Hotspot snmp problem

classic Classic list List threaded Threaded
9 messages Options
| Threaded
Open this post in threaded view
|

Hotspot snmp problem

Robin-5
Hello,

A couple of us at work have been playing with a hotspot controller
(Internet Subscriber Server II ISS-4000) using freeradius and mysql for
authentication.  We are having problems with checkrad (totally to do with
the AP not being nice).

I'm not sure what is the best way to handle this.  I can snmpwalk the
device however the output does not appear to have information regarding
logins.  The manufacturer does not respond to queries so I'm hoping someone
else may have worked with this device.

Any help is appreciated,

Robin

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Hotspot snmp problem

Alan DeKok
Robin <[hidden email]> wrote:
> I'm not sure what is the best way to handle this.  I can snmpwalk the
> device however the output does not appear to have information regarding
> logins.  The manufacturer does not respond to queries so I'm hoping someone
> else may have worked with this device.

  The simplest way to deal with this is to set "nastype = other".
This will make the server believe it's database, and will not run
checkrad.

  checkrad isn't necessary, but it can help catch some corner cases.

  Alan DeKok.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Hotspot snmp problem

Robin-5
Hi again,

Is there anyway to test for Simultaneous use without checkrad?  I have read
past posts about using an sql only method and I understand this has it's
own problems.  However, if anyone has any docs which could help me out it's
appreciated.  Ideally I would like to have checkrad speak to the AP and
it's probably possible except snmpwalk'ing the device does not appear to
provide user login information.

Thanks again for all the help,

Robin

At 03:04 PM 8/10/2005, you wrote:

>Robin <[hidden email]> wrote:
> > I'm not sure what is the best way to handle this.  I can snmpwalk the
> > device however the output does not appear to have information regarding
> > logins.  The manufacturer does not respond to queries so I'm hoping
> someone
> > else may have worked with this device.
>
>   The simplest way to deal with this is to set "nastype = other".
>This will make the server believe it's database, and will not run
>checkrad.
>
>   checkrad isn't necessary, but it can help catch some corner cases.
>
>   Alan DeKok.
>
>-
>List info/subscribe/unsubscribe? See
>http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Hotspot snmp problem

Alan DeKok
Robin <[hidden email]> wrote:
> Is there anyway to test for Simultaneous use without checkrad?

  Yes.  The server already does this.

  As I said, the server maintains a database.  The only purpose of
checkrad is to catch corner cases.

> I have read past posts about using an sql only method and I
> understand this has it's own problems.  However, if anyone has any
> docs which could help me out it's appreciated.

  The server comes with documentation for Simultaneous-Use, which
includes documentation on configuring it via the "radutmp" module, and
in SQL.  Please read the documentation.

> Ideally I would like to have checkrad speak to the AP and it's
> probably possible except snmpwalk'ing the device does not appear to
> provide user login information.

  Then there's no use in having checkrad talk to the NAS, is there?

  Alan DeKok.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Hotspot snmp problem

Robin-5
Hi again,

I have been doing reading on the Simultaneous-use with the radutmp module
and sql.  I was hoping someone could help clarify some confusion I
have.  Using the Sql notes I inserted the Simultaneous attribute to the
radgroupcheck table, although I did change the dialup attribute to dynamic
as that is the group my login belongs to.  Using the sql.conf I uncommented
the simul_count_query (simul_verify_query was already uncommented).

I still see no output in the radutmp file, even though during loading it says,
Module: Loaded radutmp
  radutmp: filename = "/usr/local/var/log/radius/radutmp"
  radutmp: username = "%{User-Name}"
  radutmp: case_sensitive = yes
  radutmp: check_with_nas = no
  radutmp: perm = 384
  radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)

radacct has lots of details,

|        65 | 0090274649581b00000d | 37805f4083612f79 | robyn    |       |
69.67.164.218 |         0 | Ethernet    | 2005-08-15 15:45:00 | 2005-08-15
15:47:06 |             126
|               |                   |                  |          704551
|            55748 | 00-90-0E-00-B2-72 | 00-90-27-46-49-58 |
Session-Timeout    |             |                |
10.59.1.2       |              0 |             0 |

When I have an account start time and end time in the radacct, does that
not mean simul checking should be working?
Sorry for my lack of understanding on this process, I have read lots of
docs, I think it's just going to take me a little longer to get it.  :)


Thank you again for all your help,

Robin


At 12:21 PM 8/11/2005, you wrote:

>Robin <[hidden email]> wrote:
> > Is there anyway to test for Simultaneous use without checkrad?
>
>   Yes.  The server already does this.
>
>   As I said, the server maintains a database.  The only purpose of
>checkrad is to catch corner cases.
>
> > I have read past posts about using an sql only method and I
> > understand this has it's own problems.  However, if anyone has any
> > docs which could help me out it's appreciated.
>
>   The server comes with documentation for Simultaneous-Use, which
>includes documentation on configuring it via the "radutmp" module, and
>in SQL.  Please read the documentation.
>
> > Ideally I would like to have checkrad speak to the AP and it's
> > probably possible except snmpwalk'ing the device does not appear to
> > provide user login information.
>
>   Then there's no use in having checkrad talk to the NAS, is there?
>
>   Alan DeKok.
>
>-
>List info/subscribe/unsubscribe? See
>http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Hotspot snmp problem

Alan DeKok
Robin <[hidden email]> wrote:
> I still see no output in the radutmp file, even though during loading it says,

  A few problems:

  1) If the server does not receive accounting packets, nothing will go
     into radutmp, OR into SQL.

  2) if you configure Simultaneous-Use counting via SQL, you don't need
     radutmp

> When I have an account start time and end time in the radacct, does that
> not mean simul checking should be working?

  Why ask questions when you can read the debug log, and see exactly
what the server is doing, and why?

  We don't know how you've configured your system, you've only given
summaries.  YOU know how you've configured your system.

  READ the debug logs.

  Alan DeKok.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Hotspot snmp problem

Robin-5
Hi,,,

Once again, I apologize for my lack of understanding. I have been trying to
read all debug messages and start radiusd with -X however the only files
which get populated are ones created in the radacct directory.  The detail
files appear to be fine with start, alive and stop packets being listed,
but radius.log and radwtmp and radutmp are empty.  Is it possible, I
inadvertently set everything to log to the db only?

Sorry for testing your patience...  I think once I get up this curve a bit,
I should not have to ask these bad questions.

Thank you,

Robin


At 05:09 PM 8/15/2005, you wrote:

>Robin <[hidden email]> wrote:
> > I still see no output in the radutmp file, even though during loading
> it says,
>
>   A few problems:
>
>   1) If the server does not receive accounting packets, nothing will go
>      into radutmp, OR into SQL.
>
>   2) if you configure Simultaneous-Use counting via SQL, you don't need
>      radutmp
>
> > When I have an account start time and end time in the radacct, does that
> > not mean simul checking should be working?
>
>   Why ask questions when you can read the debug log, and see exactly
>what the server is doing, and why?
>
>   We don't know how you've configured your system, you've only given
>summaries.  YOU know how you've configured your system.
>
>   READ the debug logs.
>
>   Alan DeKok.
>
>-
>List info/subscribe/unsubscribe? See
>http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Hotspot snmp problem

Alan DeKok
Robin <[hidden email]> wrote:
> The detail files appear to be fine with start, alive and stop
> packets being listed, but radius.log and radwtmp and radutmp are
> empty.

  If radutmp is empty, the debug log will tell you why.

>  Is it possible, I inadvertently set everything to log to the db
> only?

  Certainly.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Hotspot snmp problem

Robin-5
Hi everyone,

Finally, have it working..  I did not comment out the radutmp in
radius.conf for the session database.  I had uncommented sql, although lots
of good that did.

Thanks again,

Robin



At 03:26 PM 8/16/2005, you wrote:

>Robin <[hidden email]> wrote:
> > The detail files appear to be fine with start, alive and stop
> > packets being listed, but radius.log and radwtmp and radutmp are
> > empty.
>
>   If radutmp is empty, the debug log will tell you why.
>
> >  Is it possible, I inadvertently set everything to log to the db
> > only?
>
>   Certainly.
>
>   Alan DeKok.
>-
>List info/subscribe/unsubscribe? See
>http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html