[RadiusNT] NTMail & RadiusNT"

Dale E. Reed Jr. wrote:
[>] Amir Sadeghi wrote:
[>] >
[>] > We are running RadiusNT 2.5.162 in ODBC mode on a MS
SQL Server 7 and
[>] > are encountering the following phenomena:
[>] > We administer the domain via.at. Our users can login
using for example
[>] > "herbie / herbiespwd" or alternatively "herbie@via.at
/ herbiespwd". To
[>] > facilitate this I created a record in RadRoamDomains
with domain =
[>] > 'via.at' which points to a record in RadRoamServers
with StripDomain = 1
[>] > and TreatAsLocal = 0 (which was curious enough for
me, because I would
[>] > have thought TreatAsLocal must be 1, but radiusnt
doesn't authenticate
[>] > users correctly in this case, anyway that's another
story and not really
[>] > important). I also configured radiusnt admin to
insert only stop records
[>] > into the calls table. What I am experiencing now is
that each time
[>] > herbie logs off there are 2 records inserted into the
calls table, one
[>] > with Username = 'herbie' and the second one with
UserName =
[>] > 'herbie@via.at'. All other attributes are identical.
This happens only
[>] > if herbie logged in using the domain suffix. We also
administer other
[>] > domains whose users MUST login using the domain
suffix
[>] > (RadRoamServer.TreatAsLocal = 1 and
RadRoamServer.StripDomain = 0) and
[>] > they don't display this behaviour.
[>] > Am I doing anything wrong or is this a feature? Is
there any way of
[>] > suppressing this?

[>] Without treataslocal set, RadiusNT is proxying to
itself. RadiusNT
[>] always records all accounting records that go through
it. Therefore,
[>] it logs the herbie@via.at, and then proxies the request
back to
[>] itself with just herbie, which is then logged again.
You need to set
[>] the treataslocal option to 1 to prevent this.

[>] You wold need to enable the treataslocal for the via.at
domain,
[>] restart RadiusNT, and send in the -x15 debug for a
login attempt
[>] for someone logging in with user@via.at.

As I indicated in my original mailing, RadiusNT doesn't authenticate
properly if the treataslocal flag is set. But I did follow your advice
and tried it again. I restarted radiusnt and it did authenticate
"herbie/herbiespwd" but not "herbie@via.at/herbiespwd".
A few more details about our configuration:
We have 4 records in RadRoamDomains, 1 DEFAULT-domain which has the
highest priority and points to a roaming-server
(RadRoamServers.TreatAsLocal = 0 and RadRoamServers.StripDomain = 0).
Then the already described via.at domain with second highest priority
and 2 other domains which we administer and have the lowest priority
(TreatAsLocal = 1 and StripDomain = 0). The only one which doesn't work
as expected is via.at.
The debug output for herbie / herbiespwd is:
RadiusNT 2.5.162 Enterprise Initialized...

radrecv: Request from host 7f000001 code=1, id=69, length=58
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
User-Name = "herbie"
User-Password =
"\251W\203{\271R\347\011I\246\023(\345\214\010\323"
rad_authenticate_ODBC()
User-Password =
"\251W\203{\271R\347\011I\246\023(\345\214\010\323"

SQL Statement: Select DateDiff(Minute, GetDate(),
DateAdd(Day,(ma.Extension+ma.OverDue+1), maExpireDate)),
DateDiff(Minute, GetDate(), DateAdd(Day, sa.Extension+1, saExpireDate)),
sa.AccountID, sa.AccountType, sa.Password, sa.Login, sa.Shell From
MasterAccounts ma, SubAccounts sa Where sa.Login='herbie' AND
ma.CustomerID=sa.CustomerID and sa.Active<>0 and ma.Active<>0
Decrypted Password: herbiespwd
Database Password: herbiespwd

SQL Statement: RadGetConfigs 2

Loading radius defaults for this type...

SQL Statement: RadGetATConfigs 'PPP'

Service-Type = 2 (2)
Framed-Protocol = 1 (1)
Sending Ack of id 69 to 7f000001 (localhost)
Service-Type = Framed
Framed-Protocol = PPP

Resp Time: 471 Auth: 1/0 -> 1 Acct: 0/0/0 -> 0

The debug-output for herbie@via.at / herbiespwd:
radrecv: Request from host 7f000001 code=1, id=13, length=65
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
User-Name = "herbie@via.at"
User-Password = "?\343\257\310\2203S\264\373\305w\305b\243P\302"
rad_authenticate_ODBC()
User-Password = "?\343\257\310\2203S\264\373\305w\305b\243P\302"
SQL Statement: Select DateDiff(Minute, GetDate(), DateAdd(Day,
ma.Extension+ma.OverDue+1)
, maExpireDate)), DateDiff(Minute, GetDate(), DateAdd(Day,
sa.Extension+1, saExpireDate)),
sa.AccountID, sa.AccountType, sa.Password, sa.Login, sa.Shell

Previous message: Justin Thomas: "[RadiusNT] Upgrade to SQL"
Next message: Herman verschooten: "[RadiusNT] NTMail & RadiusNT"