Max-All-Session counter module problem
Hi,
I am posting the debug of another user who has same problem:
rad_recv: Access-Request packet from host 202.79.xx.XX port 65050,
id=12, length=189
NAS-Identifier = pppoe-bhw.
Acct-Session-Id = 1633129-mpd-pppoe-70
NAS-Port = 70
NAS-Port-Type = Ethernet
Service-Type = Framed-User
Framed-Protocol = PPP
Calling-Station-Id = 0016768aaa28
Called-Station-Id = WIFITEST
NAS-Port-Id = rl0
Vendor-12341-Attr-12 = 0x6d70642d7070706f652d3730
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Client-Endpoint:0 = 00:16:76:8a:aa:28
User-Name = sneha
User-Password = 123
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = sneha, looking up realm NULL
[suffix] No such realm NULL
++[suffix] returns noop
[sql] expand: %{User-Name} - sneha
[sql] sql_set_user escaped user -- 'sneha'
rlm_sql (sql): Reserving sql socket id: 1
[sql] expand: SELECT id, username, attribute, value, op FROM
radcheck WHERE username = '%{SQL-User-Name}' ORDER
BY id - SELECT id, username, attribute, value, op FROM
radcheck WHERE username = 'sneha' ORDER BY id
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op FROM
radreply WHERE username = '%{SQL-User-Name}' ORDER
BY id - SELECT id, username, attribute, value, op FROM
radreply WHERE username = 'sneha' ORDER BY id
[sql] expand: SELECT groupname FROM radusergroup
WHERE username = '%{SQL-User-Name}' ORDER BY priority -
SELECT groupname FROM radusergroup WHERE username =
'sneha' ORDER BY priority
[sql] expand: SELECT id, groupname, attribute, Value,
op FROM radgroupcheck WHERE groupname =
'%{Sql-Group}' ORDER BY id - SELECT id, groupname,
attribute, Value, op FROM radgroupcheck
WHERE groupname = 'Prepaid Hours' ORDER BY id
[sql] User found in group Prepaid Hours
[sql] expand: SELECT id, groupname, attribute, value,
op FROM radgroupreply WHERE groupname =
'%{Sql-Group}' ORDER BY id - SELECT id, groupname,
attribute, value, op FROM radgroupreply
WHERE groupname = 'Prepaid Hours' ORDER BY id
rlm_sql (sql): Released sql socket id: 1
++[sql] returns ok
[ldap] performing user authorization for sneha
[ldap] WARNING: Deprecated conditional expansion :-. See man unlang
for details
[ldap] expand: (cn=%{Stripped-User-Name:-%{User-Name}}) - (cn=sneha)
[ldap] expand: ou=users,ou=radius,dc=resunganet,dc=com,dc=np -
ou=users,ou=radius,dc=resunganet,dc=com,dc=np
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in
ou=users,ou=radius,dc=resunganet,dc=com,dc=np, with filter (cn=sneha)
[ldap] checking if remote access for sneha is allowed by dialupAccess
[ldap] Added User-Password = {SSHA}zG7/cgoBWWNIVo7WtLMria1ui7GJAztI in
check items
[ldap] looking for check items in directory...
[ldap] looking for reply items in directory...
[ldap] user sneha authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap] returns ok
rlm_sqlcounter: Entering module authorize code
sqlcounter_expand: 'SELECT SUM(AcctSessionTime) FROM radacct WHERE
UserName='%{User-Name}''
[noresetcounter]expand: SELECT SUM(AcctSessionTime) FROM radacct
WHERE UserName='%{User-Name}' - SELECT SUM(AcctSessionTime) FROM
radacct WHERE UserName='sneha'
sqlcounter_expand: '%{sql:SELECT SUM(AcctSessionTime) FROM radacct
WHERE UserName='sneha'}'
[noresetcounter] sql_xlat
[noresetcounter]expand: %{User-Name} - sneha
[noresetcounter] sql_set_user escaped user -- 'sneha'
[noresetcounter]expand: SELECT SUM(AcctSessionTime) FROM radacct
WHERE UserName='sneha' - SELECT SUM(AcctSessionTime) FROM radacct WHERE
UserName='sneha'
rlm_sql (sql): Reserving sql socket id: 0
[noresetcounter] sql_xlat finished
rlm_sql (sql): Released sql socket id: 0
[noresetcounter]expand: %{sql:SELECT SUM(AcctSessionTime) FROM
radacct WHERE UserName='sneha'} - 90001
rlm_sqlcounter: (Check item - counter) is less than zero
rlm_sqlcounter: Rejected user sneha, check_item=9, counter=90001
++[noresetcounter] returns reject
Invalid user (rlm_sqlcounter: Maximum never usage time reached): [sneha]
(from client pppoe-bhw port 70 cli 0016768aaa28)
Using Post-Auth-Type Reject
+- entering group REJECT {...}
===
check_item shows 9 whereas I have updated the radcheck
Max-All-Session Value by 18 but still Reject with Maximum never
usage time reached?
radcheck table output of user sneha:
2901 | sneha| Max-All-Session| := | 18 |
Thank you
Bishal
I am using Freeradius 2.1.6 with LDAP for
Max-All-Session counter module problem[SOLVED]
Hello all,
Problem is solved. Actually it was due to radgroupcheck table. There I have
inserted Max-All-Session as 9. I deleted it and now the user can log in.
Thank you
Bishal
Hi,
I am posting the debug of another user who has same problem:
rad_recv: Access-Request packet from host 202.79.xx.XX port 65050,
id=12, length=189
NAS-Identifier = pppoe-bhw.
Acct-Session-Id = 1633129-mpd-pppoe-70
NAS-Port = 70
NAS-Port-Type = Ethernet
Service-Type = Framed-User
Framed-Protocol = PPP
Calling-Station-Id = 0016768aaa28
Called-Station-Id = WIFITEST
NAS-Port-Id = rl0
Vendor-12341-Attr-12 = 0x6d70642d7070706f652d3730
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Client-Endpoint:0 = 00:16:76:8a:aa:28
User-Name = sneha
User-Password = 123
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = sneha, looking up realm NULL
[suffix] No such realm NULL
++[suffix] returns noop
[sql] expand: %{User-Name} - sneha
[sql] sql_set_user escaped user -- 'sneha'
rlm_sql (sql): Reserving sql socket id: 1
[sql] expand: SELECT id, username, attribute, value, op FROM
radcheck WHERE username = '%{SQL-User-Name}' ORDER
BY id - SELECT id, username, attribute, value, op FROM
radcheck WHERE username = 'sneha' ORDER BY id
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op FROM
radreply WHERE username = '%{SQL-User-Name}' ORDER
BY id - SELECT id, username, attribute, value, op FROM
radreply WHERE username = 'sneha' ORDER BY id
[sql] expand: SELECT groupname FROM radusergroup WHERE username =
'%{SQL-User-Name}' ORDER BY priority -
SELECT groupname FROM radusergroup WHERE username =
'sneha' ORDER BY priority
[sql] expand: SELECT id, groupname, attribute, Value,
op FROM radgroupcheck WHERE groupname =
'%{Sql-Group}' ORDER BY id - SELECT id, groupname,
attribute, Value, op FROM radgroupcheck WHERE groupname = 'Prepaid
Hours' ORDER BY id
[sql] User found in group Prepaid Hours
[sql] expand: SELECT id, groupname, attribute, value,
op FROM radgroupreply WHERE groupname =
'%{Sql-Group}' ORDER BY id - SELECT id, groupname,
attribute, value, op FROM radgroupreply WHERE groupname = 'Prepaid
Hours' ORDER BY id
rlm_sql (sql): Released sql socket id: 1
++[sql] returns ok
[ldap] performing user authorization for sneha
[ldap] WARNING: Deprecated conditional expansion :-. See man unlang
for details
[ldap] expand: (cn=%{Stripped-User-Name:-%{User-Name}}) - (cn=sneha)
[ldap] expand: ou=users,ou=radius,dc=resunganet,dc=com,dc=np -
ou=users,ou=radius,dc=resunganet,dc=com,dc=np
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in
ou=users,ou=radius,dc=resunganet,dc=com,dc=np, with filter (cn=sneha)
[ldap] checking if remote access for sneha is allowed by dialupAccess
[ldap] Added User-Password = {SSHA}zG7/cgoBWWNIVo7WtLMria1ui7GJAztI in
check items
[ldap] looking for check items in directory...
[ldap] looking for reply items in directory...
[ldap] user sneha authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap] returns ok
rlm_sqlcounter: Entering module authorize code
sqlcounter_expand: 'SELECT SUM(AcctSessionTime) FROM radacct WHERE
UserName='%{User-Name}''
[noresetcounter]expand: SELECT SUM(AcctSessionTime) FROM radacct
WHERE UserName='%{User-Name}' - SELECT SUM(AcctSessionTime) FROM
radacct WHERE UserName='sneha'
sqlcounter_expand: '%{sql:SELECT SUM(AcctSessionTime) FROM radacct
WHERE UserName='sneha'}'
[noresetcounter] sql_xlat
[noresetcounter]expand: %{User-Name} - sneha
[noresetcounter] sql_set_user escaped user -- 'sneha'
[noresetcounter]expand: SELECT SUM(AcctSessionTime) FROM radacct
WHERE UserName='sneha' - SELECT SUM(AcctSessionTime) FROM radacct WHERE
UserName='sneha'
rlm_sql (sql): Reserving sql socket id: 0
[noresetcounter] sql_xlat finished
rlm_sql (sql): Released sql socket id: 0
[noresetcounter]expand: %{sql:SELECT SUM(AcctSessionTime) FROM
radacct WHERE UserName='sneha'} - 90001
rlm_sqlcounter: (Check item - counter) is less than zero
rlm_sqlcounter: Rejected user sneha, check_item=9, counter=90001
++[noresetcounter] returns reject
Invalid user (rlm_sqlcounter: Maximum never usage time reached): [sneha]
(from client pppoe-bhw port 70 cli 0016768aaa28)
Using Post-Auth-Type Reject
+- entering group REJECT {...}
===
check_item shows 9 whereas I have updated the radcheck
Max-All-Session Value by 18 but still Reject with Maximum never
usage time reached?
radcheck table output of user sneha:
2901 | sneha| Max-All-Session| := | 18
Using counter module
Hi ! I would like to use the counter module (not the sql_counter module) of FreeRadius 2.0.5 and I have questions about it : 1 - If it's possible, how can I display the value of a counter into the reply message ? 2 - I have created a counter based on the Acct-Output-Octets, so when a user reached the threshold, the Reply-Message is remplaced by : Your maximum daily usage time has been reached. I would like to modify it depending on the threshold reached (I will place 2 or 3 differents counters) because it's in English, I display this Reply-Message on my error page and because the threshold is not depending on time :) Is it possible and how can I do it ? Thank you for your help -- Romain Mercier Université d'Angers Service Systèmes et Réseaux @ : [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Using counter module
I would like to use the counter module (not the sql_counter module) of
FreeRadius 2.0.5 and I have questions about it :
1 - If it's possible, how can I display the value of a counter into the
reply message ?
Counter value is held in the attribute defined by counter-name. You can
display that like any other attribute value:
%{some_attribute}
2 - I have created a counter based on the Acct-Output-Octets, so when a
user reached the threshold, the Reply-Message is remplaced by :
Your maximum daily usage time has been reached.
I would like to modify it depending on the threshold reached (I will
place 2 or 3 differents counters) because it's in English, I display
this Reply-Message on my error page and because the threshold is not
depending on time :)
Is it possible and how can I do it ?
You can define Reply-Message in sqlcounter but it's hardcoded in counter
module. Replace it like you would replace value of any other attribute:
Reply Message := whatever
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Where to find sql counter module ?
Just vim /etc/freeradius/dictionary and include the following line $INCLUDE/usr/share/freeradius/dictionary.chillispot Oh, and move the chillispot.dictionary file into the /usr/share/freeradius directory just to keep things neat! Goodluck! Tas. YvesDM wrote: On 2/24/07, *Graham Beneke* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Looks like a dictionary problem to me - Chillispot's dictionary is not yet part of FR you have to add it manually. Maybe someone with a little spare time can throw together the Chillispot dictionary as a patch ;-) Graham Beneke Yeah, that was my first thought too, but I've added the dictionary before, so the dictionary is there Kind regards, Yves - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Where to find sql counter module ?
On 2/25/07, Tas Dionisakos [EMAIL PROTECTED] wrote: Just vim /etc/freeradius/dictionary and include the following line $INCLUDE/usr/share/freeradius/dictionary.chillispot Oh, and move the chillispot.dictionary file into the /usr/share/freeradius directory just to keep things neat! Goodluck! Tas. Arrghhow could i forget that $include ! Anyway, I just added the line in /usr/share/dictionary itself, $INCLUDE dictionary.chillispot Many thanks Kind Regards, Yves - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Where to find sql counter module ?
On 2/24/07, PD [EMAIL PROTECTED] wrote: Simple questions... how and where to get sql counter module ? I try to googling for hours but still can not find it. TIA PD You should compile FR with experimental modules You have to create the module yourself Read rlm_sqlcounter in the doc/ folder . It's explained how to use this. Kind Regards, Yves - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Where to find sql counter module ?
YvesDM wrote: On 2/24/07, *PD* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Simple questions... how and where to get sql counter module ? I try to googling for hours but still can not find it. TIA PD You should compile FR with experimental modules You have to create the module yourself Read rlm_sqlcounter in the doc/ folder . It's explained how to use this. In the current version of FR (1.1.4) the sqlcounter module is no longer experimental - comes as in the default collection of modules. There is also a wiki article on using sqlcounter: http://wiki.freeradius.org/Rlm_sqlcounter Its not complete but I am working on it. -- Graham Beneke - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Where to find sql counter module ?
On 2/24/07, Graham Beneke [EMAIL PROTECTED] wrote:
In the current version of FR (1.1.4) the sqlcounter module is no longer
experimental - comes as in the default collection of modules.
There is also a wiki article on using sqlcounter:
http://wiki.freeradius.org/Rlm_sqlcounter
Its not complete but I am working on it.
--
Graham Beneke
Interesting, tnx for your work!
I'm struggling with the sqlcounter module too for the moment.
Try to define the reply-name (FR1.1.4), but it gives me errors
If I specify this in sqlcounter.conf:
sqlcounter volumelimit {
counter-name = Octets-Total
check-name = Max-Octets
reply-name = ChilliSpot-Max-Total-Octets
sqlmod-inst = sql
key = User-Name
reset = monthly
# This query will calculate the total volume used
it results in:
freeradius -X | grep sqlcounter
snip
sqlcounter: counter-name = Octets-Total
sqlcounter: check-name = Max-Octets
sqlcounter: reply-name = ChilliSpot-Max-Total-Octets
sqlcounter: key = User-Name
sqlcounter: sqlmod-inst = sql
sqlcounter: query = SELECT (SUM(AcctInputOctets) +SUM(AcctInputGigawords *
4294967295) +SUM(AcctOutputOctets) +SUM(AcctOutputGigawords * 4294967295)) /
1048576 FROM radacct WHERE UserName = '%{%k}' AND AcctStartTime
FROM_UNIXTIME('%b')
sqlcounter: reset = monthly
sqlcounter: safe-characters =
@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /
rlm_sqlcounter: No such attribute ChilliSpot-Max-Total-Octets
obelix:/etc/freeradius#
sqlcounter: counter-name = Octets-Total
sqlcounter: check-name = Max-Octets
sqlcounter: reply-name = ChilliSpot-Max-Total-Octets
sqlcounter: key = User-Name
sqlcounter: sqlmod-inst = sql
sqlcounter: query = SELECT (SUM(AcctInputOctets) +SUM(AcctInputGigawords *
4294967295) +SUM(AcctOutputOctets) +SUM(AcctOutputGigawords * 4294967295)) /
1048576 FROM radacct WHERE UserName = '%{%k}' AND AcctStartTime
FROM_UNIXTIME('%b')
sqlcounter: reset = monthly
sqlcounter: safe-characters =
@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /
rlm_sqlcounter: No such attribute ChilliSpot-Max-Total-Octets
obelix:/etc/freeradius#
Strange...
But I'm not in a rush, I'll find out what's wrong :-)
Kind regards,
Yves
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Where to find sql counter module ?
- Original Message - From: YvesDM To: FreeRadius users mailing list Sent: Saturday, February 24, 2007 9:03 AM Subject: Re: Where to find sql counter module ? On 2/24/07, PD [EMAIL PROTECTED] wrote: Simple questions... how and where to get sql counter module ? I try to googling for hours but still can not find it. TIA PD You should compile FR with experimental modules You have to create the module yourself Read rlm_sqlcounter in the doc/ folder . It's explained how to use this. Kind Regards, Yves -- Everithing step I do, but, if the Max-Daily-Session 3600, the FR not do anything. why?- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Where to find sql counter module ?
YvesDM wrote: rlm_sqlcounter: No such attribute ChilliSpot-Max-Total-Octets obelix:/etc/freeradius# Strange... But I'm not in a rush, I'll find out what's wrong :-) Looks like a dictionary problem to me - Chillispot's dictionary is not yet part of FR you have to add it manually. Maybe someone with a little spare time can throw together the Chillispot dictionary as a patch ;-) Graham Beneke - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Where to find sql counter module ?
On 2/24/07, Graham Beneke [EMAIL PROTECTED] wrote: YvesDM wrote: rlm_sqlcounter: No such attribute ChilliSpot-Max-Total-Octets obelix:/etc/freeradius# Strange... But I'm not in a rush, I'll find out what's wrong :-) Looks like a dictionary problem to me - Chillispot's dictionary is not yet part of FR you have to add it manually. Maybe someone with a little spare time can throw together the Chillispot dictionary as a patch ;-) Graham Beneke Yeah, that w - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Where to find sql counter module ?
On 2/24/07, Graham Beneke [EMAIL PROTECTED] wrote: Looks like a dictionary problem to me - Chillispot's dictionary is not yet part of FR you have to add it manually. Maybe someone with a little spare time can throw together the Chillispot dictionary as a patch ;-) Graham Beneke Yeah, that was my first thought too, but I've added the dictionary before, so the dictionary is there Kind regards, Yves - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
counter module usage question
Hi!! I am trying to utilize the counter module. I tried to do everything as it is written in the comments from the radiusd.conf file. unfortunately I still have some problem to make it work and fully understand. I ask for your assistance and small explanation. As I understood the counter modules generally controls the login process of the users, where logging is equivalent of sending a request to the radius server. So whenever the request is received by radius the module investigates the content of the packet. It checks if there are parameters corresponding to the 'count-attribute' and 'key' parameters defined for that module. Then if they are present it creates a counter which is stored in the 'filename' file. Then it updates the value of the 'counter-name' parameter which will be passed further with the packet. So now if I want to control the process further I need to make the proper modification in the users file against the value of the parameter pointed by the check-name parameter from the counter module configuration, am I right? Is there a way to somehow set the default value for 'check-name' parameter in the module configuration in the radiusd.conf? Thank You for your time!! tomasz - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Two sql queries in counter module
Hello all
Is it possible to make two queries in sql counter module? like
sqlcounter noresetcounter {
driver = rlm_sqlcounter
counter-name = Max-All-Session-Time
check-name = Max-All-Session
sqlmod-inst = sql
key = User-Name
reset = never
query1=SELECT activedate from radacct where
username='%{%k}'
query = SELECT SUM(AcctSessionTime) FROM
radacct WHERE UserName='%{%k}' AND ActiveDate='$query1'
}
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Two sql queries in counter module
Bishal [EMAIL PROTECTED] wrote: Is it possible to make two queries in sql counter module? like No. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problem in accounting with sql counter module max-all-session
Hi,
I have setup freeradius 1.1.2 in FreeBSD 6.0 with mysql support. I
have setup user in radcheck table as follows;
1403 | test01 | | || Max-All-Session | :=
| 1500|
The user test001 is allowed to login total for 25hrs. After finishing
25hrs if the user recharge his account to 30hrs again and I updated
max-all-session to 1800 seconds in radcheck table.
Now when the user tries to connect he get disconneted after 5hrs and
when he tried to reconnect, he couldnot get authenticate. In my radius
log I see ;
Mon Sep 4 17:43:56 2006 : Auth: Invalid user (rlm_sqlcounter: Maximum
never usage time reached): [test01] (from client pppoe-bhw port 4448
cli 0:7:95:10:73:9e)
What could be the problem with sql counter module? In my radiusd.conf
settings I have setup max-all-session counter as follows;
sqlcounter noresetcounter {
driver = rlm_sqlcounter
counter-name = Max-All-Session-Time
check-name = Max-All-Session
sqlmod-inst = sql
key = User-Name
reset = never
query = SELECT SUM(AcctSessionTime) FROM
radacct WHERE UserName='%{%k}'
}
All things are running well except rechargeable account. How could I
make rechargeable sqlcounter module for hourly accounts?
Do I need to create the seperate sqlcounter according to plan? Like if
25hrs then in sqlcounter section reset=25h, if 50hrs reset=50h
etc,
Any suggestion?
Bishal
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How to use the counter module
On Sun, 2005-11-13 at 12:20 +, [EMAIL PROTECTED] wrote: Could I use the Counter module to count the number of times a user gets their password wrong? AFAIK the counter module was not designed to count this type of things. The idea is to count let's say the total amount of time a user has spent online, or the total traffic he has transfered. This does not mean that you can't find some new ingenious way of using it though :). Regards, RAdo - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How to use the counter module
[EMAIL PROTECTED] wrote: OK, I had no luck with my previous email so let's try a different approach. Could I use the Counter module to count the number of times a user gets their password wrong? I guess I need to call Counter on Access-Reject, or just before the Reply packet is sent as I can check the attributes sent back. This would be in the post-process area I think. You want to reject a user if they get their password wrong more than X times over a period of X ? Not sure about the counter module but you could use sqlcounter module and query the radpostauth table. martin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Execute script to enable rlm counter module
Hello,
I want to execute a script in the authentication process that simulates
accounting with radclient so that the counter module starts measuring time. But
I do not know what data freeradius expects to start counting.
The whole story with debug info:
Currently I write a diploma involving a freeradius server. The platform is
debian and windows xp (cygwin compiled version of freeradius - nearly
identical configuration).
I create useraccounts dynamically and I load them through fastusers. So no SQL
is involved (does not work in the win32 version). I want to disable a user
account 60 minutes after he uses the account to authenticate on the radius
server through eap-md5. The authentication part works fine with the client.
The calculation of the session time with daily counter does not work. I suppose
because the NAS does not support radius accounting. And with my understanding
of the manual and various posts to this mailinglist it is mandatory to get the
counter working.
I use the standard radius configfile and I have uncommented the counter daily
in the appropriate sections in raddb.conf. In users I have implemented the
DEFAULT rule to reject 60 minutes after first use.
DEFAULT Daily-Session-Time 3600, Auth-Type = Reject
Reply-Message = You've used up more than one hour today
According to the debug information the counter is correctly instantiated:
Module: Loaded Counter
counter: filename = ../etc/raddb/db.daily
counter: key = User-Name
counter: reset = monthly
counter: count-attribute = Acct-Session-Time
counter: counter-name = Daily-Session-Time
counter: check-name = Max-Daily-Session
counter: allowed-servicetype = (null)
counter: cache-size = 5000
rlm_counter: Counter attribute Daily-Session-Time is number 1671
rlm_counter: Current Time: 1130410681 [2005-10-27 12:58:01], Next reset 11307960
00 [2005-10-31 23:00:00]
Module: Instantiated counter (daily)
freeradius is listening:
Listening on authentication *:1812
Listening on accounting *:1813
Listening on proxy *:1814
Ready to process requests.
When a user logs in the counter returns:
rlm_counter: Entering module authorize code
rlm_counter: Could not find Check item value pair
modcall[authorize]: module daily returns noop for request 0
There is the accounting database db.daily with ~4kb binary data. I suppose that
there is no accounting data in it and so the counter could not check the item
value pair.
The counter module daily does not begin accounting because the user only
authorizes himself and it could be possible that he does not use the service.
--- So I want to trick freeradius with fake accounting data.
I want to execute a script in the authentication process that simulates
accounting with the radclient. I managed to execute a script to start
radclient. But I do not know what data is needed so that freeradius really
thinks that the user uses his account.
If I send an the standard test accounting packet with radclient I receive this:
Nothing to do. Sleeping until we see a request.
rad_recv: Accounting-Request packet from host 127.0.0.1:1846, id=48, length=60
User-Name = John Doe
User-Password = \203\373\033%bk82\356\250\227\016\005\031\375\023
NAS-IP-Address = 127.0.0.1
NAS-Port = 123
Processing the preacct section of radiusd.conf
modcall: entering group preacct for request 1
modcall[preacct]: module preprocess returns noop for request 1
rlm_acct_unique: WARNING: Attribute Acct-Session-Id was not found in request, un
ique ID MAY be inconsistent
rlm_acct_unique: Hashing 'NAS-Port = 123,Client-IP-Address = 127.0.0.1,NAS-IP-Ad
dress = 127.0.0.1,,User-Name = John Doe'
rlm_acct_unique: Acct-Unique-Session-ID = 40560ac3fd77d64a.
modcall[preacct]: module acct_unique returns ok for request 1
rlm_realm: No '@' in User-Name = John Doe, looking up realm NULL
rlm_realm: No such realm NULL
modcall[preacct]: module suffix returns noop for request 1
modcall[preacct]: module files returns noop for request 1
modcall: group preacct returns ok for request 1
Processing the accounting section of radiusd.conf
modcall: entering group accounting for request 1
radius_xlat: '../var/log/radius/radacct/127.0.0.1/detail-20051027'
rlm_detail: ../var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands
to ../var/log/radius/radacct/127.0.0.1/detail-20051027
modcall[accounting]: module detail returns ok for request 1
rlm_counter: Could not find account status type in packet.
modcall[accounting]: module daily returns noop for request 1
rlm_unix: no Accounting-Status-Type attribute in request.
modcall[accounting]: module unix returns noop for request 1
rlm_radutmp: No Accounting-Status-Type record.
modcall[accounting]: module radutmp returns noop for request 1
modcall: group accounting returns ok for request 1
Sending Accounting-Response of id 48 to 127.0.0.1:1846
Finished request 1
Going to the next request
--- Walking the entire request list ---
Cleaning
Re: Problems with counter module
Hi all,
rlm_counter: Could not find Service-Type attribute in the request.
Returning NOOP.
So fix that. See allowed-servicetype configuration directive ( i thought
it
would be rather obvious).
In radiusd.conf:
counter daily {
filename = ${raddbdir}/db.daily
key = User-Name
count-attribute = Acct-Session-Time
reset = daily
counter-name = Daily-Session-Time
check-name = Max-Daily-Session
allowed-servicetype = Framed-User
cache-size = 5000
}
In users:
Pablo Auth-Type := Local, Max-Daily-Session := 6, User-Password == Pablo,
NAS-IP-Address == 192.168.0.135
Service-Type = Framed-User,
Session-Timeout := 6,
Framed-Protocol = PPP,
Framed-IP-Address = 255.255.255.254,
Framed-MTU = 1500,
Idle-Timeout = 6,
Port-Limit = 1
Even if allowed-servicetype = Framed-User (in radiusd) and Service-Type
= Framed-User (in users), in that way it
doesn't work, but
if I comment out allowed-servicetype = Framed-User in radiusd, it works
perfect!!! (I don't know why, but ok)
Thanks a lot for your help, I hope those emails will be useful for other
people!
__
Tiscali Adsl 640 Free: fino al 15 novembre i consumi sono GRATIS!
Se sottoscrivi un'Adsl Free 640 entro il 14 ottobre avrai gratis tutti
i consumi fino al 15/11/04 compreso! In piu' sono gratis il modem
in comodato e l'attivazione. Cosa aspetti? Prima attivi, piu' risparmi!
http://abbonati.tiscali.it/adsl/
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problems with counter module
On Tue, 12 Oct 2004 [EMAIL PROTECTED] wrote:
Hi all,
rlm_counter: Could not find Service-Type attribute in the request.
Returning NOOP.
So fix that. See allowed-servicetype configuration directive ( i thought
it
would be rather obvious).
In radiusd.conf:
counter daily {
filename = ${raddbdir}/db.daily
key = User-Name
count-attribute = Acct-Session-Time
reset = daily
counter-name = Daily-Session-Time
check-name = Max-Daily-Session
allowed-servicetype = Framed-User
cache-size = 5000
}
In users:
Pablo Auth-Type := Local, Max-Daily-Session := 6, User-Password == Pablo,
NAS-IP-Address == 192.168.0.135
Service-Type = Framed-User,
Session-Timeout := 6,
Framed-Protocol = PPP,
Framed-IP-Address = 255.255.255.254,
Framed-MTU = 1500,
Idle-Timeout = 6,
Port-Limit = 1
Even if allowed-servicetype = Framed-User (in radiusd) and Service-Type
= Framed-User (in users), in that way it
doesn't work, but
What has the Service-Type in users have to do with the service-type attribute in
the accounting-stop packet??!!!
Please check the attributes contained in the accounting-stop packet and setup
rlm_counter accordingly.
if I comment out allowed-servicetype = Framed-User in radiusd, it works
perfect!!! (I don't know why, but ok)
Thanks a lot for your help, I hope those emails will be useful for other
people!
__
Tiscali Adsl 640 Free: fino al 15 novembre i consumi sono GRATIS!
Se sottoscrivi un'Adsl Free 640 entro il 14 ottobre avrai gratis tutti
i consumi fino al 15/11/04 compreso! In piu' sono gratis il modem
in comodato e l'attivazione. Cosa aspetti? Prima attivi, piu' risparmi!
http://abbonati.tiscali.it/adsl/
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED] National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Re: Problems with counter module
On Sun, 10 Oct 2004 [EMAIL PROTECTED] wrote: Thanks a lot for your answers. You said: So check if the user sessions are recorded. Maybe the accounting stop do not contain a session-time attribute. Post an accounting-stop debug output for the user. I understand what you mean, but i don't know how to Post an accounting-stop debug output for the user. How can i do it? You run the server in debug mode and wait for an accounting-stop packet for that user (the packet that is sent when the user is disconnected from the nas). Afterwards, you post that debug output. Thanks. __ Tiscali Adsl 640 Free: fino al 15 novembre i consumi sono GRATIS! Se sottoscrivi un'Adsl Free 640 entro il 14 ottobre avrai gratis tutti i consumi fino al 15/11/04 compreso! In piu' sono gratis il modem in comodato e l'attivazione. Cosa aspetti? Prima attivi, piu' risparmi! http://abbonati.tiscali.it/adsl/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problems with counter module
Hi all, maybe I found the reason... but I don't know how to fix it. Thanks in advance rlm_counter: Could not find Service-Type attribute in the request. Returning NOOP. modcall[accounting]: module daily returns noop for request 2 modcall[accounting]: module unix returns ok for request 2 radius_xlat: '/usr/local/var/log/radius/radutmp' radius_xlat: 'Pablo' modcall[accounting]: module radutmp returns ok for request 2 rlm_ippool: Searching for an entry for nas/port: 192.168.0.136/2151677988 rlm_ippool: Entry not found modcall[accounting]: module main_pool returns ok for request 2 modcall: group accounting returns ok for request 2 Sending Accounting-Response of id 70 to 192.168.0.136:1027 Finished request 2 Going to the next request Thread 3 waiting to be assigned a request --- Walking the entire request list --- Accounting-stop packet for that user: Cleaning up request 2 ID 70 with timestamp 416aa6ac Nothing to do. Sleeping until we see a request. Users file: Pablo Auth-Type := Local, Max-Daily-Session := 6, User-Password == Pablo, NAS-IP-Address == 192.168.0.136 Service-Type = Framed-User, Session-Timeout := 6, Framed-Protocol = PPP, Framed-IP-Address = 255.255.255.254, Framed-MTU = 1500, Idle-Timeout = 6, Port-Limit = 1 Thanks for helping me! __ Tiscali Adsl 640 Free: fino al 15 novembre i consumi sono GRATIS! Se sottoscrivi un'Adsl Free 640 entro il 14 ottobre avrai gratis tutti i consumi fino al 15/11/04 compreso! In piu' sono gratis il modem in comodato e l'attivazione. Cosa aspetti? Prima attivi, piu' risparmi! http://abbonati.tiscali.it/adsl/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problems with counter module
On Mon, 11 Oct 2004 [EMAIL PROTECTED] wrote: Hi all, maybe I found the reason... but I don't know how to fix it. Thanks in advance rlm_counter: Could not find Service-Type attribute in the request. Returning NOOP. So fix that. See allowed-servicetype configuration directive ( i thought it would be rather obvious). modcall[accounting]: module daily returns noop for request 2 modcall[accounting]: module unix returns ok for request 2 radius_xlat: '/usr/local/var/log/radius/radutmp' radius_xlat: 'Pablo' modcall[accounting]: module radutmp returns ok for request 2 rlm_ippool: Searching for an entry for nas/port: 192.168.0.136/2151677988 rlm_ippool: Entry not found modcall[accounting]: module main_pool returns ok for request 2 modcall: group accounting returns ok for request 2 Sending Accounting-Response of id 70 to 192.168.0.136:1027 Finished request 2 Going to the next request Thread 3 waiting to be assigned a request --- Walking the entire request list --- Accounting-stop packet for that user: Cleaning up request 2 ID 70 with timestamp 416aa6ac Nothing to do. Sleeping until we see a request. Users file: Pablo Auth-Type := Local, Max-Daily-Session := 6, User-Password == Pablo, NAS-IP-Address == 192.168.0.136 Service-Type = Framed-User, Session-Timeout := 6, Framed-Protocol = PPP, Framed-IP-Address = 255.255.255.254, Framed-MTU = 1500, Idle-Timeout = 6, Port-Limit = 1 Thanks for helping me! __ Tiscali Adsl 640 Free: fino al 15 novembre i consumi sono GRATIS! Se sottoscrivi un'Adsl Free 640 entro il 14 ottobre avrai gratis tutti i consumi fino al 15/11/04 compreso! In piu' sono gratis il modem in comodato e l'attivazione. Cosa aspetti? Prima attivi, piu' risparmi! http://abbonati.tiscali.it/adsl/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problems with counter module
Hi all, I need help with counter module. I'd like to allow internet connection for 1 hour. users file: Pablo Auth-Type := Local, Max-Daily-Session := 3600, User-Password == Pablo, NAS-IP-Address = 192.168.0.135 Service-Type = Framed-User, Session-Timeout := 3600, Framed-Protocol = PPP, Framed-IP-Address = 255.255.255.254, Framed-MTU = 1500, Idle-Timeout = 3600, Port-Limit = 1 So it works, but at the end of the hour, you can connect again, without any reject, so i tried Pablo Auth-Type := Local, Max-Daily-Session := 3600, User-Password == Pablo, NAS-IP-Address = 192.168.0.135, Daily-Session-Time 3600, Auth-Type := Reject Service-Type = Framed-User, Session-Timeout := 3600, Framed-Protocol = PPP, Framed-IP-Address = 255.255.255.254, Framed-MTU = 1500, Idle-Timeout = 3600, Port-Limit = 1 and that's the answer Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module preprocess returns ok for request 0 rlm_chap: Setting 'Auth-Type := CHAP' modcall[authorize]: module chap returns ok for request 0 modcall[authorize]: module mschap returns noop for request 0 rlm_realm: No '@' in User-Name = Pablo, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module eap returns noop for request 0 users: Matched DEFAULT at 97 users: Matched Pablo at 142 modcall[authorize]: module files returns ok for request 0 rlm_counter: Entering module authorize code rlm_counter: Searching the database for key 'Pablo' rlm_counter: Could not find the requested key in the database. rlm_counter: Check item = 3600, Count = 0 rlm_counter: res is greater than zero rlm_counter: (Check item - counter) is greater than zero rlm_counter: Authorized user Pablo, check_item=3600, counter=0 rlm_counter: Sent Reply-Item for user Pablo, Type=Session-Timeout, value=3600 modcall[authorize]: module daily returns ok for request 0 modcall: group authorize returns ok for request 0 rad_check_password: Found Auth-Type Reject rad_check_password: Auth-Type = Reject, rejecting user auth: Failed to validate the user. I tried to change Daily-Session-Time 3600 in the users file, just to try, but i get the same answer, so I don't know what to do. If anybody can help me or send a correct users file and radiusd.conf file, it would be great. thanks. __ Tiscali Adsl 640 Free: fino al 15 novembre i consumi sono GRATIS! Se sottoscrivi un'Adsl Free 640 entro il 14 ottobre avrai gratis tutti i consumi fino al 15/11/04 compreso! In piu' sono gratis il modem in comodato e l'attivazione. Cosa aspetti? Prima attivi, piu' risparmi! http://abbonati.tiscali.it/adsl/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problems with counter module
Hi, What type of do you use ? -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de [EMAIL PROTECTED] Envoyé : vendredi 8 octobre 2004 15:57 À : [EMAIL PROTECTED] Objet : Problems with counter module Hi all, I need help with counter module. I'd like to allow internet connection for 1 hour. users file: Pablo Auth-Type := Local, Max-Daily-Session := 3600, User-Password == Pablo, NAS-IP-Address = 192.168.0.135 Service-Type = Framed-User, Session-Timeout := 3600, Framed-Protocol = PPP, Framed-IP-Address = 255.255.255.254, Framed-MTU = 1500, Idle-Timeout = 3600, Port-Limit = 1 So it works, but at the end of the hour, you can connect again, without any reject, so i tried Pablo Auth-Type := Local, Max-Daily-Session := 3600, User-Password == Pablo, NAS-IP-Address = 192.168.0.135, Daily-Session-Time 3600, Auth-Type := Reject Service-Type = Framed-User, Session-Timeout := 3600, Framed-Protocol = PPP, Framed-IP-Address = 255.255.255.254, Framed-MTU = 1500, Idle-Timeout = 3600, Port-Limit = 1 and that's the answer Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module preprocess returns ok for request 0 rlm_chap: Setting 'Auth-Type := CHAP' modcall[authorize]: module chap returns ok for request 0 modcall[authorize]: module mschap returns noop for request 0 rlm_realm: No '@' in User-Name = Pablo, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module eap returns noop for request 0 users: Matched DEFAULT at 97 users: Matched Pablo at 142 modcall[authorize]: module files returns ok for request 0 rlm_counter: Entering module authorize code rlm_counter: Searching the database for key 'Pablo' rlm_counter: Could not find the requested key in the database. rlm_counter: Check item = 3600, Count = 0 rlm_counter: res is greater than zero rlm_counter: (Check item - counter) is greater than zero rlm_counter: Authorized user Pablo, check_item=3600, counter=0 rlm_counter: Sent Reply-Item for user Pablo, Type=Session-Timeout, value=3600 modcall[authorize]: module daily returns ok for request 0 modcall: group authorize returns ok for request 0 rad_check_password: Found Auth-Type Reject rad_check_password: Auth-Type = Reject, rejecting user auth: Failed to validate the user. I tried to change Daily-Session-Time 3600 in the users file, just to try, but i get the same answer, so I don't know what to do. If anybody can help me or send a correct users file and radiusd.conf file, it would be great. thanks. __ Tiscali Adsl 640 Free: fino al 15 novembre i consumi sono GRATIS! Se sottoscrivi un'Adsl Free 640 entro il 14 ottobre avrai gratis tutti i consumi fino al 15/11/04 compreso! In piu' sono gratis il modem in comodato e l'attivazione. Cosa aspetti? Prima attivi, piu' risparmi! http://abbonati.tiscali.it/adsl/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Counter module
for me Max-Daily-Session and Max-Monthly-Session acts as simple Session-Timeout (someone has got them to work as they are made for?), but Max-All-Session works as it should. Edgars Alan DeKok wrote: [EMAIL PROTECTED] wrote: Processing the autenticate section of radiusd.conf modcall: entering group Auth-Type for request 0 rlm_chap: login attempt by Max with CHAP password rlm_chap: Could not find clear text password for user Max So... tell the server what the user's correct password is. This has nothing to do with rlm_counter. I don't understand WHERE is that password missing: any ideas? You're asking the server to authenticate someone, but not telling the server how. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Counter module
hi all, that's my configuration. users file: Max Max-Daily-Session := 3600, Password = Max, NAS-IP-Address = 192.168.1.4, Simultaneous-Use = 1 Service-Type = Framed-User, Framed-Protocol = PPP, Framed-MTU = 1500, Idle-Timeout = 3600, Port-Limit = 1 Without Max-Daily-Session := 3600 it works, but with Max-Daily-Session := 3600 the answer is: ... Processing the autenticate section of radiusd.conf modcall: entering group Auth-Type for request 0 rlm_chap: login attempt by Max with CHAP password rlm_chap: Could not find clear text password for user Max modcall: group Auth-Type returns invalid for request 0 auth: Failed to validate the user ... I don't understand WHERE is that password missing: any ideas? thanks a lot! __ Tiscali Adsl 640 Free: fino al 15 novembre i consumi sono GRATIS! Se sottoscrivi un'Adsl Free 640 entro il 30 settembre avrai gratis tutti i consumi fino al 15/11/04 compreso! In piu' sono gratis il modem in comodato e l'attivazione. Cosa aspetti? Prima attivi, piu' risparmi. Attivala subito! http://abbonati.tiscali.it/adsl/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Counter Module
hi all, that's my configuration. Sorry for the mistakes. users file: Max Max-Daily-Session := 3600, Password = Max, NAS-IP-Address = 192.168.1.4, Simultaneous-Use = 1 Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Address = 255.255.255.254, Framed-MTU = 1500, Idle-Timeout = 3600, Port-Limit = 1 Without Max-Daily-Session := 3600 it works, but with Max-Daily-Session := 3600 the answer is: ... Processing the autenticate section of radiusd.conf modcall: entering group Auth-Type for request 0 rlm_chap: login attempt by Max with CHAP password rlm_chap: Could not find clear text password for user Max modcall: group Auth-Type returns invalid for request 0 auth: Failed to validate the user ... I don't understand WHERE is that password missing: any ideas? thanks a lot! __ Tiscali Adsl 640 Free: fino al 15 novembre i consumi sono GRATIS! Se sottoscrivi un'Adsl Free 640 entro il 30 settembre avrai gratis tutti i consumi fino al 15/11/04 compreso! In piu' sono gratis il modem in comodato e l'attivazione. Cosa aspetti? Prima attivi, piu' risparmi. Attivala subito! http://abbonati.tiscali.it/adsl/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Counter module
[EMAIL PROTECTED] wrote: Processing the autenticate section of radiusd.conf modcall: entering group Auth-Type for request 0 rlm_chap: login attempt by Max with CHAP password rlm_chap: Could not find clear text password for user Max So... tell the server what the user's correct password is. This has nothing to do with rlm_counter. I don't understand WHERE is that password missing: any ideas? You're asking the server to authenticate someone, but not telling the server how. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help with Counter module
rlm_counter: Packet Unique ID = '0d62303b8e51c196' rlm_counter: Could not find Service-Type attribute in the request. Returning NOOP. But rlm_counter cannot find it, since it's not included in the accounting stop packet. So try commenting out the allowed-servicetype directive. you were right, it works now. Thanks a lot for your help, Kostas. Jean-Marie - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help with Counter module
On Thu, 27 May 2004, Jean-Marie GUILLEMOT wrote:
Hello everybody,
I'm using Freeradius 0.9.3 on a RedHat 7.3.
I'm trying to make a kind of hot spot thanks to the counter module of
freeradius.
I want people to authenticate one time for a defined amount of seconds (120
in
my example). Once their credit time has expired, they would be logged off
and
their account would be definitively blocked (as I never reset the counter).
I configured my radius and network (my NAS is an access-controller HP 760),
the user correctly logs in.
After 2 minutes, he is kicked out, that's great.
My problem is that he can log in again with the same account.
I hope that's clear enough.
Thanks in advance for telling me what I'm doing wrong or for any tips that
could help me.
Jean-Marie
Here is the configuration of radiusd.conf I made:
##
radiusd.conf
##
counter daily {
filename = ${raddbdir}/db.daily
key = User-Name
count-attribute = Acct-Session-Time
# reset = daily
reset = never
counter-name = Daily-Session-Time
check-name = Max-Daily-Session
# allowed-servicetype = Framed-User
allowed-servicetype = Login-User
You 've set allowed-servicetype to be Login-User
cache-size = 5000
}
Here is the debug of radiusd -X for the logging out:
rad_recv: Accounting-Request packet from host 172.16.1.2:1061, id=71,
length=136
User-Name = user
NAS-IP-Address = 172.16.1.2
NAS-Identifier = 00e081526836
Acct-Status-Type = Stop
Calling-Station-Id = 00-0c-f1-13-7a-43
Called-Station-Id = 00-e0-81-52-68-36
Acct-Session-Id = 1-000cf1137a43-1085667568-413-3KviFEgY
Acct-Session-Time = 126
modcall: entering group preacct for request 3
modcall[preacct]: module preprocess returns noop for request 3
rlm_counter: Packet Unique ID = '0d62303b8e51c196'
rlm_counter: Could not find Service-Type attribute in the request. Returning
NOOP.
But rlm_counter cannot find it, since it's not included in the accounting stop
packet. So try commenting out the allowed-servicetype directive.
--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED] National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Help with Counter module
Hello everybody,
I'm using Freeradius 0.9.3 on a RedHat 7.3.
I'm trying to make a kind of hot spot thanks to the counter module of
freeradius.
I want people to authenticate one time for a defined amount of seconds (120
in
my example). Once their credit time has expired, they would be logged off
and
their account would be definitively blocked (as I never reset the counter).
I configured my radius and network (my NAS is an access-controller HP 760),
the user correctly logs in.
After 2 minutes, he is kicked out, that's great.
My problem is that he can log in again with the same account.
I hope that's clear enough.
Thanks in advance for telling me what I'm doing wrong or for any tips that
could help me.
Jean-Marie
Here is the configuration of radiusd.conf I made:
##
radiusd.conf
##
counter daily {
filename = ${raddbdir}/db.daily
key = User-Name
count-attribute = Acct-Session-Time
# reset = daily
reset = never
counter-name = Daily-Session-Time
check-name = Max-Daily-Session
# allowed-servicetype = Framed-User
allowed-servicetype = Login-User
cache-size = 5000
}
instantiate {
#
expr
#
# We add the counter module here so that it registers
# the check-name attribute before any module which sets
# it
# daily
daily
}
authorize {
preprocess
chap
eap
suffix
files
mschap
daily
}
accounting {
acct_unique
detail
# daily
daily
unix# wtmp file
radutmp
}
Here is the users file :
##
users
##
userMax-Daily-Session:= 120, User-Password == password
Service-Type = Login-User
Here is the accounting logs that Freeradius creates :
/${logdir}/radacct
Thu May 27 15:52:40 2004
User-Name = user
NAS-IP-Address = 172.16.1.2
NAS-Identifier = 00e081526836
Acct-Status-Type = Start
Calling-Station-Id = 00-0c-f1-13-7a-43
Called-Station-Id = 00-e0-81-52-68-36
Acct-Session-Id = 1-000cf1137a43-1085665454-413-OZPFBnEv
Client-IP-Address = 172.16.1.2
Acct-Unique-Session-Id = 258bad8957416a39
Timestamp = 1085665960
Thu May 27 15:54:46 2004
User-Name = user
NAS-IP-Address = 172.16.1.2
NAS-Identifier = 00e081526836
Acct-Status-Type = Stop
Calling-Station-Id = 00-0c-f1-13-7a-43
Called-Station-Id = 00-e0-81-52-68-36
Acct-Session-Id = 1-000cf1137a43-1085665454-413-OZPFBnEv
Acct-Session-Time = 126
Client-IP-Address = 172.16.1.2
Acct-Unique-Session-Id = 258bad8957416a39
Timestamp = 1085666086
Thu May 27 15:57:05 2004
User-Name = user
NAS-IP-Address = 172.16.1.2
NAS-Identifier = 00e081526836
Acct-Status-Type = Start
Calling-Station-Id = 00-0c-f1-13-7a-43
Called-Station-Id = 00-e0-81-52-68-36
Acct-Session-Id = 1-000cf1137a43-1085665718-413-do1eGpcy
Client-IP-Address = 172.16.1.2
Acct-Unique-Session-Id = 39b3dccbfe337738
Timestamp = 1085666225
Thu May 27 15:59:05 2004
User-Name = user
NAS-IP-Address = 172.16.1.2
NAS-Identifier = 00e081526836
Acct-Status-Type = Stop
Calling-Station-Id = 00-0c-f1-13-7a-43
Called-Station-Id = 00-e0-81-52-68-36
Acct-Session-Id = 1-000cf1137a43-1085665718-413-do1eGpcy
Acct-Session-Time = 121
Client-IP-Address = 172.16.1.2
Acct-Unique-Session-Id = 39b3dccbfe337738
Timestamp = 1085666345
###
Here is the debug of radiusd -X for the logging :
###
rad_recv: Access-Request packet from host 172.16.1.2:1059, id=89, length=83
User-Name = user
User-Password = password
NAS-IP-Address = 172.16.1.2
NAS-Identifier = 00e081526836
Calling-Station-Id = 00-0c-f1-13-7a-43
modcall: entering group authorize for request 1
modcall[authorize]: module preprocess returns ok for request 1
modcall[authorize]: module chap returns noop for request 1
modcall[authorize]: module eap returns noop for request 1
rlm_realm: No '@' in User-Name = user, looking up realm NULL
rlm_realm: No such realm NULL
modcall[authorize]: module suffix returns noop for request 1
users: Matched user at 97
modcall[authorize]: module files returns ok for request 1
modcall[authorize]: module mschap returns noop for request 1
rlm_counter: Entering module authorize code
rlm_counter: (Check item - counter) is greater than zero
RE: counter module (again)
Due to a wrong install (my fault :-( ) the man command doesn't work for freeradius
settings. Can you send me an copy of this page?
The db file isn't generated (what do I do wrong :-?)
I hope someone can help me,
Tim Bots
-Oorspronkelijk bericht-
Van: Kostas Kalevras [mailto:[EMAIL PROTECTED]
Verzonden: Thursday, April 01, 2004 10:20
Aan: [EMAIL PROTECTED]
Onderwerp: Re: counter module (again)
On Thu, 1 Apr 2004, Tim Bots wrote:
Hi everyone,
Can anyone tell me how I can use the counter module. I can't find the
db.daily file in the ${raddbdir} directory. Do I must create this file or
will it be generated automatically. If I have to create this file can anyone
give me an example of this file. Or do I have to change something in the
users file (if yes, an example please)
The db files are created automatically. The comments in the counter section of
radiusd.conf are quite helpfull. There's also a man page on rlm_counter
I hope someone can help me,
Tim Bots
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED] National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: counter module (again)
the man page should be there in the sources... just install it again. if you don't
want to do that then just load it directly into man (man man_file_name). some version
of the less/more pager can also read the man page directly.
you can download a fresh copy of the sources from the website if the above is
confusing.
t
-Original Message-
From: Tim Bots [mailto:[EMAIL PROTECTED]
Sent: 01 April 2004 10:05
To: [EMAIL PROTECTED]
Subject: RE: counter module (again)
Due to a wrong install (my fault :-( ) the man command doesn't work for freeradius
settings. Can you send me an copy of this page?
The db file isn't generated (what do I do wrong :-?)
I hope someone can help me,
Tim Bots
-Oorspronkelijk bericht-
Van: Kostas Kalevras [mailto:[EMAIL PROTECTED]
Verzonden: Thursday, April 01, 2004 10:20
Aan: [EMAIL PROTECTED]
Onderwerp: Re: counter module (again)
On Thu, 1 Apr 2004, Tim Bots wrote:
Hi everyone,
Can anyone tell me how I can use the counter module. I can't find the
db.daily file in the ${raddbdir} directory. Do I must create this file or
will it be generated automatically. If I have to create this file can anyone
give me an example of this file. Or do I have to change something in the
users file (if yes, an example please)
The db files are created automatically. The comments in the counter section of
radiusd.conf are quite helpfull. There's also a man page on rlm_counter
I hope someone can help me,
Tim Bots
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED] National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
counter module (again)
Hi everyone,
Can anyone tell me how I can use the counter module. I can't find the db.daily file
in the ${raddbdir} directory. Do I must create this file or will it be generated
automatically. If I have to create this file can anyone give me an example of this
file. Or do I have to change something in the users file (if yes, an example please)
I hope someone can help me,
Tim Bots
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: how does the counter module work?
Tim Bots [EMAIL PROTECTED] wrote: I guess the counter module can help me with accounting but I can't find = the full manual for this module. There is none. Read the comments in the radiusd.conf file. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
