sqlcounter noresetcounter {
## Look here
driver = "rlm_sqlcounter"
counter-name = Max-All-Session-Time
check-name = Max-All-Session
## Look here
check-item = Max-All-Session
sqlmod-inst = sql
key = User-Name
reset = never
query = "SELECT SUM(AcctSessionTime) FROM radacct WHERE
UserName='%{%k}'"
}
sqlcounter dailycounter {
driver = "rlm_sqlcounter"
counter-name = Daily-Session-Time
check-name = Max-Daily-Session
## Look here
check-item = Max-Daily-Session
sqlmod-inst = sql
key = User-Name
reset = daily
query = "SELECT SUM(AcctSessionTime - GREATEST((%b -
UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{%k}'
AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'"
}
sqlcounter monthlycounter {
## Look here
driver = "rlm_sqlcounter"
counter-name = Monthly-Session-Time
check-name = Max-Monthly-Session
## Look here
check-item = Max-Monthly-Session
sqlmod-inst = sql
key = User-Name
reset = monthly
query = "SELECT SUM(AcctSessionTime - GREATEST((%b -
UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{%k}'
AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'"
}
thanks ...
-------------------------
Roberto Gonzalez Azevedo
Carlos Martínez-Troncoso Cera wrote:
ok Roberto:
sqlcounter noresetcounter {
counter-name = Max-All-Session-Time
check-name = Max-All-Session
sqlmod-inst = sql
key = User-Name
reset = never
query = "SELECT SUM(AcctSessionTime) FROM radacct WHERE
UserName='%{%k}'"
}
sqlcounter dailycounter {
driver = "rlm_sqlcounter"
counter-name = Daily-Session-Time
check-name = Max-Daily-Session
sqlmod-inst = sql
key = User-Name
reset = daily
query = "SELECT SUM(AcctSessionTime - GREATEST((%b -
UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{%k}'
AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'"
}
sqlcounter monthlycounter {
counter-name = Monthly-Session-Time
check-name = Max-Monthly-Session
sqlmod-inst = sql
key = User-Name
reset = monthly
query = "SELECT SUM(AcctSessionTime - GREATEST((%b -
UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{%k}'
AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'"
}
Carlos Martínez-Troncoso Cera
Coordinador de Servicios Internet/Intranet
Universidad del Norte
Barranquilla, Colombia
Tel: 57 5 3509367
Roberto Gonzalez Azevedo wrote:
Show us your sqlcounter.conf ...
You should define 'check-item' in sqlcounter.conf ...
-------------------------
Roberto Gonzalez Azevedo
Carlos Martínez-Troncoso Cera wrote:
Hello.
I have freradius-1.0.2 with autorizathion and authentication in LDAP
and accounting in MySQL. I configured to use rlm_sqlcounter to
control time connections, testing with NTRadping work well but
testing with my Cisco NAS it doesn´t work
With my cisco NAS this is the message:
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
modcall[authorize]: module "noresetcounter" returns noop for request 3
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
modcall[authorize]: module "monthlycounter" returns noop for request 3
With NTRadPing the message is:
rlm_sqlcounter: (Check item - counter) is greater than zero
rlm_sqlcounter: Authorized user cmartinez, check_item=108000,
counter=106750
rlm_sqlcounter: Sent Reply-Item for user cmartinez,
Type=Session-Timeout, value=1250
modcall[authorize]: module "monthlycounter" returns ok for request 8
My relevant conf files:
------------------------------------
clients.conf
#PC with NTRadping
client 172.16.31.43/32 {
secret = xxxxx
shortname = Carlos
type = other
}
#Cisco NAS
client 200.106.138.14/32 {
secret = xxxxxx
shortname = cisco
type = cisco
}
------------------------------------
radiusd.conf
prefix = /usr
exec_prefix = /usr
sysconfdir = /etc
localstatedir = /var
sbindir = /usr/sbin
logdir = ${localstatedir}/log/radius
raddbdir = ${sysconfdir}/raddb
radacctdir = ${logdir}/radacct
confdir = ${raddbdir}
run_dir = ${localstatedir}/run/radiusd
log_file = ${logdir}/radius.log
libdir = /usr/local/lib
pidfile = ${run_dir}/radiusd.pid
user = radiusd
group = radiusd
max_request_time = 30
delete_blocked_requests = no
cleanup_delay = 5
max_requests = 1024
bind_address = *
port = 1812
hostname_lookups = no
allow_core_dumps = no
regular_expressions = yes
extended_expressions = yes
log_stripped_names = yes
log_auth = yes
log_auth_badpass = no
log_auth_goodpass = no
usercollide = no
lower_user = no
lower_pass = no
nospace_user = no
nospace_pass = no
checkrad = ${sbindir}/checkrad
security {
max_attributes = 200
reject_delay = 1
status_server = no
}
proxy_requests = no
$INCLUDE ${confdir}/clients.conf
snmp = no
$INCLUDE ${confdir}/snmp.conf
thread pool {
start_servers = 5
max_servers = 32
min_spare_servers = 3
max_spare_servers = 10
max_requests_per_server = 0
}
modules {
pap {
encryption_scheme = crypt
}
chap {
authtype = CHAP
}
pam {
pam_auth = radiusd
}
$INCLUDE ${confdir}/sql.conf
$INCLUDE ${confdir}/sqlcounter.conf mschap {
authtype = MS-CHAP
}
ldap {
server = "200.xx.xx.xx"
port = "390"
identity = "cn=Directory Manager"
password = xxxxxxxxxx
basedn = "o=yy,o=yy"
password_attribute = "userPassword"
filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
start_tls = no
access_attr = "dialupAccess"
dictionary_mapping = ${raddbdir}/ldap.attrmap
ldap_connections_number = 5
timeout = 4
timelimit = 3
net_timeout = 1
}
checkval {
item-name = Max-Monthly-Session
check-name = Max-Monthly-Session
data-type = string
}
preprocess {
huntgroups = ${confdir}/huntgroups
hints = ${confdir}/hints
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
}
files {
usersfile = ${confdir}/users
acctusersfile = ${confdir}/acct_users
compat = no
}
detail {
detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d
detailperm = 0600
}
detail auth_log {
detailfile =
${radacctdir}/%{Client-IP-Address}/auth-detail-%Y%m%d
detailperm = 0600
}
detailfile = ${radacctdir}/%{Client-IP-Address}/reply-detail-%Y%m%d
detailperm = 0600
acct_unique {
key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port"
}
radutmp {
filename = ${logdir}/radutmp
username = %{User-Name}
case_sensitive = yes
check_with_nas = yes perm = 0600
callerid = "yes"
}
radutmp sradutmp {
filename = ${logdir}/sradutmp
perm = 0644
callerid = "no"
}
attr_filter {
attrsfile = ${confdir}/attrs
}
always fail {
rcode = fail
}
always reject {
rcode = reject
}
always ok {
rcode = ok
simulcount = 0
mpp = no
}
expr {
}
digest {
}
exec {
wait = yes
input_pairs = request
}
exec echo {
wait = yes
program = "/bin/echo %{User-Name}"
input_pairs = request
output_pairs = reply
}
ippool main_pool {
range-start = 192.168.1.1
range-stop = 192.168.3.254
netmask = 255.255.255.0
cache-size = 800
session-db = ${raddbdir}/db.ippool
ip-index = ${raddbdir}/db.ipindex
override = no
maximum-timeout = 0
}
}
instantiate {
exec
expr
monthlycounter
}
authorize {
preprocess
auth_log
chap
mschap
files
ldap
noresetcounter
monthlycounter
}
authenticate {
Auth-Type PAP {
pap
}
Auth-Type CHAP {
chap
}
Auth-Type MS-CHAP {
mschap
}
Auth-Type LDAP {
ldap
}
}
preacct {
preprocess
acct_unique
}
accounting {
detail
radutmp
sradutmp
sql
}
session {
radutmp
sql
}
post-auth {
}
pre-proxy {
}
post-proxy {
}
-------------------------------------
users
DEFAULT Auth-Type = ldap
Fall-Through = 1
DEFAULT Simultaneous-Use := 1
Fall-Through = 1
DEFAULT Framed-Protocol == PPP
Framed-Protocol = PPP,
Framed-Compression = Van-Jacobson-TCP-IP
testuser Max-Monthly-Session := 108000, Auth-Type := ldap
Service-Type = Framed-User,
Framed-Protocol = PPP
Any help will be appreciated.
Thanks a lot
--
Carlos Martínez-Troncoso Cera
Coordinador de Servicios Internet/Intranet
Universidad del Norte
Barranquilla, Colombia
------------------------------------------------------------------------
- List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html