AcctSessionId and stop packet with zero session length
Hello, I use Freeradius 0.9.0 / CVS-Snapshot. Sometimes I see in radius.log: Error: rlm_sql: Stop packet with zero session length. (user 'user', nas 'XXX.XX.XX.XX') In mysql database I have two records: Record #1: (Start record) AcctSessionId: 10623161861479 AcctStartTime: 2003-08-31 10:46:19 AcctStopTime: -00-00 00:00:00 Record #2: (Stop record) AcctSessionId: 61861479 AcctStartTime: -00-00 00:00:00 AcctStopTime: 2003-08-31 11:05:33 We can see AcctSessionId from the stop record is the part of the start record. With best regards, Svetlana - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
entry for NAS port has wrong ID
Hello, I've used freeradius-0.7.1 and mysql. For users who have bad connections I have two records in radacct table instead 1 record. For example: select username, radacctid, acctstarttime, acctstoptime from radacct where (acctstarttime=0 or acctstoptime=0); ppvb79800 2003-02-05 15:12:38 -00-00 00:00:00 ppvb79801 -00-00 00:00:00 2003-02-05 15:12:38 ppedvin 79820 2003-02-05 17:03:11 -00-00 00:00:00 ppedvin 79821 -00-00 00:00:00 2003-02-05 17:03:12 And in log file: Wed Feb 5 15:12:38 2003 : Auth: Login OK: [ppvb] (from client XX port X) Wed Feb 5 15:12:38 2003 : Auth: Multiple logins (max 1) : [ppvb] (from client XX port X) Wed Feb 5 15:12:38 2003 : Error: Accounting: logout: entry for NAS XX port X has wrong ID Wed Feb 5 17:03:11 2003 : Auth: Login OK: [ppedvin] (from client XX port X) Wed Feb 5 17:03:12 2003 : Auth: Multiple logins (max 1) : [ppedvin] (from client XX port X) Wed Feb 5 17:03:12 2003 : Error: Accounting: logout: entry for NAS XX port X has wrong ID Sincerelly, Svetlana - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Max-Daily-Session token usage, can anyone help?
I have downloaded version 0.8, and I've been lookoing at the sql (mysql) table... It seems that there is no entry for Max-Session-Time (or is it Max-Daily Session?) or either the Daily-Session-Time... Can anyone guide me on how to use these tokens properly... TIA Peter I used Max-Daily-Session, Max-Monthly-Session and Max-All-Session with version 0.7.1. radiusd.conf sqlcounter noresetcounter { counter-name = Max-All-Session-Time check-name = Max-All-Session sqlmod-inst = sql key = User-Name reset = never query = SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='%{%k}' } sqlcounter dailycounter { driver = rlm_sqlcounter counter-name = Daily-Session-Time check-name = Max-Daily-Session sqlmod-inst = sql key = User-Name reset = daily query = SELECT SUM(AcctSessionTime - GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime '%b' } sqlcounter monthlycounter { counter-name = Monthly-Session-Time check-name = Max-Monthly-Session sqlmod-inst = sql key = User-Name reset = monthly query = SELECT SUM(AcctSessionTime - GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime '%b' } ... authorize { preprocess sql noresetcounter dailycounter monthlycounter files } - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
dialup_admin, Acct-Terminate-Cause
Hello, failed_logins.php3 from dialup_admin: SELECT AcctStopTime,UserName,NASIPAddress,NASPortId,AcctTerminateCause,CallingStationId FROM $config[sql_accounting_table] WHERE AcctStopTime = '$now_str' AND AcctStopTime = '$prev_str' AND (AcctTerminateCause LIKE 'Login-Incorrect%' OR AcctTerminateCause LIKE 'Invalid-User%' OR AcctTerminateCause LIKE 'Multiple-Logins%') $callerid_str ORDER BY AcctStopTime $order $limit;); In my radacct table the field AcctTerminateCause is empty. How can I resolve this problem? Thank you, Svetlana - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
users file
In my users file I'm trying to define Simultaneous-Use for group: == DEFAULT Group == ppp-simul, Simultaneous-Use := 10 Fall-Through = Yes DEFAULT Simultaneous-Use := 1 Fall-Through = Yes DEFAULT Framed-Protocol == PPP, Simultaneous-Use := 1 Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Netmask = 255.255.255.255, Framed-MTU = 576, Idle-Timeout = 300, Framed-Compression = Van-Jacobson-TCP-IP, Fall-Through = Yes == But the first definition was ignored. I've tried to test users file with radclient and written following: == DEFAULT Group == ppp-simul, Simultaneous-Use := 1 Reply-Message = ppp-simul was detected, Fall-Through = Yes DEFAULT Simultaneous-Use := 1 Reply-Message = next step, Fall-Through = Yes DEFAULT Framed-Protocol == PPP Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Netmask = 255.255.255.255, Framed-MTU = 576, Idle-Timeout = 300, Framed-Compression = Van-Jacobson-TCP-IP, Fall-Through = Yes == But radclient returned me message next step without ppp-simul was detected although the user that I tested was defined in usergroup: usernamegroupname ppuser ppp-simul radiusd.conf: # Authentication types, Auth-Type = System for now. authenticate { } authorize { preprocess sql noresetcounter dailycounter monthlycounter files } accounting { acct_unique sql detail unix radutmp #sradutmp } # Session database, used for checking Simultaneous-Use. The radutmp module # handles this session { radutmp } - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Simultaneous-Use problem
Hello, I am trying to use Simultaneous-Use for group users through mysql with freeradius-snapshot-20021101. radiusd.conf: == # Session database, used for checking Simultaneous-Use. The radutmp module # handles this session { # radutmp sql } sql.conf: == # Uncomment simul_count_query to enable simultaneous use checking simul_count_query = SELECT COUNT(*) FROM ${acct_table1} WHERE UserName='%{SQL-User-Name}' AND AcctStopTime = 0 simul_verify_query = SELECT RadAcctId, AcctSessionId, UserName, NASIPAddress, NASPortId, FramedIPAddress, CallingStationId, FramedProtocol FROM ${acct_table1} WHERE UserName='%{SQL-User-Name}' AND AcctStopTime = 0 radgroupcheck: == GroupName Attribute op Value ppp-simul Simultaneous-Use:=3D1 I've also used op=:= And now users from another groups (not ppp-simul) hasn't access too: Multiple logins (max 1) : [ppgip] (from client riak port 11) Sending Access-Reject of id 250 to XXX.XX.XX.XX:1026 Reply-Message := \r\nYou are already logged in - access denied\r\n\n I think GroupName wasn't checked. Why? rad_recv: Access-Request packet from host XXX.XX.XX.XX:1026, id=250, length=82 User-Name = ppgip User-Password = XXX NAS-IP-Address = XXX.XX.XX.XX NAS-Port = 11 NAS-Port-Type = Async Connect-Info = 14400 Framed-Protocol = PPP Service-Type = Framed-User modcall: entering group authorize modcall[authorize]: module preprocess returns ok radius_xlat: 'ppgip' sql_set_user: escaped user -- 'ppgip' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'ppgip' ORDER BY id' rlm_sql: Reserving sql socket id: 2 radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'ppgip' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'ppgip' ORDER BY id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'ppgip' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql: Released sql socket id: 2 modcall[authorize]: module sql returns ok rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair modcall[authorize]: module noresetcounter returns noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair modcall[authorize]: module dailycounter returns noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair modcall[authorize]: module monthlycounter returns noop users: Matched DEFAULT at 12 modcall[authorize]: module files returns ok modcall: group authorize returns ok auth: type Local auth: user supplied User-Password matches local User-Password modcall: entering group session radius_xlat: 'ppgip' sql_set_user: escaped user -- 'ppgip' radius_xlat: 'SELECT COUNT(*) FROM radacct WHERE UserName='ppgip' AND AcctStopTime = 0' rlm_sql: Reserving sql socket id: 1 radius_xlat: 'SELECT RadAcctId, AcctSessionId, UserName, NASIPAddress, NASPortId, FramedIPAddress, CallingStationId, FramedProtocol FROM radacct WHERE UserName='ppgip' AND AcctStopTime = 0' rlm_sql: Released sql socket id: 1 modcall[session]: module sql returns ok modcall: group session returns ok Multiple logins (max 1) : [ppgip] (from client riak port 11) Sending Access-Reject of id 250 to XXX.XX.XX.XX:1026 Reply-Message := \r\nYou are already logged in - access denied\r\n\n Finished request 5 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_acct_unique: WARNINGS
Hello, I've installed freeradius-snapshot20021101 and rlm_acct_unique send me next warnings: rlm_acct_unique: WARNING: Attribute 87 was not found in request, unique ID MAY be inconsistent rlm_acct_unique: WARNING: Attribute 1052 was not found in request, unique ID MAY be inconsistent How can I fixed it? Best regards, Svetlana == rad_recv: Accounting-Request packet from host 194.44.25.65:1026, id=65, length=99 Acct-Status-Type = Start User-Name = ppmars NAS-IP-Address = 194.44.25.65 NAS-Port = 1 NAS-Port-Type = Async Acct-Session-Id = 0100f4b5 Connect-Info = 14400 Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Address = 194.44.25.1 Framed-Compression = Van-Jacobson-TCP-IP Acct-Delay-Time = 0 modcall: entering group accounting rlm_acct_unique: WARNING: Attribute 87 was not found in request, unique ID MAY be inconsistent rlm_acct_unique: WARNING: Attribute 1052 was not found in request, unique ID MAY be inconsistent rlm_acct_unique: Hashing ',,NAS-IP-Address = 194.44.25.65,Acct-Session-Id = 0100f4b5,User-Name = ppmars' rlm_acct_unique: Acct-Unique-Session-ID = a29b60e5c02cf3a3. modcall[accounting]: module acct_unique returns ok radius_xlat: 'ppmars' sql_set_user: escaped user -- 'ppmars' radius_xlat: 'INSERT into radacct (RadAcctId, AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('', '0100f4b5', 'a29b60e5c02cf3a3', 'ppmars', '', '194.44.25.65', '1', 'Async', '2002-11-07 16:34:59', '0', '0', '', '14400', '', '0', '0', '', '', '', 'Framed-User', 'PPP', '194.44.25.1', '0', '0')' rlm_sql: Reserving sql socket id: 3 rlm_sql: Released sql socket id: 3 modcall[accounting]: module sql returns ok radius_xlat: '/usr/local/var/log/radius/radacct/ppmars/detail' rlm_detail: /usr/local/var/log/radius/radacct/%u/detail expands to /usr/local/var/log/radius/radacct/ppmars/detail modcall[accounting]: module detail returns ok modcall[accounting]: module unix returns ok radius_xlat: 'ppmars' modcall[accounting]: module radutmp returns ok modcall: group accounting returns ok Sending Accounting-Response of id 65 to 194.44.25.65:1026 Finished request 1 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with rlm_counter again
Thank you very much! In mysql radcheck table I wrote: UsernameAttribute Value Op ppkons PasswordXXX == ppkons Max-Daily-Session 1 := and all Ok. Message: 7 Date: Sat, 2 Nov 2002 00:02:06 +0200 (EET) From: Kostas Kalevras [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: Problem with rlm_counter again Reply-To: [EMAIL PROTECTED] On Fri, 1 Nov 2002, Svetlana Vyslanko wrote: Hi, I've already written about problem with rlm_counter. I've installed snapshots today but problem is not fixed. Please help me if it possible. In users file I define Daily-Session-Time for user ppkons: ppkonsDaily-Session-Time 7200, Auth-Type := Reject Reply-Message = Your time limit is used Use the Max-Daily-Session as outlined in the sample radiusd.conf. Something like: ppkons Max-Daily-Session := 7200 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problem with rlm_counter again
Hi, I've already written about problem with rlm_counter. I've installed snapshots today but problem is not fixed. Please help me if it possible. In users file I define Daily-Session-Time for user ppkons: ppkons Daily-Session-Time 7200, Auth-Type := Reject Reply-Message = Your time limit is used When I run radiusd in test mode I see: Ready to process requests. rad_recv: Access-Request packet from host YYY.YY.YY.YY:, id=94, length=46 User-Name = ppkons User-Password = XXX modcall: entering group authorize modcall[authorize]: module preprocess returns ok rlm_counter: Entering module authorize code = rlm_counter: Could not find Check item value pair modcall[authorize]: module counter returns noop = radius_xlat: 'ppkons' sql_set_user: escaped user -- 'ppkons' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'ppkons' ORDER BY id' rlm_sql: Reserving sql socket id: 4 radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'ppkons' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'ppkons' ORDER BY id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'ppkons' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql: Released sql socket id: 4 modcall[authorize]: module sql returns ok modcall[authorize]: module files returns notfound modcall: group authorize returns ok rad_check_password: Found Auth-Type Reject rad_check_password: Auth-Type = Reject, rejecting user auth: Failed to validate the user. Login incorrect: [ppkons/XXX] (from client tonic port 0) Sending Access-Reject of id 94 to YYY.YY.YY.YY: Finished request 0 Regards, Svetlana - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_counter: Could not find Check item value pair
Hi, Please help me in my problem. I am new in this discussion. I've installed freeradius-0.7.1 now. I used freeradius-0.1.0 before and it was worked. In users file I define Daily-Session-Time for user ppkons: ppkons Daily-Session-Time 7200, Auth-Type := Reject Reply-Message = Your time limit is used When I run radiusd in test mode I see: rad_recv: Access-Request packet from host 194.44.25.67:2740, id=255, length=46 User-Name = ppkons User-Password = fi\025\224\010\207y!3\373\245m\031C!\201 modcall: entering group authorize modcall[authorize]: module preprocess returns ok # rlm_counter: Entering module authorize code rlm_counter: Could not find Check item value pair modcall[authorize]: module counter returns noop # radius_xlat: 'ppkons' sql_set_user: escaped user -- 'ppkons' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'ppkons' ORDER BY id' rlm_sql: Reserving sql socket id: 4 radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'ppkons' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'ppkons' ORDER BY id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'ppkons' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' radius_xlat: 'SELECT Value,Attribute FROM radcheck WHERE UserName = 'ppkons' AND ( Attribute = 'User-Password' OR Attribute = 'Password' OR Attribute = 'Crypt-Password' ) ORDER BY Attribute DESC' rlm_sql: Released sql socket id: 4 modcall[authorize]: module sql returns ok users: Matched ppkons at 6 modcall[authorize]: module files returns ok modcall: group authorize returns ok # rad_check_password: Found Auth-Type Reject rad_check_password: Auth-Type = Reject, rejecting user auth: Failed to validate the user. Login incorrect: [ppkons/KONsul89] (from client tonic port 0) Sending Access-Reject of id 255 to 194.44.25.67:2740 Reply-Message = Your time limit is used ## Finished request 0 Regards, Svetlana - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problem with counter (freeradius 0.7.1)
Hello! I've used freeradius 0.7.1. I try to use counter in file users : pptest3 Daily-Session-Time 7200, Auth-Type := Reject Reply-Message = Your time limit is used radiusd.conf # Configuration for the counter module # # This module takes an attribute (count-attribute), which MUST # be an 'integer' or 'time' attribute. It also takes a key, # and creates a counter for each unique key. The count is # incremented when accounting packets are received by the # server. The value of the increment is the value of the # count-attribute. # # The 'reset' parameter defines when the counters are all reset to # zero. It can be hourly, daily, weekly, or monthly. # # The counter-name is the name of the attribute in the 'users' # file used to access that counter. e.g. # # DEFAULT Daily-Session-Time 3600, Auth-Type = Reject # Reply-Message = You've used up more than one hour today # counter { filename = ${raddbdir}/db.counter key = User-Name count-attribute = Acct-Session-Time reset = daily counter-name = Daily-Session-Time check-name = Max-Daily-Session allowed-servicetype = Framed-User cache-size = 5000 } } # Authentication types, Auth-Type = System for now. authenticate { } authorize { preprocess counter sql files } # Accounting. Log to detail file, and to the radwtmp file, and maintain # radutmp. accounting { acct_unique sql detail counter unix radutmp } User test3 didn't work today but I have the following message: Sending Access-Request of id 139 to 194.44.25.67:1645 User-Name = pptest3 Password = \367\214\023\005\350\342\236\307\237*\251\345Q\241\364\243 rad_recv: Access-Reject packet from host 194.44.25.67:1645, id=139, length=45 Reply-Message = Your time limit is used It was working when I had used freeradius 0.1.0 --( Regards, Svetlana - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Invalid operator for item Password (freeradius 0.7.1)
Hi, I am new mamber in this discussion. I have used freeradius 0.7.1. I've got such warning from rlm_sql: Error: Invalid operator for item Password: reverting to '==' What must I do? Regards, Svetlana - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Group attribute in users file
I have install freeradius 0.7.1 In users file I'm writing: = DEFAULT Group == disabled, Auth-Type := Reject Reply-Message = Your account has been disabled = Attribute Group was ignored. Alhough it works in mysql. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html