Max-All-Session counter module problem
Hi, I am posting the debug of another user who has same problem: rad_recv: Access-Request packet from host 202.79.xx.XX port 65050, id=12, length=189 NAS-Identifier = pppoe-bhw. Acct-Session-Id = 1633129-mpd-pppoe-70 NAS-Port = 70 NAS-Port-Type = Ethernet Service-Type = Framed-User Framed-Protocol = PPP Calling-Station-Id = 0016768aaa28 Called-Station-Id = WIFITEST NAS-Port-Id = rl0 Vendor-12341-Attr-12 = 0x6d70642d7070706f652d3730 Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Client-Endpoint:0 = 00:16:76:8a:aa:28 User-Name = sneha User-Password = 123 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = sneha, looking up realm NULL [suffix] No such realm NULL ++[suffix] returns noop [sql] expand: %{User-Name} - sneha [sql] sql_set_user escaped user -- 'sneha' rlm_sql (sql): Reserving sql socket id: 1 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id - SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'sneha' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id - SELECT id, username, attribute, value, op FROM radreply WHERE username = 'sneha' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority - SELECT groupname FROM radusergroup WHERE username = 'sneha' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id - SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'Prepaid Hours' ORDER BY id [sql] User found in group Prepaid Hours [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id - SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'Prepaid Hours' ORDER BY id rlm_sql (sql): Released sql socket id: 1 ++[sql] returns ok [ldap] performing user authorization for sneha [ldap] WARNING: Deprecated conditional expansion :-. See man unlang for details [ldap] expand: (cn=%{Stripped-User-Name:-%{User-Name}}) - (cn=sneha) [ldap] expand: ou=users,ou=radius,dc=resunganet,dc=com,dc=np - ou=users,ou=radius,dc=resunganet,dc=com,dc=np rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=users,ou=radius,dc=resunganet,dc=com,dc=np, with filter (cn=sneha) [ldap] checking if remote access for sneha is allowed by dialupAccess [ldap] Added User-Password = {SSHA}zG7/cgoBWWNIVo7WtLMria1ui7GJAztI in check items [ldap] looking for check items in directory... [ldap] looking for reply items in directory... [ldap] user sneha authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 ++[ldap] returns ok rlm_sqlcounter: Entering module authorize code sqlcounter_expand: 'SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='%{User-Name}'' [noresetcounter]expand: SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='%{User-Name}' - SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='sneha' sqlcounter_expand: '%{sql:SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='sneha'}' [noresetcounter] sql_xlat [noresetcounter]expand: %{User-Name} - sneha [noresetcounter] sql_set_user escaped user -- 'sneha' [noresetcounter]expand: SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='sneha' - SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='sneha' rlm_sql (sql): Reserving sql socket id: 0 [noresetcounter] sql_xlat finished rlm_sql (sql): Released sql socket id: 0 [noresetcounter]expand: %{sql:SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='sneha'} - 90001 rlm_sqlcounter: (Check item - counter) is less than zero rlm_sqlcounter: Rejected user sneha, check_item=9, counter=90001 ++[noresetcounter] returns reject Invalid user (rlm_sqlcounter: Maximum never usage time reached): [sneha] (from client pppoe-bhw port 70 cli 0016768aaa28) Using Post-Auth-Type Reject +- entering group REJECT {...} === check_item shows 9 whereas I have updated the radcheck Max-All-Session Value by 18 but still Reject with Maximum never usage time reached? radcheck table output of user sneha: 2901 | sneha| Max-All-Session| := | 18 | Thank you Bishal I am using Freeradius 2.1.6 with LDAP for
Max-All-Session counter module problem[SOLVED]
Hello all, Problem is solved. Actually it was due to radgroupcheck table. There I have inserted Max-All-Session as 9. I deleted it and now the user can log in. Thank you Bishal Hi, I am posting the debug of another user who has same problem: rad_recv: Access-Request packet from host 202.79.xx.XX port 65050, id=12, length=189 NAS-Identifier = pppoe-bhw. Acct-Session-Id = 1633129-mpd-pppoe-70 NAS-Port = 70 NAS-Port-Type = Ethernet Service-Type = Framed-User Framed-Protocol = PPP Calling-Station-Id = 0016768aaa28 Called-Station-Id = WIFITEST NAS-Port-Id = rl0 Vendor-12341-Attr-12 = 0x6d70642d7070706f652d3730 Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Client-Endpoint:0 = 00:16:76:8a:aa:28 User-Name = sneha User-Password = 123 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = sneha, looking up realm NULL [suffix] No such realm NULL ++[suffix] returns noop [sql] expand: %{User-Name} - sneha [sql] sql_set_user escaped user -- 'sneha' rlm_sql (sql): Reserving sql socket id: 1 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id - SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'sneha' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id - SELECT id, username, attribute, value, op FROM radreply WHERE username = 'sneha' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority - SELECT groupname FROM radusergroup WHERE username = 'sneha' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id - SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'Prepaid Hours' ORDER BY id [sql] User found in group Prepaid Hours [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id - SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'Prepaid Hours' ORDER BY id rlm_sql (sql): Released sql socket id: 1 ++[sql] returns ok [ldap] performing user authorization for sneha [ldap] WARNING: Deprecated conditional expansion :-. See man unlang for details [ldap] expand: (cn=%{Stripped-User-Name:-%{User-Name}}) - (cn=sneha) [ldap] expand: ou=users,ou=radius,dc=resunganet,dc=com,dc=np - ou=users,ou=radius,dc=resunganet,dc=com,dc=np rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=users,ou=radius,dc=resunganet,dc=com,dc=np, with filter (cn=sneha) [ldap] checking if remote access for sneha is allowed by dialupAccess [ldap] Added User-Password = {SSHA}zG7/cgoBWWNIVo7WtLMria1ui7GJAztI in check items [ldap] looking for check items in directory... [ldap] looking for reply items in directory... [ldap] user sneha authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 ++[ldap] returns ok rlm_sqlcounter: Entering module authorize code sqlcounter_expand: 'SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='%{User-Name}'' [noresetcounter]expand: SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='%{User-Name}' - SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='sneha' sqlcounter_expand: '%{sql:SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='sneha'}' [noresetcounter] sql_xlat [noresetcounter]expand: %{User-Name} - sneha [noresetcounter] sql_set_user escaped user -- 'sneha' [noresetcounter]expand: SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='sneha' - SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='sneha' rlm_sql (sql): Reserving sql socket id: 0 [noresetcounter] sql_xlat finished rlm_sql (sql): Released sql socket id: 0 [noresetcounter]expand: %{sql:SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='sneha'} - 90001 rlm_sqlcounter: (Check item - counter) is less than zero rlm_sqlcounter: Rejected user sneha, check_item=9, counter=90001 ++[noresetcounter] returns reject Invalid user (rlm_sqlcounter: Maximum never usage time reached): [sneha] (from client pppoe-bhw port 70 cli 0016768aaa28) Using Post-Auth-Type Reject +- entering group REJECT {...} === check_item shows 9 whereas I have updated the radcheck Max-All-Session Value by 18 but still Reject with Maximum never usage time reached? radcheck table output of user sneha: 2901 | sneha| Max-All-Session| := | 18
Using counter module
Hi ! I would like to use the counter module (not the sql_counter module) of FreeRadius 2.0.5 and I have questions about it : 1 - If it's possible, how can I display the value of a counter into the reply message ? 2 - I have created a counter based on the Acct-Output-Octets, so when a user reached the threshold, the Reply-Message is remplaced by : Your maximum daily usage time has been reached. I would like to modify it depending on the threshold reached (I will place 2 or 3 differents counters) because it's in English, I display this Reply-Message on my error page and because the threshold is not depending on time :) Is it possible and how can I do it ? Thank you for your help -- Romain Mercier Université d'Angers Service Systèmes et Réseaux @ : [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Using counter module
I would like to use the counter module (not the sql_counter module) of FreeRadius 2.0.5 and I have questions about it : 1 - If it's possible, how can I display the value of a counter into the reply message ? Counter value is held in the attribute defined by counter-name. You can display that like any other attribute value: %{some_attribute} 2 - I have created a counter based on the Acct-Output-Octets, so when a user reached the threshold, the Reply-Message is remplaced by : Your maximum daily usage time has been reached. I would like to modify it depending on the threshold reached (I will place 2 or 3 differents counters) because it's in English, I display this Reply-Message on my error page and because the threshold is not depending on time :) Is it possible and how can I do it ? You can define Reply-Message in sqlcounter but it's hardcoded in counter module. Replace it like you would replace value of any other attribute: Reply Message := whatever Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Where to find sql counter module ?
Just vim /etc/freeradius/dictionary and include the following line $INCLUDE/usr/share/freeradius/dictionary.chillispot Oh, and move the chillispot.dictionary file into the /usr/share/freeradius directory just to keep things neat! Goodluck! Tas. YvesDM wrote: On 2/24/07, *Graham Beneke* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Looks like a dictionary problem to me - Chillispot's dictionary is not yet part of FR you have to add it manually. Maybe someone with a little spare time can throw together the Chillispot dictionary as a patch ;-) Graham Beneke Yeah, that was my first thought too, but I've added the dictionary before, so the dictionary is there Kind regards, Yves - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Where to find sql counter module ?
On 2/25/07, Tas Dionisakos [EMAIL PROTECTED] wrote: Just vim /etc/freeradius/dictionary and include the following line $INCLUDE/usr/share/freeradius/dictionary.chillispot Oh, and move the chillispot.dictionary file into the /usr/share/freeradius directory just to keep things neat! Goodluck! Tas. Arrghhow could i forget that $include ! Anyway, I just added the line in /usr/share/dictionary itself, $INCLUDE dictionary.chillispot Many thanks Kind Regards, Yves - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Where to find sql counter module ?
On 2/24/07, PD [EMAIL PROTECTED] wrote: Simple questions... how and where to get sql counter module ? I try to googling for hours but still can not find it. TIA PD You should compile FR with experimental modules You have to create the module yourself Read rlm_sqlcounter in the doc/ folder . It's explained how to use this. Kind Regards, Yves - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Where to find sql counter module ?
YvesDM wrote: On 2/24/07, *PD* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Simple questions... how and where to get sql counter module ? I try to googling for hours but still can not find it. TIA PD You should compile FR with experimental modules You have to create the module yourself Read rlm_sqlcounter in the doc/ folder . It's explained how to use this. In the current version of FR (1.1.4) the sqlcounter module is no longer experimental - comes as in the default collection of modules. There is also a wiki article on using sqlcounter: http://wiki.freeradius.org/Rlm_sqlcounter Its not complete but I am working on it. -- Graham Beneke - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Where to find sql counter module ?
On 2/24/07, Graham Beneke [EMAIL PROTECTED] wrote: In the current version of FR (1.1.4) the sqlcounter module is no longer experimental - comes as in the default collection of modules. There is also a wiki article on using sqlcounter: http://wiki.freeradius.org/Rlm_sqlcounter Its not complete but I am working on it. -- Graham Beneke Interesting, tnx for your work! I'm struggling with the sqlcounter module too for the moment. Try to define the reply-name (FR1.1.4), but it gives me errors If I specify this in sqlcounter.conf: sqlcounter volumelimit { counter-name = Octets-Total check-name = Max-Octets reply-name = ChilliSpot-Max-Total-Octets sqlmod-inst = sql key = User-Name reset = monthly # This query will calculate the total volume used it results in: freeradius -X | grep sqlcounter snip sqlcounter: counter-name = Octets-Total sqlcounter: check-name = Max-Octets sqlcounter: reply-name = ChilliSpot-Max-Total-Octets sqlcounter: key = User-Name sqlcounter: sqlmod-inst = sql sqlcounter: query = SELECT (SUM(AcctInputOctets) +SUM(AcctInputGigawords * 4294967295) +SUM(AcctOutputOctets) +SUM(AcctOutputGigawords * 4294967295)) / 1048576 FROM radacct WHERE UserName = '%{%k}' AND AcctStartTime FROM_UNIXTIME('%b') sqlcounter: reset = monthly sqlcounter: safe-characters = @abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: / rlm_sqlcounter: No such attribute ChilliSpot-Max-Total-Octets obelix:/etc/freeradius# sqlcounter: counter-name = Octets-Total sqlcounter: check-name = Max-Octets sqlcounter: reply-name = ChilliSpot-Max-Total-Octets sqlcounter: key = User-Name sqlcounter: sqlmod-inst = sql sqlcounter: query = SELECT (SUM(AcctInputOctets) +SUM(AcctInputGigawords * 4294967295) +SUM(AcctOutputOctets) +SUM(AcctOutputGigawords * 4294967295)) / 1048576 FROM radacct WHERE UserName = '%{%k}' AND AcctStartTime FROM_UNIXTIME('%b') sqlcounter: reset = monthly sqlcounter: safe-characters = @abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: / rlm_sqlcounter: No such attribute ChilliSpot-Max-Total-Octets obelix:/etc/freeradius# Strange... But I'm not in a rush, I'll find out what's wrong :-) Kind regards, Yves - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Where to find sql counter module ?
- Original Message - From: YvesDM To: FreeRadius users mailing list Sent: Saturday, February 24, 2007 9:03 AM Subject: Re: Where to find sql counter module ? On 2/24/07, PD [EMAIL PROTECTED] wrote: Simple questions... how and where to get sql counter module ? I try to googling for hours but still can not find it. TIA PD You should compile FR with experimental modules You have to create the module yourself Read rlm_sqlcounter in the doc/ folder . It's explained how to use this. Kind Regards, Yves -- Everithing step I do, but, if the Max-Daily-Session 3600, the FR not do anything. why?- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Where to find sql counter module ?
YvesDM wrote: rlm_sqlcounter: No such attribute ChilliSpot-Max-Total-Octets obelix:/etc/freeradius# Strange... But I'm not in a rush, I'll find out what's wrong :-) Looks like a dictionary problem to me - Chillispot's dictionary is not yet part of FR you have to add it manually. Maybe someone with a little spare time can throw together the Chillispot dictionary as a patch ;-) Graham Beneke - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Where to find sql counter module ?
On 2/24/07, Graham Beneke [EMAIL PROTECTED] wrote: YvesDM wrote: rlm_sqlcounter: No such attribute ChilliSpot-Max-Total-Octets obelix:/etc/freeradius# Strange... But I'm not in a rush, I'll find out what's wrong :-) Looks like a dictionary problem to me - Chillispot's dictionary is not yet part of FR you have to add it manually. Maybe someone with a little spare time can throw together the Chillispot dictionary as a patch ;-) Graham Beneke Yeah, that w - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Where to find sql counter module ?
On 2/24/07, Graham Beneke [EMAIL PROTECTED] wrote: Looks like a dictionary problem to me - Chillispot's dictionary is not yet part of FR you have to add it manually. Maybe someone with a little spare time can throw together the Chillispot dictionary as a patch ;-) Graham Beneke Yeah, that was my first thought too, but I've added the dictionary before, so the dictionary is there Kind regards, Yves - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
counter module usage question
Hi!! I am trying to utilize the counter module. I tried to do everything as it is written in the comments from the radiusd.conf file. unfortunately I still have some problem to make it work and fully understand. I ask for your assistance and small explanation. As I understood the counter modules generally controls the login process of the users, where logging is equivalent of sending a request to the radius server. So whenever the request is received by radius the module investigates the content of the packet. It checks if there are parameters corresponding to the 'count-attribute' and 'key' parameters defined for that module. Then if they are present it creates a counter which is stored in the 'filename' file. Then it updates the value of the 'counter-name' parameter which will be passed further with the packet. So now if I want to control the process further I need to make the proper modification in the users file against the value of the parameter pointed by the check-name parameter from the counter module configuration, am I right? Is there a way to somehow set the default value for 'check-name' parameter in the module configuration in the radiusd.conf? Thank You for your time!! tomasz - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Two sql queries in counter module
Hello all Is it possible to make two queries in sql counter module? like sqlcounter noresetcounter { driver = rlm_sqlcounter counter-name = Max-All-Session-Time check-name = Max-All-Session sqlmod-inst = sql key = User-Name reset = never query1=SELECT activedate from radacct where username='%{%k}' query = SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='%{%k}' AND ActiveDate='$query1' } - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Two sql queries in counter module
Bishal [EMAIL PROTECTED] wrote: Is it possible to make two queries in sql counter module? like No. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problem in accounting with sql counter module max-all-session
Hi, I have setup freeradius 1.1.2 in FreeBSD 6.0 with mysql support. I have setup user in radcheck table as follows; 1403 | test01 | | || Max-All-Session | := | 1500| The user test001 is allowed to login total for 25hrs. After finishing 25hrs if the user recharge his account to 30hrs again and I updated max-all-session to 1800 seconds in radcheck table. Now when the user tries to connect he get disconneted after 5hrs and when he tried to reconnect, he couldnot get authenticate. In my radius log I see ; Mon Sep 4 17:43:56 2006 : Auth: Invalid user (rlm_sqlcounter: Maximum never usage time reached): [test01] (from client pppoe-bhw port 4448 cli 0:7:95:10:73:9e) What could be the problem with sql counter module? In my radiusd.conf settings I have setup max-all-session counter as follows; sqlcounter noresetcounter { driver = rlm_sqlcounter counter-name = Max-All-Session-Time check-name = Max-All-Session sqlmod-inst = sql key = User-Name reset = never query = SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='%{%k}' } All things are running well except rechargeable account. How could I make rechargeable sqlcounter module for hourly accounts? Do I need to create the seperate sqlcounter according to plan? Like if 25hrs then in sqlcounter section reset=25h, if 50hrs reset=50h etc, Any suggestion? Bishal - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How to use the counter module
On Sun, 2005-11-13 at 12:20 +, [EMAIL PROTECTED] wrote: Could I use the Counter module to count the number of times a user gets their password wrong? AFAIK the counter module was not designed to count this type of things. The idea is to count let's say the total amount of time a user has spent online, or the total traffic he has transfered. This does not mean that you can't find some new ingenious way of using it though :). Regards, RAdo - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How to use the counter module
[EMAIL PROTECTED] wrote: OK, I had no luck with my previous email so let's try a different approach. Could I use the Counter module to count the number of times a user gets their password wrong? I guess I need to call Counter on Access-Reject, or just before the Reply packet is sent as I can check the attributes sent back. This would be in the post-process area I think. You want to reject a user if they get their password wrong more than X times over a period of X ? Not sure about the counter module but you could use sqlcounter module and query the radpostauth table. martin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Execute script to enable rlm counter module
Hello, I want to execute a script in the authentication process that simulates accounting with radclient so that the counter module starts measuring time. But I do not know what data freeradius expects to start counting. The whole story with debug info: Currently I write a diploma involving a freeradius server. The platform is debian and windows xp (cygwin compiled version of freeradius - nearly identical configuration). I create useraccounts dynamically and I load them through fastusers. So no SQL is involved (does not work in the win32 version). I want to disable a user account 60 minutes after he uses the account to authenticate on the radius server through eap-md5. The authentication part works fine with the client. The calculation of the session time with daily counter does not work. I suppose because the NAS does not support radius accounting. And with my understanding of the manual and various posts to this mailinglist it is mandatory to get the counter working. I use the standard radius configfile and I have uncommented the counter daily in the appropriate sections in raddb.conf. In users I have implemented the DEFAULT rule to reject 60 minutes after first use. DEFAULT Daily-Session-Time 3600, Auth-Type = Reject Reply-Message = You've used up more than one hour today According to the debug information the counter is correctly instantiated: Module: Loaded Counter counter: filename = ../etc/raddb/db.daily counter: key = User-Name counter: reset = monthly counter: count-attribute = Acct-Session-Time counter: counter-name = Daily-Session-Time counter: check-name = Max-Daily-Session counter: allowed-servicetype = (null) counter: cache-size = 5000 rlm_counter: Counter attribute Daily-Session-Time is number 1671 rlm_counter: Current Time: 1130410681 [2005-10-27 12:58:01], Next reset 11307960 00 [2005-10-31 23:00:00] Module: Instantiated counter (daily) freeradius is listening: Listening on authentication *:1812 Listening on accounting *:1813 Listening on proxy *:1814 Ready to process requests. When a user logs in the counter returns: rlm_counter: Entering module authorize code rlm_counter: Could not find Check item value pair modcall[authorize]: module daily returns noop for request 0 There is the accounting database db.daily with ~4kb binary data. I suppose that there is no accounting data in it and so the counter could not check the item value pair. The counter module daily does not begin accounting because the user only authorizes himself and it could be possible that he does not use the service. --- So I want to trick freeradius with fake accounting data. I want to execute a script in the authentication process that simulates accounting with the radclient. I managed to execute a script to start radclient. But I do not know what data is needed so that freeradius really thinks that the user uses his account. If I send an the standard test accounting packet with radclient I receive this: Nothing to do. Sleeping until we see a request. rad_recv: Accounting-Request packet from host 127.0.0.1:1846, id=48, length=60 User-Name = John Doe User-Password = \203\373\033%bk82\356\250\227\016\005\031\375\023 NAS-IP-Address = 127.0.0.1 NAS-Port = 123 Processing the preacct section of radiusd.conf modcall: entering group preacct for request 1 modcall[preacct]: module preprocess returns noop for request 1 rlm_acct_unique: WARNING: Attribute Acct-Session-Id was not found in request, un ique ID MAY be inconsistent rlm_acct_unique: Hashing 'NAS-Port = 123,Client-IP-Address = 127.0.0.1,NAS-IP-Ad dress = 127.0.0.1,,User-Name = John Doe' rlm_acct_unique: Acct-Unique-Session-ID = 40560ac3fd77d64a. modcall[preacct]: module acct_unique returns ok for request 1 rlm_realm: No '@' in User-Name = John Doe, looking up realm NULL rlm_realm: No such realm NULL modcall[preacct]: module suffix returns noop for request 1 modcall[preacct]: module files returns noop for request 1 modcall: group preacct returns ok for request 1 Processing the accounting section of radiusd.conf modcall: entering group accounting for request 1 radius_xlat: '../var/log/radius/radacct/127.0.0.1/detail-20051027' rlm_detail: ../var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to ../var/log/radius/radacct/127.0.0.1/detail-20051027 modcall[accounting]: module detail returns ok for request 1 rlm_counter: Could not find account status type in packet. modcall[accounting]: module daily returns noop for request 1 rlm_unix: no Accounting-Status-Type attribute in request. modcall[accounting]: module unix returns noop for request 1 rlm_radutmp: No Accounting-Status-Type record. modcall[accounting]: module radutmp returns noop for request 1 modcall: group accounting returns ok for request 1 Sending Accounting-Response of id 48 to 127.0.0.1:1846 Finished request 1 Going to the next request --- Walking the entire request list --- Cleaning
Re: Problems with counter module
Hi all, rlm_counter: Could not find Service-Type attribute in the request. Returning NOOP. So fix that. See allowed-servicetype configuration directive ( i thought it would be rather obvious). In radiusd.conf: counter daily { filename = ${raddbdir}/db.daily key = User-Name count-attribute = Acct-Session-Time reset = daily counter-name = Daily-Session-Time check-name = Max-Daily-Session allowed-servicetype = Framed-User cache-size = 5000 } In users: Pablo Auth-Type := Local, Max-Daily-Session := 6, User-Password == Pablo, NAS-IP-Address == 192.168.0.135 Service-Type = Framed-User, Session-Timeout := 6, Framed-Protocol = PPP, Framed-IP-Address = 255.255.255.254, Framed-MTU = 1500, Idle-Timeout = 6, Port-Limit = 1 Even if allowed-servicetype = Framed-User (in radiusd) and Service-Type = Framed-User (in users), in that way it doesn't work, but if I comment out allowed-servicetype = Framed-User in radiusd, it works perfect!!! (I don't know why, but ok) Thanks a lot for your help, I hope those emails will be useful for other people! __ Tiscali Adsl 640 Free: fino al 15 novembre i consumi sono GRATIS! Se sottoscrivi un'Adsl Free 640 entro il 14 ottobre avrai gratis tutti i consumi fino al 15/11/04 compreso! In piu' sono gratis il modem in comodato e l'attivazione. Cosa aspetti? Prima attivi, piu' risparmi! http://abbonati.tiscali.it/adsl/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problems with counter module
On Tue, 12 Oct 2004 [EMAIL PROTECTED] wrote: Hi all, rlm_counter: Could not find Service-Type attribute in the request. Returning NOOP. So fix that. See allowed-servicetype configuration directive ( i thought it would be rather obvious). In radiusd.conf: counter daily { filename = ${raddbdir}/db.daily key = User-Name count-attribute = Acct-Session-Time reset = daily counter-name = Daily-Session-Time check-name = Max-Daily-Session allowed-servicetype = Framed-User cache-size = 5000 } In users: Pablo Auth-Type := Local, Max-Daily-Session := 6, User-Password == Pablo, NAS-IP-Address == 192.168.0.135 Service-Type = Framed-User, Session-Timeout := 6, Framed-Protocol = PPP, Framed-IP-Address = 255.255.255.254, Framed-MTU = 1500, Idle-Timeout = 6, Port-Limit = 1 Even if allowed-servicetype = Framed-User (in radiusd) and Service-Type = Framed-User (in users), in that way it doesn't work, but What has the Service-Type in users have to do with the service-type attribute in the accounting-stop packet??!!! Please check the attributes contained in the accounting-stop packet and setup rlm_counter accordingly. if I comment out allowed-servicetype = Framed-User in radiusd, it works perfect!!! (I don't know why, but ok) Thanks a lot for your help, I hope those emails will be useful for other people! __ Tiscali Adsl 640 Free: fino al 15 novembre i consumi sono GRATIS! Se sottoscrivi un'Adsl Free 640 entro il 14 ottobre avrai gratis tutti i consumi fino al 15/11/04 compreso! In piu' sono gratis il modem in comodato e l'attivazione. Cosa aspetti? Prima attivi, piu' risparmi! http://abbonati.tiscali.it/adsl/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Re: Problems with counter module
On Sun, 10 Oct 2004 [EMAIL PROTECTED] wrote: Thanks a lot for your answers. You said: So check if the user sessions are recorded. Maybe the accounting stop do not contain a session-time attribute. Post an accounting-stop debug output for the user. I understand what you mean, but i don't know how to Post an accounting-stop debug output for the user. How can i do it? You run the server in debug mode and wait for an accounting-stop packet for that user (the packet that is sent when the user is disconnected from the nas). Afterwards, you post that debug output. Thanks. __ Tiscali Adsl 640 Free: fino al 15 novembre i consumi sono GRATIS! Se sottoscrivi un'Adsl Free 640 entro il 14 ottobre avrai gratis tutti i consumi fino al 15/11/04 compreso! In piu' sono gratis il modem in comodato e l'attivazione. Cosa aspetti? Prima attivi, piu' risparmi! http://abbonati.tiscali.it/adsl/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problems with counter module
Hi all, maybe I found the reason... but I don't know how to fix it. Thanks in advance rlm_counter: Could not find Service-Type attribute in the request. Returning NOOP. modcall[accounting]: module daily returns noop for request 2 modcall[accounting]: module unix returns ok for request 2 radius_xlat: '/usr/local/var/log/radius/radutmp' radius_xlat: 'Pablo' modcall[accounting]: module radutmp returns ok for request 2 rlm_ippool: Searching for an entry for nas/port: 192.168.0.136/2151677988 rlm_ippool: Entry not found modcall[accounting]: module main_pool returns ok for request 2 modcall: group accounting returns ok for request 2 Sending Accounting-Response of id 70 to 192.168.0.136:1027 Finished request 2 Going to the next request Thread 3 waiting to be assigned a request --- Walking the entire request list --- Accounting-stop packet for that user: Cleaning up request 2 ID 70 with timestamp 416aa6ac Nothing to do. Sleeping until we see a request. Users file: Pablo Auth-Type := Local, Max-Daily-Session := 6, User-Password == Pablo, NAS-IP-Address == 192.168.0.136 Service-Type = Framed-User, Session-Timeout := 6, Framed-Protocol = PPP, Framed-IP-Address = 255.255.255.254, Framed-MTU = 1500, Idle-Timeout = 6, Port-Limit = 1 Thanks for helping me! __ Tiscali Adsl 640 Free: fino al 15 novembre i consumi sono GRATIS! Se sottoscrivi un'Adsl Free 640 entro il 14 ottobre avrai gratis tutti i consumi fino al 15/11/04 compreso! In piu' sono gratis il modem in comodato e l'attivazione. Cosa aspetti? Prima attivi, piu' risparmi! http://abbonati.tiscali.it/adsl/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problems with counter module
On Mon, 11 Oct 2004 [EMAIL PROTECTED] wrote: Hi all, maybe I found the reason... but I don't know how to fix it. Thanks in advance rlm_counter: Could not find Service-Type attribute in the request. Returning NOOP. So fix that. See allowed-servicetype configuration directive ( i thought it would be rather obvious). modcall[accounting]: module daily returns noop for request 2 modcall[accounting]: module unix returns ok for request 2 radius_xlat: '/usr/local/var/log/radius/radutmp' radius_xlat: 'Pablo' modcall[accounting]: module radutmp returns ok for request 2 rlm_ippool: Searching for an entry for nas/port: 192.168.0.136/2151677988 rlm_ippool: Entry not found modcall[accounting]: module main_pool returns ok for request 2 modcall: group accounting returns ok for request 2 Sending Accounting-Response of id 70 to 192.168.0.136:1027 Finished request 2 Going to the next request Thread 3 waiting to be assigned a request --- Walking the entire request list --- Accounting-stop packet for that user: Cleaning up request 2 ID 70 with timestamp 416aa6ac Nothing to do. Sleeping until we see a request. Users file: Pablo Auth-Type := Local, Max-Daily-Session := 6, User-Password == Pablo, NAS-IP-Address == 192.168.0.136 Service-Type = Framed-User, Session-Timeout := 6, Framed-Protocol = PPP, Framed-IP-Address = 255.255.255.254, Framed-MTU = 1500, Idle-Timeout = 6, Port-Limit = 1 Thanks for helping me! __ Tiscali Adsl 640 Free: fino al 15 novembre i consumi sono GRATIS! Se sottoscrivi un'Adsl Free 640 entro il 14 ottobre avrai gratis tutti i consumi fino al 15/11/04 compreso! In piu' sono gratis il modem in comodato e l'attivazione. Cosa aspetti? Prima attivi, piu' risparmi! http://abbonati.tiscali.it/adsl/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problems with counter module
Hi all, I need help with counter module. I'd like to allow internet connection for 1 hour. users file: Pablo Auth-Type := Local, Max-Daily-Session := 3600, User-Password == Pablo, NAS-IP-Address = 192.168.0.135 Service-Type = Framed-User, Session-Timeout := 3600, Framed-Protocol = PPP, Framed-IP-Address = 255.255.255.254, Framed-MTU = 1500, Idle-Timeout = 3600, Port-Limit = 1 So it works, but at the end of the hour, you can connect again, without any reject, so i tried Pablo Auth-Type := Local, Max-Daily-Session := 3600, User-Password == Pablo, NAS-IP-Address = 192.168.0.135, Daily-Session-Time 3600, Auth-Type := Reject Service-Type = Framed-User, Session-Timeout := 3600, Framed-Protocol = PPP, Framed-IP-Address = 255.255.255.254, Framed-MTU = 1500, Idle-Timeout = 3600, Port-Limit = 1 and that's the answer Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module preprocess returns ok for request 0 rlm_chap: Setting 'Auth-Type := CHAP' modcall[authorize]: module chap returns ok for request 0 modcall[authorize]: module mschap returns noop for request 0 rlm_realm: No '@' in User-Name = Pablo, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module eap returns noop for request 0 users: Matched DEFAULT at 97 users: Matched Pablo at 142 modcall[authorize]: module files returns ok for request 0 rlm_counter: Entering module authorize code rlm_counter: Searching the database for key 'Pablo' rlm_counter: Could not find the requested key in the database. rlm_counter: Check item = 3600, Count = 0 rlm_counter: res is greater than zero rlm_counter: (Check item - counter) is greater than zero rlm_counter: Authorized user Pablo, check_item=3600, counter=0 rlm_counter: Sent Reply-Item for user Pablo, Type=Session-Timeout, value=3600 modcall[authorize]: module daily returns ok for request 0 modcall: group authorize returns ok for request 0 rad_check_password: Found Auth-Type Reject rad_check_password: Auth-Type = Reject, rejecting user auth: Failed to validate the user. I tried to change Daily-Session-Time 3600 in the users file, just to try, but i get the same answer, so I don't know what to do. If anybody can help me or send a correct users file and radiusd.conf file, it would be great. thanks. __ Tiscali Adsl 640 Free: fino al 15 novembre i consumi sono GRATIS! Se sottoscrivi un'Adsl Free 640 entro il 14 ottobre avrai gratis tutti i consumi fino al 15/11/04 compreso! In piu' sono gratis il modem in comodato e l'attivazione. Cosa aspetti? Prima attivi, piu' risparmi! http://abbonati.tiscali.it/adsl/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problems with counter module
Hi, What type of do you use ? -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de [EMAIL PROTECTED] Envoyé : vendredi 8 octobre 2004 15:57 À : [EMAIL PROTECTED] Objet : Problems with counter module Hi all, I need help with counter module. I'd like to allow internet connection for 1 hour. users file: Pablo Auth-Type := Local, Max-Daily-Session := 3600, User-Password == Pablo, NAS-IP-Address = 192.168.0.135 Service-Type = Framed-User, Session-Timeout := 3600, Framed-Protocol = PPP, Framed-IP-Address = 255.255.255.254, Framed-MTU = 1500, Idle-Timeout = 3600, Port-Limit = 1 So it works, but at the end of the hour, you can connect again, without any reject, so i tried Pablo Auth-Type := Local, Max-Daily-Session := 3600, User-Password == Pablo, NAS-IP-Address = 192.168.0.135, Daily-Session-Time 3600, Auth-Type := Reject Service-Type = Framed-User, Session-Timeout := 3600, Framed-Protocol = PPP, Framed-IP-Address = 255.255.255.254, Framed-MTU = 1500, Idle-Timeout = 3600, Port-Limit = 1 and that's the answer Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module preprocess returns ok for request 0 rlm_chap: Setting 'Auth-Type := CHAP' modcall[authorize]: module chap returns ok for request 0 modcall[authorize]: module mschap returns noop for request 0 rlm_realm: No '@' in User-Name = Pablo, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module eap returns noop for request 0 users: Matched DEFAULT at 97 users: Matched Pablo at 142 modcall[authorize]: module files returns ok for request 0 rlm_counter: Entering module authorize code rlm_counter: Searching the database for key 'Pablo' rlm_counter: Could not find the requested key in the database. rlm_counter: Check item = 3600, Count = 0 rlm_counter: res is greater than zero rlm_counter: (Check item - counter) is greater than zero rlm_counter: Authorized user Pablo, check_item=3600, counter=0 rlm_counter: Sent Reply-Item for user Pablo, Type=Session-Timeout, value=3600 modcall[authorize]: module daily returns ok for request 0 modcall: group authorize returns ok for request 0 rad_check_password: Found Auth-Type Reject rad_check_password: Auth-Type = Reject, rejecting user auth: Failed to validate the user. I tried to change Daily-Session-Time 3600 in the users file, just to try, but i get the same answer, so I don't know what to do. If anybody can help me or send a correct users file and radiusd.conf file, it would be great. thanks. __ Tiscali Adsl 640 Free: fino al 15 novembre i consumi sono GRATIS! Se sottoscrivi un'Adsl Free 640 entro il 14 ottobre avrai gratis tutti i consumi fino al 15/11/04 compreso! In piu' sono gratis il modem in comodato e l'attivazione. Cosa aspetti? Prima attivi, piu' risparmi! http://abbonati.tiscali.it/adsl/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Counter module
for me Max-Daily-Session and Max-Monthly-Session acts as simple Session-Timeout (someone has got them to work as they are made for?), but Max-All-Session works as it should. Edgars Alan DeKok wrote: [EMAIL PROTECTED] wrote: Processing the autenticate section of radiusd.conf modcall: entering group Auth-Type for request 0 rlm_chap: login attempt by Max with CHAP password rlm_chap: Could not find clear text password for user Max So... tell the server what the user's correct password is. This has nothing to do with rlm_counter. I don't understand WHERE is that password missing: any ideas? You're asking the server to authenticate someone, but not telling the server how. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Counter module
hi all, that's my configuration. users file: Max Max-Daily-Session := 3600, Password = Max, NAS-IP-Address = 192.168.1.4, Simultaneous-Use = 1 Service-Type = Framed-User, Framed-Protocol = PPP, Framed-MTU = 1500, Idle-Timeout = 3600, Port-Limit = 1 Without Max-Daily-Session := 3600 it works, but with Max-Daily-Session := 3600 the answer is: ... Processing the autenticate section of radiusd.conf modcall: entering group Auth-Type for request 0 rlm_chap: login attempt by Max with CHAP password rlm_chap: Could not find clear text password for user Max modcall: group Auth-Type returns invalid for request 0 auth: Failed to validate the user ... I don't understand WHERE is that password missing: any ideas? thanks a lot! __ Tiscali Adsl 640 Free: fino al 15 novembre i consumi sono GRATIS! Se sottoscrivi un'Adsl Free 640 entro il 30 settembre avrai gratis tutti i consumi fino al 15/11/04 compreso! In piu' sono gratis il modem in comodato e l'attivazione. Cosa aspetti? Prima attivi, piu' risparmi. Attivala subito! http://abbonati.tiscali.it/adsl/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Counter Module
hi all, that's my configuration. Sorry for the mistakes. users file: Max Max-Daily-Session := 3600, Password = Max, NAS-IP-Address = 192.168.1.4, Simultaneous-Use = 1 Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Address = 255.255.255.254, Framed-MTU = 1500, Idle-Timeout = 3600, Port-Limit = 1 Without Max-Daily-Session := 3600 it works, but with Max-Daily-Session := 3600 the answer is: ... Processing the autenticate section of radiusd.conf modcall: entering group Auth-Type for request 0 rlm_chap: login attempt by Max with CHAP password rlm_chap: Could not find clear text password for user Max modcall: group Auth-Type returns invalid for request 0 auth: Failed to validate the user ... I don't understand WHERE is that password missing: any ideas? thanks a lot! __ Tiscali Adsl 640 Free: fino al 15 novembre i consumi sono GRATIS! Se sottoscrivi un'Adsl Free 640 entro il 30 settembre avrai gratis tutti i consumi fino al 15/11/04 compreso! In piu' sono gratis il modem in comodato e l'attivazione. Cosa aspetti? Prima attivi, piu' risparmi. Attivala subito! http://abbonati.tiscali.it/adsl/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Counter module
[EMAIL PROTECTED] wrote: Processing the autenticate section of radiusd.conf modcall: entering group Auth-Type for request 0 rlm_chap: login attempt by Max with CHAP password rlm_chap: Could not find clear text password for user Max So... tell the server what the user's correct password is. This has nothing to do with rlm_counter. I don't understand WHERE is that password missing: any ideas? You're asking the server to authenticate someone, but not telling the server how. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help with Counter module
rlm_counter: Packet Unique ID = '0d62303b8e51c196' rlm_counter: Could not find Service-Type attribute in the request. Returning NOOP. But rlm_counter cannot find it, since it's not included in the accounting stop packet. So try commenting out the allowed-servicetype directive. you were right, it works now. Thanks a lot for your help, Kostas. Jean-Marie - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help with Counter module
On Thu, 27 May 2004, Jean-Marie GUILLEMOT wrote: Hello everybody, I'm using Freeradius 0.9.3 on a RedHat 7.3. I'm trying to make a kind of hot spot thanks to the counter module of freeradius. I want people to authenticate one time for a defined amount of seconds (120 in my example). Once their credit time has expired, they would be logged off and their account would be definitively blocked (as I never reset the counter). I configured my radius and network (my NAS is an access-controller HP 760), the user correctly logs in. After 2 minutes, he is kicked out, that's great. My problem is that he can log in again with the same account. I hope that's clear enough. Thanks in advance for telling me what I'm doing wrong or for any tips that could help me. Jean-Marie Here is the configuration of radiusd.conf I made: ## radiusd.conf ## counter daily { filename = ${raddbdir}/db.daily key = User-Name count-attribute = Acct-Session-Time # reset = daily reset = never counter-name = Daily-Session-Time check-name = Max-Daily-Session # allowed-servicetype = Framed-User allowed-servicetype = Login-User You 've set allowed-servicetype to be Login-User cache-size = 5000 } Here is the debug of radiusd -X for the logging out: rad_recv: Accounting-Request packet from host 172.16.1.2:1061, id=71, length=136 User-Name = user NAS-IP-Address = 172.16.1.2 NAS-Identifier = 00e081526836 Acct-Status-Type = Stop Calling-Station-Id = 00-0c-f1-13-7a-43 Called-Station-Id = 00-e0-81-52-68-36 Acct-Session-Id = 1-000cf1137a43-1085667568-413-3KviFEgY Acct-Session-Time = 126 modcall: entering group preacct for request 3 modcall[preacct]: module preprocess returns noop for request 3 rlm_counter: Packet Unique ID = '0d62303b8e51c196' rlm_counter: Could not find Service-Type attribute in the request. Returning NOOP. But rlm_counter cannot find it, since it's not included in the accounting stop packet. So try commenting out the allowed-servicetype directive. -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Help with Counter module
Hello everybody, I'm using Freeradius 0.9.3 on a RedHat 7.3. I'm trying to make a kind of hot spot thanks to the counter module of freeradius. I want people to authenticate one time for a defined amount of seconds (120 in my example). Once their credit time has expired, they would be logged off and their account would be definitively blocked (as I never reset the counter). I configured my radius and network (my NAS is an access-controller HP 760), the user correctly logs in. After 2 minutes, he is kicked out, that's great. My problem is that he can log in again with the same account. I hope that's clear enough. Thanks in advance for telling me what I'm doing wrong or for any tips that could help me. Jean-Marie Here is the configuration of radiusd.conf I made: ## radiusd.conf ## counter daily { filename = ${raddbdir}/db.daily key = User-Name count-attribute = Acct-Session-Time # reset = daily reset = never counter-name = Daily-Session-Time check-name = Max-Daily-Session # allowed-servicetype = Framed-User allowed-servicetype = Login-User cache-size = 5000 } instantiate { # expr # # We add the counter module here so that it registers # the check-name attribute before any module which sets # it # daily daily } authorize { preprocess chap eap suffix files mschap daily } accounting { acct_unique detail # daily daily unix# wtmp file radutmp } Here is the users file : ## users ## userMax-Daily-Session:= 120, User-Password == password Service-Type = Login-User Here is the accounting logs that Freeradius creates : /${logdir}/radacct Thu May 27 15:52:40 2004 User-Name = user NAS-IP-Address = 172.16.1.2 NAS-Identifier = 00e081526836 Acct-Status-Type = Start Calling-Station-Id = 00-0c-f1-13-7a-43 Called-Station-Id = 00-e0-81-52-68-36 Acct-Session-Id = 1-000cf1137a43-1085665454-413-OZPFBnEv Client-IP-Address = 172.16.1.2 Acct-Unique-Session-Id = 258bad8957416a39 Timestamp = 1085665960 Thu May 27 15:54:46 2004 User-Name = user NAS-IP-Address = 172.16.1.2 NAS-Identifier = 00e081526836 Acct-Status-Type = Stop Calling-Station-Id = 00-0c-f1-13-7a-43 Called-Station-Id = 00-e0-81-52-68-36 Acct-Session-Id = 1-000cf1137a43-1085665454-413-OZPFBnEv Acct-Session-Time = 126 Client-IP-Address = 172.16.1.2 Acct-Unique-Session-Id = 258bad8957416a39 Timestamp = 1085666086 Thu May 27 15:57:05 2004 User-Name = user NAS-IP-Address = 172.16.1.2 NAS-Identifier = 00e081526836 Acct-Status-Type = Start Calling-Station-Id = 00-0c-f1-13-7a-43 Called-Station-Id = 00-e0-81-52-68-36 Acct-Session-Id = 1-000cf1137a43-1085665718-413-do1eGpcy Client-IP-Address = 172.16.1.2 Acct-Unique-Session-Id = 39b3dccbfe337738 Timestamp = 1085666225 Thu May 27 15:59:05 2004 User-Name = user NAS-IP-Address = 172.16.1.2 NAS-Identifier = 00e081526836 Acct-Status-Type = Stop Calling-Station-Id = 00-0c-f1-13-7a-43 Called-Station-Id = 00-e0-81-52-68-36 Acct-Session-Id = 1-000cf1137a43-1085665718-413-do1eGpcy Acct-Session-Time = 121 Client-IP-Address = 172.16.1.2 Acct-Unique-Session-Id = 39b3dccbfe337738 Timestamp = 1085666345 ### Here is the debug of radiusd -X for the logging : ### rad_recv: Access-Request packet from host 172.16.1.2:1059, id=89, length=83 User-Name = user User-Password = password NAS-IP-Address = 172.16.1.2 NAS-Identifier = 00e081526836 Calling-Station-Id = 00-0c-f1-13-7a-43 modcall: entering group authorize for request 1 modcall[authorize]: module preprocess returns ok for request 1 modcall[authorize]: module chap returns noop for request 1 modcall[authorize]: module eap returns noop for request 1 rlm_realm: No '@' in User-Name = user, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop for request 1 users: Matched user at 97 modcall[authorize]: module files returns ok for request 1 modcall[authorize]: module mschap returns noop for request 1 rlm_counter: Entering module authorize code rlm_counter: (Check item - counter) is greater than zero
RE: counter module (again)
Due to a wrong install (my fault :-( ) the man command doesn't work for freeradius settings. Can you send me an copy of this page? The db file isn't generated (what do I do wrong :-?) I hope someone can help me, Tim Bots -Oorspronkelijk bericht- Van: Kostas Kalevras [mailto:[EMAIL PROTECTED] Verzonden: Thursday, April 01, 2004 10:20 Aan: [EMAIL PROTECTED] Onderwerp: Re: counter module (again) On Thu, 1 Apr 2004, Tim Bots wrote: Hi everyone, Can anyone tell me how I can use the counter module. I can't find the db.daily file in the ${raddbdir} directory. Do I must create this file or will it be generated automatically. If I have to create this file can anyone give me an example of this file. Or do I have to change something in the users file (if yes, an example please) The db files are created automatically. The comments in the counter section of radiusd.conf are quite helpfull. There's also a man page on rlm_counter I hope someone can help me, Tim Bots - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: counter module (again)
the man page should be there in the sources... just install it again. if you don't want to do that then just load it directly into man (man man_file_name). some version of the less/more pager can also read the man page directly. you can download a fresh copy of the sources from the website if the above is confusing. t -Original Message- From: Tim Bots [mailto:[EMAIL PROTECTED] Sent: 01 April 2004 10:05 To: [EMAIL PROTECTED] Subject: RE: counter module (again) Due to a wrong install (my fault :-( ) the man command doesn't work for freeradius settings. Can you send me an copy of this page? The db file isn't generated (what do I do wrong :-?) I hope someone can help me, Tim Bots -Oorspronkelijk bericht- Van: Kostas Kalevras [mailto:[EMAIL PROTECTED] Verzonden: Thursday, April 01, 2004 10:20 Aan: [EMAIL PROTECTED] Onderwerp: Re: counter module (again) On Thu, 1 Apr 2004, Tim Bots wrote: Hi everyone, Can anyone tell me how I can use the counter module. I can't find the db.daily file in the ${raddbdir} directory. Do I must create this file or will it be generated automatically. If I have to create this file can anyone give me an example of this file. Or do I have to change something in the users file (if yes, an example please) The db files are created automatically. The comments in the counter section of radiusd.conf are quite helpfull. There's also a man page on rlm_counter I hope someone can help me, Tim Bots - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
counter module (again)
Hi everyone, Can anyone tell me how I can use the counter module. I can't find the db.daily file in the ${raddbdir} directory. Do I must create this file or will it be generated automatically. If I have to create this file can anyone give me an example of this file. Or do I have to change something in the users file (if yes, an example please) I hope someone can help me, Tim Bots - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: how does the counter module work?
Tim Bots [EMAIL PROTECTED] wrote: I guess the counter module can help me with accounting but I can't find = the full manual for this module. There is none. Read the comments in the radiusd.conf file. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html