This chapter describes how to use the rad_tester utility to test a RADIUS configuration and how to use the pin_term_acct utility to test sending account request packets to the RADIUS server and monitor open sessions.
Before reading this chapter, you should be familiar with:
The rad_tester utility replicates the functionality of a terminal server by sending RADIUS packets to the RADIUS server. This is useful for testing and developing code. After a request is accepted, you can manually send another request packet. You can view the packets sent by rad_tester in the debug log file /var/portal/7.5/radius/radius.log.
Note:
This utility is not designed for performance testing or load testing where concurrency is important.See "rad_tester" for information on utility parameters. See "Running rad_tester" for information on using this utility.
Before you use rad_tester, configure Oracle Communications Billing and Revenue Management (BRM) RADIUS Manager. You must also configure the accounting and authentication ports, the client from where you will run the rad_tester utility, and the dictionary file. You can then create the authentication, start accounting, and stop accounting RADIUS input packet files. Then you run rad_tester to simulate RADIUS activity.
The accounting and authentication ports are defined in the $CORE section of the RADIUS configuration file (BRM_home/apps/radius/config, where BRM_home is the directory in which BRM components are installed). This was done during RADIUS server configuration. Ensure that the ports are properly configured.
See "Setting the IP Port Numbers".
For example:
listen {
port = 1812
}
listen {
port = 1813
}
Ensure that the client computer is included in the client list. The client list is defined in the $CORE section of the RADIUS configuration file (BRM_home/apps/radius/config).
For example:
client {
addr = 156.151.55.9
secret = testing123
}
client {
addr = 156.151.37.81
secret = testing123
}
For each simulated user, you must create three input RADIUS packets: auth, start, and stop. You can include all three packets in a single file, or you can use three separate files (to test opcode, use a single file; to simulate timing, use three files). Place these files in a directory on the client.
Each packet is defined by a series of attribute-value pairs delimited by one or more blank lines. Use this format for attribute-value pairs:
Attribute_name = Attribute value
Note:
In rad_tester, blank lines indicate the end of a record. Use blank lines only when formatting three packets in one file.Before starting rad_tester, ensure that the RADIUS server is running. To run rad_tester, use the following command:
rad_tester -h host_name -p 1812 -a 1813 -s testing123 -O 30 -f input_packet
See "rad_tester" for parameter descriptions.
The following examples show how to simulate authentication and how to start and stop accounting.
An auth input packet simulates an authentication request from a Network Access Server (NAS). The specified user name must be a valid user.
For example:
Request-Type = Auth-Req User-Name = username User-Password = userpassword NAS-Identifier = 1.1.1.1 NAS-Port = 1
A start input packet simulates a start accounting request from the NAS. The Acct_Session_Id value must be changed to a different value each time this request is sent to RADIUS Manager. Each session ID number must be unique because RADIUS Manager discards duplicate requests.
For example:
Request-Type = Acct-Req User-Name = username NAS-Identifier = 1.1.1.1 NAS-Port = 1 Acct-Status-Type = Start Acct-Session-Id = 10
A stop input packet simulates a stop accounting request from the NAS. The Acct_Session_Id value must be identical to the one specified in the corresponding start request packet.
For example:
Request-Type = Acct-Req User-Name = username NAS-Identifier = 1.1.1.1 NAS-Port = 1 Acct-Status-Type = Stop Acct-Session-Id = 10 Acct-Delay-Time = 1 Acct-Session-Time = 3600
Note:
You can add any parameters as long as they conform to the data dictionary and RFC 2865: Remote Authentication Dial In User Service (RADIUS).An interim input packet simulates an update accounting request from the NAS. The Acct_Session_Id value must be identical to the one specified in the corresponding start request packet.
For example:
Request-Type = Acct-Req User-Name = username NAS-Identifier = 1.1.1.1 Framed-IP-Address = 1.1.1.1 NAS-Port = 1 Acct-Status-Type = Interim-Update Acct-Session-Id = 10 Acct-Delay-Time = 1 Acct-Session-Time = 3600
You manually send the sample input packets to the RADIUS server. Use the following commands to simulate authentication and to start and stop accounting for users:
rad_tester -h host_name -p 1812 -a 1813 -s testing123 -O 30 -f auth_pkt.sample rad_tester -h host_name -p 1812 -a 1813 -s testing123 -O 30 -f start_pkt.sample rad_tester -h host_name -p 1812 -a 1813 -s testing123 -O 30 -f stop_pkt.sample
You use the pin_term_acct utility to perform the following tasks:
Simulate receiving Accounting-On or Accounting-Off requests from a terminal server by manually calling the PCM_OP_IP_DIALUP_ACCOUNTING_ON and PCM_OP_IP_DIALUP_ACCOUNTING_OFF opcodes from RADIUS Manager.
This is useful if the terminal server crashes before sending an Accounting-Off packet. The time parameter (-t) for this utility allows sessions on the affected terminal server to be closed and billed at or before the time of the terminal server crash. This ensures that subscribers are not overbilled for connection time.
Create a list of all opened sessions based on TERMSERV_ID.
This list helps you monitor sessions open on one or all of your terminal servers and assess the impact of rebooting the terminal server.
See "pin_term_acct" for parameter descriptions. See "Specifying How Accounting-On Events Are Handled after a NAS Failure".
This example shows how to send an Accounting-Off (-m off) request in charge mode (-c C) to a terminal server (-n) at 2:00 (-t 2:00:00). Verbose mode (-v) is on so that configuration information displays.
% pin_term_acct -m off -t 2:00:00 -v -n 1.1.1.3 -c C --------------------------- Configuration Information: --------------------------- verbose = on nas ID = 1.1.1.1 sent time = Fri Jan 23 15:48:09 1998 run mode = off charge mode = C
This example displays the output for pin_term_acct in -m list mode.
% pin_term_acct -m list
Outstanding Sessions:
1.1.1.3 billing01 0.6.199.184 Fri Jan 23 14:49:26 1998
1.1.1.3 billing02 0.6.200.216 Fri Jan 23 14:32:46 1998
1.1.1.3 billing03 0.7.0.48 Fri Jan 23 15:06:05 1998
In this example, the first column lists the terminal server ID to which the session is logged on (1.1.1.3); the second column lists the user ID for the session (billing0x); the third column lists the IP address of the session; the remaining column lists the session start time.