Starting and Stopping a Standalone Steel-Belted Radius Carrier Server
After you have successfully run the configure script, you need to start the Steel-Belted Radius Carrier server. To begin, start the SBR daemon using sbrd (see sbrd). Make sure that you can stop it and check the server status from a terminal command line.
sbrd
sbrd
You use the sbrd script to start, stop, or restart the RADIUS process (and LDAP process only if SS7 is configured) on standalone Steel-Belted Radius Carrier servers. The LDAP process (slapd) is used to store session information only if SS7 is configured. The sbrd script may be in either of two directories on servers, depending on whether they have been configured to automatically start all procedures or not using the autoboot functionality that is configured when running the configure script. All sbrd commands are executed by root.
Running sbrd on a Standalone Server
Running sbrd on a Standalone Server
Syntax
Executing start, stop, or restart always starts the RADIUS process. Whether the LDAP process starts when you execute start, stop, or restart depends on whether you enable or disable SS7 while running the configure script. If you answer n when prompted “Do you want to configure for use with SIGTRAN? [n]:”, SS7 is disabled and the LDAP process is not started when you execute start, stop, or restart. In this case, the available sbrd usage is:
sbrd status
sbrd start [force]
sbrd stop [force]
sbrd restart [force]
sbrd clean [force]
sbrd hup
sbrd status -v [-p <LCI password>]However, if you answer y when prompted “Do you want to configure for use with SIGTRAN? [n]:”, SS7 is enabled and the LDAP process is started when you execute start, stop, or restart. In this case, the available sbrd usage is:
sbrd status [radius|ss7ldapdb]
sbrd start [radius|ss7ldapdb] [force]
sbrd stop [radius|ss7ldapdb] [force]
sbrd restart [radius|ss7ldapdb] [force]
sbrd clean [radius|ss7ldapdb] [force]
sbrd hup [radius|ss7ldapdb|authGateway [process-name]]
sbrd status [radius|ss7ldapdb] -v [-p <LCI password>]
If SS7 is enabled, the start, stop, and restart arguments start, stop, and stop and restart both the RADIUS and LDAP (slapd) processes on the local Steel-Belted Radius Carrier server. For example, invoking sbrd start starts both the RADIUS and LDAP (slapd) processes on the local SBRC server. You can also use these arguments with either the radius or ss7ldapdb option to individually start, stop, and stop and restart the RADIUS and LDAP (slapd) processes on the local SBRC server. For example sbrd start radius starts just the RADIUS process on the local server.
Options
The clean argument removes lock files that prevent reinitializing the database more than once. You should use this argument only if things go wrong during the initial installation and configuration.
The hup option operates as the kill -HUP command does on SBR Carrier nodes, but does not require the process ID. Executing sbrd hup authGateway issues the SIGHUP (1) signal to all the authGateway processes running on SBR Carrier. To issue the SIGHUP (1) signal only to the specific authGateway process, you must execute the hup option with the authGateway process name, for example: sbrd hup authGateway GMT.
The force argument makes sbrd attempt to disregard or overcome any errors that occur when processing the command. Normal behavior without the argument is to halt on errors. For example, sbrd start does not attempt to start software that is already running, but sbrd start force ignores a running process. This may produce unintended results, so use force with great care.
The -v option displays additional information about the RADIUS process along with basic information such as the SBR package version, SBR process status, and SBR process ID. If you have changed the default Lightweight Directory Access Protocol (LDAP) Configuration Interface (LCI) password, you should use the -p option to specify the password. For more information about the RADIUS status information, see Displaying RADIUS Status Information.
Starting the RADIUS Server
Starting the RADIUS Server
To start the RADIUS and LDAP processes manually, execute as root:
If you change configuration settings for your Steel-Belted Radius Carrier server, you may need to restart Steel-Belted Radius Carrier to make the changes effective. As an alternative to issuing a sbrd stop command immediately followed by a sbrd start command, you can use the sbrd restart command to restart Steel-Belted Radius Carrier. When you issue the sbrd restart command, Steel-Belted Radius Carrier shuts down and then immediately restarts the RADIUS processes.
Stopping the RADIUS Server
Stopping the RADIUS Server
Use the following commands to stop the RADIUS server:
When you execute the sbrd stop command, Steel-Belted Radius Carrier allows its subsystems to complete outstanding work and release resources, and then stops the RADIUS processes gracefully.
If Steel-Belted Radius Carrier fails to stop after you issue the sbrd stop command, you can use the optional force argument to terminate all subsystems immediately.
Displaying RADIUS Status Information
Displaying RADIUS Status Information
You can use the following command to display basic information (such as SBR package version, SBR process status, and SBR process ID) about the RADIUS process:
The system responds with:
--------------------------------------------------------------------------- --------------------------------------------------------------------------- SBR-64 8.60-R1.0 on SunOS 5.10 Generic_141444-09 node uranus.carrier.spgma.juniper.net --------------------------------------------------------------------------- 172.28.84.73.1646 Idle 172.28.84.73.1813 Idle 172.28.84.73.1645 Idle 172.28.84.73.1812 Idle *.1813 *.* 0 0 49152 0 LISTEN *.1812 *.* 0 0 49152 0 LISTEN root 6628 ./slapd -h ldap://127.0.0.1:389 -f /opt/JNPRsbr/radius/openldap/slapd.conf root 4449 radius sbr.xml root 1189 webserver
You can use the sbrd status command with the -v option to display the following additional information about the RADIUS process along with the preceding information:
Loaded Plug-in Information—Displays the name, version, and status of the loaded authentication and accounting plug-ins. The InitializationString value of the plug-in is displayed as the name of the plug-in.
License Status—Displays the license key, feature name, and license status with expiry date.
IP Pool Information—Displays the pool name, IP range of the pool, total number of addresses in the pool, and total number of available addresses in the pool.
Note This information is displayed only for the SBR standalone version.
IP Ranges and IP Caches—For IP ranges, displays the pool name, start address of the pool, end address of the pool, and total number of addresses in the pool. For IP caches, displays the pool name, total number of addresses in the pool, and percentage of the addresses in the pool that are cached.
Note This information is displayed only for the SBR cluster version.
Statistics Information—Displays statistical information about SBR such as current sessions count, SBR uptime (in seconds), current rate details, and average transaction rate since the SBR server started. The transaction rate is calculated using the following formula:
Transaction Rate = Total Transaction Count / SBR Running Time
where:
Total Transaction Count = Total Authentication Transactions + Total Accounting TransactionsNote The current rates are updated at a time interval of one second.
Radius Ports Information—Displays protocols, port types, and port numbers on which the SBR Carrier server is listening.
Proxy Configuration Information—Displays proxy names and their IP addresses.
CST Store Information—Displays the active session store and the time when the last session persistence switchover occurred.
authGateway Process Information—Displays all the active authGateway process information.
To display this additional information, you need to enable the Lightweight Directory Access Protocol (LDAP) Configuration Interface (LCI) in the radius.ini file. If you have changed the default LCI password (which we strongly recommend), you should use the -p option to specify the password, that is ./sbrd status -v -p [LCI password].
To display additional information about the RADIUS process along with the basic information, execute the following command:
The system responds with:
--------------------------------------------------------------------------- --------------------------------------------------------------------------- SBR-64 8.60-R1.0 on SunOS 5.10 Generic_141444-09 node xyz.juniper.net --------------------------------------------------------------------------- 172.28.84.73.1646 Idle 172.28.84.73.1813 Idle 172.28.84.73.1645 Idle 172.28.84.73.1812 Idle *.1813 *.* 0 0 49152 0 LISTEN *.1812 *.* 0 0 49152 0 LISTEN root 6628 ./slapd -h ldap://127.0.0.1:389 -f /opt/JNPRsbr/radius/openldap/slapd.conf root 4449 radius sbr.xml root 58284 GWrelay-64 root 1189 webserver root 21316 /opt/JNPRsbr/radius/authGateway -name GMT -conf /opt/JNPRsbr/radius/conf/authGateway.conf -start root 21317 /opt/JNPRsbr/radius/authGateway -name GMT1 -conf /opt/JNPRsbr/radius/conf/authGateway.conf -start root 21318 /opt/JNPRsbr/radius/authGateway -name GMT2 -conf /opt/JNPRsbr/radius/conf/authGateway.conf -start Radius Ports Information : +-----------------+-----------------+-----------------+ | Protocol | Port Number | Port Type | +-----------------+-----------------+-----------------+ | TCP | 1812 | Admin | | TCP | 64277 | Others | | TCP | 64278 | Others | | TCP | 5235 | Others | | TCP | 64281 | Others | | TCP | 64229 | Others | | UDP | 28000 | Proxy | | UDP | 28001 | Proxy | | UDP | 28002 | Proxy | | UDP | 28003 | Proxy | | UDP | 28004 | Proxy | | UDP | 28005 | Proxy | | UDP | 28006 | Proxy | | UDP | 28007 | Proxy | | TCP | 1813 | Admin | | TCP | 1814 | Others | | UDP | 1646 | Radius | | UDP | 1813 | Radius | | UDP | 1645 | Radius | | UDP | 1812 | Radius | +-----------------+-----------------+-----------------+ IP Pools Information : +-----------------+----------------------+------------+------------+ | Pool Name | Ip Address Range | Total | Available | +---------- ------+----------------------+------------+------------+ | POOL1 | 10.10.10.1:20 | 20 | 20 | | POOL2 | 20.20.20.1:20 | 20 | 20 | +-----------------+----------------------+------------+------------+ Statistics Information : Current Sessions Count = 94831 Transaction Rate = 62 TPS (Since Server Start) SBR Uptime = Up Since 2013/06/19 06:39:19 [ 1 Hrs : 59 Mins : 56 Secs ] auth-request-current-rate = 965 auth-accept-current-rate = 926 auth-reject-current-rate = 914 acct-start-current-rate = 0 acct-interim-current-rate = 0 acct-stop-current-rate = 0 proxy-auth-request-current-rate = 0 proxy-acct-request-current-rate = 0 proxy-fail-timeout-current-rate = 0 proxy-fail-badresp-current-rate = 0 proxy-fail-badsecret-current-rate = 0 proxy-fail-missingresr-current-rate = 0 proxy-retries-current-rate = 0 proxy-auth-rej-proxy-current-rate = 653 proxy-acct-fail-proxy-current-rate = 685 proxy-auth-rej-proxy-error-current-rate = 0 proxy-transaction-current-rate = 0 Proxy Configurations : +--------------------------------+-----------------+ | Proxy Name | Ip Address | +--------------------------------+-----------------+ | KIX | 10.13.20.62 | | TRIX | 10.13.20.60 | +--------------------------------+-----------------+ Loaded Plugins Information : +------------------------------+--------------------+---------------+ | Plugin Name | Plugin Version | Status| +------------------------------+--------------------+---------------+ | LDAP| v7.5.0.A-0.0| Success| | SQL-ORACLE| v7.6.0.B-0.0| Success| | SIMAUTH| v7.6.0.B-0.0| Success| | EAP-TLS| v7.6.0.B-0.0| Success| | EAP-TTLS| v7.6.0.B-0.0| Success| | CDRACCT| -| Failed| | SQL-ORACLE-ACCT| v7.6.0.B-0.0| Success| | SQL-JDBC-ACCT| v7.6.0.B-0.0| Success| | ldapaccessor| v7.6.0.B-0.0| Success| | sqlaccessor| v0.0.0.B-0.0| Success| +------------------------------+--------------------+---------------+ CST Store Information : Active Store : NDB Last swapped @ Mon Sep 22 18:46:12 2014 License Information : +--------------------------+---------------------------+-------------------------+-------------+ | License Key| Feature Name| Status | Expiry Date | +--------------------------+---------------------------+-------------------------+-------------+ | xxxxxxxxxxxxxxxxxxxxxxxxx|SIM Authentication feature | Valid | 12/31/2015 | | xxxxxxxxxxxxxxxxxxxxxxxxx| Run license | Maint_Upgrade - Valid | - | | xxxxxxxxxxxxxxxxxxxxxxxxx|SIM Authentication feature | Trial License - Valid | 12/31/2024 | | xxxxxxxxxxxxxxxxxxxxxxxxx| WiMAX Mobility feature | Trial License - Expired | 10/31/2010 | +--------------------------+---------------------------+-------------------------+-------------+