Max-Daily-Session Default value when user get disconnected
I need to know if you can add a default value such as 10 minutes each time a user logs out even though it was connected just one minute? Thanks in advance!! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: it's not disconnect users after Max-Daily-Session ends.
On Thu, Jun 14, 2012 at 5:41 PM, Alan DeKok wrote: > ali Eblice wrote: >> is it possible to find out that squid is sending accounting packet in >> output of " freeradius -X " command? > > Yes... read it. Look for "accounting". > > Or, read the squid configuration. Did you configure RADIUS accounting > there? If not, it won't send accounting packets. See the squid > documentation for anything related to squid. > > Alan DeKok. thanks fore replying and sorry fore I'm replying little late . i asked this problem on squid's mailing list and they said squid's authentication helper is old and probably not working right . my goal of connecting squid to freeradius was to make small lab for learning freeradius . can you please tell me name of a service that works fine with free radius to i could test my changes on freeradius with it ? i want this because i don't want to check every thing with radtest command . - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: it's not disconnect users after Max-Daily-Session ends.
ali Eblice wrote: > is it possible to find out that squid is sending accounting packet in > output of " freeradius -X " command? Yes... read it. Look for "accounting". Or, read the squid configuration. Did you configure RADIUS accounting there? If not, it won't send accounting packets. See the squid documentation for anything related to squid. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: it's not disconnect users after Max-Daily-Session ends.
On Thu, Jun 14, 2012 at 2:39 PM, Alan DeKok wrote: > ali Eblice wrote: >> now squid check user credentials every 1 minutes but freeradius give " >> Access-Accept" even after several minutes pass from 100 second. > > What does that mean? Hi i mean squid check user credentials every 1 minutes and for every check that squid do , i get an output similar to the output i wrote in my previous reply and in all outputs freeradius give "Access-Accept" but it shouldn't give it because 100 second have been passed . i will check squid to see if it send's accounting packet. is it possible to find out that squid is sending accounting packet in output of " freeradius -X " command? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: it's not disconnect users after Max-Daily-Session ends.
ali Eblice wrote: > now squid check user credentials every 1 minutes but freeradius give " > Access-Accept" even after several minutes pass from 100 second. What does that mean? > it is an out put of freeradius -X command when squid check the > credentials every 1 minutes : The "counter" module requires accounting packets. See the documentation in raddb/modules/counter. If squid doesn't send accounting packets, then it won't work. i.e. this is documented. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: it's not disconnect users after Max-Daily-Session ends.
> Disconnecting a user after the session timeout period is up to the > NAS. If you're sending the right attributes back in the > Access-Accept that the NAS needs, and the user isn't being > disconnected at the right time, then work out why the NAS isn't > kicking the user off. > >> and noting wrote in output of freeradius -X command > > You won't necessarily see anything in the output of freeradius, > unless the NAS also sends an Accounting Stop at the same time. thanks for replying . i checked my squid configuration there was problem with it ((it was checking users credentials every 45 minutes )) and i solved it . now squid check user credentials every 1 minutes but freeradius give " Access-Accept" even after several minutes pass from 100 second. it is an out put of freeradius -X command when squid check the credentials every 1 minutes : rad_recv: Access-Request packet from host 127.0.0.1 port 51373, id=21, length=63 User-Name = "alice" User-Password = "passme" NAS-Port = 111 NAS-Port-Type = Async NAS-IP-Address = 127.0.0.1 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "alice", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop [files] users: Matched entry alice at line 1 [files] expand: Hello, %{User-Name} -> Hello, alice ++[files] returns ok rlm_counter: Entering module authorize code rlm_counter: Searching the database for key 'alice' rlm_counter: Could not find the requested key in the database. rlm_counter: Check item = 100, Count = 0 rlm_counter: res is greater than zero rlm_counter: (Check item - counter) is greater than zero rlm_counter: Authorized user alice, check_item=100, counter=0 rlm_counter: Sent Reply-Item for user alice, Type=Session-Timeout, value=100 ++[daily] returns ok ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns updated Found Auth-Type = PAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group PAP {...} [pap] login attempt with password "passme" [pap] Using clear text password "passme" [pap] User authenticated successfully ++[pap] returns ok # Executing section post-auth from file /etc/freeradius/sites-enabled/default +- entering group post-auth {...} ++[exec] returns noop Sending Access-Accept of id 21 to 127.0.0.1 port 51373 Reply-Message = "Hello, alice" Session-Timeout = 100 Finished request 20. Going to the next request Waking up in 4.9 seconds. Cleaning up request 20 ID 21 with timestamp +2133 Ready to process requests. --- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: it's not disconnect users after Max-Daily-Session ends.
On Sun, Jun 10, 2012 at 12:50:17PM +0430, ali Eblice wrote: > but after 100 second the user doesn't disconnect Disconnecting a user after the session timeout period is up to the NAS. If you're sending the right attributes back in the Access-Accept that the NAS needs, and the user isn't being disconnected at the right time, then work out why the NAS isn't kicking the user off. > and noting wrote in output of freeradius -X command You won't necessarily see anything in the output of freeradius, unless the NAS also sends an Accounting Stop at the same time. Matthew -- Matthew Newton, Ph.D. Systems Architect (UNIX and Networks), Network Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
it's not disconnect users after Max-Daily-Session ends.
Hi i have squid connected to freeradius ((freeradius: FreeRADIUS Version 2.1.10, for host x86_64-pc-linux-gnu, built on Nov 24 2011 at 07:53:12)) and problem is that after a Max-Daily-Session time ended user stay connected and can use squid proxy . here is my configuration: i did this config on users file of freeradius "alice" Cleartext-Password := "passme", Max-Daily-Session :="100" Reply-Message = "Hello, %{User-Name}" - and uncomment daily in accounting and authorize section of sites-enabled/default file of freeradius and uncommented the daily in instantiate section of radiusd.conf and added this to moduls/counter --- counter daily { filename = ${db_dir}/db.daily key = User-Name count-attribute = Acct-Session-Time reset = daily counter-name = Daily-Session-Time check-name = Max-Daily-Session reply-name = Session-Timeout # allowed-servicetype = Framed-User cache-size = 5000 # return-attribute = Session-Timeout } - but after 100 second the user doesn't disconnect and noting wrote in output of freeradius -X command here is the out put of freeradius -X --- root@ubuntu:/etc/freeradius# freeradius -X FreeRADIUS Version 2.1.10, for host x86_64-pc-linux-gnu, built on Nov 24 2011 at 07:53:12 Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /etc/freeradius/radiusd.conf including configuration file /etc/freeradius/proxy.conf including configuration file /etc/freeradius/clients.conf including files in directory /etc/freeradius/modules/ including configuration file /etc/freeradius/modules/policy including configuration file /etc/freeradius/modules/sql_log including configuration file /etc/freeradius/modules/mac2ip including configuration file /etc/freeradius/modules/dynamic_clients including configuration file /etc/freeradius/modules/wimax including configuration file /etc/freeradius/modules/unix including configuration file /etc/freeradius/modules/smsotp including configuration file /etc/freeradius/modules/krb5 including configuration file /etc/freeradius/modules/pap including configuration file /etc/freeradius/modules/etc_group including configuration file /etc/freeradius/modules/cui including configuration file /etc/freeradius/modules/preprocess including configuration file /etc/freeradius/modules/opendirectory including configuration file /etc/freeradius/modules/exec including configuration file /etc/freeradius/modules/digest including configuration file /etc/freeradius/modules/inner-eap including configuration file /etc/freeradius/modules/ntlm_auth including configuration file /etc/freeradius/modules/detail.log including configuration file /etc/freeradius/modules/echo including configuration file /etc/freeradius/modules/smbpasswd including configuration file /etc/freeradius/modules/perl including configuration file /etc/freeradius/modules/expr including configuration file /etc/freeradius/modules/chap including configuration file /etc/freeradius/modules/mac2vlan including configuration file /etc/freeradius/modules/attr_filter including configuration file /etc/freeradius/modules/counter including configuration file /etc/freeradius/modules/sradutmp including configuration file /etc/freeradius/modules/pam including configuration file /etc/freeradius/modules/ippool including configuration file /etc/freeradius/modules/otp including configuration file /etc/freeradius/modules/detail including configuration file /etc/freeradius/modules/always including configuration file /etc/freeradius/modules/passwd including configuration file /etc/freeradius/modules/detail.example.com including configuration file /etc/freeradius/modules/logintime including configuration file /etc/freeradius/modules/mschap including configuration file /etc/freeradius/modules/sqlcounter_expire_on_login including configuration file /etc/freeradius/modules/files including configuration file /etc/freeradius/modules/acct_unique including configuration file /etc/freeradius/modules/ldap including configuration file /etc/freeradius/modules/checkval including configuration file /etc/freeradius/modules/radutmp including configuration file /etc/freeradius/modules/expiration including configuration file /etc/freeradius/modules/a
Re: Max-Daily-Session - User session termination
On Fri, Mar 9, 2012 at 7:32 PM, pamela pomary wrote: > Reading the documentation in radiusd.conf, it says > attributes can be added to radcheck or radgroupcheck table in mysql, but > Max-Daily Session attribute is not recognized. it says "Could not find Check > item value pair" in debug mode. did you follow the documentation? which one did you follow? If the documentation is wrong, then we should fix it. If you only follow half of it, then you should re-read the documentation. > I have tried to add attributes in radreply > and radgroupreply, and that didn't work either. Please how can I achieve > this. You can't just say "Oh, I know. Why don't I just put random stuff in some random table, and some fairy will make it work!" > > > ##Debug log### > rlm_sql (sql): Released sql socket id: 0 > modcall[authorize]: module "sql" returns ok for request 60 > > rlm_counter: Entering module authorize code which one are you using, btw? rlm_counter, or rlm_sqlcounter? If you store your accounting data in sql, better use sqlcounter. See http://wiki.freeradius.org/Rlm_sqlcounter > mysql> select * from radcheck where username="student"; > +---+--+---++--+ > | id | UserName | Attribute | op | Value | > +---+--+---+----+------+ > | 10 | student | User-Password | == | password | > | 11 | student | Max-Daily-Session | == | 240 | > +---+--+---++--+ > 2 rows in set (0.00 sec) Hint: Most entries in rad(group)check/reply should have op ":=" instead of "==". See http://wiki.freeradius.org/Rlm_sql and http://wiki.freeradius.org/Operators See also the example (near the bottom on the rlm_sqlcounter wiki page) -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Max-Daily-Session - User session termination
Thank you Alan :) , it works. I addedd the line: 'authentication timer reauthenticate server' to the FastEthernet port on the cisco switch.That is, it will receive reauthentication time as defined on the radius server. Now i want to add users into mysql database and apply similar attributes defined in the users file. Reading the documentation in radiusd.conf, it says attributes can be added to radcheck or radgroupcheck table in mysql, but Max-Daily Session attribute is not recognized. it says "Could not find Check item value pair" in debug mode. I have tried to add attributes in radreply and radgroupreply, and that didn't work either. Please how can I achieve this. ##Debug log### rlm_sql (sql): Released sql socket id: 0 modcall[authorize]: module "sql" returns ok for request 60 rlm_counter: Entering module authorize code rlm_counter: Could not find Check item value pair modcall[authorize]: module "daily" returns noop for request 60 modcall: leaving group authorize (returns updated) for request 60 rad_check_password: Found Auth-Type EAP #mysql ++---+---++-+ | id | GroupName | Attribute | op | Value | ++---+---++-+ | 1 | student | Service-Type | == | Login-User | | 2 | student | Framed-MTU | == | 576 | | 3 | student | Max-Daily-Session | == | 240 | | 4 | student | Framed-If-Address | == | 255.255.255.254 | | 5 | student | Max-Daily-Session | == | 240 | ++---+---++-+ 5 rows in set (0.00 sec) mysql> select * from radgroupreply; ++---+---++-+ | id | GroupName | Attribute | op | Value | ++---+---++-+ | 1 | student | Service-Type | == | Login-User | | 2 | student | Framed-MTU | == | 576 | | 3 | student | Max-Daily-Session | == | 240 | | 4 | student | Framed-IP-Address | == | 255.255.255.254 | ++---+---++-+ mysql> select * from radcheck where username="student"; +---+--+---++--+ | id| UserName | Attribute | op | Value| +---+--+---++--+ |10 | student | User-Password | == | password | | 11 | student | Max-Daily-Session | == | 240 | +---+--+---++--+ 2 rows in set (0.00 sec) mysql> select * from radreply where username="student"; ++--+---++---+ | id | UserName | Attribute | op | Value | +----+--+---++---+ | 8 | student | Max-Daily-Session | := | 240 | ++--+---++---+ 1 row in set (0.00 sec) # radiusd.conf # accounting { detail daily radutmp sql } authorize { preprocess mschap suffix eap files sql daily } instantiate { exec expr daily } Set session timer to one hour. Or adjust reauth times on the Cisco > > alan > > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Max-Daily-Session - User session termination
Set session timer to one hour. Or adjust reauth times on the Cisco alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Max-Daily-Session - User session termination
Hello once again, Thank you for your help in resolving this problem so far. I have counters increasing now after defining Max-Daily-Session for DEFAULT user in the users file like below and adding the line aaa accounting dot1x default start-stop group radius suggested by Alan Buxey to config on my Cisco 2960 switch NAS. DEFAULTService-Type == Login-User Framed-IP-Address = 255.255.255.254, Framed-MTU = 576, Max-Daily-Session = 240, I found the following in the log ### Debug log ### rlm_counter: Entering module authorize code rlm_counter: Searching the database for key 'clare' rlm_counter: Key Found. rlm_counter: Check item = 240, Count = 2386 rlm_counter: Rejected user clare, check_item=240, counter=2386 modcall[authorize]: module "daily" returns reject for request 0 modcall: leaving group authorize (returns reject) for request 0 Invalid user (rlm_counter: Maximum hourly usage time reached): [clare] (from client C2960_NOC_LAN1 port 50009 cli 00-1E-33-D5-7A-68) Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 230 to 10.1.5.4 port 1645 Reply-Message = "Your maximum hourly usage time has been reached" I realise user clare is rejected only when user login after cable is unplugged and plugged back into the computer. What it means is that when a user login and is granted access, user's counter keeps increasing beyond the Max-Daily-Session until cable is unplugged from the computer.When cable is plugged back into the computer and user is prompted to login, user is rejected because he/she has exceeded the maximum daily session. What I want to achieve is to get user session disconnected/timeout automatically while cable is still plugged in and user reaching his/her maximum daily session set for the day. I hope it is possible to do :) I have the following config on my NAS- Cisco 2960 switch aaa authentication login default group radius local aaa authentication dot1x default group radius aaa authorization exec default group radius if-authenticated aaa authorization network default group radius aaa accounting suppress null-username aaa accounting session-duration ntp-adjusted aaa accounting update newinfo periodic 1 aaa accounting dot1x default start-stop group radius aaa accounting exec default start-stop group radius aaa accounting network default start-stop group radius aaa accounting connection default start-stop group radius aaa accounting resource default start-stop-failure group radius interface FastEthernet0/9 switchport access vlan 6 switchport mode access authentication host-mode multi-auth authentication port-control auto authentication periodic authentication timer reauthenticate 60 authentication violation protect dot1x pae both dot1x max-req 3 spanning-tree portfast -- Pamela Pomary University of Ghana, ICT Directorate skype:ppomary - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with Max-Daily-Session
Have a look in debug mode to see if you are getting accounting packets from Chillispot. If you are not getting accounting data there is no way for counter to work. Off topic, what stops a user to use a different username and gain another 2 hours? Mikrotik has a trial mode where users can gain unathorized access for a certain period of time controlled by MAC address. Is there something like that for Chillispot that you can implement? Ivan Kalik Kalik Informatika ISP Dana 18/1/2008, "Gabriele Giuliani" <[EMAIL PROTECTED]> piše: >As entitled, with my office we have installed at a library town a server >with Ubuntu 7.10, Freeradius and Chilispot to >ensure wireless navigation to users with their notebooks from the local >library; >The access point is configured without any authentication, anyone can >connect, authentication is performed by the >server radius, which are stored registered users who are entitled to >navigation (etc / freeradius / users), for simplicity >we have not used SQL; >Everything works great: Users come, authentify and happy surfing, what >we fail to do is set the maximum daily >navigation (which in our case should be 2 hours), the Daily-Session-Time >works, after 2 hours of connection users >are disconnected, only they can safely again for another 2 hours, which >we would like to avoid (a maximum of 2 hours >of daily connection); this is our configuration file >(etc/freeradius/radiusd.conf ) of the "counter module": > >counter daily { >filename = ${raddbdir}/db.daily >key = User-Name >count-attribute = Acct-Session-Time >reset = daily >counter-name = Daily-Session-Time >check-name = Max-Daily-Session >allowed-servicetype = Framed-User >cache-size = 5000 >} > >Do we need to set some other parameter somewhere else? > >Any advice is welcome > >Thanks for the answers :) > >-- >Gabriele Giuliani > >STUDIO 16 64 S.r.l. >Via degli Abeti, 52 >61100 PESARO > >Tel. 0721 0130897 >Fax. 06 452215814 >Cell. 329 9503621 > >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problem with Max-Daily-Session
As entitled, with my office we have installed at a library town a server with Ubuntu 7.10, Freeradius and Chilispot to ensure wireless navigation to users with their notebooks from the local library; The access point is configured without any authentication, anyone can connect, authentication is performed by the server radius, which are stored registered users who are entitled to navigation (etc / freeradius / users), for simplicity we have not used SQL; Everything works great: Users come, authentify and happy surfing, what we fail to do is set the maximum daily navigation (which in our case should be 2 hours), the Daily-Session-Time works, after 2 hours of connection users are disconnected, only they can safely again for another 2 hours, which we would like to avoid (a maximum of 2 hours of daily connection); this is our configuration file (etc/freeradius/radiusd.conf ) of the "counter module": counter daily { filename = ${raddbdir}/db.daily key = User-Name count-attribute = Acct-Session-Time reset = daily counter-name = Daily-Session-Time check-name = Max-Daily-Session allowed-servicetype = Framed-User cache-size = 5000 } Do we need to set some other parameter somewhere else? Any advice is welcome Thanks for the answers :) -- Gabriele Giuliani STUDIO 16 64 S.r.l. Via degli Abeti, 52 61100 PESARO Tel. 0721 0130897 Fax. 06 452215814 Cell. 329 9503621 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
max-daily-session
Hi all, I am using Freeradius + Chillispot + Mysql in a hotel wifi and it's working very fine. I have set per user Max-Daily-Session with sql_counter and it works. Now they ask me another situation: the hotel has various workstations that everybody can use. I need to set a low Max-Daily-Session (1 hour) when a user log trough these workstation, and set Max-Daily-Session = 24 hours when user use it's own notepad. so: can I override per user Max-Daily-Session when request come from a certain CallingStationId? what I tried is to use query on sql_counter but it seems there is no variables with CallingStationId, something like: query = "SELECT (SUM(AcctSessionTime) + ((WORKSTATIONID = $CallingStationId) * 82800) FROM radacct WHERE UserName='%{%k}' AND AcctStartTime > FROM_UNIXTIME('%b')" Any idea? Thank's in advance. -- Pierluigi Di Lorenzo ePrometeus s.r.l - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Fw: Attribute Max-Daily-Session + Session-Timeout
Abel Monzón wrote: > Yes, I have configured the SQL module to store my accounting data and the > NAS is sending accounting packets. All work fine, but not the > Max-Daily-Session Then see the FAQ about "it doesn't work". Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Fw: Attribute Max-Daily-Session + Session-Timeout
Abel Monzón wrote: > No body know what is the solution? I send this e-mail, and nothing of > answer. > People don't *have* to answer. >In your case, you're trying to use sqlcounter. Have you configured >the SQL module to store accounting data? Is the NAS sending accounting >packets? Yes, I have configured the SQL module to store my accounting data and the NAS is sending accounting packets. All work fine, but not the Max-Daily-Session Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Fw: Attribute Max-Daily-Session + Session-Timeout
Abel Monzón wrote: > No body know what is the solution? I send this e-mail, and nothing of > answer. People don't *have* to answer. In your case, you're trying to use sqlcounter. Have you configured the SQL module to store accounting data? Is the NAS sending accounting packets? Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Fw: Attribute Max-Daily-Session + Session-Timeout
No body know what is the solution? I send this e-mail, and nothing of answer. Good Day From: Abel Monzón To: mailist Sent: Monday, February 19, 2007 2:04 AM Subject: Attribute Max-Daily-Session + Session-Timeout Hello List. I have a problem. I had limited the Max-Daily-Session = 120, and the Session-Timeout = 60. The Session-Timeout work, but the Max-Daily-Session don't. because the Session-Timeout log out the user, but de Max-Daily-Session don't and let log in again. I have this in my radiusd.conf: sqlcounter contdiario { counter-name = Daily-Session-Time check-name = Max-Daily-Session sqlmod-inst = sql key = User-Name reset = daily count-attribute = Max-Daily-Session query = "SELECT SUM(AcctSessionTime - \ GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) \ FROM radacct WHERE UserName='%{%k}' AND \ UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'" } authorize { contdiario . } Any help? Thanks- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Attribute Max-Daily-Session + Session-Timeout
Hello List. I have a problem. I had limited the Max-Daily-Session = 120, and the Session-Timeout = 60. The Session-Timeout work, but the Max-Daily-Session don't. because the Session-Timeout log out the user, but de Max-Daily-Session don't and let log in again. I have this in my radiusd.conf: sqlcounter contdiario { counter-name = Daily-Session-Time check-name = Max-Daily-Session sqlmod-inst = sql key = User-Name reset = daily count-attribute = Max-Daily-Session query = "SELECT SUM(AcctSessionTime - \ GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) \ FROM radacct WHERE UserName='%{%k}' AND \ UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'" } authorize { contdiario . } Any help? Thanks- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius 1.0.5 - Max-All-Session, Max-Daily-Session and Max-Monthly-Session maximum value limit
James <[EMAIL PROTECTED]> wrote: > Hello I am using freeradius 1.0.5, what is the maximum value of seconds > allowed in the attributes: Max-All-Session, Max-Daily-Session and > Max-Monthly-Session ? They're integers, so 32-bits, or 4 billion. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius 1.0.5 - Max-All-Session, Max-Daily-Session and Max-Monthly-Session maximum value limit
Hello I am using freeradius 1.0.5, what is the maximum value of seconds allowed in the attributes: Max-All-Session, Max-Daily-Session and Max-Monthly-Session ? I cannot find this information in my research. Thank you, James - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Re. Max-Daily-Session
Shannon Sariman wrote: Nick White wrote: "Can I set "Max-Daily-Session = 1800" in the radgroupcheck table (MySQL), and if so is the max of 1800 set for the entire group, or for each user in that group?" The max of 1800 will be set for the entire group. I you want to apply max of 1800 for certain users that don't belong to the group then use radcheck table. Cheers, Shannon "From the land of the unexpected". - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Thanks for the reply. That's what I had thought. -- --- | Nick White | | Network Administrator | | Tele-NET Internet | | http://www.tele-net.net | | [EMAIL PROTECTED] | --- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re. Max-Daily-Session
Nick White wrote: "Can I set "Max-Daily-Session = 1800" in the radgroupcheck table (MySQL), and if so is the max of 1800 set for the entire group, or for each user in that group?" The max of 1800 will be set for the entire group. I you want to apply max of 1800 for certain users that don't belong to the group then use radcheck table. Cheers, Shannon "From the land of the unexpected". - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Max-Daily-Session
Can I set "Max-Daily-Session = 1800" in the radgroupcheck table (MySQL), and if so is the max of 1800 set for the entire group, or for each user in that group? Thanks -- --- | Nick White | | [EMAIL PROTECTED] | --- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sqlcounter && Max-Daily-Session??
Hi >hi, are you referring in sqlcounter dailycounter in sqlcounter.conf? Do > >u want to configure the daily counter? > Yeah, it works well. and so what? Maybe i have basical misunderstanding for the attribute&&dictionary. Can anyone point it to me?Thx in advance. Hello World! [EMAIL PROTECTED] 2004-06-15 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Re: rlm_sqlcounter && Max-Daily-Session??
hi, are you referring in sqlcounter dailycounter in sqlcounter.conf? Do u want to configure the daily counter? > > > >it doesnt hurt you if you cannot find it, what will hurt you is there is > >wrong using it as an attribute. > > As well as i know, we have to include a dictionary.XXX file in the /usr/share/freeradius/dictionary if we want to use our custom > Vendor-Specific-Attribute, right? > > > > Hello World! > > [EMAIL PROTECTED] > 2004-06-14 > > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Re: rlm_sqlcounter && Max-Daily-Session??
>it doesnt hurt you if you cannot find it, what will hurt you is there is >wrong using it as an attribute. As well as i know, we have to include a dictionary.XXX file in the /usr/share/freeradius/dictionary if we want to use our custom Vendor-Specific-Attribute, right? Hello World! [EMAIL PROTECTED] 2004-06-14 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sqlcounter && Max-Daily-Session??
> > Hi, > I have configured a freeradius server(freeradius0.9.2 + rlm_pap + rlm_sql_mysql + rlm_sqlcounter) , sqlcounter work well.but i am puzzled that: > Where is Max-Daily-Session defined in certain dictionary file ? > I cann't find it under dictionary directory greping it. Thx! it doesnt hurt you if you cannot find it, what will hurt you is there is wrong using it as an attribute. //milver - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_sqlcounter && Max-Daily-Session??
Hi, I have configured a freeradius server(freeradius0.9.2 + rlm_pap + rlm_sql_mysql + rlm_sqlcounter) , sqlcounter work well.but i am puzzled that: Where is Max-Daily-Session defined in certain dictionary file ? I cann't find it under dictionary directory greping it. Thx! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sqlcounter Max-Daily-Session
the problem was with sqlmod-inst = sqlcca3, I changed it for "sqlmod-inst = sql" and I worked perfectly. thanks - Original Message - From: "john zurowski" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, February 17, 2004 7:08 PM Subject: RE: rlm_sqlcounter Max-Daily-Session > > > > > > >From: Andrés de Barros <[EMAIL PROTECTED]> > >Reply-To: [EMAIL PROTECTED] > >To: <[EMAIL PROTECTED]> > >Subject: rlm_sqlcounter Max-Daily-Session > >Date: Tue, 17 Feb 2004 17:09:48 -0300 > > > >Problems with rlm_sqlcounter, Max-Daily-Session > >It is connected during 30s and one becomes disconnected. > >The problem is that I do not have stop in the connection. > > Not clear on the question but you have set up the counter to tell the NAS to > disconnect the user after 30s. i.e. the Session-Timeout RADIUS attribute is > sent back to NAS with 30 secs. as usage time. The NAS then should disconnect > you after 30 secs. if your connection is still active then its down to the > NAS and not freeradius i.e. the NAS sent back a stop accounting packet so it > should have terminated the connection. > > What behaviour do you want / expect ? > > > > >As I solve east problem > > > >sqlcounter.conf: > > > >sqlcounter dailycounter { > > driver = "rlm_sqlcounter" > > counter-name = Daily-Session-Time > > check-name = Max-Daily-Session > > sqlmod-inst = sqlcca3 > > key = User-Name > > reset = daily > > > > query = "SELECT SUM(AcctSessionTime - GREATEST((%b - > >UNIX_TIMESTAMP(AcctStartTime)), 0)) \ > > FROM radacct WHERE UserName='%{%k}' AND > >UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > 'b' " > > > > > >select * from radcheck where username = '[EMAIL PROTECTED]'; > >++-+-++---+ > >| id | UserName| Attribute | op | Value | > >++-+-++---+ > >| 6 | [EMAIL PROTECTED] | User-Password | := | leo | > >| 15 | [EMAIL PROTECTED] | Max-daily-Session | := | 30| > >++-+-++---+ > >2 rows in set (0.00 sec) > > > > select * from radgroupcheck where groupname = 'static_64k'; > >+++---++---+ > >| id | GroupName | Attribute | op | Value | > >+++---++---+ > >| 17 | static_64k | Auth-Type | := | Local | > >+++---++---+ > >1 row in set (0.00 sec) > > > >select * from radgroupreply where groupname = 'static_64k'; > >+++---++-+- - > >+ > >| id | GroupName | Attribute | op | Value | > >prio | > >+++---++-+- - > >+ > >| 24 | static_64k | Framed-Protocol | = | PPP | > >0 | > >| 49 | static_64k | Framed-Routing| = | Broadcast-Listen | > >0 | > >| 25 | static_64k | Framed-Compression| = | Van-Jacobson-TCP-IP | > >0 | > >| 26 | static_64k | RP-Upstream-Speed-Limit | = | 64 | > >0 | > >| 27 | static_64k | RP-Downstream-Speed-Limit | = | 64 | > >0 | > >| 46 | static_64k | Service-Type | = | Framed-User | > >0 | > >| 50 | static_64k | Framed-MTU| = | 1500 | > >0 | > >+++---++-+- - > >+ > >7 rows in set (0.00 sec) > > > >select * from radreply where username = '[EMAIL PROTECTED]'; > >++-+---++---+ > >| id | UserName| Attribute | op | Value | > >++-+---++---+ > >| 5 | [EMAIL PROTECTED] | Framed-IP-Address | = | 192.168.2.103 | > >++-+---++---+ > >1 row in set (0.01 sec) > > > >select * from usergroup where username = '[EMAIL PROTECTED]'; > >++-++ > >| id | UserName| GroupName | > >++-++ > >| 6 | [EMAIL PROTECTED] | static_64k | > >++-++ > >1 row in set (0.00 sec) > > > > > > > > radiusd -x > >Starting - reading configuration files ... > &
RE: rlm_sqlcounter Max-Daily-Session
From: Andrés de Barros <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] To: <[EMAIL PROTECTED]> Subject: rlm_sqlcounter Max-Daily-Session Date: Tue, 17 Feb 2004 17:09:48 -0300 Problems with rlm_sqlcounter, Max-Daily-Session It is connected during 30s and one becomes disconnected. The problem is that I do not have stop in the connection. Not clear on the question but you have set up the counter to tell the NAS to disconnect the user after 30s. i.e. the Session-Timeout RADIUS attribute is sent back to NAS with 30 secs. as usage time. The NAS then should disconnect you after 30 secs. if your connection is still active then its down to the NAS and not freeradius i.e. the NAS sent back a stop accounting packet so it should have terminated the connection. What behaviour do you want / expect ? As I solve east problem sqlcounter.conf: sqlcounter dailycounter { driver = "rlm_sqlcounter" counter-name = Daily-Session-Time check-name = Max-Daily-Session sqlmod-inst = sqlcca3 key = User-Name reset = daily query = "SELECT SUM(AcctSessionTime - GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) \ FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > 'b' " select * from radcheck where username = '[EMAIL PROTECTED]'; ++-+-++---+ | id | UserName| Attribute | op | Value | ++-+-++---+ | 6 | [EMAIL PROTECTED] | User-Password | := | leo | | 15 | [EMAIL PROTECTED] | Max-daily-Session | := | 30| ++-+-++---+ 2 rows in set (0.00 sec) select * from radgroupcheck where groupname = 'static_64k'; +++---++---+ | id | GroupName | Attribute | op | Value | +++---++---+ | 17 | static_64k | Auth-Type | := | Local | +++---++---+ 1 row in set (0.00 sec) select * from radgroupreply where groupname = 'static_64k'; +++---++-+-- + | id | GroupName | Attribute | op | Value | prio | +++---++-+-- + | 24 | static_64k | Framed-Protocol | = | PPP | 0 | | 49 | static_64k | Framed-Routing| = | Broadcast-Listen| 0 | | 25 | static_64k | Framed-Compression| = | Van-Jacobson-TCP-IP | 0 | | 26 | static_64k | RP-Upstream-Speed-Limit | = | 64 | 0 | | 27 | static_64k | RP-Downstream-Speed-Limit | = | 64 | 0 | | 46 | static_64k | Service-Type | = | Framed-User | 0 | | 50 | static_64k | Framed-MTU| = | 1500| 0 | +++---++-+-- + 7 rows in set (0.00 sec) select * from radreply where username = '[EMAIL PROTECTED]'; ++-+---++---+ | id | UserName| Attribute | op | Value | ++-+---++---+ | 5 | [EMAIL PROTECTED] | Framed-IP-Address | = | 192.168.2.103 | ++-+---++---+ 1 row in set (0.01 sec) select * from usergroup where username = '[EMAIL PROTECTED]'; ++-++ | id | UserName| GroupName | ++-++ | 6 | [EMAIL PROTECTED] | static_64k | ++-++ 1 row in set (0.00 sec) radiusd -x Starting - reading configuration files ... Using deprecated naslist file. Support for this will go away soon. Using deprecated clients file. Support for this will go away soon. Using deprecated realms file. Support for this will go away soon. Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP Module: Instantiated mschap (mschap) Module: Loaded preprocess Module: Instantiated preprocess (preprocess) Module: Loaded realm Module: Instantiated realm (suffix) Module: Loaded SQL rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked rlm_sql (sql): Attempting to connect to [EMAIL PROTECTED]:/radius rlm_sql (sql): starting 0 rlm_sql (sql): Attempting to connect rlm_sql_mysql #0 rlm_sql_mysql: Starting connect to MySQL server for #0 rlm_sql (sql): Connected new DB handle, #0 rlm_sql (sql): starting 1 rlm_sql (sql): Attempting to connect rlm_sql_mysql #1 rlm_sql_mysql: Starting connect to MySQL server for #1 rlm_sql (sql): Connected new DB handle, #1 rlm_sql (sql): starting 2 rlm_sql (sql): Attempting to connect rlm_sql_mysql #2
rlm_sqlcounter Max-Daily-Session
Problems with rlm_sqlcounter, Max-Daily-Session It is connected during 30s and one becomes disconnected. The problem is that I do not have stop in the connection. As I solve east problem sqlcounter.conf: sqlcounter dailycounter { driver = "rlm_sqlcounter" counter-name = Daily-Session-Time check-name = Max-Daily-Session sqlmod-inst = sqlcca3 key = User-Name reset = daily query = "SELECT SUM(AcctSessionTime - GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) \ FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > 'b' " select * from radcheck where username = '[EMAIL PROTECTED]'; ++-+-++---+ | id | UserName| Attribute | op | Value | ++-+-++---+ | 6 | [EMAIL PROTECTED] | User-Password | := | leo | | 15 | [EMAIL PROTECTED] | Max-daily-Session | := | 30| ++-+-++---+ 2 rows in set (0.00 sec) select * from radgroupcheck where groupname = 'static_64k'; +++---++---+ | id | GroupName | Attribute | op | Value | +++---++---+ | 17 | static_64k | Auth-Type | := | Local | +++---++---+ 1 row in set (0.00 sec) select * from radgroupreply where groupname = 'static_64k'; +++---++-+-- + | id | GroupName | Attribute | op | Value | prio | +++---++-+-- + | 24 | static_64k | Framed-Protocol | = | PPP | 0 | | 49 | static_64k | Framed-Routing| = | Broadcast-Listen| 0 | | 25 | static_64k | Framed-Compression| = | Van-Jacobson-TCP-IP | 0 | | 26 | static_64k | RP-Upstream-Speed-Limit | = | 64 | 0 | | 27 | static_64k | RP-Downstream-Speed-Limit | = | 64 | 0 | | 46 | static_64k | Service-Type | = | Framed-User | 0 | | 50 | static_64k | Framed-MTU| = | 1500| 0 | +++---++-+-- + 7 rows in set (0.00 sec) select * from radreply where username = '[EMAIL PROTECTED]'; ++-+---++---+ | id | UserName| Attribute | op | Value | ++-+---++---+ | 5 | [EMAIL PROTECTED] | Framed-IP-Address | = | 192.168.2.103 | ++-+---++---+ 1 row in set (0.01 sec) select * from usergroup where username = '[EMAIL PROTECTED]'; ++-++ | id | UserName| GroupName | ++-++ | 6 | [EMAIL PROTECTED] | static_64k | ++-++ 1 row in set (0.00 sec) radiusd -x Starting - reading configuration files ... Using deprecated naslist file. Support for this will go away soon. Using deprecated clients file. Support for this will go away soon. Using deprecated realms file. Support for this will go away soon. Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP Module: Instantiated mschap (mschap) Module: Loaded preprocess Module: Instantiated preprocess (preprocess) Module: Loaded realm Module: Instantiated realm (suffix) Module: Loaded SQL rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked rlm_sql (sql): Attempting to connect to [EMAIL PROTECTED]:/radius rlm_sql (sql): starting 0 rlm_sql (sql): Attempting to connect rlm_sql_mysql #0 rlm_sql_mysql: Starting connect to MySQL server for #0 rlm_sql (sql): Connected new DB handle, #0 rlm_sql (sql): starting 1 rlm_sql (sql): Attempting to connect rlm_sql_mysql #1 rlm_sql_mysql: Starting connect to MySQL server for #1 rlm_sql (sql): Connected new DB handle, #1 rlm_sql (sql): starting 2 rlm_sql (sql): Attempting to connect rlm_sql_mysql #2 rlm_sql_mysql: Starting connect to MySQL server for #2 rlm_sql (sql): Connected new DB handle, #2 rlm_sql (sql): starting 3 rlm_sql (sql): Attempting to connect rlm_sql_mysql #3 rlm_sql_mysql: Starting connect to MySQL server for #3 rlm_sql (sql): Connected new DB handle, #3 rlm_sql (sql): starting 4 rlm_sql (sql): Attempting to connect rlm_sql_mysql #4 rlm_sql_mysql: Starting connect to MySQL server for #4 rlm_sql (sql): Connected new DB handle, #4 Module: Instantiated sql (sql) Module: Loaded files Module: Instantiated files (files) Module: Loaded SQL Counter Module: Instantiated sqlcounter (noresetcounter) Module: Instantiated sqlcount