Hello everybody,
I'm using Freeradius 0.9.3 on a RedHat 7.3.
I'm trying to make a kind of "hot spot" thanks to the counter module of
freeradius.
I want people to authenticate one time for a defined amount of seconds (120
in
my example). Once their credit time has expired, they would be logged off
and
their account would be definitively blocked (as I never reset the counter).
I configured my radius and network (my NAS is an access-controller HP 760),
the user correctly logs in.
After 2 minutes, he is kicked out, that's great.
My problem is that he can log in again with the same account.
I hope that's clear enough.
Thanks in advance for telling me what I'm doing wrong or for any tips that
could help me.
Jean-Marie
Here is the configuration of radiusd.conf I made:
######################
radiusd.conf
######################
counter daily {
filename = ${raddbdir}/db.daily
key = User-Name
count-attribute = Acct-Session-Time
# reset = daily
reset = never
counter-name = Daily-Session-Time
check-name = Max-Daily-Session
# allowed-servicetype = Framed-User
allowed-servicetype = Login-User
cache-size = 5000
}
....
instantiate {
#
expr
#
# We add the counter module here so that it registers
# the check-name attribute before any module which sets
# it
# daily
daily
}
....
authorize {
preprocess
chap
eap
suffix
files
mschap
daily
}
....
accounting {
acct_unique
detail
# daily
daily
unix # wtmp file
radutmp
}
Here is the users file :
######################
users
######################
user Max-Daily-Session:= 120, User-Password == "password"
Service-Type = Login-User
Here is the accounting logs that Freeradius creates :
########################
/${logdir}/radacct
########################
Thu May 27 15:52:40 2004
User-Name = "user"
NAS-IP-Address = 172.16.1.2
NAS-Identifier = "00e081526836"
Acct-Status-Type = Start
Calling-Station-Id = "00-0c-f1-13-7a-43"
Called-Station-Id = "00-e0-81-52-68-36"
Acct-Session-Id = "1-000cf1137a43-1085665454-413-OZPFBnEv"
Client-IP-Address = 172.16.1.2
Acct-Unique-Session-Id = "258bad8957416a39"
Timestamp = 1085665960
Thu May 27 15:54:46 2004
User-Name = "user"
NAS-IP-Address = 172.16.1.2
NAS-Identifier = "00e081526836"
Acct-Status-Type = Stop
Calling-Station-Id = "00-0c-f1-13-7a-43"
Called-Station-Id = "00-e0-81-52-68-36"
Acct-Session-Id = "1-000cf1137a43-1085665454-413-OZPFBnEv"
Acct-Session-Time = 126
Client-IP-Address = 172.16.1.2
Acct-Unique-Session-Id = "258bad8957416a39"
Timestamp = 1085666086
Thu May 27 15:57:05 2004
User-Name = "user"
NAS-IP-Address = 172.16.1.2
NAS-Identifier = "00e081526836"
Acct-Status-Type = Start
Calling-Station-Id = "00-0c-f1-13-7a-43"
Called-Station-Id = "00-e0-81-52-68-36"
Acct-Session-Id = "1-000cf1137a43-1085665718-413-do1eGpcy"
Client-IP-Address = 172.16.1.2
Acct-Unique-Session-Id = "39b3dccbfe337738"
Timestamp = 1085666225
Thu May 27 15:59:05 2004
User-Name = "user"
NAS-IP-Address = 172.16.1.2
NAS-Identifier = "00e081526836"
Acct-Status-Type = Stop
Calling-Station-Id = "00-0c-f1-13-7a-43"
Called-Station-Id = "00-e0-81-52-68-36"
Acct-Session-Id = "1-000cf1137a43-1085665718-413-do1eGpcy"
Acct-Session-Time = 121
Client-IP-Address = 172.16.1.2
Acct-Unique-Session-Id = "39b3dccbfe337738"
Timestamp = 1085666345
#######################################################
Here is the debug of radiusd -X for the logging :
#######################################################
rad_recv: Access-Request packet from host 172.16.1.2:1059, id=89, length=83
User-Name = "user"
User-Password = "password"
NAS-IP-Address = 172.16.1.2
NAS-Identifier = "00e081526836"
Calling-Station-Id = "00-0c-f1-13-7a-43"
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok for request 1
modcall[authorize]: module "chap" returns noop for request 1
modcall[authorize]: module "eap" returns noop for request 1
rlm_realm: No '@' in User-Name = "user", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 1
users: Matched user at 97
modcall[authorize]: module "files" returns ok for request 1
modcall[authorize]: module "mschap" returns noop for request 1
rlm_counter: Entering module authorize code
rlm_counter: (Check item - counter) is greater than zero
rlm_counter: Authorized user user, check_item=120, counter=0
rlm_counter: Sent Reply-Item for user user, Type=Session-Timeout, value=120
modcall[authorize]: module "daily" returns ok for request 1
modcall: group authorize returns ok for request 1
auth: type Local
auth: user supplied User-Password matches local User-Password
Sending Access-Accept of id 89 to 172.16.1.2:1059
Service-Type = Login-User
Session-Timeout = 120
Finished request 1
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Accounting-Request packet from host 172.16.1.2:1060, id=90,
length=130
User-Name = "user"
NAS-IP-Address = 172.16.1.2
NAS-Identifier = "00e081526836"
Acct-Status-Type = Start
Calling-Station-Id = "00-0c-f1-13-7a-43"
Called-Station-Id = "00-e0-81-52-68-36"
Acct-Session-Id = "1-000cf1137a43-1085667568-413-3KviFEgY"
modcall: entering group preacct for request 2
modcall[preacct]: module "preprocess" returns noop for request 2
rlm_realm: No '@' in User-Name = "user", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[preacct]: module "suffix" returns noop for request 2
modcall[preacct]: module "files" returns noop for request 2
modcall: group preacct returns noop for request 2
modcall: entering group accounting for request 2
rlm_acct_unique: WARNING: Attribute NAS-Port-Id was not found in request,
unique ID MAY be inconsistent
rlm_acct_unique: Hashing ',Client-IP-Address = 172.16.1.2,NAS-IP-Address =
172.16.1.2,Acct-Session-Id =
"1-000cf1137a43-1085667568-413-3KviFEgY",User-Name = "user"'
rlm_acct_unique: Acct-Unique-Session-ID = "0d62303b8e51c196".
modcall[accounting]: module "acct_unique" returns ok for request 2
radius_xlat: '/var/log/radius/radacct/172.16.1.2/detail-20040527'
rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d
expands to /var/log/radius/radacct/172.16.1.2/detail-20040527
modcall[accounting]: module "detail" returns ok for request 2
rlm_counter: We only run on Accounting-Stop packets.
modcall[accounting]: module "daily" returns noop for request 2
modcall[accounting]: module "unix" returns noop for request 2
radius_xlat: '/var/log/radius/radutmp'
radius_xlat: 'user'
rlm_radutmp: No NAS-Port seen. Cannot do anything.
rlm_radumtp: WARNING: checkrad will probably not work!
modcall[accounting]: module "radutmp" returns noop for request 2
modcall: group accounting returns ok for request 2
Sending Accounting-Response of id 90 to 172.16.1.2:1060
Finished request 2
Going to the next request
Cleaning up request 2 ID 90 with timestamp 40b5faea
rl_next: returning NULL
Waking up in 6 seconds...
####################################################################
Here is the debug of radiusd -X for the logging out:
####################################################################"
rad_recv: Accounting-Request packet from host 172.16.1.2:1061, id=71,
length=136
User-Name = "user"
NAS-IP-Address = 172.16.1.2
NAS-Identifier = "00e081526836"
Acct-Status-Type = Stop
Calling-Station-Id = "00-0c-f1-13-7a-43"
Called-Station-Id = "00-e0-81-52-68-36"
Acct-Session-Id = "1-000cf1137a43-1085667568-413-3KviFEgY"
Acct-Session-Time = 126
modcall: entering group preacct for request 3
modcall[preacct]: module "preprocess" returns noop for request 3
rlm_realm: No '@' in User-Name = "user", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[preacct]: module "suffix" returns noop for request 3
modcall[preacct]: module "files" returns noop for request 3
modcall: group preacct returns noop for request 3
modcall: entering group accounting for request 3
rlm_acct_unique: WARNING: Attribute NAS-Port-Id was not found in request,
unique ID MAY be inconsistent
rlm_acct_unique: Hashing ',Client-IP-Address = 172.16.1.2,NAS-IP-Address =
172.16.1.2,Acct-Session-Id =
"1-000cf1137a43-1085667568-413-3KviFEgY",User-Name = "user"'
rlm_acct_unique: Acct-Unique-Session-ID = "0d62303b8e51c196".
modcall[accounting]: module "acct_unique" returns ok for request 3
radius_xlat: '/var/log/radius/radacct/172.16.1.2/detail-20040527'
rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d
expands to /var/log/radius/radacct/172.16.1.2/detail-20040527
modcall[accounting]: module "detail" returns ok for request 3
rlm_counter: Packet Unique ID = '0d62303b8e51c196'
rlm_counter: Could not find Service-Type attribute in the request. Returning
NOOP.
modcall[accounting]: module "daily" returns noop for request 3
modcall[accounting]: module "unix" returns noop for request 3
radius_xlat: '/var/log/radius/radutmp'
radius_xlat: 'user'
rlm_radutmp: No NAS-Port seen. Cannot do anything.
rlm_radumtp: WARNING: checkrad will probably not work!
modcall[accounting]: module "radutmp" returns noop for request 3
modcall: group accounting returns ok for request 3
Sending Accounting-Response of id 71 to 172.16.1.2:1061
Finished request 3
Going to the next request
--- Walking the entire request list ---
Cleaning up request 3 ID 71 with timestamp 40b5fb68
Nothing to do. Sleeping until we see a request.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
