Re: Unlang Condition Wrong Value !
Hi Arran, I think i have managed to make the datacounter working. It may not be the best counter but it is the best i have ever done in freeradius. Below posted is the configs : Post-Auth { sql # Unlang Data-Counter. Sends Mikrotik-Recv-Limit to NAS update control { Tmp-Integer-0 = "%{sql:SELECT ((SELECT tbl_groupcheck.value from tbl_groupcheck \ JOIN tbl_usergroup on tbl_groupcheck.groupname = tbl_usergroup.groupname \ WHERE tbl_usergroup.username = '%{User-Name}') > (SELECT IFNULL(SUM(AcctInputOctets) \ +SUM(AcctOutputOctets),0) FROM tbl_acct WHERE UserName='%{User-Name}' \ AND MONTH(acctstoptime) = MONTH(NOW()) AND YEAR(acctstoptime) = YEAR(NOW(}" Tmp-Integer-1 = "%{sql:SELECT ((SELECT tbl_groupcheck.value from tbl_groupcheck \ JOIN tbl_usergroup on tbl_groupcheck.groupname = tbl_usergroup.groupname \ WHERE tbl_usergroup.username = '%{User-Name}') - (SELECT IFNULL(SUM(AcctInputOctets) \ +SUM(AcctOutputOctets),0) FROM tbl_acct WHERE UserName='%{User-Name}' \ AND MONTH(acctstoptime) = MONTH(NOW()) AND YEAR(acctstoptime) = YEAR(NOW(}" } if ("%{control:Tmp-Integer-0}" == "1") { update reply{ Mikrotik-Recv-Limit := "%{control:Tmp-Integer-1}" } } if ("%{control:Tmp-Integer-0}" == "0") { update reply{ Reply-Message := "Fair Usage Policy Enforced, Bandwidth Limited" Mikrotik-Rate-Limit := "128K/256K 128K/256K 128K/256K 180/180 8" } } The caveats : It will return a negative value if Max-used-Traffic is more than Max-Monthly-Limit but we don't need that negative value as we will enforce Mikrotik-Rate-Limit (i.e Fair Usage Policy) If Max-Monthly-Limit - Max-used-Limit > 32bit Integer, The Mikrotik-Recv-Limit will be wrapped and user will have a rough of 2GB per session limit. If user disconnects again and connects , the same thing applies. However, user will be able to use 100% of Max-Monthly-Traffic allocated in multiple sessions. I hope someone can make a hybrid of this counter. Regards Suman On Mon, Aug 8, 2011 at 8:04 PM, Arran Cudbard-Bell wrote: > > On 8 Aug 2011, at 16:29, Suman Dash wrote: > >> Just another small question before i jump into testing. If output from >> sub-query is less than 32bit, I can easily store it in Tmp-Integer , >> But sometimes when the user data usage is null, the sub-query will >> output more than 32bit ex. 10GB Limit But user downloaded 0 Bytes. >> >> In that condition it is impossible to store it in Tmp-Integer . So >> ultimately the Integer passed by xlat and the stored in Tmp-Integer >> will differ. > > Yes. I'd imagine it'd be truncated. > > -Arran > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Unlang Condition Wrong Value !
On 8 Aug 2011, at 16:29, Suman Dash wrote: > Just another small question before i jump into testing. If output from > sub-query is less than 32bit, I can easily store it in Tmp-Integer , > But sometimes when the user data usage is null, the sub-query will > output more than 32bit ex. 10GB Limit But user downloaded 0 Bytes. > > In that condition it is impossible to store it in Tmp-Integer . So > ultimately the Integer passed by xlat and the stored in Tmp-Integer > will differ. Yes. I'd imagine it'd be truncated. -Arran - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Unlang Condition Wrong Value !
Just another small question before i jump into testing. If output from sub-query is less than 32bit, I can easily store it in Tmp-Integer , But sometimes when the user data usage is null, the sub-query will output more than 32bit ex. 10GB Limit But user downloaded 0 Bytes. In that condition it is impossible to store it in Tmp-Integer . So ultimately the Integer passed by xlat and the stored in Tmp-Integer will differ. Regards Suman Dash On Mon, Aug 8, 2011 at 7:45 PM, Arran Cudbard-Bell wrote: > > On 8 Aug 2011, at 16:11, Suman Dash wrote: > >> So what you say is that i do all comparision within sql sub-query and >> whatever output i need to define if less than 32bit store it into an >> Integer and do Unlang control / reply updates ? >> >> Seems quite right .. Will try and get back with results. > > Exactly :) > > Feel free to post some samples if you get it working and i'll put them up on > the wiki. > > -Arran >> >> On Mon, Aug 8, 2011 at 3:31 PM, Arran Cudbard-Bell >> wrote: >>> Unfortunately I am not much of a programmer . >>> >>> Ok... but you know SQL right? Which is why i'm suggesting to do the >>> comparison in the SQL database. >>> Therefore if you can put some examples / pointers based on my requirement, it will be a headstart for me . >>> >>> http://dev.mysql.com/doc/refman/5.0/en/comparisons-using-subqueries.html >>> >>> Use SELECT COUNT(*) for the outer query and then compare that value in >>> unlang. >>> >>> -Arran >>> >>> Arran Cudbard-Bell >>> a.cudba...@freeradius.org >>> >>> RADIUS - Half the complexity of Diameter >>> >>> >>> - >>> List info/subscribe/unsubscribe? See >>> http://www.freeradius.org/list/users.html >>> >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> > > Arran Cudbard-Bell > a.cudba...@freeradius.org > > RADIUS - Half the complexity of Diameter > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Unlang Condition Wrong Value !
On 8 Aug 2011, at 16:11, Suman Dash wrote: > So what you say is that i do all comparision within sql sub-query and > whatever output i need to define if less than 32bit store it into an > Integer and do Unlang control / reply updates ? > > Seems quite right .. Will try and get back with results. Exactly :) Feel free to post some samples if you get it working and i'll put them up on the wiki. -Arran > > On Mon, Aug 8, 2011 at 3:31 PM, Arran Cudbard-Bell > wrote: >> >>> Unfortunately I am not much of a programmer . >> >> Ok... but you know SQL right? Which is why i'm suggesting to do the >> comparison in the SQL database. >> >>> Therefore if you can put >>> some examples / pointers based on my requirement, it will be a >>> headstart for me . >> >> http://dev.mysql.com/doc/refman/5.0/en/comparisons-using-subqueries.html >> >> Use SELECT COUNT(*) for the outer query and then compare that value in >> unlang. >> >> -Arran >> >> Arran Cudbard-Bell >> a.cudba...@freeradius.org >> >> RADIUS - Half the complexity of Diameter >> >> >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > Arran Cudbard-Bell a.cudba...@freeradius.org RADIUS - Half the complexity of Diameter - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Unlang Condition Wrong Value !
So what you say is that i do all comparision within sql sub-query and whatever output i need to define if less than 32bit store it into an Integer and do Unlang control / reply updates ? Seems quite right .. Will try and get back with results. Thanks for the tip.. Regards Suman On Mon, Aug 8, 2011 at 3:31 PM, Arran Cudbard-Bell wrote: > >> Unfortunately I am not much of a programmer . > > Ok... but you know SQL right? Which is why i'm suggesting to do the > comparison in the SQL database. > >> Therefore if you can put >> some examples / pointers based on my requirement, it will be a >> headstart for me . > > http://dev.mysql.com/doc/refman/5.0/en/comparisons-using-subqueries.html > > Use SELECT COUNT(*) for the outer query and then compare that value in unlang. > > -Arran > > Arran Cudbard-Bell > a.cudba...@freeradius.org > > RADIUS - Half the complexity of Diameter > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Unlang Condition Wrong Value !
> Unfortunately I am not much of a programmer . Ok... but you know SQL right? Which is why i'm suggesting to do the comparison in the SQL database. > Therefore if you can put > some examples / pointers based on my requirement, it will be a > headstart for me . http://dev.mysql.com/doc/refman/5.0/en/comparisons-using-subqueries.html Use SELECT COUNT(*) for the outer query and then compare that value in unlang. -Arran Arran Cudbard-Bell a.cudba...@freeradius.org RADIUS - Half the complexity of Diameter - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Unlang Condition Wrong Value !
On 8 Aug 2011, at 11:32, Arran Cudbard-Bell wrote: > > On 8 Aug 2011, at 11:09, Suman Dash wrote: > >> What i mean to say is that i am not using an integer to store the >> value as integer is limited to 32bit, Instead i am directly comparing >> output from sql query in Unlanf but it doesn't seems to work either. Because what comes back from XLAT is a string, and FreeRADIUS needs to do the conversion to an integer before it can compare the result to another integer. As there's no 64bit attribute type in the RADIUS protocol, it's probably going to do the conversion to a 32bit integer even if 64bit integers are available. Just compare the results of the two subqueries in an SQL statement. -Arran - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Unlang Condition Wrong Value !
Hi Arran, Unfortunately I am not much of a programmer . Therefore if you can put some examples / pointers based on my requirement, it will be a headstart for me . I had also read somewhere that if we can strip the last 3 octet then atleast 4TB of traffic can be managed in replying back . However, there are a lot of solutions but no examples or a working config which can be tweaked. Regards Suman On Mon, Aug 8, 2011 at 3:02 PM, Arran Cudbard-Bell wrote: > > On 8 Aug 2011, at 11:09, Suman Dash wrote: > >> What i mean to say is that i am not using an integer to store the >> value as integer is limited to 32bit, Instead i am directly comparing >> output from sql query in Unlanf but it doesn't seems to work either. > > Then no. AFAIK FreeRADIUS doesn't support arbitrary precision mathematics. In > general performance is valued over completeness when it comes to things like > unlang. > > Here are some workarounds: > > * You could store the result as a string and use an external utility to do > the comparison. > * You could also try expr xlat, but i'm not sure if it supports arbitrary > precision either. > * If you're just doing an equality check, then just write the value to a > string and do a straight string comparison. > * You could do the comparison in SQL and return a boolean value (i've used > this as a workaround in the past). > * You could write an xlat wrapper around one of the arbitrary precision > libraries. > > -Arran > > >> >> It returns false where it should be returning true. >> >> Regards >> >> On Mon, Aug 8, 2011 at 2:27 PM, Arran Cudbard-Bell >> wrote: >>> >>> On 8 Aug 2011, at 09:32, Suman Dash wrote: >>> So it is not possible to store values more than 32 bit in Tmp-Integer. How about direct sql statements in Unlang not involving the Tmp-Integer. It is also not working in my scenario. >>> >>> You mean a comparison of two integers from two SQL statements? >>> Attached is the logs. >>> >>> More useful would be the config... >>> >>> -Arran >>> Going to the next request Ready to process requests. rad_recv: Access-Request packet from host xxx.xx.xx.xx port 60642, id=55, length=132 Service-Type = Framed-User Framed-Protocol = PPP NAS-Port = 60 NAS-Port-Type = Ethernet User-Name = "10021" Calling-Station-Id = "F4:EC:38:BA:8A:3B" Called-Station-Id = "Internet" NAS-Port-Id = "LAN" User-Password = "10021" NAS-Identifier = "NTL.X" NAS-IP-Address = xxx.xx.xx.xx # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "10021", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop [files] users: Matched entry DEFAULT at line 172 ++[files] returns ok [sql] expand: %{User-Name} -> 10021 [sql] sql_set_user escaped user --> '10021' rlm_sql (sql): Reserving sql socket id: 1 [sql] expand: SELECT id, username, attribute, value, op FROM tbl_check WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM tbl_check WHERE username = '10021' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM tbl_reply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM tbl_reply WHERE username = '10021' ORDER BY id [sql] expand: SELECT groupname FROM tbl_usergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM tbl_usergroup WHERE username = '10021' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM tbl_groupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM tbl_groupcheck WHERE groupname = 'TEST-10G' ORDER BY id [sql] User found in group TEST-10G [sql] expand: SELECT id, groupname, attribute, value, op FROM tbl_groupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM tbl_groupreply WHERE groupname = 'TEST-10G' ORDER BY id rlm_sql (sql): Released sql socket id: 1 ++[sql] returns ok rlm_checkval: Item Name: Calling-Station-Id, Value: F4:EC:38:BA:8A:3B rlm_checkval: Value Name: Calling-Station-Id, Valu
Re: Unlang Condition Wrong Value !
Undermentioned is the complete config. This is a direct approach without storing the results in Tmp-Integer . I assume that this direct approach has nothing to do with 32bit length of Freeradius Attributes. What i am looking to accomplish is a data counter which does not wraps at 4GB, Checks whether total used traffic is less than Max-Monthly-Traffic and based on the result it updates the reply attribute. I have read a lot in mailing lists that people have accomplished it with rlm_perl but i unable to find a similar script in freeradius mailing list. I understand that this feature will be beneficial to a lot of people in community as a lot of people have done hacks and tricks to make it work. So till now official Session counter is available but no data counter. if ("%{sql:SELECT tbl_groupcheck.value from tbl_groupcheck JOIN tbl_usergroup on tbl_groupcheck.groupname = tbl_usergroup.groupname WHERE tbl_usergroup.username = '%{User-Name}'}" > "%{sql:SELECT IFNULL(SUM(AcctInputOctets)+SUM(AcctOutputOctets),0) FROM tbl_acct WHERE UserName='%{User-Name}' AND MONTH(acctstoptime) = MONTH(NOW()) AND YEAR(acctstoptime) = YEAR(NOW())}") { update reply { Mikrotik-Recv-Limit := "%{sql:SELECT tbl_groupcheck.value from tbl_groupcheck JOIN tbl_usergroup on tbl_groupcheck.groupname = tbl_usergroup.groupname WHERE tbl_usergroup.username = '%{User-Name}'}" - "%{sql:SELECT IFNULL(SUM(AcctInputOctets)+SUM(AcctOutputOctets),0) FROM tbl_acct WHERE UserName='%{User-Name}' AND MONTH(acctstoptime) = MONTH(NOW()) AND YEAR(acctstoptime) = YEAR(NOW())}" } else { update reply { Reply-Message := "Fair Usage Policy Enforced, Bandwidth Limited" Mikrotik-Rate-Limit := "128K/256K" } } } Regards Suman On Mon, Aug 8, 2011 at 2:39 PM, Suman Dash wrote: > What i mean to say is that i am not using an integer to store the > value as integer is limited to 32bit, Instead i am directly comparing > output from sql query in Unlanf but it doesn't seems to work either. > > It returns false where it should be returning true. > > Regards > > On Mon, Aug 8, 2011 at 2:27 PM, Arran Cudbard-Bell > wrote: >> >> On 8 Aug 2011, at 09:32, Suman Dash wrote: >> >>> So it is not possible to store values more than 32 bit in Tmp-Integer. >>> How about direct sql statements in Unlang not involving the >>> Tmp-Integer. It is also not working in my scenario. >>> >> >> You mean a comparison of two integers from two SQL statements? >> >>> Attached is the logs. >> >> More useful would be the config... >> >> -Arran >> >>> >>> >>> Going to the next request >>> Ready to process requests. >>> rad_recv: Access-Request packet from host xxx.xx.xx.xx port 60642, >>> id=55, length=132 >>> Service-Type = Framed-User >>> Framed-Protocol = PPP >>> NAS-Port = 60 >>> NAS-Port-Type = Ethernet >>> User-Name = "10021" >>> Calling-Station-Id = "F4:EC:38:BA:8A:3B" >>> Called-Station-Id = "Internet" >>> NAS-Port-Id = "LAN" >>> User-Password = "10021" >>> NAS-Identifier = "NTL.X" >>> NAS-IP-Address = xxx.xx.xx.xx >>> # Executing section authorize from file >>> /etc/freeradius/sites-enabled/default >>> +- entering group authorize {...} >>> ++[preprocess] returns ok >>> ++[chap] returns noop >>> ++[mschap] returns noop >>> ++[digest] returns noop >>> [suffix] No '@' in User-Name = "10021", looking up realm NULL >>> [suffix] No such realm "NULL" >>> ++[suffix] returns noop >>> [eap] No EAP-Message, not doing EAP >>> ++[eap] returns noop >>> [files] users: Matched entry DEFAULT at line 172 >>> ++[files] returns ok >>> [sql] expand: %{User-Name} -> 10021 >>> [sql] sql_set_user escaped user --> '10021' >>> rlm_sql (sql): Reserving sql socket id: 1 >>> [sql] expand: SELECT id, username, attribute, value, op >>> FROM tbl_check WHERE username = '%{SQL-User-Name}' >>> ORDER BY id -> SELECT id, username, attribute, value, op >>> FROM tbl_check WHERE username = '10021' ORDER BY >>> id >>> [sql] User found in radcheck table >>> [sql] expand: SELECT id, username, attribute, value, op >>> FROM tbl_reply WHERE username = '%{SQL-User-Name}' >>> ORDER BY id -> SELECT id, username, attribute, value, op >>> FROM tbl_reply WHERE username = '10021' ORDER BY >>> id >>> [sql] expand: SELECT groupname FROM tbl_usergroup >>> WHERE username = '%{SQL-User-Name}' ORDER BY priority -> >>> SELECT groupname FROM tbl_usergroup WHERE username >>> = '10021' ORDER BY priority >>> [sql] expand: SELECT id, groupname, attribute, Value, op >>> FROM tbl
Re: Unlang Condition Wrong Value !
On 8 Aug 2011, at 11:09, Suman Dash wrote: > What i mean to say is that i am not using an integer to store the > value as integer is limited to 32bit, Instead i am directly comparing > output from sql query in Unlanf but it doesn't seems to work either. Then no. AFAIK FreeRADIUS doesn't support arbitrary precision mathematics. In general performance is valued over completeness when it comes to things like unlang. Here are some workarounds: * You could store the result as a string and use an external utility to do the comparison. * You could also try expr xlat, but i'm not sure if it supports arbitrary precision either. * If you're just doing an equality check, then just write the value to a string and do a straight string comparison. * You could do the comparison in SQL and return a boolean value (i've used this as a workaround in the past). * You could write an xlat wrapper around one of the arbitrary precision libraries. -Arran > > It returns false where it should be returning true. > > Regards > > On Mon, Aug 8, 2011 at 2:27 PM, Arran Cudbard-Bell > wrote: >> >> On 8 Aug 2011, at 09:32, Suman Dash wrote: >> >>> So it is not possible to store values more than 32 bit in Tmp-Integer. >>> How about direct sql statements in Unlang not involving the >>> Tmp-Integer. It is also not working in my scenario. >>> >> >> You mean a comparison of two integers from two SQL statements? >> >>> Attached is the logs. >> >> More useful would be the config... >> >> -Arran >> >>> >>> >>> Going to the next request >>> Ready to process requests. >>> rad_recv: Access-Request packet from host xxx.xx.xx.xx port 60642, >>> id=55, length=132 >>>Service-Type = Framed-User >>>Framed-Protocol = PPP >>>NAS-Port = 60 >>>NAS-Port-Type = Ethernet >>>User-Name = "10021" >>>Calling-Station-Id = "F4:EC:38:BA:8A:3B" >>>Called-Station-Id = "Internet" >>>NAS-Port-Id = "LAN" >>>User-Password = "10021" >>>NAS-Identifier = "NTL.X" >>>NAS-IP-Address = xxx.xx.xx.xx >>> # Executing section authorize from file >>> /etc/freeradius/sites-enabled/default >>> +- entering group authorize {...} >>> ++[preprocess] returns ok >>> ++[chap] returns noop >>> ++[mschap] returns noop >>> ++[digest] returns noop >>> [suffix] No '@' in User-Name = "10021", looking up realm NULL >>> [suffix] No such realm "NULL" >>> ++[suffix] returns noop >>> [eap] No EAP-Message, not doing EAP >>> ++[eap] returns noop >>> [files] users: Matched entry DEFAULT at line 172 >>> ++[files] returns ok >>> [sql] expand: %{User-Name} -> 10021 >>> [sql] sql_set_user escaped user --> '10021' >>> rlm_sql (sql): Reserving sql socket id: 1 >>> [sql] expand: SELECT id, username, attribute, value, op >>> FROM tbl_check WHERE username = '%{SQL-User-Name}' >>> ORDER BY id -> SELECT id, username, attribute, value, op >>> FROM tbl_check WHERE username = '10021' ORDER BY >>> id >>> [sql] User found in radcheck table >>> [sql] expand: SELECT id, username, attribute, value, op >>> FROM tbl_reply WHERE username = '%{SQL-User-Name}' >>> ORDER BY id -> SELECT id, username, attribute, value, op >>> FROM tbl_reply WHERE username = '10021' ORDER BY >>> id >>> [sql] expand: SELECT groupname FROM tbl_usergroup >>> WHERE username = '%{SQL-User-Name}' ORDER BY priority -> >>> SELECT groupname FROM tbl_usergroup WHERE username >>> = '10021' ORDER BY priority >>> [sql] expand: SELECT id, groupname, attribute, Value, op >>>FROM tbl_groupcheck WHERE groupname = '%{Sql-Group}' >>> ORDER BY id -> SELECT id, groupname, attribute, >>> Value, op FROM tbl_groupcheck WHERE groupname = >>> 'TEST-10G' ORDER BY id >>> [sql] User found in group TEST-10G >>> [sql] expand: SELECT id, groupname, attribute, value, op >>>FROM tbl_groupreply WHERE groupname = '%{Sql-Group}' >>> ORDER BY id -> SELECT id, groupname, attribute, >>> value, op FROM tbl_groupreply WHERE groupname = >>> 'TEST-10G' ORDER BY id >>> rlm_sql (sql): Released sql socket id: 1 >>> ++[sql] returns ok >>> rlm_checkval: Item Name: Calling-Station-Id, Value: F4:EC:38:BA:8A:3B >>> rlm_checkval: Value Name: Calling-Station-Id, Value: F4:EC:38:BA:8A:3B >>> ++[checkval] returns ok >>> [expiration] Checking Expiration time: '1 Sep 2011' >>> ++[expiration] returns ok >>> ++[logintime] returns noop >>> ++[pap] returns updated >>> Found Auth-Type = PAP >>> # Executing group from file /etc/freeradius/sites-enabled/default >>> +- entering group PAP {...} >>> [pap] login attempt with password "x" >>> [pap] Using CRYPT password "Wh1vvjSX72NI6" >>> [pap] User authenticated successfully >>> ++[pap] returns ok >>> # Executing section session from file /etc/freeradius/sites-enabled/default >>> +- entering gr
Re: Unlang Condition Wrong Value !
What i mean to say is that i am not using an integer to store the value as integer is limited to 32bit, Instead i am directly comparing output from sql query in Unlanf but it doesn't seems to work either. It returns false where it should be returning true. Regards On Mon, Aug 8, 2011 at 2:27 PM, Arran Cudbard-Bell wrote: > > On 8 Aug 2011, at 09:32, Suman Dash wrote: > >> So it is not possible to store values more than 32 bit in Tmp-Integer. >> How about direct sql statements in Unlang not involving the >> Tmp-Integer. It is also not working in my scenario. >> > > You mean a comparison of two integers from two SQL statements? > >> Attached is the logs. > > More useful would be the config... > > -Arran > >> >> >> Going to the next request >> Ready to process requests. >> rad_recv: Access-Request packet from host xxx.xx.xx.xx port 60642, >> id=55, length=132 >> Service-Type = Framed-User >> Framed-Protocol = PPP >> NAS-Port = 60 >> NAS-Port-Type = Ethernet >> User-Name = "10021" >> Calling-Station-Id = "F4:EC:38:BA:8A:3B" >> Called-Station-Id = "Internet" >> NAS-Port-Id = "LAN" >> User-Password = "10021" >> NAS-Identifier = "NTL.X" >> NAS-IP-Address = xxx.xx.xx.xx >> # Executing section authorize from file /etc/freeradius/sites-enabled/default >> +- entering group authorize {...} >> ++[preprocess] returns ok >> ++[chap] returns noop >> ++[mschap] returns noop >> ++[digest] returns noop >> [suffix] No '@' in User-Name = "10021", looking up realm NULL >> [suffix] No such realm "NULL" >> ++[suffix] returns noop >> [eap] No EAP-Message, not doing EAP >> ++[eap] returns noop >> [files] users: Matched entry DEFAULT at line 172 >> ++[files] returns ok >> [sql] expand: %{User-Name} -> 10021 >> [sql] sql_set_user escaped user --> '10021' >> rlm_sql (sql): Reserving sql socket id: 1 >> [sql] expand: SELECT id, username, attribute, value, op >> FROM tbl_check WHERE username = '%{SQL-User-Name}' >> ORDER BY id -> SELECT id, username, attribute, value, op >> FROM tbl_check WHERE username = '10021' ORDER BY >> id >> [sql] User found in radcheck table >> [sql] expand: SELECT id, username, attribute, value, op >> FROM tbl_reply WHERE username = '%{SQL-User-Name}' >> ORDER BY id -> SELECT id, username, attribute, value, op >> FROM tbl_reply WHERE username = '10021' ORDER BY >> id >> [sql] expand: SELECT groupname FROM tbl_usergroup >> WHERE username = '%{SQL-User-Name}' ORDER BY priority -> >> SELECT groupname FROM tbl_usergroup WHERE username >> = '10021' ORDER BY priority >> [sql] expand: SELECT id, groupname, attribute, Value, op >> FROM tbl_groupcheck WHERE groupname = '%{Sql-Group}' >> ORDER BY id -> SELECT id, groupname, attribute, >> Value, op FROM tbl_groupcheck WHERE groupname = >> 'TEST-10G' ORDER BY id >> [sql] User found in group TEST-10G >> [sql] expand: SELECT id, groupname, attribute, value, op >> FROM tbl_groupreply WHERE groupname = '%{Sql-Group}' >> ORDER BY id -> SELECT id, groupname, attribute, >> value, op FROM tbl_groupreply WHERE groupname = >> 'TEST-10G' ORDER BY id >> rlm_sql (sql): Released sql socket id: 1 >> ++[sql] returns ok >> rlm_checkval: Item Name: Calling-Station-Id, Value: F4:EC:38:BA:8A:3B >> rlm_checkval: Value Name: Calling-Station-Id, Value: F4:EC:38:BA:8A:3B >> ++[checkval] returns ok >> [expiration] Checking Expiration time: '1 Sep 2011' >> ++[expiration] returns ok >> ++[logintime] returns noop >> ++[pap] returns updated >> Found Auth-Type = PAP >> # Executing group from file /etc/freeradius/sites-enabled/default >> +- entering group PAP {...} >> [pap] login attempt with password "x" >> [pap] Using CRYPT password "Wh1vvjSX72NI6" >> [pap] User authenticated successfully >> ++[pap] returns ok >> # Executing section session from file /etc/freeradius/sites-enabled/default >> +- entering group session {...} >> [radutmp] expand: /var/log/freeradius/radutmp -> >> /var/log/freeradius/radutmp >> [radutmp] expand: %{User-Name} -> 10021 >> ++[radutmp] returns ok >> # Executing section post-auth from file /etc/freeradius/sites-enabled/default >> +- entering group post-auth {...} >> [sql] expand: %{User-Name} -> 10021 >> [sql] sql_set_user escaped user --> '10021' >> [sql] expand: %{User-Password} -> x >> [sql] expand: INSERT INTO tbl_postauth >> (username, pass, reply, authdate) VALUES ( >> '%{User-Name}', >> '%{%{User-Password}:-%{Chap-Password}}', >> '%{reply:Packet-Type}', '%S') -> INSERT INTO tbl_postauth >> (username, pass, reply, authdate) >> VALUES ( '10021', >> '10021', 'Access-Accept', '2011-08-08 >> 01:31:49') >> r
Re: Unlang Condition Wrong Value !
On 8 Aug 2011, at 09:32, Suman Dash wrote: > So it is not possible to store values more than 32 bit in Tmp-Integer. > How about direct sql statements in Unlang not involving the > Tmp-Integer. It is also not working in my scenario. > You mean a comparison of two integers from two SQL statements? > Attached is the logs. More useful would be the config... -Arran > > > Going to the next request > Ready to process requests. > rad_recv: Access-Request packet from host xxx.xx.xx.xx port 60642, > id=55, length=132 >Service-Type = Framed-User >Framed-Protocol = PPP >NAS-Port = 60 >NAS-Port-Type = Ethernet >User-Name = "10021" >Calling-Station-Id = "F4:EC:38:BA:8A:3B" >Called-Station-Id = "Internet" >NAS-Port-Id = "LAN" >User-Password = "10021" >NAS-Identifier = "NTL.X" >NAS-IP-Address = xxx.xx.xx.xx > # Executing section authorize from file /etc/freeradius/sites-enabled/default > +- entering group authorize {...} > ++[preprocess] returns ok > ++[chap] returns noop > ++[mschap] returns noop > ++[digest] returns noop > [suffix] No '@' in User-Name = "10021", looking up realm NULL > [suffix] No such realm "NULL" > ++[suffix] returns noop > [eap] No EAP-Message, not doing EAP > ++[eap] returns noop > [files] users: Matched entry DEFAULT at line 172 > ++[files] returns ok > [sql] expand: %{User-Name} -> 10021 > [sql] sql_set_user escaped user --> '10021' > rlm_sql (sql): Reserving sql socket id: 1 > [sql] expand: SELECT id, username, attribute, value, op > FROM tbl_check WHERE username = '%{SQL-User-Name}' > ORDER BY id -> SELECT id, username, attribute, value, op > FROM tbl_check WHERE username = '10021' ORDER BY > id > [sql] User found in radcheck table > [sql] expand: SELECT id, username, attribute, value, op > FROM tbl_reply WHERE username = '%{SQL-User-Name}' > ORDER BY id -> SELECT id, username, attribute, value, op > FROM tbl_reply WHERE username = '10021' ORDER BY > id > [sql] expand: SELECT groupname FROM tbl_usergroup > WHERE username = '%{SQL-User-Name}' ORDER BY priority -> > SELECT groupname FROM tbl_usergroup WHERE username > = '10021' ORDER BY priority > [sql] expand: SELECT id, groupname, attribute, Value, op >FROM tbl_groupcheck WHERE groupname = '%{Sql-Group}' > ORDER BY id -> SELECT id, groupname, attribute, > Value, op FROM tbl_groupcheck WHERE groupname = > 'TEST-10G' ORDER BY id > [sql] User found in group TEST-10G > [sql] expand: SELECT id, groupname, attribute, value, op >FROM tbl_groupreply WHERE groupname = '%{Sql-Group}' > ORDER BY id -> SELECT id, groupname, attribute, > value, op FROM tbl_groupreply WHERE groupname = > 'TEST-10G' ORDER BY id > rlm_sql (sql): Released sql socket id: 1 > ++[sql] returns ok > rlm_checkval: Item Name: Calling-Station-Id, Value: F4:EC:38:BA:8A:3B > rlm_checkval: Value Name: Calling-Station-Id, Value: F4:EC:38:BA:8A:3B > ++[checkval] returns ok > [expiration] Checking Expiration time: '1 Sep 2011' > ++[expiration] returns ok > ++[logintime] returns noop > ++[pap] returns updated > Found Auth-Type = PAP > # Executing group from file /etc/freeradius/sites-enabled/default > +- entering group PAP {...} > [pap] login attempt with password "x" > [pap] Using CRYPT password "Wh1vvjSX72NI6" > [pap] User authenticated successfully > ++[pap] returns ok > # Executing section session from file /etc/freeradius/sites-enabled/default > +- entering group session {...} > [radutmp] expand: /var/log/freeradius/radutmp -> > /var/log/freeradius/radutmp > [radutmp] expand: %{User-Name} -> 10021 > ++[radutmp] returns ok > # Executing section post-auth from file /etc/freeradius/sites-enabled/default > +- entering group post-auth {...} > [sql] expand: %{User-Name} -> 10021 > [sql] sql_set_user escaped user --> '10021' > [sql] expand: %{User-Password} -> x > [sql] expand: INSERT INTO tbl_postauth > (username, pass, reply, authdate) VALUES ( >'%{User-Name}', > '%{%{User-Password}:-%{Chap-Password}}', > '%{reply:Packet-Type}', '%S') -> INSERT INTO tbl_postauth > (username, pass, reply, authdate) > VALUES ( '10021', > '10021', 'Access-Accept', '2011-08-08 > 01:31:49') > rlm_sql (sql) in sql_postauth: query is INSERT INTO tbl_postauth >(username, pass, reply, authdate) > VALUES ( '10021', >'10021', 'Access-Accept', > '2011-08-08 01:31:49') > rlm_sql (sql): Reserving sql socket id: 0 > rlm_sql (sql): Released sql socket id: 0 > ++[sql] returns ok > ++? if ("%{sql:SELECT tbl_groupcheck.value from tbl_groupcheck JOIN >
Re: Unlang Condition Wrong Value !
So it is not possible to store values more than 32 bit in Tmp-Integer. How about direct sql statements in Unlang not involving the Tmp-Integer. It is also not working in my scenario. Attached is the logs. Going to the next request Ready to process requests. rad_recv: Access-Request packet from host xxx.xx.xx.xx port 60642, id=55, length=132 Service-Type = Framed-User Framed-Protocol = PPP NAS-Port = 60 NAS-Port-Type = Ethernet User-Name = "10021" Calling-Station-Id = "F4:EC:38:BA:8A:3B" Called-Station-Id = "Internet" NAS-Port-Id = "LAN" User-Password = "10021" NAS-Identifier = "NTL.X" NAS-IP-Address = xxx.xx.xx.xx # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "10021", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop [files] users: Matched entry DEFAULT at line 172 ++[files] returns ok [sql] expand: %{User-Name} -> 10021 [sql] sql_set_user escaped user --> '10021' rlm_sql (sql): Reserving sql socket id: 1 [sql] expand: SELECT id, username, attribute, value, op FROM tbl_check WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM tbl_check WHERE username = '10021' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM tbl_reply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM tbl_reply WHERE username = '10021' ORDER BY id [sql] expand: SELECT groupname FROM tbl_usergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM tbl_usergroup WHERE username = '10021' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM tbl_groupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM tbl_groupcheck WHERE groupname = 'TEST-10G' ORDER BY id [sql] User found in group TEST-10G [sql] expand: SELECT id, groupname, attribute, value, op FROM tbl_groupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM tbl_groupreply WHERE groupname = 'TEST-10G' ORDER BY id rlm_sql (sql): Released sql socket id: 1 ++[sql] returns ok rlm_checkval: Item Name: Calling-Station-Id, Value: F4:EC:38:BA:8A:3B rlm_checkval: Value Name: Calling-Station-Id, Value: F4:EC:38:BA:8A:3B ++[checkval] returns ok [expiration] Checking Expiration time: '1 Sep 2011' ++[expiration] returns ok ++[logintime] returns noop ++[pap] returns updated Found Auth-Type = PAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group PAP {...} [pap] login attempt with password "x" [pap] Using CRYPT password "Wh1vvjSX72NI6" [pap] User authenticated successfully ++[pap] returns ok # Executing section session from file /etc/freeradius/sites-enabled/default +- entering group session {...} [radutmp] expand: /var/log/freeradius/radutmp -> /var/log/freeradius/radutmp [radutmp] expand: %{User-Name} -> 10021 ++[radutmp] returns ok # Executing section post-auth from file /etc/freeradius/sites-enabled/default +- entering group post-auth {...} [sql] expand: %{User-Name} -> 10021 [sql] sql_set_user escaped user --> '10021' [sql] expand: %{User-Password} -> x [sql] expand: INSERT INTO tbl_postauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S') -> INSERT INTO tbl_postauth (username, pass, reply, authdate) VALUES ( '10021', '10021', 'Access-Accept', '2011-08-08 01:31:49') rlm_sql (sql) in sql_postauth: query is INSERT INTO tbl_postauth (username, pass, reply, authdate) VALUES ( '10021', '10021', 'Access-Accept', '2011-08-08 01:31:49') rlm_sql (sql): Reserving sql socket id: 0 rlm_sql (sql): Released sql socket id: 0 ++[sql] returns ok ++? if ("%{sql:SELECT tbl_groupcheck.value from tbl_groupcheck JOIN tbl_usergroup on tbl_groupcheck.groupname = tbl_usergroup.groupname WHERE tbl_usergroup.username = '%{User-Name}'}" > "%{sql:SELECT IFNULL(SUM(AcctInputOctets)+SUM(AcctOutputOctets),0) FROM tbl_acct WHERE UserName='%{User-Name}' AND MONTH(acctstoptime) = MONTH(NOW()) AND YEAR(acctstoptime) = YEAR(NOW())}") sql_xlat expand: %{User-Name} -> 1002
Re: Unlang Condition Wrong Value !
RFC 2865: integer 32 bit unsigned value, most significant octet first. FreeRADIUS is just a RADIUS server, and the temporary integer attributes are just RADIUS attributes. -Arran On 8 Aug 2011, at 09:11, Suman Dash wrote: > I am trying to replace sqlcounter with Unland expression in Post Auth > Section. The values are successfully called but while storing in > Tmp-Interger those are stripped. Below are the logs . > As you can see from the logs that Mysql returns a value of 20989570594 > But it's stored as 3557549056 for Tmp-Integer-0 > > The same happens to Tmp-Integer-1 due to which the expression output > becomes FALSE instead of TRUE. > > Is this the limitation of Tmp-Integer as it is an 32bit int ? > > ##Post-Auth Section > > sql > update control{ >Tmp-Integer-0 := "%{sql:SELECT > IFNULL(SUM(AcctInputOctets)+SUM(AcctOutputOctets),0) \ >FROM tbl_acct WHERE > UserName='%{User-Name}' \ >AND > MONTH(acctstoptime) = MONTH(NOW()) \ >AND YEAR(acctstoptime) > = YEAR(NOW())}" >Tmp-Integer-1 := "%{sql:SELECT > tbl_groupcheck.value from tbl_groupcheck \ >JOIN tbl_usergroup on > tbl_groupcheck.groupname = tbl_usergroup.groupname \ >where > tbl_usergroup.username = '%{User-Name}'}" > } >if ("%{control:Tmp-Integer-1}" > "%{control:Tmp-Integer-0}") { >update reply { >Mikrotik-Recv-Limit := > "%{control:Tmp-Integer-1}" - "%{control:Tmp-Integer-0}" > } > } >if ("%{control:Tmp-Integer-1}" <= "%{control:Tmp-Integer-0}") { >update reply { >Reply-Message := "Fair Usage > Policy Enforced, Bandwidth Limited" >Mikrotik-Rate-Limit := > "128K/256K 128K/256K 128K/256K 180/180 8" > } > } > ##MySQL Table > > > > mysql> SELECT IFNULL(SUM(AcctInputOctets)+SUM(AcctOutputOctets),0) > -> FROM tbl_acct WHERE UserName='10021' > -> AND MONTH(acctstoptime) = MONTH(NOW()) > -> AND YEAR(acctstoptime) = YEAR(NOW()); > > +--+ > | IFNULL(SUM(AcctInputOctets)+SUM(AcctOutputOctets),0) | > +--+ > | 20989570594 | > +--+ > 1 row in set (0.00 sec) > > mysql> SELECT tbl_groupcheck.value from tbl_groupcheck > ->JOIN tbl_usergroup on tbl_groupcheck.groupname = > tbl_usergroup.groupname > ->where tbl_usergroup.username = '10021'; > > +-+ > | value | > +-+ > | 20737418240 | > +-+ > 1 row in set (0.00 sec) > > > ##RADIUS DEBUG LOG > > > Finished request 4. > Cleaning up request 4 ID 176 with timestamp +15 > Going to the next request > Ready to process requests. > rad_recv: Access-Request packet from host XXX.XX.XX.86 port 44198, > id=236, length=132 >Service-Type = Framed-User >Framed-Protocol = PPP >NAS-Port = 56 >NAS-Port-Type = Ethernet >User-Name = "10021" >Calling-Station-Id = "XX:XX:XX:XX:XX:XX" >Called-Station-Id = "Internet" >NAS-Port-Id = "LAN" >User-Password = "10021" >NAS-Identifier = "XXX.XXX" >NAS-IP-Address = XXX.XX.XX.86 > # Executing section authorize from file /etc/freeradius/sites-enabled/default > +- entering group authorize {...} > ++[preprocess] returns ok > ++[chap] returns noop > ++[mschap] returns noop > ++[digest] returns noop > [suffix] No '@' in User-Name = "10021", looking up realm NULL > [suffix] No such realm "NULL" > ++[suffix] returns noop > [eap] No EAP-Message, not doing EAP > ++[eap] returns noop > [files] users: Matched entry DEFAULT at line 172 > ++[files] returns ok > [sql] expand: %{User-Name} -> 10021 > [sql] sql_set_user escaped user --> '10021' > rlm_sql (sql): Reserving sql socket id: 3 > [sql] expand: SELECT id, username, attribute, value, op > FROM tbl_check WHERE username = '%{SQL-User-Name}' > ORDER BY id -> SELECT id, username, attribute, value, op > FROM tbl_check
Unlang Condition Wrong Value !
I am trying to replace sqlcounter with Unland expression in Post Auth Section. The values are successfully called but while storing in Tmp-Interger those are stripped. Below are the logs . As you can see from the logs that Mysql returns a value of 20989570594 But it's stored as 3557549056 for Tmp-Integer-0 The same happens to Tmp-Integer-1 due to which the expression output becomes FALSE instead of TRUE. Is this the limitation of Tmp-Integer as it is an 32bit int ? ##Post-Auth Section sql update control{ Tmp-Integer-0 := "%{sql:SELECT IFNULL(SUM(AcctInputOctets)+SUM(AcctOutputOctets),0) \ FROM tbl_acct WHERE UserName='%{User-Name}' \ AND MONTH(acctstoptime) = MONTH(NOW()) \ AND YEAR(acctstoptime) = YEAR(NOW())}" Tmp-Integer-1 := "%{sql:SELECT tbl_groupcheck.value from tbl_groupcheck \ JOIN tbl_usergroup on tbl_groupcheck.groupname = tbl_usergroup.groupname \ where tbl_usergroup.username = '%{User-Name}'}" } if ("%{control:Tmp-Integer-1}" > "%{control:Tmp-Integer-0}") { update reply { Mikrotik-Recv-Limit := "%{control:Tmp-Integer-1}" - "%{control:Tmp-Integer-0}" } } if ("%{control:Tmp-Integer-1}" <= "%{control:Tmp-Integer-0}") { update reply { Reply-Message := "Fair Usage Policy Enforced, Bandwidth Limited" Mikrotik-Rate-Limit := "128K/256K 128K/256K 128K/256K 180/180 8" } } ##MySQL Table mysql> SELECT IFNULL(SUM(AcctInputOctets)+SUM(AcctOutputOctets),0) -> FROM tbl_acct WHERE UserName='10021' -> AND MONTH(acctstoptime) = MONTH(NOW()) -> AND YEAR(acctstoptime) = YEAR(NOW()); +--+ | IFNULL(SUM(AcctInputOctets)+SUM(AcctOutputOctets),0) | +--+ | 20989570594 | +--+ 1 row in set (0.00 sec) mysql> SELECT tbl_groupcheck.value from tbl_groupcheck -> JOIN tbl_usergroup on tbl_groupcheck.groupname = tbl_usergroup.groupname -> where tbl_usergroup.username = '10021'; +-+ | value | +-+ | 20737418240 | +-+ 1 row in set (0.00 sec) ##RADIUS DEBUG LOG Finished request 4. Cleaning up request 4 ID 176 with timestamp +15 Going to the next request Ready to process requests. rad_recv: Access-Request packet from host XXX.XX.XX.86 port 44198, id=236, length=132 Service-Type = Framed-User Framed-Protocol = PPP NAS-Port = 56 NAS-Port-Type = Ethernet User-Name = "10021" Calling-Station-Id = "XX:XX:XX:XX:XX:XX" Called-Station-Id = "Internet" NAS-Port-Id = "LAN" User-Password = "10021" NAS-Identifier = "XXX.XXX" NAS-IP-Address = XXX.XX.XX.86 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "10021", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop [files] users: Matched entry DEFAULT at line 172 ++[files] returns ok [sql] expand: %{User-Name} -> 10021 [sql] sql_set_user escaped user --> '10021' rlm_sql (sql): Reserving sql socket id: 3 [sql] expand: SELECT id, username, attribute, value, op FROM tbl_check WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM tbl_check WHERE username = '10021' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM tbl_reply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM tbl_reply WHERE username = '10021' ORDER BY id [sql] expand: SELECT groupname FROM tbl_usergroup WHERE username = '%{SQL-User-N