Max-Daily-Session Default value when user get disconnected
I need to know if you can add a default value such as 10 minutes each time a user logs out even though it was connected just one minute? Thanks in advance!! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: it's not disconnect users after Max-Daily-Session ends.
On Thu, Jun 14, 2012 at 5:41 PM, Alan DeKok wrote: > ali Eblice wrote: >> is it possible to find out that squid is sending accounting packet in >> output of " freeradius -X " command? > > Yes... read it. Look for "accounting". > > Or, read the squid configuration. Did you configure RADIUS accounting > there? If not, it won't send accounting packets. See the squid > documentation for anything related to squid. > > Alan DeKok. thanks fore replying and sorry fore I'm replying little late . i asked this problem on squid's mailing list and they said squid's authentication helper is old and probably not working right . my goal of connecting squid to freeradius was to make small lab for learning freeradius . can you please tell me name of a service that works fine with free radius to i could test my changes on freeradius with it ? i want this because i don't want to check every thing with radtest command . - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: it's not disconnect users after Max-Daily-Session ends.
ali Eblice wrote: > is it possible to find out that squid is sending accounting packet in > output of " freeradius -X " command? Yes... read it. Look for "accounting". Or, read the squid configuration. Did you configure RADIUS accounting there? If not, it won't send accounting packets. See the squid documentation for anything related to squid. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: it's not disconnect users after Max-Daily-Session ends.
On Thu, Jun 14, 2012 at 2:39 PM, Alan DeKok wrote: > ali Eblice wrote: >> now squid check user credentials every 1 minutes but freeradius give " >> Access-Accept" even after several minutes pass from 100 second. > > What does that mean? Hi i mean squid check user credentials every 1 minutes and for every check that squid do , i get an output similar to the output i wrote in my previous reply and in all outputs freeradius give "Access-Accept" but it shouldn't give it because 100 second have been passed . i will check squid to see if it send's accounting packet. is it possible to find out that squid is sending accounting packet in output of " freeradius -X " command? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: it's not disconnect users after Max-Daily-Session ends.
ali Eblice wrote: > now squid check user credentials every 1 minutes but freeradius give " > Access-Accept" even after several minutes pass from 100 second. What does that mean? > it is an out put of freeradius -X command when squid check the > credentials every 1 minutes : The "counter" module requires accounting packets. See the documentation in raddb/modules/counter. If squid doesn't send accounting packets, then it won't work. i.e. this is documented. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: it's not disconnect users after Max-Daily-Session ends.
> Disconnecting a user after the session timeout period is up to the
> NAS. If you're sending the right attributes back in the
> Access-Accept that the NAS needs, and the user isn't being
> disconnected at the right time, then work out why the NAS isn't
> kicking the user off.
>
>> and noting wrote in output of freeradius -X command
>
> You won't necessarily see anything in the output of freeradius,
> unless the NAS also sends an Accounting Stop at the same time.
thanks for replying . i checked my squid configuration there was
problem with it ((it was checking users credentials every 45 minutes
)) and i solved it .
now squid check user credentials every 1 minutes but freeradius give "
Access-Accept" even after several minutes pass from 100 second.
it is an out put of freeradius -X command when squid check the
credentials every 1 minutes :
rad_recv: Access-Request packet from host 127.0.0.1 port 51373, id=21, length=63
User-Name = "alice"
User-Password = "passme"
NAS-Port = 111
NAS-Port-Type = Async
NAS-IP-Address = 127.0.0.1
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "alice", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
[files] users: Matched entry alice at line 1
[files] expand: Hello, %{User-Name} -> Hello, alice
++[files] returns ok
rlm_counter: Entering module authorize code
rlm_counter: Searching the database for key 'alice'
rlm_counter: Could not find the requested key in the database.
rlm_counter: Check item = 100, Count = 0
rlm_counter: res is greater than zero
rlm_counter: (Check item - counter) is greater than zero
rlm_counter: Authorized user alice, check_item=100, counter=0
rlm_counter: Sent Reply-Item for user alice, Type=Session-Timeout, value=100
++[daily] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
Found Auth-Type = PAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group PAP {...}
[pap] login attempt with password "passme"
[pap] Using clear text password "passme"
[pap] User authenticated successfully
++[pap] returns ok
# Executing section post-auth from file /etc/freeradius/sites-enabled/default
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 21 to 127.0.0.1 port 51373
Reply-Message = "Hello, alice"
Session-Timeout = 100
Finished request 20.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 20 ID 21 with timestamp +2133
Ready to process requests.
---
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: it's not disconnect users after Max-Daily-Session ends.
On Sun, Jun 10, 2012 at 12:50:17PM +0430, ali Eblice wrote: > but after 100 second the user doesn't disconnect Disconnecting a user after the session timeout period is up to the NAS. If you're sending the right attributes back in the Access-Accept that the NAS needs, and the user isn't being disconnected at the right time, then work out why the NAS isn't kicking the user off. > and noting wrote in output of freeradius -X command You won't necessarily see anything in the output of freeradius, unless the NAS also sends an Accounting Stop at the same time. Matthew -- Matthew Newton, Ph.D. Systems Architect (UNIX and Networks), Network Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
it's not disconnect users after Max-Daily-Session ends.
Hi
i have squid connected to freeradius ((freeradius: FreeRADIUS Version
2.1.10, for host x86_64-pc-linux-gnu, built on Nov 24 2011 at
07:53:12)) and
problem is that after a Max-Daily-Session time ended user stay
connected and can use squid proxy .
here is my configuration:
i did this config on users file of freeradius
"alice" Cleartext-Password := "passme", Max-Daily-Session :="100"
Reply-Message = "Hello, %{User-Name}"
-
and uncomment daily in accounting and authorize section of
sites-enabled/default file of freeradius and uncommented the daily in
instantiate section of radiusd.conf and
added this to moduls/counter
---
counter daily {
filename = ${db_dir}/db.daily
key = User-Name
count-attribute = Acct-Session-Time
reset = daily
counter-name = Daily-Session-Time
check-name = Max-Daily-Session
reply-name = Session-Timeout
# allowed-servicetype = Framed-User
cache-size = 5000
# return-attribute = Session-Timeout
}
-
but after 100 second the user doesn't disconnect and noting wrote in
output of freeradius -X command
here is the out put of freeradius -X
---
root@ubuntu:/etc/freeradius# freeradius -X
FreeRADIUS Version 2.1.10, for host x86_64-pc-linux-gnu, built on Nov
24 2011 at 07:53:12
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file /etc/freeradius/radiusd.conf
including configuration file /etc/freeradius/proxy.conf
including configuration file /etc/freeradius/clients.conf
including files in directory /etc/freeradius/modules/
including configuration file /etc/freeradius/modules/policy
including configuration file /etc/freeradius/modules/sql_log
including configuration file /etc/freeradius/modules/mac2ip
including configuration file /etc/freeradius/modules/dynamic_clients
including configuration file /etc/freeradius/modules/wimax
including configuration file /etc/freeradius/modules/unix
including configuration file /etc/freeradius/modules/smsotp
including configuration file /etc/freeradius/modules/krb5
including configuration file /etc/freeradius/modules/pap
including configuration file /etc/freeradius/modules/etc_group
including configuration file /etc/freeradius/modules/cui
including configuration file /etc/freeradius/modules/preprocess
including configuration file /etc/freeradius/modules/opendirectory
including configuration file /etc/freeradius/modules/exec
including configuration file /etc/freeradius/modules/digest
including configuration file /etc/freeradius/modules/inner-eap
including configuration file /etc/freeradius/modules/ntlm_auth
including configuration file /etc/freeradius/modules/detail.log
including configuration file /etc/freeradius/modules/echo
including configuration file /etc/freeradius/modules/smbpasswd
including configuration file /etc/freeradius/modules/perl
including configuration file /etc/freeradius/modules/expr
including configuration file /etc/freeradius/modules/chap
including configuration file /etc/freeradius/modules/mac2vlan
including configuration file /etc/freeradius/modules/attr_filter
including configuration file /etc/freeradius/modules/counter
including configuration file /etc/freeradius/modules/sradutmp
including configuration file /etc/freeradius/modules/pam
including configuration file /etc/freeradius/modules/ippool
including configuration file /etc/freeradius/modules/otp
including configuration file /etc/freeradius/modules/detail
including configuration file /etc/freeradius/modules/always
including configuration file /etc/freeradius/modules/passwd
including configuration file /etc/freeradius/modules/detail.example.com
including configuration file /etc/freeradius/modules/logintime
including configuration file /etc/freeradius/modules/mschap
including configuration file /etc/freeradius/modules/sqlcounter_expire_on_login
including configuration file /etc/freeradius/modules/files
including configuration file /etc/freeradius/modules/acct_unique
including configuration file /etc/freeradius/modules/ldap
including configuration file /etc/freeradius/modules/checkval
including configuration file /etc/freeradius/modules/radutmp
including configuration file /etc/freeradius/modules/expiration
including configuration file /etc/freeradius/modules/a
Re: Max-Daily-Session - User session termination
On Fri, Mar 9, 2012 at 7:32 PM, pamela pomary wrote: > Reading the documentation in radiusd.conf, it says > attributes can be added to radcheck or radgroupcheck table in mysql, but > Max-Daily Session attribute is not recognized. it says "Could not find Check > item value pair" in debug mode. did you follow the documentation? which one did you follow? If the documentation is wrong, then we should fix it. If you only follow half of it, then you should re-read the documentation. > I have tried to add attributes in radreply > and radgroupreply, and that didn't work either. Please how can I achieve > this. You can't just say "Oh, I know. Why don't I just put random stuff in some random table, and some fairy will make it work!" > > > ##Debug log### > rlm_sql (sql): Released sql socket id: 0 > modcall[authorize]: module "sql" returns ok for request 60 > > rlm_counter: Entering module authorize code which one are you using, btw? rlm_counter, or rlm_sqlcounter? If you store your accounting data in sql, better use sqlcounter. See http://wiki.freeradius.org/Rlm_sqlcounter > mysql> select * from radcheck where username="student"; > +---+--+---++--+ > | id | UserName | Attribute | op | Value | > +---+--+---+----+------+ > | 10 | student | User-Password | == | password | > | 11 | student | Max-Daily-Session | == | 240 | > +---+--+---++--+ > 2 rows in set (0.00 sec) Hint: Most entries in rad(group)check/reply should have op ":=" instead of "==". See http://wiki.freeradius.org/Rlm_sql and http://wiki.freeradius.org/Operators See also the example (near the bottom on the rlm_sqlcounter wiki page) -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Max-Daily-Session - User session termination
Thank you Alan :) , it works. I addedd the line: 'authentication timer
reauthenticate server' to the FastEthernet port on the cisco switch.That
is, it will receive reauthentication time as defined on the radius server.
Now i want to add users into mysql database and apply similar attributes
defined in the users file. Reading the documentation in radiusd.conf, it
says attributes can be added to radcheck or radgroupcheck table in mysql,
but Max-Daily Session attribute is not recognized. it says "Could not find
Check item value pair" in debug mode. I have tried to add attributes in
radreply and radgroupreply, and that didn't work either. Please how can I
achieve this.
##Debug log###
rlm_sql (sql): Released sql socket id: 0
modcall[authorize]: module "sql" returns ok for request 60
rlm_counter: Entering module authorize code
rlm_counter: Could not find Check item value pair
modcall[authorize]: module "daily" returns noop for request 60
modcall: leaving group authorize (returns updated) for request 60
rad_check_password: Found Auth-Type EAP
#mysql
++---+---++-+
| id | GroupName | Attribute | op | Value |
++---+---++-+
| 1 | student | Service-Type | == | Login-User |
| 2 | student | Framed-MTU | == | 576 |
| 3 | student | Max-Daily-Session | == | 240 |
| 4 | student | Framed-If-Address | == | 255.255.255.254 |
| 5 | student | Max-Daily-Session | == | 240 |
++---+---++-+
5 rows in set (0.00 sec)
mysql> select * from radgroupreply;
++---+---++-+
| id | GroupName | Attribute | op | Value |
++---+---++-+
| 1 | student | Service-Type | == | Login-User |
| 2 | student | Framed-MTU | == | 576 |
| 3 | student | Max-Daily-Session | == | 240 |
| 4 | student | Framed-IP-Address | == | 255.255.255.254 |
++---+---++-+
mysql> select * from radcheck where username="student";
+---+--+---++--+
| id| UserName | Attribute | op | Value|
+---+--+---++--+
|10 | student | User-Password | == | password |
| 11 | student | Max-Daily-Session | == | 240 |
+---+--+---++--+
2 rows in set (0.00 sec)
mysql> select * from radreply where username="student";
++--+---++---+
| id | UserName | Attribute | op | Value |
+----+--+---++---+
| 8 | student | Max-Daily-Session | := | 240 |
++--+---++---+
1 row in set (0.00 sec)
# radiusd.conf #
accounting {
detail
daily
radutmp
sql
}
authorize {
preprocess
mschap
suffix
eap
files
sql
daily
}
instantiate {
exec
expr
daily
}
Set session timer to one hour. Or adjust reauth times on the Cisco
>
> alan
>
>
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Max-Daily-Session - User session termination
Set session timer to one hour. Or adjust reauth times on the Cisco alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Max-Daily-Session - User session termination
Hello once again, Thank you for your help in resolving this problem so far. I have counters increasing now after defining Max-Daily-Session for DEFAULT user in the users file like below and adding the line aaa accounting dot1x default start-stop group radius suggested by Alan Buxey to config on my Cisco 2960 switch NAS. DEFAULTService-Type == Login-User Framed-IP-Address = 255.255.255.254, Framed-MTU = 576, Max-Daily-Session = 240, I found the following in the log ### Debug log ### rlm_counter: Entering module authorize code rlm_counter: Searching the database for key 'clare' rlm_counter: Key Found. rlm_counter: Check item = 240, Count = 2386 rlm_counter: Rejected user clare, check_item=240, counter=2386 modcall[authorize]: module "daily" returns reject for request 0 modcall: leaving group authorize (returns reject) for request 0 Invalid user (rlm_counter: Maximum hourly usage time reached): [clare] (from client C2960_NOC_LAN1 port 50009 cli 00-1E-33-D5-7A-68) Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 230 to 10.1.5.4 port 1645 Reply-Message = "Your maximum hourly usage time has been reached" I realise user clare is rejected only when user login after cable is unplugged and plugged back into the computer. What it means is that when a user login and is granted access, user's counter keeps increasing beyond the Max-Daily-Session until cable is unplugged from the computer.When cable is plugged back into the computer and user is prompted to login, user is rejected because he/she has exceeded the maximum daily session. What I want to achieve is to get user session disconnected/timeout automatically while cable is still plugged in and user reaching his/her maximum daily session set for the day. I hope it is possible to do :) I have the following config on my NAS- Cisco 2960 switch aaa authentication login default group radius local aaa authentication dot1x default group radius aaa authorization exec default group radius if-authenticated aaa authorization network default group radius aaa accounting suppress null-username aaa accounting session-duration ntp-adjusted aaa accounting update newinfo periodic 1 aaa accounting dot1x default start-stop group radius aaa accounting exec default start-stop group radius aaa accounting network default start-stop group radius aaa accounting connection default start-stop group radius aaa accounting resource default start-stop-failure group radius interface FastEthernet0/9 switchport access vlan 6 switchport mode access authentication host-mode multi-auth authentication port-control auto authentication periodic authentication timer reauthenticate 60 authentication violation protect dot1x pae both dot1x max-req 3 spanning-tree portfast -- Pamela Pomary University of Ghana, ICT Directorate skype:ppomary - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with Max-Daily-Session
Have a look in debug mode to see if you are getting accounting packets
from Chillispot. If you are not getting accounting data there is no way
for counter to work.
Off topic, what stops a user to use a different username and gain another
2 hours? Mikrotik has a trial mode where users can gain unathorized
access for a certain period of time controlled by MAC address. Is there
something like that for Chillispot that you can implement?
Ivan Kalik
Kalik Informatika ISP
Dana 18/1/2008, "Gabriele Giuliani" <[EMAIL PROTECTED]> piše:
>As entitled, with my office we have installed at a library town a server
>with Ubuntu 7.10, Freeradius and Chilispot to
>ensure wireless navigation to users with their notebooks from the local
>library;
>The access point is configured without any authentication, anyone can
>connect, authentication is performed by the
>server radius, which are stored registered users who are entitled to
>navigation (etc / freeradius / users), for simplicity
>we have not used SQL;
>Everything works great: Users come, authentify and happy surfing, what
>we fail to do is set the maximum daily
>navigation (which in our case should be 2 hours), the Daily-Session-Time
>works, after 2 hours of connection users
>are disconnected, only they can safely again for another 2 hours, which
>we would like to avoid (a maximum of 2 hours
>of daily connection); this is our configuration file
>(etc/freeradius/radiusd.conf ) of the "counter module":
>
>counter daily {
>filename = ${raddbdir}/db.daily
>key = User-Name
>count-attribute = Acct-Session-Time
>reset = daily
>counter-name = Daily-Session-Time
>check-name = Max-Daily-Session
>allowed-servicetype = Framed-User
>cache-size = 5000
>}
>
>Do we need to set some other parameter somewhere else?
>
>Any advice is welcome
>
>Thanks for the answers :)
>
>--
>Gabriele Giuliani
>
>STUDIO 16 64 S.r.l.
>Via degli Abeti, 52
>61100 PESARO
>
>Tel. 0721 0130897
>Fax. 06 452215814
>Cell. 329 9503621
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problem with Max-Daily-Session
As entitled, with my office we have installed at a library town a server
with Ubuntu 7.10, Freeradius and Chilispot to
ensure wireless navigation to users with their notebooks from the local
library;
The access point is configured without any authentication, anyone can
connect, authentication is performed by the
server radius, which are stored registered users who are entitled to
navigation (etc / freeradius / users), for simplicity
we have not used SQL;
Everything works great: Users come, authentify and happy surfing, what
we fail to do is set the maximum daily
navigation (which in our case should be 2 hours), the Daily-Session-Time
works, after 2 hours of connection users
are disconnected, only they can safely again for another 2 hours, which
we would like to avoid (a maximum of 2 hours
of daily connection); this is our configuration file
(etc/freeradius/radiusd.conf ) of the "counter module":
counter daily {
filename = ${raddbdir}/db.daily
key = User-Name
count-attribute = Acct-Session-Time
reset = daily
counter-name = Daily-Session-Time
check-name = Max-Daily-Session
allowed-servicetype = Framed-User
cache-size = 5000
}
Do we need to set some other parameter somewhere else?
Any advice is welcome
Thanks for the answers :)
--
Gabriele Giuliani
STUDIO 16 64 S.r.l.
Via degli Abeti, 52
61100 PESARO
Tel. 0721 0130897
Fax. 06 452215814
Cell. 329 9503621
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
max-daily-session
Hi all,
I am using Freeradius + Chillispot + Mysql in a hotel wifi and it's
working very fine.
I have set per user Max-Daily-Session with sql_counter and it works.
Now they ask me another situation:
the hotel has various workstations that everybody can use.
I need to set a low Max-Daily-Session (1 hour) when a user log trough
these workstation, and set Max-Daily-Session = 24 hours when user use
it's own notepad.
so:
can I override per user Max-Daily-Session when request come from a
certain CallingStationId?
what I tried is to use query on sql_counter but it seems there is no
variables with CallingStationId, something like:
query = "SELECT (SUM(AcctSessionTime) + ((WORKSTATIONID =
$CallingStationId) * 82800) FROM radacct WHERE UserName='%{%k}' AND
AcctStartTime > FROM_UNIXTIME('%b')"
Any idea?
Thank's in advance.
--
Pierluigi Di Lorenzo
ePrometeus s.r.l
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Fw: Attribute Max-Daily-Session + Session-Timeout
Abel Monzón wrote: > Yes, I have configured the SQL module to store my accounting data and the > NAS is sending accounting packets. All work fine, but not the > Max-Daily-Session Then see the FAQ about "it doesn't work". Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Fw: Attribute Max-Daily-Session + Session-Timeout
Abel Monzón wrote: > No body know what is the solution? I send this e-mail, and nothing of > answer. > People don't *have* to answer. >In your case, you're trying to use sqlcounter. Have you configured >the SQL module to store accounting data? Is the NAS sending accounting >packets? Yes, I have configured the SQL module to store my accounting data and the NAS is sending accounting packets. All work fine, but not the Max-Daily-Session Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Fw: Attribute Max-Daily-Session + Session-Timeout
Abel Monzón wrote: > No body know what is the solution? I send this e-mail, and nothing of > answer. People don't *have* to answer. In your case, you're trying to use sqlcounter. Have you configured the SQL module to store accounting data? Is the NAS sending accounting packets? Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Fw: Attribute Max-Daily-Session + Session-Timeout
No body know what is the solution? I send this e-mail, and nothing of answer.
Good Day
From: Abel Monzón
To: mailist
Sent: Monday, February 19, 2007 2:04 AM
Subject: Attribute Max-Daily-Session + Session-Timeout
Hello List.
I have a problem. I had limited the Max-Daily-Session = 120, and the
Session-Timeout = 60.
The Session-Timeout work, but the Max-Daily-Session don't. because the
Session-Timeout log out the user, but de Max-Daily-Session don't and let log in
again.
I have this in my radiusd.conf:
sqlcounter contdiario {
counter-name = Daily-Session-Time
check-name = Max-Daily-Session
sqlmod-inst = sql
key = User-Name
reset = daily
count-attribute = Max-Daily-Session
query = "SELECT SUM(AcctSessionTime - \
GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) \
FROM radacct WHERE UserName='%{%k}' AND \
UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'"
}
authorize {
contdiario
.
}
Any help? Thanks-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Attribute Max-Daily-Session + Session-Timeout
Hello List.
I have a problem. I had limited the Max-Daily-Session = 120, and the
Session-Timeout = 60.
The Session-Timeout work, but the Max-Daily-Session don't. because the
Session-Timeout log out the user, but de Max-Daily-Session don't and let log in
again.
I have this in my radiusd.conf:
sqlcounter contdiario {
counter-name = Daily-Session-Time
check-name = Max-Daily-Session
sqlmod-inst = sql
key = User-Name
reset = daily
count-attribute = Max-Daily-Session
query = "SELECT SUM(AcctSessionTime - \
GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) \
FROM radacct WHERE UserName='%{%k}' AND \
UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'"
}
authorize {
contdiario
.
}
Any help? Thanks-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius 1.0.5 - Max-All-Session, Max-Daily-Session and Max-Monthly-Session maximum value limit
James <[EMAIL PROTECTED]> wrote: > Hello I am using freeradius 1.0.5, what is the maximum value of seconds > allowed in the attributes: Max-All-Session, Max-Daily-Session and > Max-Monthly-Session ? They're integers, so 32-bits, or 4 billion. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius 1.0.5 - Max-All-Session, Max-Daily-Session and Max-Monthly-Session maximum value limit
Hello I am using freeradius 1.0.5, what is the maximum value of seconds allowed in the attributes: Max-All-Session, Max-Daily-Session and Max-Monthly-Session ? I cannot find this information in my research. Thank you, James - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Re. Max-Daily-Session
Shannon Sariman wrote: Nick White wrote: "Can I set "Max-Daily-Session = 1800" in the radgroupcheck table (MySQL), and if so is the max of 1800 set for the entire group, or for each user in that group?" The max of 1800 will be set for the entire group. I you want to apply max of 1800 for certain users that don't belong to the group then use radcheck table. Cheers, Shannon "From the land of the unexpected". - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Thanks for the reply. That's what I had thought. -- --- | Nick White | | Network Administrator | | Tele-NET Internet | | http://www.tele-net.net | | [EMAIL PROTECTED] | --- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re. Max-Daily-Session
Nick White wrote: "Can I set "Max-Daily-Session = 1800" in the radgroupcheck table (MySQL), and if so is the max of 1800 set for the entire group, or for each user in that group?" The max of 1800 will be set for the entire group. I you want to apply max of 1800 for certain users that don't belong to the group then use radcheck table. Cheers, Shannon "From the land of the unexpected". - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Max-Daily-Session
Can I set "Max-Daily-Session = 1800" in the radgroupcheck table (MySQL), and if so is the max of 1800 set for the entire group, or for each user in that group? Thanks -- --- | Nick White | | [EMAIL PROTECTED] | --- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sqlcounter && Max-Daily-Session??
Hi >hi, are you referring in sqlcounter dailycounter in sqlcounter.conf? Do > >u want to configure the daily counter? > Yeah, it works well. and so what? Maybe i have basical misunderstanding for the attribute&&dictionary. Can anyone point it to me?Thx in advance. Hello World! [EMAIL PROTECTED] 2004-06-15 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Re: rlm_sqlcounter && Max-Daily-Session??
hi, are you referring in sqlcounter dailycounter in sqlcounter.conf? Do u want to configure the daily counter? > > > >it doesnt hurt you if you cannot find it, what will hurt you is there is > >wrong using it as an attribute. > > As well as i know, we have to include a dictionary.XXX file in the /usr/share/freeradius/dictionary if we want to use our custom > Vendor-Specific-Attribute, right? > > > > Hello World! > > [EMAIL PROTECTED] > 2004-06-14 > > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Re: rlm_sqlcounter && Max-Daily-Session??
>it doesnt hurt you if you cannot find it, what will hurt you is there is >wrong using it as an attribute. As well as i know, we have to include a dictionary.XXX file in the /usr/share/freeradius/dictionary if we want to use our custom Vendor-Specific-Attribute, right? Hello World! [EMAIL PROTECTED] 2004-06-14 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sqlcounter && Max-Daily-Session??
> > Hi, > I have configured a freeradius server(freeradius0.9.2 + rlm_pap + rlm_sql_mysql + rlm_sqlcounter) , sqlcounter work well.but i am puzzled that: > Where is Max-Daily-Session defined in certain dictionary file ? > I cann't find it under dictionary directory greping it. Thx! it doesnt hurt you if you cannot find it, what will hurt you is there is wrong using it as an attribute. //milver - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_sqlcounter && Max-Daily-Session??
Hi, I have configured a freeradius server(freeradius0.9.2 + rlm_pap + rlm_sql_mysql + rlm_sqlcounter) , sqlcounter work well.but i am puzzled that: Where is Max-Daily-Session defined in certain dictionary file ? I cann't find it under dictionary directory greping it. Thx! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sqlcounter Max-Daily-Session
the problem was with sqlmod-inst = sqlcca3,
I changed it for "sqlmod-inst = sql" and I worked perfectly.
thanks
- Original Message -
From: "john zurowski" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, February 17, 2004 7:08 PM
Subject: RE: rlm_sqlcounter Max-Daily-Session
>
>
>
>
>
> >From: Andrés de Barros <[EMAIL PROTECTED]>
> >Reply-To: [EMAIL PROTECTED]
> >To: <[EMAIL PROTECTED]>
> >Subject: rlm_sqlcounter Max-Daily-Session
> >Date: Tue, 17 Feb 2004 17:09:48 -0300
> >
> >Problems with rlm_sqlcounter, Max-Daily-Session
> >It is connected during 30s and one becomes disconnected.
> >The problem is that I do not have stop in the connection.
>
> Not clear on the question but you have set up the counter to tell the NAS
to
> disconnect the user after 30s. i.e. the Session-Timeout RADIUS attribute
is
> sent back to NAS with 30 secs. as usage time. The NAS then should
disconnect
> you after 30 secs. if your connection is still active then its down to the
> NAS and not freeradius i.e. the NAS sent back a stop accounting packet so
it
> should have terminated the connection.
>
> What behaviour do you want / expect ?
>
> >
> >As I solve east problem
> >
> >sqlcounter.conf:
> >
> >sqlcounter dailycounter {
> > driver = "rlm_sqlcounter"
> > counter-name = Daily-Session-Time
> > check-name = Max-Daily-Session
> > sqlmod-inst = sqlcca3
> > key = User-Name
> > reset = daily
> >
> > query = "SELECT SUM(AcctSessionTime - GREATEST((%b -
> >UNIX_TIMESTAMP(AcctStartTime)), 0)) \
> > FROM radacct WHERE UserName='%{%k}' AND
> >UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > 'b' "
> >
> >
> >select * from radcheck where username = '[EMAIL PROTECTED]';
> >++-+-++---+
> >| id | UserName| Attribute | op | Value |
> >++-+-++---+
> >| 6 | [EMAIL PROTECTED] | User-Password | := | leo |
> >| 15 | [EMAIL PROTECTED] | Max-daily-Session | := | 30|
> >++-+-++---+
> >2 rows in set (0.00 sec)
> >
> > select * from radgroupcheck where groupname = 'static_64k';
> >+++---++---+
> >| id | GroupName | Attribute | op | Value |
> >+++---++---+
> >| 17 | static_64k | Auth-Type | := | Local |
> >+++---++---+
> >1 row in set (0.00 sec)
> >
> >select * from radgroupreply where groupname = 'static_64k';
>
>+++---++-+-
-
> >+
> >| id | GroupName | Attribute | op | Value
|
> >prio |
>
>+++---++-+-
-
> >+
> >| 24 | static_64k | Framed-Protocol | = | PPP
|
> >0 |
> >| 49 | static_64k | Framed-Routing| = | Broadcast-Listen
|
> >0 |
> >| 25 | static_64k | Framed-Compression| = | Van-Jacobson-TCP-IP
|
> >0 |
> >| 26 | static_64k | RP-Upstream-Speed-Limit | = | 64
|
> >0 |
> >| 27 | static_64k | RP-Downstream-Speed-Limit | = | 64
|
> >0 |
> >| 46 | static_64k | Service-Type | = | Framed-User
|
> >0 |
> >| 50 | static_64k | Framed-MTU| = | 1500
|
> >0 |
>
>+++---++-+-
-
> >+
> >7 rows in set (0.00 sec)
> >
> >select * from radreply where username = '[EMAIL PROTECTED]';
> >++-+---++---+
> >| id | UserName| Attribute | op | Value |
> >++-+---++---+
> >| 5 | [EMAIL PROTECTED] | Framed-IP-Address | = | 192.168.2.103 |
> >++-+---++---+
> >1 row in set (0.01 sec)
> >
> >select * from usergroup where username = '[EMAIL PROTECTED]';
> >++-++
> >| id | UserName| GroupName |
> >++-++
> >| 6 | [EMAIL PROTECTED] | static_64k |
> >++-++
> >1 row in set (0.00 sec)
> >
> >
> >
> > radiusd -x
> >Starting - reading configuration files ...
> &
RE: rlm_sqlcounter Max-Daily-Session
From: Andrés de Barros <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
To: <[EMAIL PROTECTED]>
Subject: rlm_sqlcounter Max-Daily-Session
Date: Tue, 17 Feb 2004 17:09:48 -0300
Problems with rlm_sqlcounter, Max-Daily-Session
It is connected during 30s and one becomes disconnected.
The problem is that I do not have stop in the connection.
Not clear on the question but you have set up the counter to tell the NAS to
disconnect the user after 30s. i.e. the Session-Timeout RADIUS attribute is
sent back to NAS with 30 secs. as usage time. The NAS then should disconnect
you after 30 secs. if your connection is still active then its down to the
NAS and not freeradius i.e. the NAS sent back a stop accounting packet so it
should have terminated the connection.
What behaviour do you want / expect ?
As I solve east problem
sqlcounter.conf:
sqlcounter dailycounter {
driver = "rlm_sqlcounter"
counter-name = Daily-Session-Time
check-name = Max-Daily-Session
sqlmod-inst = sqlcca3
key = User-Name
reset = daily
query = "SELECT SUM(AcctSessionTime - GREATEST((%b -
UNIX_TIMESTAMP(AcctStartTime)), 0)) \
FROM radacct WHERE UserName='%{%k}' AND
UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > 'b' "
select * from radcheck where username = '[EMAIL PROTECTED]';
++-+-++---+
| id | UserName| Attribute | op | Value |
++-+-++---+
| 6 | [EMAIL PROTECTED] | User-Password | := | leo |
| 15 | [EMAIL PROTECTED] | Max-daily-Session | := | 30|
++-+-++---+
2 rows in set (0.00 sec)
select * from radgroupcheck where groupname = 'static_64k';
+++---++---+
| id | GroupName | Attribute | op | Value |
+++---++---+
| 17 | static_64k | Auth-Type | := | Local |
+++---++---+
1 row in set (0.00 sec)
select * from radgroupreply where groupname = 'static_64k';
+++---++-+--
+
| id | GroupName | Attribute | op | Value |
prio |
+++---++-+--
+
| 24 | static_64k | Framed-Protocol | = | PPP |
0 |
| 49 | static_64k | Framed-Routing| = | Broadcast-Listen|
0 |
| 25 | static_64k | Framed-Compression| = | Van-Jacobson-TCP-IP |
0 |
| 26 | static_64k | RP-Upstream-Speed-Limit | = | 64 |
0 |
| 27 | static_64k | RP-Downstream-Speed-Limit | = | 64 |
0 |
| 46 | static_64k | Service-Type | = | Framed-User |
0 |
| 50 | static_64k | Framed-MTU| = | 1500|
0 |
+++---++-+--
+
7 rows in set (0.00 sec)
select * from radreply where username = '[EMAIL PROTECTED]';
++-+---++---+
| id | UserName| Attribute | op | Value |
++-+---++---+
| 5 | [EMAIL PROTECTED] | Framed-IP-Address | = | 192.168.2.103 |
++-+---++---+
1 row in set (0.01 sec)
select * from usergroup where username = '[EMAIL PROTECTED]';
++-++
| id | UserName| GroupName |
++-++
| 6 | [EMAIL PROTECTED] | static_64k |
++-++
1 row in set (0.00 sec)
radiusd -x
Starting - reading configuration files ...
Using deprecated naslist file. Support for this will go away soon.
Using deprecated clients file. Support for this will go away soon.
Using deprecated realms file. Support for this will go away soon.
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
Module: Instantiated mschap (mschap)
Module: Loaded preprocess
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
Module: Instantiated realm (suffix)
Module: Loaded SQL
rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and
linked
rlm_sql (sql): Attempting to connect to [EMAIL PROTECTED]:/radius
rlm_sql (sql): starting 0
rlm_sql (sql): Attempting to connect rlm_sql_mysql #0
rlm_sql_mysql: Starting connect to MySQL server for #0
rlm_sql (sql): Connected new DB handle, #0
rlm_sql (sql): starting 1
rlm_sql (sql): Attempting to connect rlm_sql_mysql #1
rlm_sql_mysql: Starting connect to MySQL server for #1
rlm_sql (sql): Connected new DB handle, #1
rlm_sql (sql): starting 2
rlm_sql (sql): Attempting to connect rlm_sql_mysql #2
rlm_sqlcounter Max-Daily-Session
Problems with rlm_sqlcounter, Max-Daily-Session
It is connected during 30s and one becomes disconnected.
The problem is that I do not have stop in the connection.
As I solve east problem
sqlcounter.conf:
sqlcounter dailycounter {
driver = "rlm_sqlcounter"
counter-name = Daily-Session-Time
check-name = Max-Daily-Session
sqlmod-inst = sqlcca3
key = User-Name
reset = daily
query = "SELECT SUM(AcctSessionTime - GREATEST((%b -
UNIX_TIMESTAMP(AcctStartTime)), 0)) \
FROM radacct WHERE UserName='%{%k}' AND
UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > 'b' "
select * from radcheck where username = '[EMAIL PROTECTED]';
++-+-++---+
| id | UserName| Attribute | op | Value |
++-+-++---+
| 6 | [EMAIL PROTECTED] | User-Password | := | leo |
| 15 | [EMAIL PROTECTED] | Max-daily-Session | := | 30|
++-+-++---+
2 rows in set (0.00 sec)
select * from radgroupcheck where groupname = 'static_64k';
+++---++---+
| id | GroupName | Attribute | op | Value |
+++---++---+
| 17 | static_64k | Auth-Type | := | Local |
+++---++---+
1 row in set (0.00 sec)
select * from radgroupreply where groupname = 'static_64k';
+++---++-+--
+
| id | GroupName | Attribute | op | Value |
prio |
+++---++-+--
+
| 24 | static_64k | Framed-Protocol | = | PPP |
0 |
| 49 | static_64k | Framed-Routing| = | Broadcast-Listen|
0 |
| 25 | static_64k | Framed-Compression| = | Van-Jacobson-TCP-IP |
0 |
| 26 | static_64k | RP-Upstream-Speed-Limit | = | 64 |
0 |
| 27 | static_64k | RP-Downstream-Speed-Limit | = | 64 |
0 |
| 46 | static_64k | Service-Type | = | Framed-User |
0 |
| 50 | static_64k | Framed-MTU| = | 1500|
0 |
+++---++-+--
+
7 rows in set (0.00 sec)
select * from radreply where username = '[EMAIL PROTECTED]';
++-+---++---+
| id | UserName| Attribute | op | Value |
++-+---++---+
| 5 | [EMAIL PROTECTED] | Framed-IP-Address | = | 192.168.2.103 |
++-+---++---+
1 row in set (0.01 sec)
select * from usergroup where username = '[EMAIL PROTECTED]';
++-++
| id | UserName| GroupName |
++-++
| 6 | [EMAIL PROTECTED] | static_64k |
++-++
1 row in set (0.00 sec)
radiusd -x
Starting - reading configuration files ...
Using deprecated naslist file. Support for this will go away soon.
Using deprecated clients file. Support for this will go away soon.
Using deprecated realms file. Support for this will go away soon.
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
Module: Instantiated mschap (mschap)
Module: Loaded preprocess
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
Module: Instantiated realm (suffix)
Module: Loaded SQL
rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
rlm_sql (sql): Attempting to connect to [EMAIL PROTECTED]:/radius
rlm_sql (sql): starting 0
rlm_sql (sql): Attempting to connect rlm_sql_mysql #0
rlm_sql_mysql: Starting connect to MySQL server for #0
rlm_sql (sql): Connected new DB handle, #0
rlm_sql (sql): starting 1
rlm_sql (sql): Attempting to connect rlm_sql_mysql #1
rlm_sql_mysql: Starting connect to MySQL server for #1
rlm_sql (sql): Connected new DB handle, #1
rlm_sql (sql): starting 2
rlm_sql (sql): Attempting to connect rlm_sql_mysql #2
rlm_sql_mysql: Starting connect to MySQL server for #2
rlm_sql (sql): Connected new DB handle, #2
rlm_sql (sql): starting 3
rlm_sql (sql): Attempting to connect rlm_sql_mysql #3
rlm_sql_mysql: Starting connect to MySQL server for #3
rlm_sql (sql): Connected new DB handle, #3
rlm_sql (sql): starting 4
rlm_sql (sql): Attempting to connect rlm_sql_mysql #4
rlm_sql_mysql: Starting connect to MySQL server for #4
rlm_sql (sql): Connected new DB handle, #4
Module: Instantiated sql (sql)
Module: Loaded files
Module: Instantiated files (files)
Module: Loaded SQL Counter
Module: Instantiated sqlcounter (noresetcounter)
Module: Instantiated sqlcount
