AcctSessionId and stop packet with zero session length
Hello, I use Freeradius 0.9.0 / CVS-Snapshot. Sometimes I see in radius.log: Error: rlm_sql: Stop packet with zero session length. (user 'user', nas 'XXX.XX.XX.XX') In mysql database I have two records: Record #1: (Start record) AcctSessionId: 10623161861479 AcctStartTime: 2003-08-31 10:46:19 AcctStopTime: -00-00 00:00:00 Record #2: (Stop record) AcctSessionId: 61861479 AcctStartTime: -00-00 00:00:00 AcctStopTime: 2003-08-31 11:05:33 We can see AcctSessionId from the stop record is the part of the start record. With best regards, Svetlana - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
entry for NAS port has wrong ID
Hello, I've used freeradius-0.7.1 and mysql. For users who have bad connections I have two records in radacct table instead 1 record. For example: select username, radacctid, acctstarttime, acctstoptime from radacct where (acctstarttime=0 or acctstoptime=0); ppvb79800 2003-02-05 15:12:38 -00-00 00:00:00 ppvb79801 -00-00 00:00:00 2003-02-05 15:12:38 ppedvin 79820 2003-02-05 17:03:11 -00-00 00:00:00 ppedvin 79821 -00-00 00:00:00 2003-02-05 17:03:12 And in log file: Wed Feb 5 15:12:38 2003 : Auth: Login OK: [ppvb] (from client XX port X) Wed Feb 5 15:12:38 2003 : Auth: Multiple logins (max 1) : [ppvb] (from client XX port X) Wed Feb 5 15:12:38 2003 : Error: Accounting: logout: entry for NAS XX port X has wrong ID Wed Feb 5 17:03:11 2003 : Auth: Login OK: [ppedvin] (from client XX port X) Wed Feb 5 17:03:12 2003 : Auth: Multiple logins (max 1) : [ppedvin] (from client XX port X) Wed Feb 5 17:03:12 2003 : Error: Accounting: logout: entry for NAS XX port X has wrong ID Sincerelly, Svetlana - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Max-Daily-Session token usage, can anyone help?
I have downloaded version 0.8, and I've been lookoing at the sql (mysql)
table... It seems that there is no entry for Max-Session-Time (or is it
Max-Daily Session?) or either the Daily-Session-Time...
Can anyone guide me on how to use these tokens properly... TIA
Peter
I used Max-Daily-Session, Max-Monthly-Session and Max-All-Session with version
0.7.1.
radiusd.conf
sqlcounter noresetcounter {
counter-name = Max-All-Session-Time
check-name = Max-All-Session
sqlmod-inst = sql
key = User-Name
reset = never
query = SELECT SUM(AcctSessionTime) FROM radacct WHERE
UserName='%{%k}'
}
sqlcounter dailycounter {
driver = rlm_sqlcounter
counter-name = Daily-Session-Time
check-name = Max-Daily-Session
sqlmod-inst = sql
key = User-Name
reset = daily
query = SELECT SUM(AcctSessionTime - GREATEST((%b -
UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{%k}' AND
UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime '%b'
}
sqlcounter monthlycounter {
counter-name = Monthly-Session-Time
check-name = Max-Monthly-Session
sqlmod-inst = sql
key = User-Name
reset = monthly
query = SELECT SUM(AcctSessionTime - GREATEST((%b -
UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{%k}' AND
UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime '%b'
}
...
authorize {
preprocess
sql
noresetcounter
dailycounter
monthlycounter
files
}
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
dialup_admin, Acct-Terminate-Cause
Hello, failed_logins.php3 from dialup_admin: SELECT AcctStopTime,UserName,NASIPAddress,NASPortId,AcctTerminateCause,CallingStationId FROM $config[sql_accounting_table] WHERE AcctStopTime = '$now_str' AND AcctStopTime = '$prev_str' AND (AcctTerminateCause LIKE 'Login-Incorrect%' OR AcctTerminateCause LIKE 'Invalid-User%' OR AcctTerminateCause LIKE 'Multiple-Logins%') $callerid_str ORDER BY AcctStopTime $order $limit;); In my radacct table the field AcctTerminateCause is empty. How can I resolve this problem? Thank you, Svetlana - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
users file
In my users file I'm trying to define Simultaneous-Use for group:
==
DEFAULT Group == ppp-simul, Simultaneous-Use := 10
Fall-Through = Yes
DEFAULT Simultaneous-Use := 1
Fall-Through = Yes
DEFAULT Framed-Protocol == PPP, Simultaneous-Use := 1
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Netmask = 255.255.255.255,
Framed-MTU = 576,
Idle-Timeout = 300,
Framed-Compression = Van-Jacobson-TCP-IP,
Fall-Through = Yes
==
But the first definition was ignored. I've tried to test users file with
radclient and written following:
==
DEFAULT Group == ppp-simul, Simultaneous-Use := 1
Reply-Message = ppp-simul was detected,
Fall-Through = Yes
DEFAULT Simultaneous-Use := 1
Reply-Message = next step,
Fall-Through = Yes
DEFAULT Framed-Protocol == PPP
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Netmask = 255.255.255.255,
Framed-MTU = 576,
Idle-Timeout = 300,
Framed-Compression = Van-Jacobson-TCP-IP,
Fall-Through = Yes
==
But radclient returned me message next step without ppp-simul was detected
although the user that I tested was defined in usergroup:
usernamegroupname
ppuser ppp-simul
radiusd.conf:
# Authentication types, Auth-Type = System for now.
authenticate {
}
authorize {
preprocess
sql
noresetcounter
dailycounter
monthlycounter
files
}
accounting {
acct_unique
sql
detail
unix
radutmp
#sradutmp
}
# Session database, used for checking Simultaneous-Use. The radutmp module
# handles this
session {
radutmp
}
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Simultaneous-Use problem
Hello,
I am trying to use Simultaneous-Use for group users through mysql with
freeradius-snapshot-20021101.
radiusd.conf:
==
# Session database, used for checking Simultaneous-Use. The radutmp module
# handles this
session {
# radutmp
sql
}
sql.conf:
==
# Uncomment simul_count_query to enable simultaneous use checking
simul_count_query = SELECT COUNT(*) FROM ${acct_table1} WHERE
UserName='%{SQL-User-Name}' AND AcctStopTime = 0
simul_verify_query = SELECT RadAcctId, AcctSessionId, UserName, NASIPAddress,
NASPortId, FramedIPAddress, CallingStationId, FramedProtocol FROM ${acct_table1}
WHERE UserName='%{SQL-User-Name}' AND AcctStopTime = 0
radgroupcheck:
==
GroupName Attribute op Value
ppp-simul Simultaneous-Use:=3D1
I've also used op=:=
And now users from another groups (not ppp-simul) hasn't access too:
Multiple logins (max 1) : [ppgip] (from client riak port 11)
Sending Access-Reject of id 250 to XXX.XX.XX.XX:1026
Reply-Message := \r\nYou are already logged in - access denied\r\n\n
I think GroupName wasn't checked. Why?
rad_recv: Access-Request packet from host XXX.XX.XX.XX:1026, id=250, length=82
User-Name = ppgip
User-Password = XXX
NAS-IP-Address = XXX.XX.XX.XX
NAS-Port = 11
NAS-Port-Type = Async
Connect-Info = 14400
Framed-Protocol = PPP
Service-Type = Framed-User
modcall: entering group authorize
modcall[authorize]: module preprocess returns ok
radius_xlat: 'ppgip'
sql_set_user: escaped user -- 'ppgip'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE
Username = 'ppgip' ORDER BY id'
rlm_sql: Reserving sql socket id: 2
radius_xlat: 'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
FROM radgroupcheck,usergroup WHERE usergroup.Username = 'ppgip' AND
usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE
Username = 'ppgip' ORDER BY id'
radius_xlat: 'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
FROM radgroupreply,usergroup WHERE usergroup.Username = 'ppgip' AND
usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql: Released sql socket id: 2
modcall[authorize]: module sql returns ok
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
modcall[authorize]: module noresetcounter returns noop
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
modcall[authorize]: module dailycounter returns noop
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
modcall[authorize]: module monthlycounter returns noop
users: Matched DEFAULT at 12
modcall[authorize]: module files returns ok
modcall: group authorize returns ok
auth: type Local
auth: user supplied User-Password matches local User-Password
modcall: entering group session
radius_xlat: 'ppgip'
sql_set_user: escaped user -- 'ppgip'
radius_xlat: 'SELECT COUNT(*) FROM radacct WHERE UserName='ppgip' AND
AcctStopTime = 0'
rlm_sql: Reserving sql socket id: 1
radius_xlat: 'SELECT RadAcctId, AcctSessionId, UserName, NASIPAddress,
NASPortId, FramedIPAddress, CallingStationId, FramedProtocol FROM radacct WHERE
UserName='ppgip' AND AcctStopTime = 0'
rlm_sql: Released sql socket id: 1
modcall[session]: module sql returns ok
modcall: group session returns ok
Multiple logins (max 1) : [ppgip] (from client riak port 11)
Sending Access-Reject of id 250 to XXX.XX.XX.XX:1026
Reply-Message := \r\nYou are already logged in - access denied\r\n\n
Finished request 5
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_acct_unique: WARNINGS
Hello,
I've installed freeradius-snapshot20021101 and rlm_acct_unique send me next
warnings:
rlm_acct_unique: WARNING: Attribute 87 was not found in request, unique ID MAY
be inconsistent
rlm_acct_unique: WARNING: Attribute 1052 was not found in request, unique ID MAY
be inconsistent
How can I fixed it?
Best regards,
Svetlana
==
rad_recv: Accounting-Request packet from host 194.44.25.65:1026, id=65,
length=99
Acct-Status-Type = Start
User-Name = ppmars
NAS-IP-Address = 194.44.25.65
NAS-Port = 1
NAS-Port-Type = Async
Acct-Session-Id = 0100f4b5
Connect-Info = 14400
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Address = 194.44.25.1
Framed-Compression = Van-Jacobson-TCP-IP
Acct-Delay-Time = 0
modcall: entering group accounting
rlm_acct_unique: WARNING: Attribute 87 was not found in request, unique ID MAY
be inconsistent
rlm_acct_unique: WARNING: Attribute 1052 was not found in request, unique ID MAY
be inconsistent
rlm_acct_unique: Hashing ',,NAS-IP-Address = 194.44.25.65,Acct-Session-Id =
0100f4b5,User-Name = ppmars'
rlm_acct_unique: Acct-Unique-Session-ID = a29b60e5c02cf3a3.
modcall[accounting]: module acct_unique returns ok
radius_xlat: 'ppmars'
sql_set_user: escaped user -- 'ppmars'
radius_xlat: 'INSERT into radacct (RadAcctId, AcctSessionId, AcctUniqueId,
UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime,
AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start,
ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId,
CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol,
FramedIPAddress, AcctStartDelay, AcctStopDelay) values('', '0100f4b5',
'a29b60e5c02cf3a3', 'ppmars', '', '194.44.25.65', '1', 'Async', '2002-11-07
16:34:59', '0', '0', '', '14400', '', '0', '0', '', '', '', 'Framed-User',
'PPP', '194.44.25.1', '0', '0')'
rlm_sql: Reserving sql socket id: 3
rlm_sql: Released sql socket id: 3
modcall[accounting]: module sql returns ok
radius_xlat: '/usr/local/var/log/radius/radacct/ppmars/detail'
rlm_detail: /usr/local/var/log/radius/radacct/%u/detail expands to
/usr/local/var/log/radius/radacct/ppmars/detail
modcall[accounting]: module detail returns ok
modcall[accounting]: module unix returns ok
radius_xlat: 'ppmars'
modcall[accounting]: module radutmp returns ok
modcall: group accounting returns ok
Sending Accounting-Response of id 65 to 194.44.25.65:1026
Finished request 1
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with rlm_counter again
Thank you very much! In mysql radcheck table I wrote: UsernameAttribute Value Op ppkons PasswordXXX == ppkons Max-Daily-Session 1 := and all Ok. Message: 7 Date: Sat, 2 Nov 2002 00:02:06 +0200 (EET) From: Kostas Kalevras [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: Problem with rlm_counter again Reply-To: [EMAIL PROTECTED] On Fri, 1 Nov 2002, Svetlana Vyslanko wrote: Hi, I've already written about problem with rlm_counter. I've installed snapshots today but problem is not fixed. Please help me if it possible. In users file I define Daily-Session-Time for user ppkons: ppkonsDaily-Session-Time 7200, Auth-Type := Reject Reply-Message = Your time limit is used Use the Max-Daily-Session as outlined in the sample radiusd.conf. Something like: ppkons Max-Daily-Session := 7200 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problem with rlm_counter again
Hi, I've already written about problem with rlm_counter. I've installed snapshots today but problem is not fixed. Please help me if it possible. In users file I define Daily-Session-Time for user ppkons: ppkons Daily-Session-Time 7200, Auth-Type := Reject Reply-Message = Your time limit is used When I run radiusd in test mode I see: Ready to process requests. rad_recv: Access-Request packet from host YYY.YY.YY.YY:, id=94, length=46 User-Name = ppkons User-Password = XXX modcall: entering group authorize modcall[authorize]: module preprocess returns ok rlm_counter: Entering module authorize code = rlm_counter: Could not find Check item value pair modcall[authorize]: module counter returns noop = radius_xlat: 'ppkons' sql_set_user: escaped user -- 'ppkons' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'ppkons' ORDER BY id' rlm_sql: Reserving sql socket id: 4 radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'ppkons' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'ppkons' ORDER BY id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'ppkons' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql: Released sql socket id: 4 modcall[authorize]: module sql returns ok modcall[authorize]: module files returns notfound modcall: group authorize returns ok rad_check_password: Found Auth-Type Reject rad_check_password: Auth-Type = Reject, rejecting user auth: Failed to validate the user. Login incorrect: [ppkons/XXX] (from client tonic port 0) Sending Access-Reject of id 94 to YYY.YY.YY.YY: Finished request 0 Regards, Svetlana - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_counter: Could not find Check item value pair
Hi, Please help me in my problem. I am new in this discussion. I've installed freeradius-0.7.1 now. I used freeradius-0.1.0 before and it was worked. In users file I define Daily-Session-Time for user ppkons: ppkons Daily-Session-Time 7200, Auth-Type := Reject Reply-Message = Your time limit is used When I run radiusd in test mode I see: rad_recv: Access-Request packet from host 194.44.25.67:2740, id=255, length=46 User-Name = ppkons User-Password = fi\025\224\010\207y!3\373\245m\031C!\201 modcall: entering group authorize modcall[authorize]: module preprocess returns ok # rlm_counter: Entering module authorize code rlm_counter: Could not find Check item value pair modcall[authorize]: module counter returns noop # radius_xlat: 'ppkons' sql_set_user: escaped user -- 'ppkons' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'ppkons' ORDER BY id' rlm_sql: Reserving sql socket id: 4 radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'ppkons' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'ppkons' ORDER BY id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'ppkons' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' radius_xlat: 'SELECT Value,Attribute FROM radcheck WHERE UserName = 'ppkons' AND ( Attribute = 'User-Password' OR Attribute = 'Password' OR Attribute = 'Crypt-Password' ) ORDER BY Attribute DESC' rlm_sql: Released sql socket id: 4 modcall[authorize]: module sql returns ok users: Matched ppkons at 6 modcall[authorize]: module files returns ok modcall: group authorize returns ok # rad_check_password: Found Auth-Type Reject rad_check_password: Auth-Type = Reject, rejecting user auth: Failed to validate the user. Login incorrect: [ppkons/KONsul89] (from client tonic port 0) Sending Access-Reject of id 255 to 194.44.25.67:2740 Reply-Message = Your time limit is used ## Finished request 0 Regards, Svetlana - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problem with counter (freeradius 0.7.1)
Hello!
I've used freeradius 0.7.1. I try to use counter in file users :
pptest3 Daily-Session-Time 7200, Auth-Type := Reject
Reply-Message = Your time limit is used
radiusd.conf
# Configuration for the counter module
#
# This module takes an attribute (count-attribute), which MUST
# be an 'integer' or 'time' attribute. It also takes a key,
# and creates a counter for each unique key. The count is
# incremented when accounting packets are received by the
# server. The value of the increment is the value of the
# count-attribute.
#
# The 'reset' parameter defines when the counters are all reset to
# zero. It can be hourly, daily, weekly, or monthly.
#
# The counter-name is the name of the attribute in the 'users'
# file used to access that counter. e.g.
#
# DEFAULT Daily-Session-Time 3600, Auth-Type = Reject
# Reply-Message = You've used up more than one hour today
#
counter {
filename = ${raddbdir}/db.counter
key = User-Name
count-attribute = Acct-Session-Time
reset = daily
counter-name = Daily-Session-Time
check-name = Max-Daily-Session
allowed-servicetype = Framed-User
cache-size = 5000
}
}
# Authentication types, Auth-Type = System for now.
authenticate {
}
authorize {
preprocess
counter
sql
files
}
# Accounting. Log to detail file, and to the radwtmp file, and maintain
# radutmp.
accounting {
acct_unique
sql
detail
counter
unix
radutmp
}
User test3 didn't work today but I have the following message:
Sending Access-Request of id 139 to 194.44.25.67:1645
User-Name = pptest3
Password = \367\214\023\005\350\342\236\307\237*\251\345Q\241\364\243
rad_recv: Access-Reject packet from host 194.44.25.67:1645, id=139, length=45
Reply-Message = Your time limit is used
It was working when I had used freeradius 0.1.0 --(
Regards,
Svetlana
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Invalid operator for item Password (freeradius 0.7.1)
Hi, I am new mamber in this discussion. I have used freeradius 0.7.1. I've got such warning from rlm_sql: Error: Invalid operator for item Password: reverting to '==' What must I do? Regards, Svetlana - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Group attribute in users file
I have install freeradius 0.7.1 In users file I'm writing: = DEFAULT Group == disabled, Auth-Type := Reject Reply-Message = Your account has been disabled = Attribute Group was ignored. Alhough it works in mysql. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
