Help with sqlcounter for data transferred
Hi,
i'm configuring a server with a sql counter to check the total byte in a
week for the users.
But the server will reply a wrong count.
Here's the counter:
sqlcounter weeklybytecounter {
counter-name = Weekly-Total-Max-Octets
check-name = Max-Weekly-Octets
reply-name = Mikrotik-Total-Limit
sqlmod-inst = sql
key = User-Name
reset = weekly
query = SELECT (SUM(acctinputoctets)+SUM(acctoutputoctets)) FROM radacct
WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(acctstarttime) + acctsessiontime
'%b'
But the reply doesn't is the operation between (check-name value) - (query
value)
for example:
rlm_sqlcounter: Authorized user fabrizio, check_item=30,
counter=38101894
I expect a reply of 30 - 38101894 = 2961898106
but i receive different value also bigger.
Any idea ?
--
Fabrizio Fiore Donati
Mobile: +39 3289872420
E-mail: fabrizio.fioredon...@2bite.net
2bite s.r.l.
Via Saragat snc
67100 L'Aquila (AQ) - Italy
Tel.: +39 0862441583
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sqlcounter instance not found in modules section
On Wed, 3 Oct 2012, Fajar A. Nugraha wrote: At times like this it's handy if you pasted the WHOLE output of radiusd -X. Among others, it will show whether it reads the correct file. Usually you edit one file while FR loads the other. Interestingly enough when I run radiusd -X it loads perfectly then any time I run radiusd normally it works as well... But if I change the name of a sqlcounter instance and run radiusd normally it will error until radiusd -X is run again Very strange!!! I spend all last night testing this and it seams I was always doign the right thing config wise it was just radiusd didn't read all the config files until it was run with the debug -X argument once. If anyone can replicate this it might be a bug or it could just be a bug in my compile. Thanks everyone! Russ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
sqlcounter instance not found in modules section
Hey Everyone,
I'm trying to create a new sqlcounter instance that counts octets. I
think
what I've done is correct but I get the following error when I start
FreeRadius...
Mon Oct 1 21:09:41 2012 : Error:
/usr/local/etc/raddb/sites-enabled/default[203]: Failed to find
dailyoctetcounter in the modules section.
Mon Oct 1 21:09:41 2012 : Error:
/usr/local/etc/raddb/sites-enabled/default[69]: Errors parsing authorize
section.
Mon Oct 1 21:09:41 2012 : Error: Failed to load virtual server default
This error also occurs when I change the name of dailycounter to be
dailytimecounter.
My relivant config is as follows...
radius.conf
instantiate {
dailycounter
dailyoctetcounter
}
-
sql/mysql/counter.conf
sqlcounter dailyoctetcounter {
counter-name = Daily-Session-Octet
check-name = Max-Daily-Session-Octet
reply-name = ChilliSpot-Max-Total-Octets
sqlmod-inst = sql
key = User-Name
reset = daily
query = SELECT SUM(acctinputoctets + acctoutputoctets) \
FROM radacct WHERE username = '%{%k}' \
AND UNIX_TIMESTAMP(acctstarttime) '%b'
}
sqlcounter dailycounter {
counter-name = Daily-Session-Time
check-name = Max-Daily-Session
reply-name = Session-Timeout
sqlmod-inst = sql
key = User-Name
reset = daily
query = SELECT SUM(acctsessiontime - \
GREATEST((%b - UNIX_TIMESTAMP(acctstarttime)), 0)) \
FROM radacct WHERE username = '%{%k}' AND \
UNIX_TIMESTAMP(acctstarttime) + acctsessiontime '%b'
}
sites-enabled/default
authorize {
dailycounter {
reject = 1
}
if (reject) {
update reply {
Reply-Message := Your daily time limit is up!
}
ok = reject
}
dailyoctetcounter {
reject = 1
}
if (reject) {
update reply {
Reply-Message := Your daily transfer limit is
up!
}
ok = reject
}
}
Is there a set of keywords that are only valid for sqlcounters? Or like I
think anything that isn't already another instance should be vaild. Please
tell me where I'm going wrong with my config.
Thanks
Russ
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sqlcounter instance not found in modules section
Russell Stockhammer wrote: I'm trying to create a new sqlcounter instance that counts octets. I think what I've done is correct but I get the following error when I start FreeRadius... ... sql/mysql/counter.conf Why? The default sqlcounter file is in raddb/modules. Put the dailyoctetcounter configuration there, and it will work. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sqlcounter instance not found in modules section
On Tue, Oct 2, 2012 at 6:47 PM, Alan DeKok al...@deployingradius.com wrote: Russell Stockhammer wrote: I'm trying to create a new sqlcounter instance that counts octets. I think what I've done is correct but I get the following error when I start FreeRadius... ... sql/mysql/counter.conf Why? The default sqlcounter file is in raddb/modules. Put the dailyoctetcounter configuration there, and it will work. I think he might got confused because there are raddb/sql/mysql/counter.conf and raddb/sql/postgresql/counter.conf, as well as raddb/modules/sqlcounter_expire_on_login. Perhaps we should add a small instruction on top of raddb/sql/*/counter.conf, saying something like copy this file to raddb/modules and adjust as needed? Plus probably a small update to doc/rlm_sqlcounter. If no one else does this first I'll probably be able to send a pull request in the next day or two. -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sqlcounter instance not found in modules section
Fajar A. Nugraha wrote: I think he might got confused because there are raddb/sql/mysql/counter.conf and raddb/sql/postgresql/counter.conf, as well as raddb/modules/sqlcounter_expire_on_login. OK... and the modules are in the raddb/modules directory. Perhaps we should add a small instruction on top of raddb/sql/*/counter.conf, saying something like copy this file to raddb/modules and adjust as needed? Plus probably a small update to doc/rlm_sqlcounter. If no one else does this first I'll probably be able to send a pull request in the next day or two. Sure. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sqlcounter instance not found in modules section
On Tue, 2 Oct 2012, Alan DeKok wrote: Russell Stockhammer wrote: I'm trying to create a new sqlcounter instance that counts octets. I think what I've done is correct but I get the following error when I start FreeRadius... ... sql/mysql/counter.conf Why? The default sqlcounter file is in raddb/modules. Put the dailyoctetcounter configuration there, and it will work. Thanks for the response. There wasn't a sqlcounter file in raddb/modules when I installed it. I copied the file into raddb/modules and still get the same error. Is there something else I need to do? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sqlcounter instance not found in modules section
On Tue, 2 Oct 2012, Fajar A. Nugraha wrote: On Tue, Oct 2, 2012 at 6:47 PM, Alan DeKok al...@deployingradius.com wrote: Russell Stockhammer wrote: I'm trying to create a new sqlcounter instance that counts octets. I think what I've done is correct but I get the following error when I start FreeRadius... ... sql/mysql/counter.conf Why? The default sqlcounter file is in raddb/modules. Put the dailyoctetcounter configuration there, and it will work. I think he might got confused because there are raddb/sql/mysql/counter.conf and raddb/sql/postgresql/counter.conf, as well as raddb/modules/sqlcounter_expire_on_login. Perhaps we should add a small instruction on top of raddb/sql/*/counter.conf, saying something like copy this file to raddb/modules and adjust as needed? Plus probably a small update to doc/rlm_sqlcounter. If no one else does this first I'll probably be able to send a pull request in the next day or two. Ok, but there is also a; - $INCLUDE sql/mysql/counter.conf but default in the modules section of radius.conf. So I assumed it didn't need to be copied anywhere. -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sqlcounter instance not found in modules section
On Wed, Oct 3, 2012 at 12:04 PM, Russell Stockhammer russg...@329ncle.no-ip.org wrote: Ok, but there is also a; - $INCLUDE sql/mysql/counter.conf Good catch :) FR is pretty flexible in its configuration. Suffice to say that most (all?) module configuration (including sql and eap) in 3.x is moved to modules-available, but in 2.x you might find them anywhere inside raddb. You can either uncomment that line, or copy it to modules directory, which should do the same thing. but default in the modules section of radius.conf. So I assumed it didn't need to be copied anywhere. At times like this it's handy if you pasted the WHOLE output of radiusd -X. Among others, it will show whether it reads the correct file. Usually you edit one file while FR loads the other. -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Question about SQLcounter and reject sessions
Thanks Fajar!! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Question about SQLcounter and reject sessions
Hi everybody!!
I have been using Freeradius as AAA of some wireless hotspots and it works
great!!
After reading the Rlm_sqlcounter wiki page I started to use it, and it also
works great. This is the code of my sqlcounters:
sqlcounter dailycounter {
counter-name = Daily-Session-Time
check-name = Max-Daily-Session
reply-name = Session-Timeout
sqlmod-inst = sql
key = User-Name
reset = daily
query = SELECT SUM(acctsessiontime) FROM radacct WHERE \
username='%{%k}' AND acctstarttime FROM_UNIXTIME('%b')
}
sqlcounter noresetcounter {
counter-name = Max-All-Session-Time
check-name = Max-All-Session
sqlmod-inst = sql
key = User-Name
reset = never
query = SELECT (UNIX_TIMESTAMP( NOW() ) -
IFNULL(UNIX_TIMESTAMP(acctst$
}
Everything works fine, but now I have a question about the dailycounter:
I have some users that I need to reject their sessions at midnight, because
of that Im using the dailycounter... but I need that user can't login again
(the user is valid only 1 day).
In this moment the user can login again the next day. How can I do to
invalid the user after midnight?
An example of an user:
radcheck table
username: user1
User-Password :=
radusergroup table
username: user1
groupname: 1day
radusergroup table
groupname: 1day
Max-Daily-Session := 12000
Thanks a lot!!
*
**Andres Gomez*
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Question about SQLcounter and reject sessions
On Wed, Aug 8, 2012 at 8:34 PM, Andres Gomez Ruiz andres.go...@urbalink.co wrote: I have some users that I need to reject their sessions at midnight, because of that Im using the dailycounter... IIRC that's not what dailycounter is for. but I need that user can't login again (the user is valid only 1 day). In this moment the user can login again the next day. How can I do to invalid the user after midnight? One way to do that was mentioned in the past. Try reading the archives: http://freeradius.1045715.n5.nabble.com/Unix-TimeStamp-Based-Login-td5708187.html . In particular, look at Phil's post. -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Probmels with sqlcounter module in FreeRADIUS 2.1.12
2012 : Info: [sql] ... expanding second conditional
Fri Jun 29 10:20:06 2012 : Info: [sql] expand: INSERT INTO radacct
(AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress,NASPortId,
NASPortType, AcctStartTime, AcctAuthentic, ConnectInfo_start,
CalledStationId, CallingStationId, ServiceType, FramedProtocol,
FramedIPAddress, AcctStartDelay, XAscendSessionSvrKey)
VALUES('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',
'%{SQL-User-Name}', NULLIF('%{Realm}', ''), '%{NAS-IP-Address}',
%{%{NAS-Port}:-NULL}, '%{NAS-Port-Type}', ('%S'::timestamp -
'%{%{Acct-Delay-Time}:-0}'::interval), '%{Acct-Authentic}',
'%{Connect-Info}', '%{Called-Station-Id}', '%{Calling-Station-Id}',
'%{Service-Type}', '%{Framed-Protocol}', NULLIF('%{Framed-IP-Address}',
'')::inet, 0, '%{X-Ascend-Session-Svr-Key}') - INSERT INTO radacct
(AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress,NASPortId,
NASPortType, AcctStartTime, AcctAuthentic, ConnectInfo_start,
CalledStationId, CallingStationId, ServiceType, FramedProtocol,
FramedIPAddress, AcctStartDelay,
Fri Jun 29 10:20:06 2012 : Debug: rlm_sql (sql): Reserving sql socket id: 0
Fri Jun 29 10:20:06 2012 : Debug: rlm_sql_postgresql: Status:
PGRES_COMMAND_OK
Fri Jun 29 10:20:06 2012 : Debug: rlm_sql_postgresql: query affected rows =
1
Fri Jun 29 10:20:06 2012 : Debug: rlm_sql (sql): Released sql socket id: 0
Fri Jun 29 10:20:06 2012 : Info: ++[sql] returns ok
Sending Accounting-Response of id 47 to 127.0.0.1 port 56325
Fri Jun 29 10:20:06 2012 : Info: Finished request 2.
Fri Jun 29 10:20:06 2012 : Info: Cleaning up request 2 ID 47 with timestamp
+263
Fri Jun 29 10:20:06 2012 : Debug: Going to the next request
Fri Jun 29 10:20:06 2012 : Debug: Waking up in 4.9 seconds.
Fri Jun 29 10:20:11 2012 : Info: Cleaning up request 1 ID 87 with timestamp
+263
Fri Jun 29 10:20:11 2012 : Info: Ready to process requests.
when I authenticate for the second time the user (after logged it out), I
get some more lines in the debug output, and also the Session-Timeout
attribute is send.
Bellow are some lines that appear in plus to the first debug track:
For //***1 the lines are:
Fri Jun 29 10:25:43 2012 : Debug: rlm_sqlcounter: Check item is greater
than query result
Fri Jun 29 10:25:43 2012 : Debug: rlm_sqlcounter: Authorized user test3,
check_item=60, counter=10
Fri Jun 29 10:25:43 2012 : Debug: rlm_sqlcounter: Sent Reply-Item for user
test3, Type=Session-Timeout, value=50
Fri Jun 29 10:25:43 2012 : Info: ++[hourlycounter] returns ok
For //***2 Sending Access-Accept of id 117 to 127.0.0.1 port 39595
Session-Timeout = 50
So, as you can see from my comments, the Session-Timeout attribute isn't
present in the radius response debug from the first login. The second time
when it appears, it is caluculated correctly. For now I think that I have
an issue with FR, so I don't go further to my chillispot NAS yet.
Do you have some suggestions?
N.B.
1. I changed the counter module name from dailycounter to hourlycounter,
for clearness.
2. Also, in the good working scenario debug trace, I logged in with test3
username. (to clarify the username incompatibilities from the two debug
output)
3. If you need also the second debug trace entirely, just let me know.
On Thu, Jun 28, 2012 at 3:50 PM, Fajar A. Nugraha l...@fajar.net wrote:
On Thu, Jun 28, 2012 at 7:34 PM, Andrei Petru Mura mapand...@gmail.com
wrote:
id | username | attribute| op | value
-++++
167 | test1 | Password | := | test1
168 | test1 | Max-Daily-Session | := | 60
The problem is that every time when I authenticate for the first time per
hour (because the sqlcounter is resetted hourly), with username test1, I
can
access the services given by freeradius an unlimited time.
That's not right.
- Did you read the wiki?
- Did you try to run FR in debug mode? Did it send Session-Timeout
attribute? Was it calculated correctly?
- Does your NAS honor Session-Timeout attribute?
IIRC some NAS (e.g. chillispot) ignores some attributes (e.g.
Acct-Interim-Interval) if it's too small (e.g = 60 seconds). That
might be the case in your setup (although the attribute here is
different).
--
Fajar
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Probmels with sqlcounter module in FreeRADIUS 2.1.12
On Fri, Jun 29, 2012 at 2:58 PM, Andrei Petru Mura mapand...@gmail.com wrote:
Fri Jun 29 10:20:06 2012 : Info: [hourlycounter] expand: %{sql:SELECT
SUM(AcctSessionTime - GREATER((1340953200 -
AcctStartTime::ABSTIME::INT4), 0)) FROM radacct WHERE
UserName='test1' AND AcctStartTime::ABSTIME::INT4 +
AcctSessionTime '1340953200'} -
//***1 Look here!!!
Fri Jun 29 10:20:06 2012 : Debug: rlm_sqlcounter: No integer found in string
Fri Jun 29 10:20:06 2012 : Info: ++[hourlycounter] returns noop
//***1
well ... fix that :)
So, as you can see from my comments, the Session-Timeout attribute isn't
present in the radius response debug from the first login. The second time
when it appears, it is caluculated correctly. For now I think that I have an
issue with FR, so I don't go further to my chillispot NAS yet.
Do you have some suggestions?
It MIGHT be a bug, somewhat, in the default sql query in that it
returns no integer if there's no previous accounting record. You can
try running the query manually on a user which already logged in
before and on new user.
If you can contribute a fix, please do. Maybe adding some IF/ELSE to
the sql query?
--
Fajar
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Probmels with sqlcounter module in FreeRADIUS 2.1.12
So, as you can see from my comments, the Session-Timeout attribute isn't present in the radius response debug from the first login. The second time when it appears, it is caluculated correctly. For now I think that I have an issue with FR, so I don't go further to my chillispot NAS yet. Do you have some suggestions? It MIGHT be a bug, somewhat, in the default sql query in that it returns no integer if there's no previous accounting record. You can try running the query manually on a user which already logged in before and on new user. If you can contribute a fix, please do. Maybe adding some IF/ELSE to the sql query? Your suggestion worked. Also, commited the change on git repo. Thanks! -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Probmels with sqlcounter module in FreeRADIUS 2.1.12
I'm running FreeRADIUS in conjunction with PostgreSQL 9.1. Snippet from
radiusd.conf:
modules {
...
$INCLUDE sql/postgresql/counter.conf
...
}
in my sql/postgresql/counter.conf, I have the following:
sqlcounter dailycounter {
counter-name = Daily-Session-Time
check-name = Max-Daily-Session
reply-name = Session-Timeout
sqlmod-inst = sql
key = User-Name
reset = hourly
query = SELECT SUM(AcctSessionTime - GREATER((%b -
AcctStartTime::ABSTIME::INT4), 0)) FROM radacct WHERE UserName='%{%k}'
AND AcctStartTime::ABSTIME::INT4 + AcctSessionTime '%b'
}
Attention!!! The dailycounter has an hourly reset.
in the sites-available/default, under authorize section:
authorize {
...
dailycounter
...
}
Now in my database. I have in radcheck table two rows:
id | username | attribute| op | value
-++++
167 | test1 | Password | := | test1
168 | test1 | Max-Daily-Session | := | 60
The problem is that every time when I authenticate for the first time per
hour (because the sqlcounter is resetted hourly), with username test1, I
can access the services given by freeradius an unlimited time. The
sqlcounter is ebanled only if after I log in first time, log out and log in
again. If I exceed the time specified in the radcheck table in the first
log in, at the second login (in the same hour), I cannot login again due to
the sqlcounter that says that the time is up.
Question: can anyone help me how to put the right settings in database or
FR' files so that the sqlcounter module will work from the first login?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Probmels with sqlcounter module in FreeRADIUS 2.1.12
Andrei Petru Mura wrote: Now in my database. I have in radcheck table two rows: id | username | attribute| op | value -++++ 167 | test1 | Password | := | test1 Please fix that. Really. It's been ~6 years that Password := has been *documented* as being wrong. See the FAQ. 168 | test1 | Max-Daily-Session | := | 60 The problem is that every time when I authenticate for the first time per hour (because the sqlcounter is resetted hourly), with username test1, I can access the services given by freeradius an unlimited time. Blame the NAS. The sqlcounter is ebanled only if after I log in first time, log out and log in again. If I exceed the time specified in the radcheck table in the first log in, at the second login (in the same hour), I cannot login again due to the sqlcounter that says that the time is up. Question: can anyone help me how to put the right settings in database or FR' files so that the sqlcounter module will work from the first login? Read the debug output. If the correct Session-Timeout is being returned, blame the NAS. As *always* read the debug output. We really can't say that enough. Perhaps putting that in the you have subscribed notice to the list would make a difference? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Probmels with sqlcounter module in FreeRADIUS 2.1.12
On Thu, Jun 28, 2012 at 7:34 PM, Andrei Petru Mura mapand...@gmail.com wrote: id | username | attribute | op | value -++++ 167 | test1 | Password | := | test1 168 | test1 | Max-Daily-Session | := | 60 The problem is that every time when I authenticate for the first time per hour (because the sqlcounter is resetted hourly), with username test1, I can access the services given by freeradius an unlimited time. That's not right. - Did you read the wiki? - Did you try to run FR in debug mode? Did it send Session-Timeout attribute? Was it calculated correctly? - Does your NAS honor Session-Timeout attribute? IIRC some NAS (e.g. chillispot) ignores some attributes (e.g. Acct-Interim-Interval) if it's too small (e.g = 60 seconds). That might be the case in your setup (although the attribute here is different). -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sqlcounter returning Gigawords?
YvesDM wrote: We 're about to upgrade our radius which is still running 1.1.7 We use monthly datalimits so we patched the sqlcounter in order to make it reply max 4GB of left quota (to avoid wrapping), even if the user still has 10GB quota left. Of course this results in a logged out user when he reaches a session of 4GB. As general datatraffic increases we would like to avoid this in our new radius setup. In the newest version, is there a way to reply gigawords from sqlcounter? If not, is there another solution to this? The latest version has rlm_expr, which is 64-bit clean. You can use it to split the counters into 32-bit pieces. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sqlcounter returning Gigawords?
On Fri, Apr 1, 2011 at 10:40 AM, Alan DeKok al...@deployingradius.com wrote: The latest version has rlm_expr, which is 64-bit clean. You can use it to split the counters into 32-bit pieces. Alan DeKok. Tnx Alan, will check it out. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
sqlcounter returning Gigawords?
Hi, We 're about to upgrade our radius which is still running 1.1.7 We use monthly datalimits so we patched the sqlcounter in order to make it reply max 4GB of left quota (to avoid wrapping), even if the user still has 10GB quota left. Of course this results in a logged out user when he reaches a session of 4GB. As general datatraffic increases we would like to avoid this in our new radius setup. In the newest version, is there a way to reply gigawords from sqlcounter? If not, is there another solution to this? Many thx. Yves - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Help retrieving sqlcounter values
We are working on re-setting up our hotspot (coovachilli/freeradius
accounting in sql/ldap authentication) better and are trying to setup
bandwidth limiting and such.
What we seem to be having problems with is how to pull the data out of
the sqlcounter module to compare the data used to the data limit.
Such as:
if ( amount_user_has_used = limit_allowed)
{
do stuff to block them or whatever
}
We are trying to understand how the counter-name (Max-Usage-Allowed),
check-name (Check-Max-Usage), and reply-name (Reply-Max-Usage) in the
counter (UsageCounter) are accessed and evaluated to do the comparison.
When we put
if (counter-name = blah)
in, the function appears to be called and run, but this does not give
us a valid comparison.
Freeradius debug shows that the counter sql query is running and
producing a numerical output, but obviously this is not the correct
way to call it to get the comparison we want.
We have tried such things as counter-name:check-name and such but
just get errors and the counter query never runs.
Any insight?
We have searched all over and have not been able to get this working yet.
Thanks.
Mark II
--
Mark D. Montgomery II
http://www.techiem2.net
binuwYLzsfcfm.bin
Description: PGP Public Key
pgpcwlB09TPRJ.pgp
Description: PGP Digital Signature
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Please help me with sqlcounter
I want to use sqlcounter to control the user's traffic usage, and I have these needs: 1. I have read http://wiki.freeradius.org/Rlm_sqlcounter the wiki about the sqlcounter, and I get %b as the unix time value of beginning of reset period but how can I set this value? I want to sqlcounter begin count at a specific time such as the register time.. Is it possible? 2. When user's traffic usage over a value, I hope the server will disconnect the connected user immediately, Is it possible for doing this? I have read some article about sqlcounter, but I'm still confused about these questions, can anyone help me? I'm very appreciate for your help -- View this message in context: http://freeradius.1045715.n5.nabble.com/Please-help-me-with-sqlcounter-tp4192991p4192991.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Please help me with sqlcounter
I am trying to do the same in sqlcounter but looks like the %b is hard coded and there is no way to make it dynamically read from database. I have tried using custom sqlcounter but it doe not escapes properly. Anyone effort in commenting on this thread will be highly appreciable as it will enable the user to do a custom time based session accounting instead of fixed 1 ~ 30 date accounting. Best Regards Suman On 3/21/2011 11:54 AM, frankfang wrote: I want to use sqlcounter to control the user's traffic usage, and I have these needs: 1. I have read http://wiki.freeradius.org/Rlm_sqlcounter the wiki about the sqlcounter, and I get %b as the unix time value of beginning of reset period but how can I set this value? I want to sqlcounter begin count at a specific time such as the register time.. Is it possible? 2. When user's traffic usage over a value, I hope the server will disconnect the connected user immediately, Is it possible for doing this? I have read some article about sqlcounter, but I'm still confused about these questions, can anyone help me? I'm very appreciate for your help -- View this message in context: http://freeradius.1045715.n5.nabble.com/Please-help-me-with-sqlcounter-tp4192991p4192991.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __ Information from ESET NOD32 Antivirus, version of virus signature database 5924 (20110303) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Changing radgroup with a sqlcounter ?
Hello JDL-4, I use Mysql and sorry the quota is indeed 100MB. Thank you very much for this great explanation, I think that's pretty what I want to do. Could you let me know where this group_membership_query is called ? Do i need to put it in the authorize section of freeradius ? Thank you again, you are really helpful !! -- View this message in context: http://freeradius.1045715.n5.nabble.com/Changing-radgroup-with-a-sqlcounter-tp3270524p3274236.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Changing radgroup with a sqlcounter ?
Anyone ? -- View this message in context: http://freeradius.1045715.n5.nabble.com/Changing-radgroup-with-a-sqlcounter-tp3270524p3273562.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Changing radgroup with a sqlcounter ?
If I understand you correctly, instead of kicking the user with the
sqlcounter, you simply want to move them into a different group. It should
pretty straight forward. You need to set read_groups = yes in your sql
module. I would recommend that you put the check and reply attributes in the
database as well. You should be able to use the default tables and queries for
this (i.e. authorize_group_check_query and authorize_group_reply_query). See
the FreeRADIUS schema and docs.
I am not sure what 100mo means. Do you mean 100MB (Megabytes) per month?
The only custom part would be to write a proper group_membership_query that
returns the correct group name. This becomes more an SQL issue than a radius
issue. You also did not indicate what database type you are using. If you are
using MySQL, it should be something like the following. You will have to tweak
it to get the results you want. Test the SQL query directly against your
database (i.e. outside of FreeRADIUS). Once you get the results you want, use
that query as your group_membership_query.
group_membership_query = SELECT
IF((SUM(acctinputoctets)+SUM(acctoutputoctets))104857600, '512Kgroup',
'128Kgroup') FROM radacct WHERE username='%{%k}' AND
acctstarttime=DATE_FORMAT(CURDATE(), '%%Y-%%m-01 00:00:00')
Note: The double percent signs in the DATE_FORMAT command causes FreeRADIUS to
escape the percent sign. FreeRADIUS converts this to a single percent sign
before sending the query to the database. For testing the above query directly
against MySQL, you would need to use something like the following. Notice the
single percent signs.
SELECT IF((SUM(acctinputoctets)+SUM(acctoutputoctets))104857600, '512Kgroup',
'128Kgroup') FROM radacct WHERE username='testuser' AND
acctstarttime=DATE_FORMAT(CURDATE(), '%Y-%m-01 00:00:00')
See http://dev.mysql.com/doc/ if you need further assistance with the MySQL IF
operator or any other part of the query.
Note that this does not use the sqlcounter at all. It is simply changing the
group membership based on the SQL query.
Hope this helps. Good luck!
Jim L.
On Nov 18, 2010, at 5:23 AM, Arrgghh wrote:
Hello,
I am working on a radius config for a hotspot. I already configured a script
that kick the user when the quota exceed thanks to some very useful posts in
the coova forum.
I used this counter :
sqlcounter noresetBytecounter {
counter-name = Total-Max-Octets
check-name = Max-Octets
reply-name = ChilliSpot-Max-Total-Octets
sqlmod-inst = sql
key = User-Name
reset = never
query = SELECT (SUM(AcctInputOctets)+SUM(AcctOutputOctets))
FROM radacct WHERE UserName='%{%k}'
}
My goal is that a user belongs to a standard group with a 512kbps bandwith
and a quota of 100mo. Then when he exceeds his quota, he is switched to a
128 kbps group.
I know how to setup groups that limits bandwidth and volume. What I don't
know is how to set up a counter that instead of kicking the user out of the
network when he exceeds his quota switch him to another radgroup.
Any clue how i can do it ?
Thank you very much,
--
View this message in context:
http://freeradius.1045715.n5.nabble.com/Changing-radgroup-with-a-sqlcounter-tp3270524p3270524.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Changing radgroup with a sqlcounter ?
Hello,
I am working on a radius config for a hotspot. I already configured a script
that kick the user when the quota exceed thanks to some very useful posts in
the coova forum.
I used this counter :
sqlcounter noresetBytecounter {
counter-name = Total-Max-Octets
check-name = Max-Octets
reply-name = ChilliSpot-Max-Total-Octets
sqlmod-inst = sql
key = User-Name
reset = never
query = SELECT (SUM(AcctInputOctets)+SUM(AcctOutputOctets))
FROM radacct WHERE UserName='%{%k}'
}
My goal is that a user belongs to a standard group with a 512kbps bandwith
and a quota of 100mo. Then when he exceeds his quota, he is switched to a
128 kbps group.
I know how to setup groups that limits bandwidth and volume. What I don't
know is how to set up a counter that instead of kicking the user out of the
network when he exceeds his quota switch him to another radgroup.
Any clue how i can do it ?
Thank you very much,
--
View this message in context:
http://freeradius.1045715.n5.nabble.com/Changing-radgroup-with-a-sqlcounter-tp3270524p3270524.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sqlcounter help
Dear Sir
this is the log in debugging mode , in query in using
query = SELECT (SUM(AcctInputOctets)+SUM(AcctOutputOctets)) FROM radacct
WHERE UserName='%{%k}'
it works just fine
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 192.168.22.2:52098, id=20,
length=114
Service-Type = Framed-User
Framed-Protocol = PPP
User-Name = wassim
CHAP-Challenge = 0x1d546fdf501eaf2909814861d0b4bd2fa8d51ae91946
RP-HURL = \225\360[.\303\217v\241Ae\366\373\340\014\025\334G
Calling-Station-Id = 00:23:CD:10:99:A7
NAS-IP-Address =
NAS-Port = 25
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 10
modcall[authorize]: module preprocess returns ok for request 10
rlm_chap: Setting 'Auth-Type := CHAP'
modcall[authorize]: module chap returns ok for request 10
modcall[authorize]: module mschap returns noop for request 10
rlm_realm: No '@' in User-Name = wassim, looking up realm NULL
rlm_realm: No such realm NULL
modcall[authorize]: module suffix returns noop for request 10
radius_xlat: 'wassim'
rlm_sql (sql): sql_set_user escaped user -- 'wassim'
radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM
radcheck WHERE Username = 'wassim' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 1
rlm_sql_mysql: query: SELECT id, UserName, Attribute, Value, op
FROM radcheck WHERE Username = 'wassim' ORDER BY id
radius_xlat: 'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
FROM radgroupcheck,usergroup WHERE usergroup.Username = 'wassim' AND
usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
rlm_sql_mysql: query: SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
FROM radgroupcheck,usergroup WHERE usergroup.Username = 'wassim' AND
usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id
radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM
radreply WHERE Username = 'wassim' ORDER BY id'
rlm_sql_mysql: query: SELECT id, UserName, Attribute, Value, op
FROM radreply WHERE Username = 'wassim' ORDER BY id
radius_xlat: 'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
FROM radgroupreply,usergroup WHERE usergroup.Username = 'wassim' AND
usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql_mysql: query: SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
FROM radgroupreply,usergroup WHERE usergroup.Username = 'wassim' AND
usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id
rlm_sql (sql): Released sql socket id: 1
modcall[authorize]: module sql returns ok for request 10
rlm_sqlcounter: Entering module authorize code
sqlcounter_expand: 'SELECT (SUM(AcctInputOctets)+SUM(AcctOutputOctets))
FROM radacct WHERE UserName='%{User-Name}''
radius_xlat: 'SELECT (SUM(AcctInputOctets)+SUM(AcctOutputOctets)) FROM
radacct WHERE UserName='wassim''
sqlcounter_expand: '%{sql:SELECT
(SUM(AcctInputOctets)+SUM(AcctOutputOctets)) FROM radacct WHERE
UserName='wassim'}'
radius_xlat: Running registered xlat function of module sql for string
'SELECT (SUM(AcctInputOctets)+SUM(AcctOutputOctets)) FROM radacct WHERE
UserName='wassim''
rlm_sql (sql): - sql_xlat
radius_xlat: 'wassim'
rlm_sql (sql): sql_set_user escaped user -- 'wassim'
radius_xlat: 'SELECT (SUM(AcctInputOctets)+SUM(AcctOutputOctets)) FROM
radacct WHERE UserName='wassim''
radius_xlat: '/usr/local/var/log/radius/sqltrace.sql'
rlm_sql (sql): Reserving sql socket id: 0
rlm_sql_mysql: query: SELECT (SUM(AcctInputOctets)+SUM(AcctOutputOctets))
FROM radacct WHERE UserName='wassim'
rlm_sql (sql): - sql_xlat finished
rlm_sql (sql): Released sql socket id: 0
radius_xlat: '2080402569'
rlm_sqlcounter: (Check item - counter) is less than zero
rlm_sqlcounter: Rejected user wassim, check_item=1000, counter=2080402569
modcall[authorize]: module chillispot_max_bytes_daily returns reject for
request 10
modcall: leaving group authorize (returns reject) for request 10
Delaying request 10 for 5 seconds
Finished request 10
Going to the next request
Now if i replace the query with :
sqlcounter chillispot_max_bytes_daily {
counter-name = ChilliSpot-Max-Total-Octets
check-name = ChilliSpot-Max-Total-Octets
reply-name = ChilliSpot-Max-Total-Octets
sqlmod-inst = sql
key = User-Name
reset = daily
query = SELECT SUM(AcctInputOctets - GREATEST((%b -
UNIX_TIMESTAMP(AcctStartTime)), 0)) + SUM(AcctOutputOctets -GREATEST
((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE
UserName='%{%k}' AND AcctStartTime FROM_UNIXTIME('%b')
#query = SELECT (SUM(AcctInputOctets)+SUM(AcctOutputOctets)) FROM radacct
WHERE UserName='%{%k}'
}
which should reset daily
sqlcounter help
Dear Gentlemen
I'm having a problem with my daily count :
sqlcounter chillispot_max_bytes_daily {
counter-name = ChilliSpot-Max-Total-Octets
check-name = ChilliSpot-Max-Total-Octets
reply-name = ChilliSpot-Max-Total-Octets
sqlmod-inst = sql
key = User-Name
reset = daily
query = SELECT SUM(AcctInputOctets - GREATEST((%b -
UNIX_TIMESTAMP(AcctStartTime)), 0))+ SUM(AcctOutputOctets -GREATEST((%b -
UNIX_TIMESTAMP(AcctStartTime)), 0))
FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) +
AcctSessionTime '%b'
}
It is disconnecting the user if limit is reached but user can connect again
like it is not stopping the account, now if i replace the query with #query
= SELECT (SUM(AcctInputOctets)+SUM(AcctOutputOctets)) FROM radacct WHERE
UserName='%{%k}' that will disconnect the account and it wont be able to
connect again but the problem here with reset , how i will be able to reset
daily?
Best regards
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sqlcounter help
Mordor Networks wrote:
It is disconnecting the user if limit is reached but user can connect
again like it is not stopping the account, now if i replace the query
with #query = SELECT (SUM(AcctInputOctets)+SUM(AcctOutputOctets)) FROM
radacct WHERE UserName='%{%k}' that will disconnect the account and it
wont be able to connect again but the problem here with reset , how i
will be able to reset daily?
As always, run it in debugging mode to see what it's doing.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
sqlcounter is not kicking users
Hello, I configured sqlcounter on my radius server and trying to limit hotspot
users time. But when time expires, Max-All-Session is not kicking users. (but
when they log out, then they cant log in) How can i solve this problem?
I am using:
Freeradius 2
CentOS 5.3
Mikrotik as NAS.
My sqlcounter.conf:
sqlcounter noresetcounter {
counter-name = Max-All-Session-Time
check-name = Max-All-Session
sqlmod-inst = sql
key = User-Name
reset = never
query = SELECT IFNULL(SUM(AcctSessionTime),0) FROM radacct WHERE
UserName='%{%k}'
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sqlcounter is not kicking users
ziko wrote: Hello, I configured sqlcounter on my radius server and trying to limit hotspot users time. But when time expires, Max-All-Session is not kicking users. (but when they log out, then they cant log in) How can i solve this problem? Use a NAS that enforces Session-Timeout. This isn't a problem on the RADIUS server. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sqlcounter is not kicking users
Thank you for answer. I decided to use session-timeout with Max-All-Session. Session-timeout kicks users when time expires, but then they can log in again. and max-all-session ant session-timeout alliance works great :) From: Alan DeKok al...@deployingradius.com To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Sent: Fri, August 27, 2010 2:46:46 PM Subject: Re: sqlcounter is not kicking users ziko wrote: Hello, I configured sqlcounter on my radius server and trying to limit hotspot users time. But when time expires, Max-All-Session is not kicking users. (but when they log out, then they cant log in) How can i solve this problem? Use a NAS that enforces Session-Timeout. This isn't a problem on the RADIUS server. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SqlCounter reload after initial authentication
As Alan said this happens since the remaining time was already sent to the NAS which causes the disconnection, although if the user added more time then after he was initially disconnected by the NAS the user may still login again for the remaining time (which is the delta - what he already added - what he already finihsed). Seems like a reasonable work-around for the user to simply re-connect for the remaining time. Regards, Liran. On Thu, Aug 12, 2010 at 10:07 AM, tadi...@verizon.net wrote: I'm using Freeradius + Chillispot+MySql for hotspot. Sqlcounter noresetcounter works fine for prepaid access time, however the counter is loaded only once when the user first authenticate. This means that even if Max-All-Session changes after initial logon (as it happens when the user adds more credit) the user is session is still terminated at the end of the initial count down. How can I force Freeradius sqlcounter to re-load and begin counting down when Max-All-Session is updated after initial authentication? If this is not possible any workaround or hacks to accomplish this behaviour will be greatly appreciated. Thanks. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
SqlCounter reload after initial authentication
I'm using Freeradius + Chillispot+MySql for hotspot. Sqlcounter noresetcounter works fine for prepaid access time, however the counter is loaded only once when the user first authenticate. This means that even if Max-All-Session changes after initial logon (as it happens when the user adds more credit) the user is session is still terminated at the end of the initial count down. How can I force Freeradius sqlcounter to re-load and begin counting down when Max-All-Session is updated after initial authentication? If this is not possible any workaround or hacks to accomplish this behaviour will be greatly appreciated. Thanks. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SqlCounter reload after initial authentication
tadi...@verizon.net wrote: I'm using Freeradius + Chillispot+MySql for hotspot. Sqlcounter noresetcounter works fine for prepaid access time, however the counter is loaded only once when the user first authenticate. This means that even if Max-All-Session changes after initial logon (as it happens when the user adds more credit) the user is session is still terminated at the end of the initial count down. How can I force Freeradius sqlcounter to re-load and begin counting down when Max-All-Session is updated after initial authentication? If this is not possible any workaround or hacks to accomplish this behaviour will be greatly appreciated. You can't. The SQL counter module returns a Session-Timeout attribute to the NAS, and the *NAS* is the one enforcing the session length. If you update the database, the NAS doesn't know this, and still enforces the session length. Read the NAS documentation to see how it can extend existing sessions. If the documentation doesn't describe how to do it, it's impossible. And it's *not* a FreeRADIUS issue. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: reset sqlcounter on the same day for each user
On Fri, Jun 4, 2010 at 11:52 AM, Антон Зайцев anton.zajt...@gmail.comwrote: Hello everyone. Need some help. I want to limit my users with MB traffic monthly. I have set up sqlcounter and it works great. But it resets in month starting user first connect to NAS. Users can register and connect on different day during the month and then it resets differently for each user. And this is the question. How can i reset counter on the certain day for certain user(example last day of month).And then counter can resets monthly for all users beginning from the first day of month. Maybe I need some attributes or ... Thanks Can anybody help with this. As I understand counters reset only hourly monthly or weekly. I did search on mail archive and nothing useful have found. Maybe give me some directions to look for to resolve this problem Maybe I should use expiration attribute or choose else way. Thanks Anton - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
reset sqlcounter on the same day for each user
Hello everyone. Need some help. I want to limit my users with MB traffic monthly. I have set up sqlcounter and it works great. But it resets in month starting user first connect to NAS. Users can register and connect on different day during the month and then it resets differently for each user. And this is the question. How can i reset counter on the certain day for certain user(example last day of month).And then counter can resets monthly for all users beginning from the first day of month. Maybe I need some attributes or ... Thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
sqlcounter and ldap backend
Hello I have installed freeradius + LDAP backend. I need to limit the connection time per user. I found sqlcounter as a solution but I have two problems: 1 - I need to take the values: Max-Daily-Session and Max-Monthly-Session from LDAP and not from mysql DB. 2 - I need to terminate the connection when it meets the maximum connection time. Best regards, Carlos A. Sorry my English, I speak Spanish. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Session-Octets-Limit and sqlcounter
Do you manage to fix your problem?
Kindly share your solution. I am interested in knowing how I can configure my
freeradius to limit users by both time and max download size
e.g. 1usd for 1 hour or 20MB (whichever comes first).
charles
- Original Message -
From: Hamid Reza Hasani
To: freeradius-users@lists.freeradius.org
Sent: Sunday, November 29, 2009 5:45 PM
Subject: Session-Octets-Limit and sqlcounter
Hi,
I'm using freeradius-2.1.6, and I'm going to make a download limitation for
my users. I used sqlcounter module and config it as follow:
sqlcounter monthlydownload {
counter-name = Monthly-Download-Byte
check-name = Max-Monthly-Download
reply-name = Session-Octets-Limit
key = User-Name
sqlmod-inst = sql
query = SELECT SUM(AcctOutputOctets+AcctInputOctets) FROM radacct WHERE
UserName='%{%k}' AND AcctStartTime FROM_UNIXTIME('%b')
reset = monthly
safe-characters =
@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /
}
According to the log messages, it shows anything is OK:
rlm_sqlcounter: Sent Reply-Item for user hrh, Type=Session-Octets-Limit,
value=600106145
++[monthlydownload] returns ok
But in proceeding it shows me what it sent, and there isn't
Session-Octets-Limit! as you can see bellow:
Sending Access-Accept of id 222 to 127.0.0.1 port 32769
Framed-IP-Address := 20.20.20.1
Framed-IP-Netmask := 255.255.255.0
Session-Timeout = 5460
Finished request 0.
Where is my problem?
more log is available at the end of message.
Thanks for you helps.
--
Ya Ali
Hamid Reza Hasani
More Log:
Module: Linked to module rlm_sqlcounter
Module: Instantiating monthlydownload
sqlcounter monthlydownload {
counter-name = Monthly-Download-Byte
check-name = Max-Monthly-Download
reply-name = Session-Octets-Limit
key = User-Name
sqlmod-inst = sql
query = SELECT SUM(AcctOutputOctets+AcctInputOctets) FROM radacct WHERE
UserName='%{%k}' AND AcctStartTime FROM_UNIXTIME('%b')
reset = monthly
safe-characters =
@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /
}
rlm_sqlcounter: Reply attribute Session-Octets-Limit is number 3009
rlm_sqlcounter: Counter attribute Monthly-Download-Byte is number 11273
rlm_sqlcounter: Check attribute Max-Monthly-Download is number 11274
rlm_sqlcounter: Current Time: 1259506851 [2009-11-29 18:30:51], Next reset
1259613000 [2009-12-01 00:00:00]
rlm_sqlcounter: Current Time: 1259506851 [2009-11-29 18:30:51], Prev reset
1257021000 [2009-11-01 00:00:00]
Module: Checking preacct {...} for more modules to load
.
.
.
rlm_sqlcounter: Entering module authorize code
sqlcounter_expand: 'SELECT SUM(AcctOutputOctets+AcctInputOctets) FROM radacct
WHERE UserName='%{User-Name}' AND AcctStartTime FROM_UNIXTIME('1257021000')'
[monthlydownload] expand: SELECT SUM(AcctOutputOctets+AcctInputOctets) FROM
radacct WHERE UserName='%{User-Name}' AND AcctStartTime
FROM_UNIXTIME('1257021000') - SELECT SUM(AcctOutputOctets+AcctInputOctets)
FROM radacct WHERE UserName='hrh' AND AcctStartTime
FROM_UNIXTIME('1257021000')
sqlcounter_expand: '%{sql:SELECT SUM(AcctOutputOctets+AcctInputOctets) FROM
radacct WHERE UserName='hrh' AND AcctStartTime FROM_UNIXTIME('1257021000')}'
[monthlydownload] sql_xlat
[monthlydownload] expand: %{User-Name} - hrh
[monthlydownload] sql_set_user escaped user -- 'hrh'
[monthlydownload] expand: SELECT SUM(AcctOutputOctets+AcctInputOctets) FROM
radacct WHERE UserName='hrh' AND AcctStartTime FROM_UNIXTIME('1257021000') -
SELECT SUM(AcctOutputOctets+AcctInputOctets) FROM radacct WHERE UserName='hrh'
AND AcctStartTime FROM_UNIXTIME('1257021000')
[monthlydownload] expand: /usr/var/log/radius/sqltrace.sql -
/usr/var/log/radius/sqltrace.sql
rlm_sql (sql): Reserving sql socket id: 3
rlm_sql_mysql: query: SELECT SUM(AcctOutputOctets+AcctInputOctets) FROM
radacct WHERE UserName='hrh' AND AcctStartTime FROM_UNIXTIME('1257021000')
[monthlydownload] sql_xlat finished
rlm_sql (sql): Released sql socket id: 3
[monthlydownload] expand: %{sql:SELECT SUM(AcctOutputOctets+AcctInputOctets)
FROM radacct WHERE UserName='hrh' AND AcctStartTime
FROM_UNIXTIME('1257021000')} - 100213
rlm_sqlcounter: Check item is greater than query result
rlm_sqlcounter: Authorized user hrh, check_item=6, counter=100213
rlm_sqlcounter: Sent Reply-Item for user hrh, Type=Session-Octets-Limit,
value=600106145
++[monthlydownload] returns ok
.
.
.
Sending Access-Accept of id 222 to 127.0.0.1 port 32769
Framed-IP-Address := 20.20.20.1
Framed-IP-Netmask := 255.255.255.0
Session-Timeout = 5460
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
5 free
Domains
Re: Session-Octets-Limit and sqlcounter
Charles wrote: Do you manage to fix your problem? Kindly share your solution. I am interested in knowing how I can configure my freeradius to limit users by both time and max download size As with *ALL* of these questions: Does your NAS support this? Go read the NAS documentation. FreeRADIUS is *not* a firewall. The NAS is a firewall. FreeRADIUS simply tells the NAS which rules to apply. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Session-Octets-Limit and sqlcounter
Thanks Alan for your help. My NAS is m0n0wall (http://m0n0.ch/wall/features.php) and its captive portal features are briefly outlined here: http://doc.m0n0.ch/handbook/ch12s06.html . It mentions bandwidth setings. In my current setup, I use session_timeout and it works very well but I have users who download heavily within an hour. So I would like to limit using both Session_Timeout and max octes (which ever is reached first). Kindly help me by checking the features to see if I can use this NAS for this purpose. I dont know what they mean by Bandwidth Settings Charles - Original Message - From: Alan DeKok al...@deployingradius.com To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Sent: Monday, November 30, 2009 3:04 PM Subject: Re: Session-Octets-Limit and sqlcounter Charles wrote: Do you manage to fix your problem? Kindly share your solution. I am interested in knowing how I can configure my freeradius to limit users by both time and max download size As with *ALL* of these questions: Does your NAS support this? Go read the NAS documentation. FreeRADIUS is *not* a firewall. The NAS is a firewall. FreeRADIUS simply tells the NAS which rules to apply. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __ Buy a domain : http://www.1and1.com/?k_id=25085883 __ Buy a domain : http://www.1and1.com/?k_id=25085883 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Session-Octets-Limit and sqlcounter
Charles wrote: My NAS is m0n0wall (http://m0n0.ch/wall/features.php) and its captive portal features are briefly outlined here: http://doc.m0n0.ch/handbook/ch12s06.html . It mentions bandwidth setings. How nice. In my current setup, I use session_timeout and it works very well but I have users who download heavily within an hour. So I would like to limit using both Session_Timeout and max octes (which ever is reached first). You already said that. Kindly help me by checking the features to see if I can use this NAS for this purpose. Why? I dont know what they mean by Bandwidth Settings So... ask the Monowall people. We didn't write Monowall, and we didn't write it's documentation. if you don't understand it, ask them for help. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Session-Octets-Limit and sqlcounter
Thanks Allan, I think you are right, I will ask in the monowall forum. Just that the forum is not very active on Captive Portal issues. Could you be kind to suggest a NAS that you know which can help me achieve my goal? Thanks in advance - I know I am asking too much. Charles - Original Message - From: Alan DeKok al...@deployingradius.com To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Sent: Monday, November 30, 2009 4:08 PM Subject: Re: Session-Octets-Limit and sqlcounter Charles wrote: My NAS is m0n0wall (http://m0n0.ch/wall/features.php) and its captive portal features are briefly outlined here: http://doc.m0n0.ch/handbook/ch12s06.html . It mentions bandwidth setings. How nice. In my current setup, I use session_timeout and it works very well but I have users who download heavily within an hour. So I would like to limit using both Session_Timeout and max octes (which ever is reached first). You already said that. Kindly help me by checking the features to see if I can use this NAS for this purpose. Why? I dont know what they mean by Bandwidth Settings So... ask the Monowall people. We didn't write Monowall, and we didn't write it's documentation. if you don't understand it, ask them for help. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __ Buy a domain : http://www.1and1.com/?k_id=25085883 __ Buy a domain : http://www.1and1.com/?k_id=25085883 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Session-Octets-Limit and sqlcounter
On Mon, Nov 30, 2009 at 4:44 PM, Charles char...@goma.kivu-online.com wrote: Thanks Allan, I think you are right, I will ask in the monowall forum. Just that the forum is not very active on Captive Portal issues. Could you be kind to suggest a NAS that you know which can help me achieve my goal? Thanks in advance - I know I am asking too much. Charles Charles, m0n0wall has an option in the CP settings to re-authenticate every minute. It makes your life real easy in setting up radius. Just set a check item in radcheck containing your datacap and set sql counter appropiate. But as suggested, the m0n0wall list will definately help you out. kind regards Y. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Session-Octets-Limit and sqlcounter
I think you are right, I will ask in the monowall forum. Just that the forum is not very active on Captive Portal issues. Could you be kind to suggest a NAS that you know which can help me achieve my goal? Thanks in advance - I know I am asking too much. Yes you do. Now go and read monowall changelog and all will be answered. Ivan Kalik - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Session-Octets-Limit and sqlcounter
Thanks YvesDM, I saw it - the attribute - and my problem is now solved Many thinks! the Last line ! 1.236 (09/30/2009) a.. fixed a security issue in the DHCP client (CVE-2009-0692) b.. captive portal fixes (jdegraeve): a.. changed RADIUS timeout/maxtries from 5/3 to 3/2 reducing failover time from 30 to 15 seconds b.. added RADIUS attribute support for: ChilliSpot-Bandwidth-Max-Up/ChilliSpot-Bandwidth-Max-Down - Original Message - From: YvesDM ydm...@gmail.com To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Sent: Monday, November 30, 2009 11:09 PM Subject: Re: Session-Octets-Limit and sqlcounter On Mon, Nov 30, 2009 at 4:44 PM, Charles char...@goma.kivu-online.com wrote: Thanks Allan, I think you are right, I will ask in the monowall forum. Just that the forum is not very active on Captive Portal issues. Could you be kind to suggest a NAS that you know which can help me achieve my goal? Thanks in advance - I know I am asking too much. Charles Charles, m0n0wall has an option in the CP settings to re-authenticate every minute. It makes your life real easy in setting up radius. Just set a check item in radcheck containing your datacap and set sql counter appropiate. But as suggested, the m0n0wall list will definately help you out. kind regards Y. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __ Buy a domain : http://www.1and1.com/?k_id=25085883 __ Buy a domain : http://www.1and1.com/?k_id=25085883 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Session-Octets-Limit and sqlcounter
Hi,
I'm using freeradius-2.1.6, and I'm going to make a download limitation for
my users. I used sqlcounter module and config it as follow:
sqlcounter monthlydownload {
counter-name = Monthly-Download-Byte
check-name = Max-Monthly-Download
reply-name = Session-Octets-Limit
key = User-Name
sqlmod-inst = sql
query = SELECT SUM(AcctOutputOctets+AcctInputOctets) FROM radacct WHERE
UserName='%{%k}' AND AcctStartTime FROM_UNIXTIME('%b')
reset = monthly
safe-characters =
@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /
}
According to the log messages, it shows anything is OK:
rlm_sqlcounter: Sent Reply-Item for user hrh, Type=Session-Octets-Limit,
value=600106145
++[monthlydownload] returns ok
But in proceeding it shows me what it sent, and there isn't
Session-Octets-Limit! as you can see bellow:
Sending Access-Accept of id 222 to 127.0.0.1 port 32769
Framed-IP-Address := 20.20.20.1
Framed-IP-Netmask := 255.255.255.0
Session-Timeout = 5460
Finished request 0.
Where is my problem?
more log is available at the end of message.
Thanks for you helps.
--
Ya Ali
Hamid Reza Hasani
More Log:
Module: Linked to module rlm_sqlcounter
Module: Instantiating monthlydownload
sqlcounter monthlydownload {
counter-name = Monthly-Download-Byte
check-name = Max-Monthly-Download
reply-name = Session-Octets-Limit
key = User-Name
sqlmod-inst = sql
query = SELECT SUM(AcctOutputOctets+AcctInputOctets) FROM radacct WHERE
UserName='%{%k}' AND AcctStartTime FROM_UNIXTIME('%b')
reset = monthly
safe-characters =
@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /
}
rlm_sqlcounter: Reply attribute Session-Octets-Limit is number 3009
rlm_sqlcounter: Counter attribute Monthly-Download-Byte is number 11273
rlm_sqlcounter: Check attribute Max-Monthly-Download is number 11274
rlm_sqlcounter: Current Time: 1259506851 [2009-11-29 18:30:51], Next reset
1259613000 [2009-12-01 00:00:00]
rlm_sqlcounter: Current Time: 1259506851 [2009-11-29 18:30:51], Prev reset
1257021000 [2009-11-01 00:00:00]
Module: Checking preacct {...} for more modules to load
.
.
.
rlm_sqlcounter: Entering module authorize code
sqlcounter_expand: 'SELECT SUM(AcctOutputOctets+AcctInputOctets) FROM
radacct WHERE UserName='%{User-Name}' AND AcctStartTime
FROM_UNIXTIME('1257021000')'
[monthlydownload] expand: SELECT SUM(AcctOutputOctets+AcctInputOctets) FROM
radacct WHERE UserName='%{User-Name}' AND AcctStartTime
FROM_UNIXTIME('1257021000') - SELECT SUM(AcctOutputOctets+AcctInputOctets)
FROM radacct WHERE UserName='hrh' AND AcctStartTime
FROM_UNIXTIME('1257021000')
sqlcounter_expand: '%{sql:SELECT SUM(AcctOutputOctets+AcctInputOctets) FROM
radacct WHERE UserName='hrh' AND AcctStartTime
FROM_UNIXTIME('1257021000')}'
[monthlydownload] sql_xlat
[monthlydownload] expand: %{User-Name} - hrh
[monthlydownload] sql_set_user escaped user -- 'hrh'
[monthlydownload] expand: SELECT SUM(AcctOutputOctets+AcctInputOctets) FROM
radacct WHERE UserName='hrh' AND AcctStartTime FROM_UNIXTIME('1257021000')
- SELECT SUM(AcctOutputOctets+AcctInputOctets) FROM radacct WHERE
UserName='hrh' AND AcctStartTime FROM_UNIXTIME('1257021000')
[monthlydownload] expand: /usr/var/log/radius/sqltrace.sql -
/usr/var/log/radius/sqltrace.sql
rlm_sql (sql): Reserving sql socket id: 3
rlm_sql_mysql: query: SELECT SUM(AcctOutputOctets+AcctInputOctets) FROM
radacct WHERE UserName='hrh' AND AcctStartTime FROM_UNIXTIME('1257021000')
[monthlydownload] sql_xlat finished
rlm_sql (sql): Released sql socket id: 3
[monthlydownload] expand: %{sql:SELECT SUM(AcctOutputOctets+AcctInputOctets)
FROM radacct WHERE UserName='hrh' AND AcctStartTime
FROM_UNIXTIME('1257021000')} - 100213
rlm_sqlcounter: Check item is greater than query result
rlm_sqlcounter: Authorized user hrh, check_item=6, counter=100213
rlm_sqlcounter: Sent Reply-Item for user hrh, Type=Session-Octets-Limit,
value=600106145
++[monthlydownload] returns ok
.
.
.
Sending Access-Accept of id 222 to 127.0.0.1 port 32769
Framed-IP-Address := 20.20.20.1
Framed-IP-Netmask := 255.255.255.0
Session-Timeout = 5460
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Session-Octets-Limit and sqlcounter
I'm using freeradius-2.1.6, and I'm going to make a download limitation for my users. I used sqlcounter module and config it as follow: According to the log messages, it shows anything is OK: Where is my problem? rlm_sqlcounter: Reply attribute Session-Octets-Limit is number 3009 Did you actually read the comments in raddb/dictionary? Ivan Kalik - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
sqlcounter / end session at the end of the month
Hi, I'm having issues with octet accounting. Users are monthly limited in octets, not in time. The problem i have is when a user logs in on the last day of the month and stays online for 3 days then there's 2days within the new month but the accounting counts within the previous month, which we don't like :-) So I was thinking about adding a counter module which calculates a session-timeout at the last second of the month so users get logged out just before the new month starts. But, I don't know how to set the check-item. If I use max-all-session and a monthly reset I need a check item that equals the end of the month, which can be 28 days, 30 days or 31 days. Any known solutions to this? Kind regards, Y. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sqlcounter / end session at the end of the month
YvesDM wrote: I'm having issues with octet accounting. Users are monthly limited in octets, not in time. The problem i have is when a user logs in on the last day of the month and stays online for 3 days then there's 2days within the new month but the accounting counts within the previous month, which we don't like :-) So... run a query at the end of each month that grabs the current counters for each user. Bill them for that, and remember what that number is in a new column in the table. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: authentication failed because sqlcounter...
the problem solved it just because 30 second less than one minute, i've tried using Max-All-Sesion:=3600 and it works.. --- On Sat, 5/9/09, Nizar Zulmi siapa_bilang_emailku_panj...@yahoo.com wrote: From: Nizar Zulmi siapa_bilang_emailku_panj...@yahoo.com Subject: Re: authentication failed because sqlcounter... To: t...@kalik.net, FreeRadius users mailing list freeradius-users@lists.freeradius.org Date: Saturday, May 9, 2009, 2:03 PM i am using freeradius 1.1.7, not that old rite??? i've tried using := operator and cleartext-password but still doesn't work..this bellow is my radcheck table.. ++--++++ | id | UserName | Attribute | op | Value | ++--++++ | 1 | nizar | Password | == | nizar | | 2 | nizar1 | Password | == | nizar1 | | 6 | tes | Max-All-Session | == | 90 | | 4 | tes | Password | == | tes | | 7 | denizaro | Cleartext-Password | := | 123456 | | 8 | denizaro | Max-All-Session | := | 30 | ++--++++ 6 rows in set (0.00 sec) i try to log in with user denizaro first time before i add attribute max-all-session its succesfully logged in, but after i adding max-all-session attribut its failed.. whats happen?? --- On Sat, 5/9/09, Ivan Kalik t...@kalik.net wrote: From: Ivan Kalik t...@kalik.net Subject: Re: authentication failed because sqlcounter... To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Date: Saturday, May 9, 2009, 2:51 AM mm confusing..i just enable the sqlcounter in radiusd.conf. i just let it as default no change i made in noresetcounter module. then i adding noresetcounter in authorize and instantiate section. i have defined 1user named tes and password tes has loged in normally before i add attribut max-all-session in the table radcheck just like this. ++--+-+++ | id | UserName | Attribute | op | Value | ++--+-+++ | 1 | nizar | Password | == | nizar | | 2 | nizar1 | Password | == | nizar1 | | 6 | tes | Max-All-Session | == | 90 | | 4 | tes | Password | == | tes | ++--+-+++ after i adding the attribut max-all-session the user tes cannot login anymore. i do running freeradius in debug mode and the following si the result.. := not ==. And that password attribute Password is deprecated for many years. How old is your freeradius version? Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -Inline Attachment Follows- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Implementing a logout sqlcounter
--- On Tue, 5/12/09, Ming-Ching Tiew mct...@yahoo.com wrote: Whereas the radclient continually sending accounting info to the server, I thought doing the reject at accouting will also some what accomplishing the same purpose. Any comments ? Further readings seems to indicate this this could possible implemented using unlang 'update disconnect' in preacct section ? Regards - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Implementing a logout sqlcounter
I am thinking of using sqlcounter to implement a logout counter, ie whenever I want to logout a particular user, I set something into the database, then the sqlcounter will pick it up, and drop the existing session. Dropping sessions on radius server will have no impact on users connection to the NAS. OK I read in some of the older posts, one way people have implemented this feature is via then spin off radclient. This has the disadvantage in that, if the radius client is behind somekind of firewall, the server initiated radclient will have problem sending this to the radius client. Use Packet-Src-IP-Address. Whereas the radclient continually sending accounting info to the server, I thought doing the reject at accouting will also some what accomplishing the same purpose. Disconnecting users on accounting packets is not straightforward. NAS features will dictate if this is at all possible. Many don't support CoA and PoD and with some you can't remotely disconnect the user even using SNMP. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Implementing a logout sqlcounter
I am thinking of using sqlcounter to implement a logout counter, ie whenever I want to logout a particular user, I set something into the database, then the sqlcounter will pick it up, and drop the existing session. OK I read in some of the older posts, one way people have implemented this feature is via then spin off radclient. This has the disadvantage in that, if the radius client is behind somekind of firewall, the server initiated radclient will have problem sending this to the radius client. Whereas the radclient continually sending accounting info to the server, I thought doing the reject at accouting will also some what accomplishing the same purpose. Any comments ? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: authentication failed because sqlcounter...
i am using freeradius 1.1.7, not that old rite??? i've tried using := operator and cleartext-password but still doesn't work..this bellow is my radcheck table.. ++--++++ | id | UserName | Attribute | op | Value | ++--++++ | 1 | nizar | Password | == | nizar | | 2 | nizar1 | Password | == | nizar1 | | 6 | tes | Max-All-Session | == | 90 | | 4 | tes | Password | == | tes | | 7 | denizaro | Cleartext-Password | := | 123456 | | 8 | denizaro | Max-All-Session | := | 30 | ++--++++ 6 rows in set (0.00 sec) i try to log in with user denizaro first time before i add attribute max-all-session its succesfully logged in, but after i adding max-all-session attribut its failed.. whats happen?? --- On Sat, 5/9/09, Ivan Kalik t...@kalik.net wrote: From: Ivan Kalik t...@kalik.net Subject: Re: authentication failed because sqlcounter... To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Date: Saturday, May 9, 2009, 2:51 AM mm confusing..i just enable the sqlcounter in radiusd.conf. i just let it as default no change i made in noresetcounter module. then i adding noresetcounter in authorize and instantiate section. i have defined 1user named tes and password tes has loged in normally before i add attribut max-all-session in the table radcheck just like this. ++--+-+++ | id | UserName | Attribute | op | Value | ++--+-+++ | 1 | nizar | Password | == | nizar | | 2 | nizar1 | Password | == | nizar1 | | 6 | tes | Max-All-Session | == | 90 | | 4 | tes | Password | == | tes | ++--+-+++ after i adding the attribut max-all-session the user tes cannot login anymore. i do running freeradius in debug mode and the following si the result.. := not ==. And that password attribute Password is deprecated for many years. How old is your freeradius version? Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: authentication failed because sqlcounter...
i am using freeradius 1.1.7, not that old rite??? i've tried using := operator and cleartext-password but still doesn't work..this bellow is my radcheck table.. ++--++++ | id | UserName | Attribute | op | Value | ++--++++ | 1 | nizar | Password | == | nizar | | 2 | nizar1 | Password | == | nizar1 | | 6 | tes | Max-All-Session | == | 90 | | 4 | tes | Password | == | tes | | 7 | denizaro | Cleartext-Password | := | 123456 | | 8 | denizaro | Max-All-Session | := | 30 | ++--++++ 6 rows in set (0.00 sec) i try to log in with user denizaro first time before i add attribute max-all-session its succesfully logged in, but after i adding max-all-session attribut its failed.. whats happen?? --- On Sat, 5/9/09, Ivan Kalik t...@kalik.net wrote: From: Ivan Kalik t...@kalik.net Subject: Re: authentication failed because sqlcounter... To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Date: Saturday, May 9, 2009, 2:51 AM mm confusing..i just enable the sqlcounter in radiusd.conf. i just let it as default no change i made in noresetcounter module. then i adding noresetcounter in authorize and instantiate section. i have defined 1user named tes and password tes has loged in normally before i add attribut max-all-session in the table radcheck just like this. ++--+-+++ | id | UserName | Attribute | op | Value | ++--+-+++ | 1 | nizar | Password | == | nizar | | 2 | nizar1 | Password | == | nizar1 | | 6 | tes | Max-All-Session | == | 90 | | 4 | tes | Password | == | tes | ++--+-+++ after i adding the attribut max-all-session the user tes cannot login anymore. i do running freeradius in debug mode and the following si the result.. := not ==. And that password attribute Password is deprecated for many years. How old is your freeradius version? Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
authentication failed because sqlcounter...
mm confusing..i just enable the sqlcounter in radiusd.conf. i just let it as default no change i made in noresetcounter module. then i adding noresetcounter in authorize and instantiate section. i have defined 1user named tes and password tes has loged in normally before i add attribut max-all-session in the table radcheck just like this. ++--+-+++ | id | UserName | Attribute | op | Value | ++--+-+++ | 1 | nizar | Password | == | nizar | | 2 | nizar1 | Password | == | nizar1 | | 6 | tes | Max-All-Session | == | 90 | | 4 | tes | Password | == | tes | ++--+-+++ after i adding the attribut max-all-session the user tes cannot login anymore. i do running freeradius in debug mode and the following si the result.. somebody help me please... freeradius debug result=== rad_recv: Access-Request packet from host 192.168.0.1:56614, id=0, length=194 User-Name = tes User-Password = tes NAS-IP-Address = 0.0.0.0 Service-Type = Login-User Framed-IP-Address = 192.168.182.3 Calling-Station-Id = 00-1E-68-23-E9-C8 Called-Station-Id = 00-00-E2-78-FF-39 NAS-Identifier = nas01 Acct-Session-Id = 4a048168 NAS-Port-Type = Wireless-802.11 NAS-Port = 0 Message-Authenticator = 0x1c3a148590ef0762aed6069cc9ac0715 WISPr-Logoff-URL = http://192.168.182.1:3990/logoff; Processing the authorize section of radiusd.conf modcall: entering group authorize for request 3 modcall[authorize]: module preprocess returns ok for request 3 modcall[authorize]: module chap returns noop for request 3 modcall[authorize]: module mschap returns noop for request 3 rlm_realm: No '@' in User-Name = tes, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop for request 3 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module eap returns noop for request 3 radius_xlat: 'tes' rlm_sql (sql): sql_set_user escaped user -- 'tes' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'tes' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 0 radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'tes' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = 'tes' ORDER BY id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'tes' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): Released sql socket id: 0 rlm_sql (sql): No matching entry in the database for request from user [tes] modcall[authorize]: module sql returns notfound for request 3 rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair modcall[authorize]: module noresetcounter returns noop for request 3 rlm_pap: WARNING! No known good password found for the user. Authentication may fail because of this. modcall[authorize]: module pap returns noop for request 3 modcall: leaving group authorize (returns ok) for request 3 auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. Delaying request 3 for 1 seconds Finished request 3 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... rad_recv: Access-Request packet from host 192.168.0.1:56614, id=0, length=194 Sending Access-Reject of id 0 to 192.168.0.1 port 56614 Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 3 ID 0 with timestamp 4a048180 Nothing to do. Sleeping until we see a request. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
authentication failed because sqlcounter...
mm confusing..i just enable the sqlcounter in radiusd.conf. i just let it as default no change i made in noresetcounter module. then i adding noresetcounter in authorize and instantiate section. i have defined 1user named tes and password tes has loged in normally before i add attribut max-all-session in the table radcheck just like this. ++--+-+++ | id | UserName | Attribute | op | Value | ++--+-+++ | 1 | nizar | Password | == | nizar | | 2 | nizar1 | Password | == | nizar1 | | 6 | tes | Max-All-Session | == | 90 | | 4 | tes | Password | == | tes | ++--+-+++ after i adding the attribut max-all-session the user tes cannot login anymore. i do running freeradius in debug mode and the following si the result.. somebody help me please... freeradius debug result=== rad_recv: Access-Request packet from host 192.168.0.1:56614, id=0, length=194 User-Name = tes User-Password = tes NAS-IP-Address = 0.0.0.0 Service-Type = Login-User Framed-IP-Address = 192.168.182.3 Calling-Station-Id = 00-1E-68-23-E9-C8 Called-Station-Id = 00-00-E2-78-FF-39 NAS-Identifier = nas01 Acct-Session-Id = 4a048168 NAS-Port-Type = Wireless-802.11 NAS-Port = 0 Message-Authenticator = 0x1c3a148590ef0762aed6069cc9ac0715 WISPr-Logoff-URL = http://192.168.182.1:3990/logoff; Processing the authorize section of radiusd.conf modcall: entering group authorize for request 3 modcall[authorize]: module preprocess returns ok for request 3 modcall[authorize]: module chap returns noop for request 3 modcall[authorize]: module mschap returns noop for request 3 rlm_realm: No '@' in User-Name = tes, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop for request 3 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module eap returns noop for request 3 radius_xlat: 'tes' rlm_sql (sql): sql_set_user escaped user -- 'tes' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'tes' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 0 radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'tes' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = 'tes' ORDER BY id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'tes' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): Released sql socket id: 0 rlm_sql (sql): No matching entry in the database for request from user [tes] modcall[authorize]: module sql returns notfound for request 3 rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair modcall[authorize]: module noresetcounter returns noop for request 3 rlm_pap: WARNING! No known good password found for the user. Authentication may fail because of this. modcall[authorize]: module pap returns noop for request 3 modcall: leaving group authorize (returns ok) for request 3 auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. Delaying request 3 for 1 seconds Finished request 3 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... rad_recv: Access-Request packet from host 192.168.0.1:56614, id=0, length=194 Sending Access-Reject of id 0 to 192.168.0.1 port 56614 Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 3 ID 0 with timestamp 4a048180 Nothing to do. Sleeping until we see a request. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
authentication failed because sqlcounter...
mm confusing..i just enable the sqlcounter in radiusd.conf. i just let it as default no change i made in noresetcounter module. then i adding noresetcounter in authorize and instantiate section. i have defined 1user named tes and password tes has loged in normally before i add attribut max-all-session in the table radcheck just like this. ++--+-+++ | id | UserName | Attribute | op | Value | ++--+-+++ | 1 | nizar | Password | == | nizar | | 2 | nizar1 | Password | == | nizar1 | | 6 | tes | Max-All-Session | == | 90 | | 4 | tes | Password | == | tes | ++--+-+++ after i adding the attribut max-all-session the user tes cannot login anymore. i do running freeradius in debug mode and the following si the result.. somebody help me please... freeradius debug result=== rad_recv: Access-Request packet from host 192.168.0.1:56614, id=0, length=194 User-Name = tes User-Password = tes NAS-IP-Address = 0.0.0.0 Service-Type = Login-User Framed-IP-Address = 192.168.182.3 Calling-Station-Id = 00-1E-68-23-E9-C8 Called-Station-Id = 00-00-E2-78-FF-39 NAS-Identifier = nas01 Acct-Session-Id = 4a048168 NAS-Port-Type = Wireless-802.11 NAS-Port = 0 Message-Authenticator = 0x1c3a148590ef0762aed6069cc9ac0715 WISPr-Logoff-URL = http://192.168.182.1:3990/logoff; Processing the authorize section of radiusd.conf modcall: entering group authorize for request 3 modcall[authorize]: module preprocess returns ok for request 3 modcall[authorize]: module chap returns noop for request 3 modcall[authorize]: module mschap returns noop for request 3 rlm_realm: No '@' in User-Name = tes, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop for request 3 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module eap returns noop for request 3 radius_xlat: 'tes' rlm_sql (sql): sql_set_user escaped user -- 'tes' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'tes' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 0 radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'tes' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = 'tes' ORDER BY id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'tes' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): Released sql socket id: 0 rlm_sql (sql): No matching entry in the database for request from user [tes] modcall[authorize]: module sql returns notfound for request 3 rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair modcall[authorize]: module noresetcounter returns noop for request 3 rlm_pap: WARNING! No known good password found for the user. Authentication may fail because of this. modcall[authorize]: module pap returns noop for request 3 modcall: leaving group authorize (returns ok) for request 3 auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. Delaying request 3 for 1 seconds Finished request 3 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... rad_recv: Access-Request packet from host 192.168.0.1:56614, id=0, length=194 Sending Access-Reject of id 0 to 192.168.0.1 port 56614 Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 3 ID 0 with timestamp 4a048180 Nothing to do. Sleeping until we see a request. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: authentication failed because sqlcounter...
mm confusing..i just enable the sqlcounter in radiusd.conf. i just let it as default no change i made in noresetcounter module. then i adding noresetcounter in authorize and instantiate section. i have defined 1user named tes and password tes has loged in normally before i add attribut max-all-session in the table radcheck just like this. ++--+-+++ | id | UserName | Attribute | op | Value | ++--+-+++ | 1 | nizar | Password | == | nizar | | 2 | nizar1 | Password | == | nizar1 | | 6 | tes | Max-All-Session | == | 90 | | 4 | tes | Password | == | tes | ++--+-+++ after i adding the attribut max-all-session the user tes cannot login anymore. i do running freeradius in debug mode and the following si the result.. := not ==. And that password attribute Password is deprecated for many years. How old is your freeradius version? Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SQLCounter configuration
tnt-4 wrote:
3) Currently I receive something like Reply-Message = Your maximum
never usage time has been reached when the counter reaches its limit -
even when what was counted as not time but data volume. Can Reply-Message
for sqlcounter be configured as in the expiration module?
No. But you can sort out the reply with unlang.
Can you show some examples please? I try to do like this:
noresetBytecounter
if (reject) {
update reply {
Reply-Message := Traffic limit exceeded.
}
}
but if noresetBytecounter return reject freeradius immediatly return reject
to user and do not process 'if' clause
--
View this message in context:
http://www.nabble.com/SQLCounter-configuration-tp21384983p22219985.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SQLCounter configuration
alt_ wrote:
Can you show some examples please? I try to do like this:
noresetBytecounter
if (reject) {
update reply {
Reply-Message := Traffic limit exceeded.
}
}
but if noresetBytecounter return reject freeradius immediatly return reject
to user and do not process 'if' clause
You need to put this in the post-auth section, Reject subsection.
See the example configuration files.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SQLCounter configuration
On Thu, 26 Feb 2009 12:03:22 +0200, Alan DeKok al...@deployingradius.com
wrote:
alt_ wrote:
Can you show some examples please? I try to do like this:
noresetBytecounter
if (reject) {
update reply {
Reply-Message := Traffic limit exceeded.
}
}
but if noresetBytecounter return reject freeradius immediatly return
reject
to user and do not process 'if' clause
You need to put this in the post-auth section, Reject subsection.
See the example configuration files.
/etc/freeradius/sites-enabled/default[412]: SQL Counter modules aren't
allowed in 'post-auth' sections -- they have no such method.
--
ISP CrIS, Softwarium
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SQLCounter configuration
Alexander Solodukhin wrote: /etc/freeradius/sites-enabled/default[412]: SQL Counter modules aren't allowed in 'post-auth' sections -- they have no such method. The REJECT handler needs to be put into the post-auth section. Not the sqlcounter module. Please READ the default configuration files. The comments in sites-available/default explain how the post-auth reject handler works. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SQLCounter configuration
Can you show some examples please? I try to do like this:
noresetBytecounter
if (reject) {
update reply {
Reply-Message := Traffic limit exceeded.
}
}
but if noresetBytecounter return reject freeradius immediatly return
reject
to user and do not process 'if' clause
You need to put this in the post-auth section, Reject subsection.
See the example configuration files.
/etc/freeradius/sites-enabled/default[412]: SQL Counter modules aren't
allowed in 'post-auth' sections -- they have no such method.
Don't put the counter there but the counter attribute:
if(control:Counter-Attribute 0) { ...
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SQLCounter configuration
On Thu, 26 Feb 2009 13:19:06 +0200, t...@kalik.net wrote:
Can you show some examples please? I try to do like this:
noresetBytecounter
if (reject) {
update reply {
Reply-Message := Traffic limit exceeded.
}
}
but if noresetBytecounter return reject freeradius immediatly return
reject
to user and do not process 'if' clause
You need to put this in the post-auth section, Reject subsection.
See the example configuration files.
/etc/freeradius/sites-enabled/default[412]: SQL Counter modules aren't
allowed in 'post-auth' sections -- they have no such method.
Don't put the counter there but the counter attribute:
if(control:Counter-Attribute 0) { ...
Sorry, i read mans and comments in config and try to do like you say but
it's not work as i need. I have sqlcounter:
sqlcounter noresetBytecounter {
counter-name = Total-Max-Octets
check-name = Max-Octets
reply-name = ChilliSpot-Max-Total-Octets
sqlmod-inst = sql
key = User-Name
reset = never
query = SELECT (SUM(AcctInputOctets)+SUM(AcctOutputOctets)) FROM
radacct WHERE UserName='%{%k}'
}
post-auth section in sites-enabled/default:
Post-Auth-Type REJECT {
attr_filter.access_reject
if (control:Max-Octets 0) {
update reply {
Reply-Message := Traffic limit exceeded.
}
}
}
so, what exactly name must be in control: ? As you can see i try to put
Max-Octets, but seems that attribute simly loaded from mysql (even if
password wrong and no traffic overlimit occures there 'Traffic limit
exceeded.' error message returned) and it's always greater than zero. I
try counter:ChilliSpot-Max-Total-Octets but got:
Attribute control:ChilliSpot-Max-Total-Octets was not found
in debug. Sorry but i something missunderstand in general, please put me
on right way.
--
ISP CrIS, Softwarium
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SQLCounter configuration
Sorry, i read mans and comments in config and try to do like you say but
it's not work as i need. I have sqlcounter:
sqlcounter noresetBytecounter {
counter-name = Total-Max-Octets
check-name = Max-Octets
reply-name = ChilliSpot-Max-Total-Octets
sqlmod-inst = sql
key = User-Name
reset = never
query = SELECT (SUM(AcctInputOctets)+SUM(AcctOutputOctets)) FROM
radacct WHERE UserName='%{%k}'
}
post-auth section in sites-enabled/default:
Post-Auth-Type REJECT {
attr_filter.access_reject
if (control:Max-Octets 0) {
update reply {
Reply-Message := Traffic limit exceeded.
}
}
}
Looking at that it should probably be:
control:Max-Octets (check value) control:Total-Max-Octets (counter
value). I don't think that negative value vill go into (reply:)
ChilliSpot-Max-Total-Octets. If it doesn't work, you can check if reply
value is zero.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SQLCounter configuration
On Thu, 26 Feb 2009 16:55:00 +0200, t...@kalik.net wrote:
Sorry, i read mans and comments in config and try to do like you say but
it's not work as i need. I have sqlcounter:
sqlcounter noresetBytecounter {
counter-name = Total-Max-Octets
check-name = Max-Octets
reply-name = ChilliSpot-Max-Total-Octets
sqlmod-inst = sql
key = User-Name
reset = never
query = SELECT (SUM(AcctInputOctets)+SUM(AcctOutputOctets))
FROM
radacct WHERE UserName='%{%k}'
}
post-auth section in sites-enabled/default:
Post-Auth-Type REJECT {
attr_filter.access_reject
if (control:Max-Octets 0) {
update reply {
Reply-Message := Traffic limit exceeded.
}
}
}
Looking at that it should probably be:
control:Max-Octets (check value) control:Total-Max-Octets (counter
value). I don't think that negative value vill go into (reply:)
ChilliSpot-Max-Total-Octets. If it doesn't work, you can check if reply
value is zero.
Total-Max-Octets also not found in control list:
Attribute control:Total-Max-Octets was not found
I can do like this:
if (!reply:ChilliSpot-Max-Total-Octets) {
update reply {
Reply-Message := Traffic limit exceeded.
}
}
but if user enter wrong password Traffic limit exceeded. error message
will be displayed.
--
ISP CrIS, Softwarium
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SQLCounter configuration
I can do like this:
if (!reply:ChilliSpot-Max-Total-Octets) {
update reply {
Reply-Message := Traffic limit exceeded.
}
}
but if user enter wrong password Traffic limit exceeded. error message
will be displayed.
I had a look at the code and sqlcounter module sets the Reply-Message:
Your maximum %s usage time has been reached when user is rejected.
Check for that reply message and alter it.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SQLCounter configuration
On Thu, 26 Feb 2009 20:56:03 +0200, t...@kalik.net wrote:
I can do like this:
if (!reply:ChilliSpot-Max-Total-Octets) {
update reply {
Reply-Message := Traffic limit exceeded.
}
}
but if user enter wrong password Traffic limit exceeded. error message
will be displayed.
I had a look at the code and sqlcounter module sets the Reply-Message:
Your maximum %s usage time has been reached when user is rejected.
Check for that reply message and alter it.
Thank you. I see this solution in the internet, but i need configurable
Reply-Message, becouse i want to limit not only traffic, but session time
too.
--
ISP CrIS, Softwarium
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SQLCounter configuration
Thank you. I see this solution in the internet, but i need configurable Reply-Message, becouse i want to limit not only traffic, but session time too. Actually, I can recall that sqlcounter had configurable Reply-Message in early days (I had 1.0.5 where it was configurable). Download 1.0.5 and have a look how was it done. Perhaps you can create a patch for the current version without too much trouble. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SQLCounter configuration
1) After the time or data volume for a period (say a month) is reached the user is automatically disconnected - as expected. Rather them not allowing to log in , I would like freeradius to return some other attributes (WISPr-Bandwidth-Max-Up and WISPr-Bandwidth-Max-Down work fine with ChilliSpot) to be sent to the router for the user, so that a connection is still possible, but at a much lower maximum speed. Can that be done, and if so, can someone give me a pointer. I was thinking maybe using unlang, but I may be barking up the wrong tree. Create a sql group called slow that enforces those limits. Add the user to that group (with low priority) with unlang (on authentication) or perl sript (on accounting stop packet). Important - remove slow group entries when counter resets. 2) The reset = monthly method seem to the first of the current month. That is one way of doing it, but I would like the reset to occur at the same date in the month every month. So if someone signs up, say on the 12th of a month, the reset will occur every month on the 12th. Can that be done with freeradius? Yes. Queries are configurable. Don't use %b. Calculate start the way you see fit. 3) Currently I receive something like Reply-Message = Your maximum never usage time has been reached when the counter reaches its limit - even when what was counted as not time but data volume. Can Reply-Message for sqlcounter be configured as in the expiration module? No. But you can sort out the reply with unlang. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SQLCounter configuration
On Sat, Jan 10, 2009 at 10:36 AM, Hanno Schupp hanno.sch...@gmail.com wrote: Dear All, I have a few questions regarding the rlm_sqlcounter module and its configuration. I have a freeradius 2.1.0 communicating with a router running chillispot 1.1 I set up counters for time, data volume, and with different reset periods. All works fine and as expected. Here my questions: 1) After the time or data volume for a period (say a month) is reached the user is automatically disconnected – as expected. Rather them not allowing to log in , I would like freeradius to return some other attributes (WISPr-Bandwidth-Max-Up and WISPr-Bandwidth-Max-Down work fine with ChilliSpot) to be sent to the router for the user, so that a connection is still possible, but at a much lower maximum speed. Can that be done, and if so, can someone give me a pointer. I was thinking maybe using unlang, but I may be barking up the wrong tree. You might be better off making changes to your provisioning system assuming you are using a database backend although you might be able to get away with unlang. 2) The reset = monthly method seem to the first of the current month. That is one way of doing it, but I would like the reset to occur at the same date in the month every month. So if someone signs up, say on the 12th of a month, the reset will occur every month on the 12th. Can that be done with freeradius? rlm_sqlcounter only support calendar month or day or week. 3) Currently I receive something like Reply-Message = Your maximum never usage time has been reached when the counter reaches its limit – even when what was counted as not time but data volume. Can Reply-Message for sqlcounter be configured as in the expiration module? rlm_sqlcounter does not have provision for cusom reply messages. There was a patch floating around to send custom reply messages from rlm_sqlcounter. Probably you should look in mailing list archives. 4) One surprise I have had: I don't quite understand how the system calculates the day for the beginning of the reset = weekly. I appreciate that calculating the day of the week is not easy as for example first of the current month or beginning of the day, so I was not surprised to not have a Monday, but I was surprised to see the SQL query run with 'Fri Jan 09 2009 00:00:00 GMT+1300 (New Zealand Daylight Time)' as beginning of the week, when running the query on a Saturday. BTW, SQL time is configured correctly, and the UNIX_TIMESTAMP is giving a correct timestamp for local time. What am I missing? (Note: When setting reset = 7d, I get something more explainable like 'Sat Jan 10 2009 00:00:00 GMT+1300 (New Zealand Daylight Time)', which is the beginning of the today's day. Should reset = weekly and reset =7d yield the same result? If not, what is weekly vs 7d, and why does the week not start on a Monday? Thanks, Venkatesh K - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
SQLCounter configuration
Dear All, I have a few questions regarding the rlm_sqlcounter module and its configuration. I have a freeradius 2.1.0 communicating with a router running chillispot 1.1 I set up counters for time, data volume, and with different reset periods. All works fine and as expected. Here my questions: 1) After the time or data volume for a period (say a month) is reached the user is automatically disconnected - as expected. Rather them not allowing to log in , I would like freeradius to return some other attributes (WISPr-Bandwidth-Max-Up and WISPr-Bandwidth-Max-Down work fine with ChilliSpot) to be sent to the router for the user, so that a connection is still possible, but at a much lower maximum speed. Can that be done, and if so, can someone give me a pointer. I was thinking maybe using unlang, but I may be barking up the wrong tree. 2) The reset = monthly method seem to the first of the current month. That is one way of doing it, but I would like the reset to occur at the same date in the month every month. So if someone signs up, say on the 12th of a month, the reset will occur every month on the 12th. Can that be done with freeradius? 3) Currently I receive something like Reply-Message = Your maximum never usage time has been reached when the counter reaches its limit - even when what was counted as not time but data volume. Can Reply-Message for sqlcounter be configured as in the expiration module? 4) One surprise I have had: I don't quite understand how the system calculates the day for the beginning of the reset = weekly. I appreciate that calculating the day of the week is not easy as for example first of the current month or beginning of the day, so I was not surprised to not have a Monday, but I was surprised to see the SQL query run with 'Fri Jan 09 2009 00:00:00 GMT+1300 (New Zealand Daylight Time)' as beginning of the week, when running the query on a Saturday. BTW, SQL time is configured correctly, and the UNIX_TIMESTAMP is giving a correct timestamp for local time. What am I missing? (Note: When setting reset = 7d, I get something more explainable like 'Sat Jan 10 2009 00:00:00 GMT+1300 (New Zealand Daylight Time)', which is the beginning of the today's day. Should reset = weekly and reset =7d yield the same result? If not, what is weekly vs 7d, and why does the week not start on a Monday? Any hints welcome - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Rlm sqlcounter -- Data Based Counter
Good Day.
Im wondering is someone could assist me here.
I currently have freeradius setup and working somewhat.
However I have following setup:
sqlcounter monthlytraffic {
counter-name = Monthly-Traffic
check-name = Max-Monthly-Traffic
reply-name = Mikrotik-Xmit-Limit-Gigawords
sqlmod-inst = sql
key = User-Name
reset = monthly
query = SELECT (sum(AcctInputOctets)+sum(AcctOutputOctets)) FROM radacct
WHERE UserName='%{%k}' AND Month(AcctStopTime) =(Month(NOW()
#query = SELECT SUM(AcctInputOctets - GREATEST((%b -
UNIX_TIMESTAMP(AcctStartTime)), 0))+ SUM(AcctOutputOctets -GREATEST((%b -
UNIX_T
#query = SELECT SUM(AcctInputOctets + AcctOutputOctets) FROM radacct WHERE
UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) '%b'
#query = SELECT SUM(OctetTotal) FROM thismonthsusage WHERE
UsernameView='%{%k}'
}
As you can see I have tried numerous queries to get this working correctly
and decided finally to do my own query against a view that does my work for
me.
(Currently commented out because having issues with it)
The view is called thismonthsusage
And it's definition as follows
select `radacct`.`UserName` AS `UsernameView`,`usergroup`.`GroupName` AS
`GroupNameView`,`radacct`.`AcctStartTime` AS
`AcctStartTimeView`,`radacct`.`AcctStopTime` AS
`AcctStopTimeView`,`radacct`.`AcctInputOctets` AS
`AcctInputOctetsView`,`radacct`.`AcctOutputOctets` AS
`AcctOutputOctetsView`,(sum(`radacct`.`AcctInputOctets`) +
sum(`radacct`.`AcctOutputOctets`)) AS `OctetTotal` from (`radacct` join
`usergroup`) where ((month(`radacct`.`AcctStartTime`) = month(curdate()))
and (month(`radacct`.`AcctStopTime`) = month(curdate())) and
(`radacct`.`UserName` = `usergroup`.`UserName`) and (`usergroup`.`GroupName`
_latin1'Mac')) group by
`radacct`.`UserName`,`usergroup`.`GroupName`,`radacct`.`AcctStartTime`,`rada
cct`.`AcctStopTime`,`radacct`.`AcctOutputOctets` order by
`radacct`.`AcctStopTime`
As you can see quite simply and efficient however there is one battle I am
facing..
As soon as a new month rolls over there are NO accounting entries for that
user for that month, hence no record and freeradius denies user as he hasn't
got any entries, any body know how I should modify the view to display all
users even if they don't have an entry for current month, but rather display
them with value 0 as apposed to not at all?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Rlm sqlcounter -- Data Based Counter
#query = SELECT SUM(OctetTotal) FROM thismonthsusage WHERE
UsernameView='%{%k}'
}
..
As soon as a new month rolls over there are NO accounting entries for that
user for that month, hence no record and freeradius denies user as he hasn't
got any entries, any body know how I should modify the view to display all
users even if they don't have an entry for current month, but rather display
them with value 0 as apposed to not at all?
Your question belongs on the MySQL forum. Use if() function:
SELECT IF(SUM(OctetTotal) IS NULL, 0, SUM(OctetTotal)) FROM ...
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sqlcounter returning wrong value?
is a sample sqlcounter.conf
--
sqlcounter noresetBytecounter {
counter-name = Total-Max-Octets
check-name = Max-Octets
reply-name = ChilliSpot-Max-Total-Octets
sqlmod-inst = sql
key = User-Name
reset = never
counter-type = data
check-unit = KibiOctets
query = SELECT
(SUM(AcctInputOctets)+SUM(AcctOutputOctets))/1024 FROM radacct WHERE
UserName='%{%k}'
}
-
As you can see, you need to make changes to the units of check-item
value stored in DB. You can use KibiOctets, MibiOctets in DB and set
the sqlcounter.conf file accordingly. Even if you used KibiOctets or
MibiOctets in DB, the replies will always be sent in Octets and
maximum is limited to 4G.
Regards,
Venkatesh K
On Wed, Nov 12, 2008 at 9:11 PM, Venkatesh K [EMAIL PROTECTED] wrote:
Hi,
On Wed, Nov 12, 2008 at 2:06 AM, liran tal [EMAIL PROTECTED] wrote:
Waiting for that traffic limitation patch, Venkatesh.
Thanks.
I am sorry. I had few busy days this week. You can expect a patch tomorrow.
On Sun, Nov 9, 2008 at 6:00 AM, Venkatesh K [EMAIL PROTECTED] wrote:
Hi Liran,
On Sun, Nov 9, 2008 at 4:16 AM, liran tal [EMAIL PROTECTED] wrote:
Hey Venkatesh,
On Fri, Oct 31, 2008 at 2:26 AM, Venkatesh K [EMAIL PROTECTED] wrote:
2008/10/31 [EMAIL PROTECTED]:
It does make sense. rlm_sqlcounterworks like this toward the time of
the
reset: lets say you have an hour left, your limit is 20 hours and you
have signed in 15 minutes before counter reset time. When code
calculates that you can be online at reset time it doesn't return
your
allowance (1 hour) but adds the limit for the next conting period (20
hours) to the remaining time (15 minutes) and returns that value (20
hours and 15 minutes). Reasoning is that your session shouldn't be
discontinued after an hour becouse 15 minutes into the session new
limit
should come into force (and session limit can't be changed during the
session).
In your case there is about 2,000,000 left on the counter but only a
few
thousand seconds left to the end of the reset period, so code will
add
those few thousands to the next period limit (26,000,000) and return
that value. Code doesn't know are you counting data or time as
there is no such configuration item.
Venkatesh had posted the patch that switches off this peace of code
for
data counters by introducing that configuration item. You should try
it.
rlm_sqlcounter has one more limitation. In version 1.1.7, the maximum
counter value was limited to 2G whereas in 2.1.1 it seems to be 4G.
This imposes an artificial limitation of maximum of 4GB of downloads.
I had a workaround where I patched rlm_sqlcounter to limit the per
session downloads to 4GB if allowed usage exceeds 4GB.
Except this issue, I think, with the patch I posted earlier, one
should be fine with rlm_sqlcounter. If someone needs a patch to work
around the 2GB/4GB limit, I will post the patch.
Sorry for the late reply.
I applied your patch and now data counters work as expected with a minor
exception, the 2Gb limit
as you have stated previously. Possibly you could also post the patch
for
the 2Gb/4Gb limit?
I'm hoping it's compatible with FR 1.1.7 as well.
It is ok. I am happy to know it works for you. I will email you a
patch for 1.1.7 in couple of days. The patch is going to impose
certain limitations on you. The maximum return value should be less
than unsigned integer(32bit). The maximum reply value for data will be
limited to 4GB even if actual value is more than 4GB. So, there will
be a per session limit of 4GB though user is authorized to transfer
more data.
Regards,
Venkatesh. K
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
Regards,
--
Venkatesh. K
--
Venkatesh. K
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sqlcounter returning wrong value?
liran tal wrote:
Waiting for that traffic limitation patch, Venkatesh.
Thanks.
Hi,
I was stuck with this problem too, and I came up with this solution,
which works in my test environment.
The idea is to store allowed bytes in Tmp-Integer-0, than just use
unlang to compare user's allowed and actual traffic bytes.
btw, maximum traffic count is 2^31 bytes, if you do it this way.
if(control:Tmp-Integer-0) {
if(%{sql:SELECT SUM(AcctOutputOctets+AcctInputOctets) FROM radacct
WHERE UserName='%{User-Name}' } %{control:Tmp-Integer-0} ) {
# traffic bytes limit reached
reject
}
}
Regards,
Flamur
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sqlcounter returning wrong value?
Hi, On Wed, Nov 12, 2008 at 2:06 AM, liran tal [EMAIL PROTECTED] wrote: Waiting for that traffic limitation patch, Venkatesh. Thanks. I am sorry. I had few busy days this week. You can expect a patch tomorrow. On Sun, Nov 9, 2008 at 6:00 AM, Venkatesh K [EMAIL PROTECTED] wrote: Hi Liran, On Sun, Nov 9, 2008 at 4:16 AM, liran tal [EMAIL PROTECTED] wrote: Hey Venkatesh, On Fri, Oct 31, 2008 at 2:26 AM, Venkatesh K [EMAIL PROTECTED] wrote: 2008/10/31 [EMAIL PROTECTED]: It does make sense. rlm_sqlcounterworks like this toward the time of the reset: lets say you have an hour left, your limit is 20 hours and you have signed in 15 minutes before counter reset time. When code calculates that you can be online at reset time it doesn't return your allowance (1 hour) but adds the limit for the next conting period (20 hours) to the remaining time (15 minutes) and returns that value (20 hours and 15 minutes). Reasoning is that your session shouldn't be discontinued after an hour becouse 15 minutes into the session new limit should come into force (and session limit can't be changed during the session). In your case there is about 2,000,000 left on the counter but only a few thousand seconds left to the end of the reset period, so code will add those few thousands to the next period limit (26,000,000) and return that value. Code doesn't know are you counting data or time as there is no such configuration item. Venkatesh had posted the patch that switches off this peace of code for data counters by introducing that configuration item. You should try it. rlm_sqlcounter has one more limitation. In version 1.1.7, the maximum counter value was limited to 2G whereas in 2.1.1 it seems to be 4G. This imposes an artificial limitation of maximum of 4GB of downloads. I had a workaround where I patched rlm_sqlcounter to limit the per session downloads to 4GB if allowed usage exceeds 4GB. Except this issue, I think, with the patch I posted earlier, one should be fine with rlm_sqlcounter. If someone needs a patch to work around the 2GB/4GB limit, I will post the patch. Sorry for the late reply. I applied your patch and now data counters work as expected with a minor exception, the 2Gb limit as you have stated previously. Possibly you could also post the patch for the 2Gb/4Gb limit? I'm hoping it's compatible with FR 1.1.7 as well. It is ok. I am happy to know it works for you. I will email you a patch for 1.1.7 in couple of days. The patch is going to impose certain limitations on you. The maximum return value should be less than unsigned integer(32bit). The maximum reply value for data will be limited to 4GB even if actual value is more than 4GB. So, there will be a per session limit of 4GB though user is authorized to transfer more data. Regards, Venkatesh. K - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Regards, -- Venkatesh. K - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sqlcounter returning wrong value?
Hey,
Thanks for the tip, though that's FR2-specific solution and I'd like to be
able to get this sort out with older deployments
running 1.1.7 or earlier (god forbid! :-) )
That patch for rlm_sqlcounter would be ideal I think.
I think this should also be already pushed into the formal release, this
entire support for data information too.
Regards,
Liran.
On Wed, Nov 12, 2008 at 11:02 AM, Flamur Rogova [EMAIL PROTECTED] wrote:
liran tal wrote:
Waiting for that traffic limitation patch, Venkatesh.
Thanks.
Hi,
I was stuck with this problem too, and I came up with this solution, which
works in my test environment.
The idea is to store allowed bytes in Tmp-Integer-0, than just use unlang
to compare user's allowed and actual traffic bytes.
btw, maximum traffic count is 2^31 bytes, if you do it this way.
if(control:Tmp-Integer-0) {
if(%{sql:SELECT SUM(AcctOutputOctets+AcctInputOctets) FROM radacct
WHERE UserName='%{User-Name}' } %{control:Tmp-Integer-0} ) {
# traffic bytes limit reached
reject
}
}
Regards,
Flamur
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sqlcounter returning wrong value?
Waiting for that traffic limitation patch, Venkatesh. Thanks. On Sun, Nov 9, 2008 at 6:00 AM, Venkatesh K [EMAIL PROTECTED] wrote: Hi Liran, On Sun, Nov 9, 2008 at 4:16 AM, liran tal [EMAIL PROTECTED] wrote: Hey Venkatesh, On Fri, Oct 31, 2008 at 2:26 AM, Venkatesh K [EMAIL PROTECTED] wrote: 2008/10/31 [EMAIL PROTECTED]: It does make sense. rlm_sqlcounterworks like this toward the time of the reset: lets say you have an hour left, your limit is 20 hours and you have signed in 15 minutes before counter reset time. When code calculates that you can be online at reset time it doesn't return your allowance (1 hour) but adds the limit for the next conting period (20 hours) to the remaining time (15 minutes) and returns that value (20 hours and 15 minutes). Reasoning is that your session shouldn't be discontinued after an hour becouse 15 minutes into the session new limit should come into force (and session limit can't be changed during the session). In your case there is about 2,000,000 left on the counter but only a few thousand seconds left to the end of the reset period, so code will add those few thousands to the next period limit (26,000,000) and return that value. Code doesn't know are you counting data or time as there is no such configuration item. Venkatesh had posted the patch that switches off this peace of code for data counters by introducing that configuration item. You should try it. rlm_sqlcounter has one more limitation. In version 1.1.7, the maximum counter value was limited to 2G whereas in 2.1.1 it seems to be 4G. This imposes an artificial limitation of maximum of 4GB of downloads. I had a workaround where I patched rlm_sqlcounter to limit the per session downloads to 4GB if allowed usage exceeds 4GB. Except this issue, I think, with the patch I posted earlier, one should be fine with rlm_sqlcounter. If someone needs a patch to work around the 2GB/4GB limit, I will post the patch. Sorry for the late reply. I applied your patch and now data counters work as expected with a minor exception, the 2Gb limit as you have stated previously. Possibly you could also post the patch for the 2Gb/4Gb limit? I'm hoping it's compatible with FR 1.1.7 as well. It is ok. I am happy to know it works for you. I will email you a patch for 1.1.7 in couple of days. The patch is going to impose certain limitations on you. The maximum return value should be less than unsigned integer(32bit). The maximum reply value for data will be limited to 4GB even if actual value is more than 4GB. So, there will be a per session limit of 4GB though user is authorized to transfer more data. Regards, Venkatesh. K - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sqlcounter returning wrong value?
On Sun, Nov 9, 2008 at 6:00 AM, Venkatesh K [EMAIL PROTECTED] wrote: Hi Liran, On Sun, Nov 9, 2008 at 4:16 AM, liran tal [EMAIL PROTECTED] wrote: Hey Venkatesh, On Fri, Oct 31, 2008 at 2:26 AM, Venkatesh K [EMAIL PROTECTED] wrote: rlm_sqlcounter has one more limitation. In version 1.1.7, the maximum counter value was limited to 2G whereas in 2.1.1 it seems to be 4G. This imposes an artificial limitation of maximum of 4GB of downloads. I had a workaround where I patched rlm_sqlcounter to limit the per session downloads to 4GB if allowed usage exceeds 4GB. Sorry for the late reply. I applied your patch and now data counters work as expected with a minor exception, the 2Gb limit as you have stated previously. Possibly you could also post the patch for the 2Gb/4Gb limit? I'm hoping it's compatible with FR 1.1.7 as well. It is ok. I am happy to know it works for you. I will email you a patch for 1.1.7 in couple of days. The patch is going to impose certain limitations on you. The maximum return value should be less than unsigned integer(32bit). The maximum reply value for data will be limited to 4GB even if actual value is more than 4GB. So, there will be a per session limit of 4GB though user is authorized to transfer more data. So the check value of the attribute remains a number bigger than 4GB, for example an 8GB limit but the reply attribute that is sent will contain a value of = 4GB due to the limit? Thanks, Liran. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sqlcounter returning wrong value?
Answers before questions? Novel idea. limited to 4GB Sent from my iPhone On 9 Nov 2008, at 14:00, liran tal [EMAIL PROTECTED] wrote: On Sun, Nov 9, 2008 at 6:00 AM, Venkatesh K [EMAIL PROTECTED] wrote: Hi Liran, On Sun, Nov 9, 2008 at 4:16 AM, liran tal [EMAIL PROTECTED] wrote: Hey Venkatesh, On Fri, Oct 31, 2008 at 2:26 AM, Venkatesh K [EMAIL PROTECTED] wrote: rlm_sqlcounter has one more limitation. In version 1.1.7, the maximum counter value was limited to 2G whereas in 2.1.1 it seems to be 4G. This imposes an artificial limitation of maximum of 4GB of downloads. I had a workaround where I patched rlm_sqlcounter to limit the per session downloads to 4GB if allowed usage exceeds 4GB. Sorry for the late reply. I applied your patch and now data counters work as expected with a minor exception, the 2Gb limit as you have stated previously. Possibly you could also post the patch for the 2Gb/4Gb limit? I'm hoping it's compatible with FR 1.1.7 as well. It is ok. I am happy to know it works for you. I will email you a patch for 1.1.7 in couple of days. The patch is going to impose certain limitations on you. The maximum return value should be less than unsigned integer(32bit). The maximum reply value for data will be limited to 4GB even if actual value is more than 4GB. So, there will be a per session limit of 4GB though user is authorized to transfer more data. So the check value of the attribute remains a number bigger than 4GB, for example an 8GB limit but the reply attribute that is sent will contain a value of = 4GB due to the limit? Thanks, Liran. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sqlcounter returning wrong value?
Hey Venkatesh, On Fri, Oct 31, 2008 at 2:26 AM, Venkatesh K [EMAIL PROTECTED] wrote: 2008/10/31 [EMAIL PROTECTED]: It does make sense. rlm_sqlcounterworks like this toward the time of the reset: lets say you have an hour left, your limit is 20 hours and you have signed in 15 minutes before counter reset time. When code calculates that you can be online at reset time it doesn't return your allowance (1 hour) but adds the limit for the next conting period (20 hours) to the remaining time (15 minutes) and returns that value (20 hours and 15 minutes). Reasoning is that your session shouldn't be discontinued after an hour becouse 15 minutes into the session new limit should come into force (and session limit can't be changed during the session). In your case there is about 2,000,000 left on the counter but only a few thousand seconds left to the end of the reset period, so code will add those few thousands to the next period limit (26,000,000) and return that value. Code doesn't know are you counting data or time as there is no such configuration item. Venkatesh had posted the patch that switches off this peace of code for data counters by introducing that configuration item. You should try it. rlm_sqlcounter has one more limitation. In version 1.1.7, the maximum counter value was limited to 2G whereas in 2.1.1 it seems to be 4G. This imposes an artificial limitation of maximum of 4GB of downloads. I had a workaround where I patched rlm_sqlcounter to limit the per session downloads to 4GB if allowed usage exceeds 4GB. Except this issue, I think, with the patch I posted earlier, one should be fine with rlm_sqlcounter. If someone needs a patch to work around the 2GB/4GB limit, I will post the patch. Sorry for the late reply. I applied your patch and now data counters work as expected with a minor exception, the 2Gb limit as you have stated previously. Possibly you could also post the patch for the 2Gb/4Gb limit? I'm hoping it's compatible with FR 1.1.7 as well. Thanks, Liran. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sqlcounter returning wrong value?
Hi Liran, On Sun, Nov 9, 2008 at 4:16 AM, liran tal [EMAIL PROTECTED] wrote: Hey Venkatesh, On Fri, Oct 31, 2008 at 2:26 AM, Venkatesh K [EMAIL PROTECTED] wrote: 2008/10/31 [EMAIL PROTECTED]: It does make sense. rlm_sqlcounterworks like this toward the time of the reset: lets say you have an hour left, your limit is 20 hours and you have signed in 15 minutes before counter reset time. When code calculates that you can be online at reset time it doesn't return your allowance (1 hour) but adds the limit for the next conting period (20 hours) to the remaining time (15 minutes) and returns that value (20 hours and 15 minutes). Reasoning is that your session shouldn't be discontinued after an hour becouse 15 minutes into the session new limit should come into force (and session limit can't be changed during the session). In your case there is about 2,000,000 left on the counter but only a few thousand seconds left to the end of the reset period, so code will add those few thousands to the next period limit (26,000,000) and return that value. Code doesn't know are you counting data or time as there is no such configuration item. Venkatesh had posted the patch that switches off this peace of code for data counters by introducing that configuration item. You should try it. rlm_sqlcounter has one more limitation. In version 1.1.7, the maximum counter value was limited to 2G whereas in 2.1.1 it seems to be 4G. This imposes an artificial limitation of maximum of 4GB of downloads. I had a workaround where I patched rlm_sqlcounter to limit the per session downloads to 4GB if allowed usage exceeds 4GB. Except this issue, I think, with the patch I posted earlier, one should be fine with rlm_sqlcounter. If someone needs a patch to work around the 2GB/4GB limit, I will post the patch. Sorry for the late reply. I applied your patch and now data counters work as expected with a minor exception, the 2Gb limit as you have stated previously. Possibly you could also post the patch for the 2Gb/4Gb limit? I'm hoping it's compatible with FR 1.1.7 as well. It is ok. I am happy to know it works for you. I will email you a patch for 1.1.7 in couple of days. The patch is going to impose certain limitations on you. The maximum return value should be less than unsigned integer(32bit). The maximum reply value for data will be limited to 4GB even if actual value is more than 4GB. So, there will be a per session limit of 4GB though user is authorized to transfer more data. Regards, Venkatesh. K - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sqlcounter returning wrong value?
Well, taking this issue back to the begining - it all started with my report
that using the attribute Chilli-Max-Total-Octets
in the sqlcounter provided as follows yields wrong results for all of the
reset times (daily/weekly/monthly):
sqlcounter counterChilliSpotMaxDailyOctets {
counter-name = ChilliSpot-Max-Daily-Octets
check-name = ChilliSpot-Max-Daily-Octets
reply-name = ChilliSpot-Max-Total-Octets
sqlmod-inst = sql
key = User-Name
reset = daily
error-msg = Sorry, your maximum traffic usage (download and
upload) has exceed the provided limit
query = SELECT (SUM(AcctInputOctets + AcctOutputOctets))
FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) +
AcctSessionTime '%b'
}
For a user defined with the following entry in radcheck:
| 346 | tester1 | ChilliSpot-Max-Daily-Octets | := | 26214400 |
The result returned by freeradius is:
check_item=26214400 and counter=24004370, return value=26239950 (which makes
no sense).
Regards,
Liran.
2008/10/30 Venkatesh K [EMAIL PROTECTED]
The patch I posted was out of the hat just to skip the routine
which adds additional quota.
We have stopped using rlm_sqlcounter long back as we moved
from radius schema to our own custom schema and patched
the rlm_sql to work with our custom schema.
If you or someone list out what one would like to see in rlm_sql_counter,
I will try to come up with the patch. Back porting to previous versions
of radius should not be a big problem as rlm_sql and rlm_sqlcounter
have't changed much.
Thanks,
Venkatesh K
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sqlcounter returning wrong value?
It does make sense. rlm_sqlcounterworks like this toward the time of the
reset: lets say you have an hour left, your limit is 20 hours and you
have signed in 15 minutes before counter reset time. When code
calculates that you can be online at reset time it doesn't return your
allowance (1 hour) but adds the limit for the next conting period (20
hours) to the remaining time (15 minutes) and returns that value (20
hours and 15 minutes). Reasoning is that your session shouldn't be
discontinued after an hour becouse 15 minutes into the session new limit
should come into force (and session limit can't be changed during the
session).
In your case there is about 2,000,000 left on the counter but only a few
thousand seconds left to the end of the reset period, so code will add
those few thousands to the next period limit (26,000,000) and return
that value. Code doesn't know are you counting data or time as
there is no such configuration item.
Venkatesh had posted the patch that switches off this peace of code for
data counters by introducing that configuration item. You should try it.
Ivan Kalik
Kalik Informatika ISP
Dana 30/10/2008, liran tal [EMAIL PROTECTED] piše:
Well, taking this issue back to the begining - it all started with my report
that using the attribute Chilli-Max-Total-Octets
in the sqlcounter provided as follows yields wrong results for all of the
reset times (daily/weekly/monthly):
sqlcounter counterChilliSpotMaxDailyOctets {
counter-name = ChilliSpot-Max-Daily-Octets
check-name = ChilliSpot-Max-Daily-Octets
reply-name = ChilliSpot-Max-Total-Octets
sqlmod-inst = sql
key = User-Name
reset = daily
error-msg = Sorry, your maximum traffic usage (download and
upload) has exceed the provided limit
query = SELECT (SUM(AcctInputOctets + AcctOutputOctets))
FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) +
AcctSessionTime '%b'
}
For a user defined with the following entry in radcheck:
| 346 | tester1 | ChilliSpot-Max-Daily-Octets | := | 26214400 |
The result returned by freeradius is:
check_item=26214400 and counter=24004370, return value=26239950 (which makes
no sense).
Regards,
Liran.
2008/10/30 Venkatesh K [EMAIL PROTECTED]
The patch I posted was out of the hat just to skip the routine
which adds additional quota.
We have stopped using rlm_sqlcounter long back as we moved
from radius schema to our own custom schema and patched
the rlm_sql to work with our custom schema.
If you or someone list out what one would like to see in rlm_sql_counter,
I will try to come up with the patch. Back porting to previous versions
of radius should not be a big problem as rlm_sql and rlm_sqlcounter
have't changed much.
Thanks,
Venkatesh K
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sqlcounter returning wrong value?
2008/10/31 [EMAIL PROTECTED]: It does make sense. rlm_sqlcounterworks like this toward the time of the reset: lets say you have an hour left, your limit is 20 hours and you have signed in 15 minutes before counter reset time. When code calculates that you can be online at reset time it doesn't return your allowance (1 hour) but adds the limit for the next conting period (20 hours) to the remaining time (15 minutes) and returns that value (20 hours and 15 minutes). Reasoning is that your session shouldn't be discontinued after an hour becouse 15 minutes into the session new limit should come into force (and session limit can't be changed during the session). In your case there is about 2,000,000 left on the counter but only a few thousand seconds left to the end of the reset period, so code will add those few thousands to the next period limit (26,000,000) and return that value. Code doesn't know are you counting data or time as there is no such configuration item. Venkatesh had posted the patch that switches off this peace of code for data counters by introducing that configuration item. You should try it. rlm_sqlcounter has one more limitation. In version 1.1.7, the maximum counter value was limited to 2G whereas in 2.1.1 it seems to be 4G. This imposes an artificial limitation of maximum of 4GB of downloads. I had a workaround where I patched rlm_sqlcounter to limit the per session downloads to 4GB if allowed usage exceeds 4GB. Except this issue, I think, with the patch I posted earlier, one should be fine with rlm_sqlcounter. If someone needs a patch to work around the 2GB/4GB limit, I will post the patch. Regards, Venkatesh k - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sqlcounter returning wrong value?
Thanks for the patch, I have not checked it yet.
What is the status on this issue though? A patch is nice but I'd like to see
support for data counters
to find it's place in the newer version as well as the old one (well, a
backport would be nice. Many of us still have
production systems running 1.1.X)
What still disturbs me is that many of the hotspot forums (coovachilli and
chillispot) has post on how to add an sqlcounter
which performs these data queries successfully and user's feedback is that
everything is good and working. Not that it's
something to count on but I'd guess if somsone had an issue then we'd know
about it...
Regards,
Liran.
2008/10/25 Venkatesh K [EMAIL PROTECTED]
I have had hard time using sqlcounter for data. It has (at least had)
limitations for counting data like 2GB limit. I ended up writing my
own code for counting data.
Here is a small patch which will skip adding additional quota if
counter-type=time in sqlcounter.conf file.
diff -u
../../../freeradius-1.1.7.orig/src/modules/rlm_sqlcounter/rlm_sqlcounter.c
rlm_sqlcounter/rlm_sqlcounter.c
---
../../../freeradius-1.1.7.orig/src/modules/rlm_sqlcounter/rlm_sqlcounter.c
2007-04-08
04:51:42.0 +0530
+++ rlm_sqlcounter/rlm_sqlcounter.c 2008-10-25 22:05:58.0 +0530
@@ -72,6 +72,7 @@
char *sqlmod_inst; /* instance of SQL module to use, usually
just 'sql' */
char *query;/* SQL query to retrieve current session
time */
char *reset;/* daily, weekly, monthly, never or user
defined */
+char *counter_type;/* Type of counter (data / time) */
char *allowed_chars;/* safe characters list for SQL queries */
time_t reset_time;
time_t last_reset;
@@ -97,6 +98,7 @@
{ sqlmod-inst, PW_TYPE_STRING_PTR,
offsetof(rlm_sqlcounter_t,sqlmod_inst), NULL, NULL },
{ query, PW_TYPE_STRING_PTR, offsetof(rlm_sqlcounter_t,query),
NULL, NULL },
{ reset, PW_TYPE_STRING_PTR, offsetof(rlm_sqlcounter_t,reset),
NULL, NULL },
+ { counter-type, PW_TYPE_STRING_PTR,
offsetof(rlm_sqlcounter_t,counter_type), NULL, NULL },
{ safe-characters, PW_TYPE_STRING_PTR,
offsetof(rlm_sqlcounter_t,allowed_chars), NULL,
@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_:
/},
{ NULL, -1, 0, NULL, NULL }
};
@@ -675,10 +677,13 @@
* limit, so that the user will not need to
* login again
*/
- if (data-reset_time (
- res = (data-reset_time - request-timestamp))) {
- res = data-reset_time - request-timestamp;
- res += check_vp-lvalue;
+ if(strcmp(data-counter_type,time)==0)
+ {
+ if (data-reset_time (
+ res = (data-reset_time -
request-timestamp))) {
+ res = data-reset_time -
request-timestamp;
+ res += check_vp-lvalue;
+ }
}
if ((reply_item = pairfind(request-reply-vps,
data-reply_attr)) != NULL) {
-
I did compile the code successfully. I have not checked it. Let me
know if you have
any issues.
Thanks,
Venkatesh K
2008/10/25 [EMAIL PROTECTED]:
And they won't. It's nothing to do with the settings - it's this peace
of the code.
Let's take your example. Limit was 26MB and about 2MB was left.
2,000,000 seconds is about 23 days. So this part of the code will kick
in (there are 6 days left in this month) and returned value will be
26MB + number of seconds untill 1.11. Run debug twice. You will see that
the returned value will be reduced by the number of seconds between two
requests.
Allowance left would have to be well below 1MB for data counter to start
working properly for monthly reset towards the end of the month, 100KB
for weekly reset and 10KB for daily. Which is of no practical use.
I don't know when was this part of the code added but data counters
would work fine without it. I was testing time counter and still
reproduced this only because limit value was so high (10 million). When
I reduced it to 10,000 it worked fine.
Ivan Kalik
Kalik Informatika ISP
Dana 25/10/2008, liran tal [EMAIL PROTECTED] piše:
I've actually tested the sqlcounter for a data counter for both weekly
and
monthly resets and that doesn't work well either...
This is odd because people have reported this working so... it is either
something in the configuration that I'm missing
or I really don't know what's going on but the counter seem to behave as
expected.
Regards
Re: sqlcounter returning wrong value?
The patch I posted was out of the hat just to skip the routine
which adds additional quota.
We have stopped using rlm_sqlcounter long back as we moved
from radius schema to our own custom schema and patched
the rlm_sql to work with our custom schema.
If you or someone list out what one would like to see in rlm_sql_counter,
I will try to come up with the patch. Back porting to previous versions
of radius should not be a big problem as rlm_sql and rlm_sqlcounter
have't changed much.
Thanks,
Venkatesh K
2008/10/30 liran tal [EMAIL PROTECTED]:
Thanks for the patch, I have not checked it yet.
What is the status on this issue though? A patch is nice but I'd like to see
support for data counters
to find it's place in the newer version as well as the old one (well, a
backport would be nice. Many of us still have
production systems running 1.1.X)
What still disturbs me is that many of the hotspot forums (coovachilli and
chillispot) has post on how to add an sqlcounter
which performs these data queries successfully and user's feedback is that
everything is good and working. Not that it's
something to count on but I'd guess if somsone had an issue then we'd know
about it...
Regards,
Liran.
2008/10/25 Venkatesh K [EMAIL PROTECTED]
I have had hard time using sqlcounter for data. It has (at least had)
limitations for counting data like 2GB limit. I ended up writing my
own code for counting data.
Here is a small patch which will skip adding additional quota if
counter-type=time in sqlcounter.conf file.
diff -u
../../../freeradius-1.1.7.orig/src/modules/rlm_sqlcounter/rlm_sqlcounter.c
rlm_sqlcounter/rlm_sqlcounter.c
---
../../../freeradius-1.1.7.orig/src/modules/rlm_sqlcounter/rlm_sqlcounter.c
2007-04-08
04:51:42.0 +0530
+++ rlm_sqlcounter/rlm_sqlcounter.c 2008-10-25 22:05:58.0
+0530
@@ -72,6 +72,7 @@
char *sqlmod_inst; /* instance of SQL module to use, usually
just 'sql' */
char *query;/* SQL query to retrieve current session
time */
char *reset;/* daily, weekly, monthly, never or user
defined */
+char *counter_type;/* Type of counter (data / time) */
char *allowed_chars;/* safe characters list for SQL queries */
time_t reset_time;
time_t last_reset;
@@ -97,6 +98,7 @@
{ sqlmod-inst, PW_TYPE_STRING_PTR,
offsetof(rlm_sqlcounter_t,sqlmod_inst), NULL, NULL },
{ query, PW_TYPE_STRING_PTR, offsetof(rlm_sqlcounter_t,query),
NULL, NULL },
{ reset, PW_TYPE_STRING_PTR, offsetof(rlm_sqlcounter_t,reset),
NULL, NULL },
+ { counter-type, PW_TYPE_STRING_PTR,
offsetof(rlm_sqlcounter_t,counter_type), NULL, NULL },
{ safe-characters, PW_TYPE_STRING_PTR,
offsetof(rlm_sqlcounter_t,allowed_chars), NULL,
@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_:
/},
{ NULL, -1, 0, NULL, NULL }
};
@@ -675,10 +677,13 @@
* limit, so that the user will not need to
* login again
*/
- if (data-reset_time (
- res = (data-reset_time - request-timestamp))) {
- res = data-reset_time - request-timestamp;
- res += check_vp-lvalue;
+ if(strcmp(data-counter_type,time)==0)
+ {
+ if (data-reset_time (
+ res = (data-reset_time -
request-timestamp))) {
+ res = data-reset_time -
request-timestamp;
+ res += check_vp-lvalue;
+ }
}
if ((reply_item = pairfind(request-reply-vps,
data-reply_attr)) != NULL) {
-
I did compile the code successfully. I have not checked it. Let me
know if you have
any issues.
Thanks,
Venkatesh K
2008/10/25 [EMAIL PROTECTED]:
And they won't. It's nothing to do with the settings - it's this peace
of the code.
Let's take your example. Limit was 26MB and about 2MB was left.
2,000,000 seconds is about 23 days. So this part of the code will kick
in (there are 6 days left in this month) and returned value will be
26MB + number of seconds untill 1.11. Run debug twice. You will see that
the returned value will be reduced by the number of seconds between two
requests.
Allowance left would have to be well below 1MB for data counter to start
working properly for monthly reset towards the end of the month, 100KB
for weekly reset and 10KB for daily. Which is of no practical use.
I don't know when was this part of the code added but data counters
would work fine without it. I was testing time counter and still
Re: sqlcounter returning wrong value?
OK. This where the problem comes from:
/*
* If we are near a reset then add the next
* limit, so that the user will not need to
* login again
*/
if (data-reset_time
(res = (data-reset_time - request-timestamp))) {
res = data-reset_time - request-timestamp;
res += check_vp-vp_integer;
}
(that's rlm_sqlcounter.c line about 710 in 2.0.5)
Sqlcounter was designed for time counters. When your allowance (limit -
time used) is greater than the time left in the period, time left in the
period is added to the limit and sent as reply.
This will create problems for data counters since limit values are much
greater than those for time counters. As a workaround I would suggest
that you comment this out if you are using data counters.
Perhaps there is a case for adding another configuration item to
sqlcounter that would determine what is counted time or data. Then for
data counters this can be skipped or replaced with something like:
if (data-reset_time (trigger = (data-reset_time -
request-timestamp))) {
res += check_vp-vp_integer;
}
where trigger would be set to a minute for hourly counter and hour for
daily, weekly and monthly counters. I am sorry but I don't know how to
write a patch.
Ivan Kalik
Kalik Informatika ISP
Dana 24/10/2008, liran tal [EMAIL PROTECTED] piše:
Hey Ivan
2008/10/24 [EMAIL PROTECTED]
It (daily sqlcounter) does the same in 2.0.5:
rlm_sqlcounter: Authorized user jagoda, check_item=1000, counter=2635
rlm_sqlcounter: Sent Reply-Item for user jagoda, Type=Session-Timeout,
value=10027850
Returns value that is greater than the limit. I am using noreset
sqlcounter and that one works fine.
Thanks for confirming this on a more up to date version.
Alan, this smells like a bug (unless we missed something along the way),
should I open up a bug ticket?
And what would be the chances it can be backported to 1.1.7?
Thanks,
Liran.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sqlcounter returning wrong value?
I've actually tested the sqlcounter for a data counter for both weekly and
monthly resets and that doesn't work well either...
This is odd because people have reported this working so... it is either
something in the configuration that I'm missing
or I really don't know what's going on but the counter seem to behave as
expected.
Regards,
Liran.
2008/10/25 [EMAIL PROTECTED]
OK. This where the problem comes from:
/*
* If we are near a reset then add the next
* limit, so that the user will not need to
* login again
*/
if (data-reset_time
(res = (data-reset_time - request-timestamp))) {
res = data-reset_time - request-timestamp;
res += check_vp-vp_integer;
}
(that's rlm_sqlcounter.c line about 710 in 2.0.5)
Sqlcounter was designed for time counters. When your allowance (limit -
time used) is greater than the time left in the period, time left in the
period is added to the limit and sent as reply.
This will create problems for data counters since limit values are much
greater than those for time counters. As a workaround I would suggest
that you comment this out if you are using data counters.
Perhaps there is a case for adding another configuration item to
sqlcounter that would determine what is counted time or data. Then for
data counters this can be skipped or replaced with something like:
if (data-reset_time (trigger = (data-reset_time -
request-timestamp))) {
res += check_vp-vp_integer;
}
where trigger would be set to a minute for hourly counter and hour for
daily, weekly and monthly counters. I am sorry but I don't know how to
write a patch.
Ivan Kalik
Kalik Informatika ISP
Dana 24/10/2008, liran tal [EMAIL PROTECTED] piše:
Hey Ivan
2008/10/24 [EMAIL PROTECTED]
It (daily sqlcounter) does the same in 2.0.5:
rlm_sqlcounter: Authorized user jagoda, check_item=1000,
counter=2635
rlm_sqlcounter: Sent Reply-Item for user jagoda, Type=Session-Timeout,
value=10027850
Returns value that is greater than the limit. I am using noreset
sqlcounter and that one works fine.
Thanks for confirming this on a more up to date version.
Alan, this smells like a bug (unless we missed something along the way),
should I open up a bug ticket?
And what would be the chances it can be backported to 1.1.7?
Thanks,
Liran.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sqlcounter returning wrong value?
And they won't. It's nothing to do with the settings - it's this peace
of the code.
Let's take your example. Limit was 26MB and about 2MB was left.
2,000,000 seconds is about 23 days. So this part of the code will kick
in (there are 6 days left in this month) and returned value will be
26MB + number of seconds untill 1.11. Run debug twice. You will see that
the returned value will be reduced by the number of seconds between two
requests.
Allowance left would have to be well below 1MB for data counter to start
working properly for monthly reset towards the end of the month, 100KB
for weekly reset and 10KB for daily. Which is of no practical use.
I don't know when was this part of the code added but data counters
would work fine without it. I was testing time counter and still
reproduced this only because limit value was so high (10 million). When
I reduced it to 10,000 it worked fine.
Ivan Kalik
Kalik Informatika ISP
Dana 25/10/2008, liran tal [EMAIL PROTECTED] piše:
I've actually tested the sqlcounter for a data counter for both weekly and
monthly resets and that doesn't work well either...
This is odd because people have reported this working so... it is either
something in the configuration that I'm missing
or I really don't know what's going on but the counter seem to behave as
expected.
Regards,
Liran.
2008/10/25 [EMAIL PROTECTED]
OK. This where the problem comes from:
/*
* If we are near a reset then add the next
* limit, so that the user will not need to
* login again
*/
if (data-reset_time
(res = (data-reset_time - request-timestamp))) {
res = data-reset_time - request-timestamp;
res += check_vp-vp_integer;
}
(that's rlm_sqlcounter.c line about 710 in 2.0.5)
Sqlcounter was designed for time counters. When your allowance (limit -
time used) is greater than the time left in the period, time left in the
period is added to the limit and sent as reply.
This will create problems for data counters since limit values are much
greater than those for time counters. As a workaround I would suggest
that you comment this out if you are using data counters.
Perhaps there is a case for adding another configuration item to
sqlcounter that would determine what is counted time or data. Then for
data counters this can be skipped or replaced with something like:
if (data-reset_time (trigger = (data-reset_time -
request-timestamp))) {
res += check_vp-vp_integer;
}
where trigger would be set to a minute for hourly counter and hour for
daily, weekly and monthly counters. I am sorry but I don't know how to
write a patch.
Ivan Kalik
Kalik Informatika ISP
Dana 24/10/2008, liran tal [EMAIL PROTECTED] piše:
Hey Ivan
2008/10/24 [EMAIL PROTECTED]
It (daily sqlcounter) does the same in 2.0.5:
rlm_sqlcounter: Authorized user jagoda, check_item=1000,
counter=2635
rlm_sqlcounter: Sent Reply-Item for user jagoda, Type=Session-Timeout,
value=10027850
Returns value that is greater than the limit. I am using noreset
sqlcounter and that one works fine.
Thanks for confirming this on a more up to date version.
Alan, this smells like a bug (unless we missed something along the way),
should I open up a bug ticket?
And what would be the chances it can be backported to 1.1.7?
Thanks,
Liran.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sqlcounter returning wrong value?
I have had hard time using sqlcounter for data. It has (at least had)
limitations for counting data like 2GB limit. I ended up writing my
own code for counting data.
Here is a small patch which will skip adding additional quota if
counter-type=time in sqlcounter.conf file.
diff -u
../../../freeradius-1.1.7.orig/src/modules/rlm_sqlcounter/rlm_sqlcounter.c
rlm_sqlcounter/rlm_sqlcounter.c
--- ../../../freeradius-1.1.7.orig/src/modules/rlm_sqlcounter/rlm_sqlcounter.c
2007-04-08
04:51:42.0 +0530
+++ rlm_sqlcounter/rlm_sqlcounter.c 2008-10-25 22:05:58.0 +0530
@@ -72,6 +72,7 @@
char *sqlmod_inst; /* instance of SQL module to use, usually just
'sql' */
char *query;/* SQL query to retrieve current session time */
char *reset;/* daily, weekly, monthly, never or user
defined */
+char *counter_type;/* Type of counter (data / time) */
char *allowed_chars;/* safe characters list for SQL queries */
time_t reset_time;
time_t last_reset;
@@ -97,6 +98,7 @@
{ sqlmod-inst, PW_TYPE_STRING_PTR,
offsetof(rlm_sqlcounter_t,sqlmod_inst), NULL, NULL },
{ query, PW_TYPE_STRING_PTR, offsetof(rlm_sqlcounter_t,query),
NULL, NULL },
{ reset, PW_TYPE_STRING_PTR, offsetof(rlm_sqlcounter_t,reset),
NULL, NULL },
+ { counter-type, PW_TYPE_STRING_PTR,
offsetof(rlm_sqlcounter_t,counter_type), NULL, NULL },
{ safe-characters, PW_TYPE_STRING_PTR,
offsetof(rlm_sqlcounter_t,allowed_chars), NULL,
@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_:
/},
{ NULL, -1, 0, NULL, NULL }
};
@@ -675,10 +677,13 @@
* limit, so that the user will not need to
* login again
*/
- if (data-reset_time (
- res = (data-reset_time - request-timestamp))) {
- res = data-reset_time - request-timestamp;
- res += check_vp-lvalue;
+ if(strcmp(data-counter_type,time)==0)
+ {
+ if (data-reset_time (
+ res = (data-reset_time -
request-timestamp))) {
+ res = data-reset_time - request-timestamp;
+ res += check_vp-lvalue;
+ }
}
if ((reply_item = pairfind(request-reply-vps,
data-reply_attr)) != NULL) {
-
I did compile the code successfully. I have not checked it. Let me
know if you have
any issues.
Thanks,
Venkatesh K
2008/10/25 [EMAIL PROTECTED]:
And they won't. It's nothing to do with the settings - it's this peace
of the code.
Let's take your example. Limit was 26MB and about 2MB was left.
2,000,000 seconds is about 23 days. So this part of the code will kick
in (there are 6 days left in this month) and returned value will be
26MB + number of seconds untill 1.11. Run debug twice. You will see that
the returned value will be reduced by the number of seconds between two
requests.
Allowance left would have to be well below 1MB for data counter to start
working properly for monthly reset towards the end of the month, 100KB
for weekly reset and 10KB for daily. Which is of no practical use.
I don't know when was this part of the code added but data counters
would work fine without it. I was testing time counter and still
reproduced this only because limit value was so high (10 million). When
I reduced it to 10,000 it worked fine.
Ivan Kalik
Kalik Informatika ISP
Dana 25/10/2008, liran tal [EMAIL PROTECTED] piše:
I've actually tested the sqlcounter for a data counter for both weekly and
monthly resets and that doesn't work well either...
This is odd because people have reported this working so... it is either
something in the configuration that I'm missing
or I really don't know what's going on but the counter seem to behave as
expected.
Regards,
Liran.
2008/10/25 [EMAIL PROTECTED]
OK. This where the problem comes from:
/*
* If we are near a reset then add the next
* limit, so that the user will not need to
* login again
*/
if (data-reset_time
(res = (data-reset_time - request-timestamp))) {
res = data-reset_time - request-timestamp;
res += check_vp-vp_integer;
}
(that's rlm_sqlcounter.c line about 710 in 2.0.5)
Sqlcounter was designed for time counters. When your allowance (limit -
time used) is greater than the time left in the period, time left in the
period is added to the limit and sent as reply
RE: sqlcounter returning wrong value?
hi..i think you should fix this one :
reply-name = ChilliSpot-Max-Total-Octets to :
reply-name = Session-Timeout
try it..
rgds,
Mulianto
http://www.indohotspot.net
Your Hotspot solution
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
Behalf Of liran tal
Sent: Friday, October 24, 2008 1:07 AM
To: FreeRadius users mailing list
Subject: sqlcounter returning wrong value?
Hey,
I'm experimenting with some sqlcounter directives in radiusd.conf and
chilli as the NAS.
I've defined the following sqlcounter stanza for a daily traffic limit:
sqlcounter defined in radiusd.conf:
(the query was corrected as suggested by tnt on a previous thread on the
list, correct me if I got it wrong please)
sqlcounter counterChilliSpotMaxDailyOctets {
counter-name = ChilliSpot-Max-Daily-Octets
check-name = ChilliSpot-Max-Daily-Octets
reply-name = ChilliSpot-Max-Total-Octets
sqlmod-inst = sql
key = User-Name
reset = daily
error-msg = Sorry, your maximum traffic usage (download
and upload) has exceed the provided limit
query = SELECT (SUM(AcctInputOctets + AcctOutputOctets))
FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) +
AcctSessionTime '%b'
}
In the authorization phase, I'm seeing the following in debug log:
rlm_sqlcounter: Entering module authorize code
sqlcounter_expand: 'SELECT (SUM(AcctInputOctets)+SUM(AcctOutputOctets))
FROM radacct WHERE UserName='%{User-Name}''
radius_xlat: 'SELECT (SUM(AcctInputOctets)+SUM(AcctOutputOctets)) FROM
radacct WHERE UserName='tester1''
sqlcounter_expand: '%{sql:SELECT
(SUM(AcctInputOctets)+SUM(AcctOutputOctets)) FROM radacct WHERE
UserName='tester1'}'
radius_xlat: Running registered xlat function of module sql for string
'SELECT (SUM(AcctInputOctets)+SUM(AcctOutputOctets)) FROM radacct WHERE
UserName='tester1''
rlm_sql (sql): - sql_xlat
radius_xlat: 'tester1'
rlm_sql (sql): sql_set_user escaped user -- 'tester1'
radius_xlat: 'SELECT (SUM(AcctInputOctets)+SUM(AcctOutputOctets)) FROM
radacct WHERE UserName='tester1''
rlm_sql (sql): Reserving sql socket id: 2
rlm_sql (sql): - sql_xlat finished
rlm_sql (sql): Released sql socket id: 2
radius_xlat: '24004370'
rlm_sqlcounter: (Check item - counter) is greater than zero
rlm_sqlcounter: Authorized user tester1, check_item=26214400,
counter=24004370
rlm_sqlcounter: Sent Reply-Item for user tester1,
Type=ChilliSpot-Max-Total-Octets, value=26239950
modcall[authorize]: module counterChilliSpotMaxDailyOctets returns
ok for request 0
The entry in radcheck is as follows:
| 346 | tester1 | ChilliSpot-Max-Daily-Octets | := | 26214400 |
What happens is that it seems the counter doesn't work as expected. When a
user logs in, performs some traffic usage, logs out and logs in again,
the replied back attribute for chilli doesn't contain a value which is the
remainder of the traffic usage, but something else.
According to the radius debug above, if check_item=26214400 and
counter=24004370, how come value=26239950?
So I'm guessing I'm missing something but I'm too obsessed with the
sqlcounter to notice it. (is the subtractation not a normal decimal action?)
The FreeRADIUS version used is 1.1.7
Regards,
Liran.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: sqlcounter returning wrong value?
No, he wants a data not time counter.
Ivan Kalik
Kalik Informatika ISP
Dana 24/10/2008, mulianto [EMAIL PROTECTED] piše:
hi..i think you should fix this one :
reply-name = ChilliSpot-Max-Total-Octets to :
reply-name = Session-Timeout
try it..
rgds,
Mulianto
http://www.indohotspot.net
Your Hotspot solution
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
Behalf Of liran tal
Sent: Friday, October 24, 2008 1:07 AM
To: FreeRadius users mailing list
Subject: sqlcounter returning wrong value?
Hey,
I'm experimenting with some sqlcounter directives in radiusd.conf and
chilli as the NAS.
I've defined the following sqlcounter stanza for a daily traffic limit:
sqlcounter defined in radiusd.conf:
(the query was corrected as suggested by tnt on a previous thread on the
list, correct me if I got it wrong please)
sqlcounter counterChilliSpotMaxDailyOctets {
counter-name = ChilliSpot-Max-Daily-Octets
check-name = ChilliSpot-Max-Daily-Octets
reply-name = ChilliSpot-Max-Total-Octets
sqlmod-inst = sql
key = User-Name
reset = daily
error-msg = Sorry, your maximum traffic usage (download
and upload) has exceed the provided limit
query = SELECT (SUM(AcctInputOctets + AcctOutputOctets))
FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) +
AcctSessionTime '%b'
}
In the authorization phase, I'm seeing the following in debug log:
rlm_sqlcounter: Entering module authorize code
sqlcounter_expand: 'SELECT (SUM(AcctInputOctets)+SUM(AcctOutputOctets))
FROM radacct WHERE UserName='%{User-Name}''
radius_xlat: 'SELECT (SUM(AcctInputOctets)+SUM(AcctOutputOctets)) FROM
radacct WHERE UserName='tester1''
sqlcounter_expand: '%{sql:SELECT
(SUM(AcctInputOctets)+SUM(AcctOutputOctets)) FROM radacct WHERE
UserName='tester1'}'
radius_xlat: Running registered xlat function of module sql for string
'SELECT (SUM(AcctInputOctets)+SUM(AcctOutputOctets)) FROM radacct WHERE
UserName='tester1''
rlm_sql (sql): - sql_xlat
radius_xlat: 'tester1'
rlm_sql (sql): sql_set_user escaped user -- 'tester1'
radius_xlat: 'SELECT (SUM(AcctInputOctets)+SUM(AcctOutputOctets)) FROM
radacct WHERE UserName='tester1''
rlm_sql (sql): Reserving sql socket id: 2
rlm_sql (sql): - sql_xlat finished
rlm_sql (sql): Released sql socket id: 2
radius_xlat: '24004370'
rlm_sqlcounter: (Check item - counter) is greater than zero
rlm_sqlcounter: Authorized user tester1, check_item=26214400,
counter=24004370
rlm_sqlcounter: Sent Reply-Item for user tester1,
Type=ChilliSpot-Max-Total-Octets, value=26239950
modcall[authorize]: module counterChilliSpotMaxDailyOctets returns
ok for request 0
The entry in radcheck is as follows:
| 346 | tester1 | ChilliSpot-Max-Daily-Octets | := | 26214400 |
What happens is that it seems the counter doesn't work as expected. When a
user logs in, performs some traffic usage, logs out and logs in again,
the replied back attribute for chilli doesn't contain a value which is the
remainder of the traffic usage, but something else.
According to the radius debug above, if check_item=26214400 and
counter=24004370, how come value=26239950?
So I'm guessing I'm missing something but I'm too obsessed with the
sqlcounter to notice it. (is the subtractation not a normal decimal action?)
The FreeRADIUS version used is 1.1.7
Regards,
Liran.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sqlcounter returning wrong value?
Hey,
2008/10/24 [EMAIL PROTECTED]
No, he wants a data not time counter.
That's right Evan. Moreover, there is no sense in changing the attribute to
be Session-Timeout when Chilli expects something else.
Any thoughts on this issue?
Thanks,
Dana 24/10/2008, mulianto [EMAIL PROTECTED] piše:
hi..i think you should fix this one :
reply-name = ChilliSpot-Max-Total-Octets to :
reply-name = Session-Timeout
try it..
rgds,
Mulianto
http://www.indohotspot.net
Your Hotspot solution
-Original Message-
From: [EMAIL PROTECTED]
[mailto:freeradius-users-bounces+muliantofreeradius-users-bounces%2Bmulianto
[EMAIL PROTECTED]
Behalf Of liran tal
Sent: Friday, October 24, 2008 1:07 AM
To: FreeRadius users mailing list
Subject: sqlcounter returning wrong value?
Hey,
I'm experimenting with some sqlcounter directives in radiusd.conf and
chilli as the NAS.
I've defined the following sqlcounter stanza for a daily traffic limit:
sqlcounter defined in radiusd.conf:
(the query was corrected as suggested by tnt on a previous thread on the
list, correct me if I got it wrong please)
sqlcounter counterChilliSpotMaxDailyOctets {
counter-name = ChilliSpot-Max-Daily-Octets
check-name = ChilliSpot-Max-Daily-Octets
reply-name = ChilliSpot-Max-Total-Octets
sqlmod-inst = sql
key = User-Name
reset = daily
error-msg = Sorry, your maximum traffic usage (download
and upload) has exceed the provided limit
query = SELECT (SUM(AcctInputOctets +
AcctOutputOctets))
FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) +
AcctSessionTime '%b'
}
In the authorization phase, I'm seeing the following in debug log:
rlm_sqlcounter: Entering module authorize code
sqlcounter_expand: 'SELECT
(SUM(AcctInputOctets)+SUM(AcctOutputOctets))
FROM radacct WHERE UserName='%{User-Name}''
radius_xlat: 'SELECT (SUM(AcctInputOctets)+SUM(AcctOutputOctets))
FROM
radacct WHERE UserName='tester1''
sqlcounter_expand: '%{sql:SELECT
(SUM(AcctInputOctets)+SUM(AcctOutputOctets)) FROM radacct WHERE
UserName='tester1'}'
radius_xlat: Running registered xlat function of module sql for string
'SELECT (SUM(AcctInputOctets)+SUM(AcctOutputOctets)) FROM radacct WHERE
UserName='tester1''
rlm_sql (sql): - sql_xlat
radius_xlat: 'tester1'
rlm_sql (sql): sql_set_user escaped user -- 'tester1'
radius_xlat: 'SELECT (SUM(AcctInputOctets)+SUM(AcctOutputOctets))
FROM
radacct WHERE UserName='tester1''
rlm_sql (sql): Reserving sql socket id: 2
rlm_sql (sql): - sql_xlat finished
rlm_sql (sql): Released sql socket id: 2
radius_xlat: '24004370'
rlm_sqlcounter: (Check item - counter) is greater than zero
rlm_sqlcounter: Authorized user tester1, check_item=26214400,
counter=24004370
rlm_sqlcounter: Sent Reply-Item for user tester1,
Type=ChilliSpot-Max-Total-Octets, value=26239950
modcall[authorize]: module counterChilliSpotMaxDailyOctets returns
ok for request 0
The entry in radcheck is as follows:
| 346 | tester1 | ChilliSpot-Max-Daily-Octets | := | 26214400 |
What happens is that it seems the counter doesn't work as expected. When
a
user logs in, performs some traffic usage, logs out and logs in again,
the replied back attribute for chilli doesn't contain a value which is
the
remainder of the traffic usage, but something else.
According to the radius debug above, if check_item=26214400 and
counter=24004370, how come value=26239950?
So I'm guessing I'm missing something but I'm too obsessed with the
sqlcounter to notice it. (is the subtractation not a normal decimal
action?)
The FreeRADIUS version used is 1.1.7
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sqlcounter returning wrong value?
It (daily sqlcounter) does the same in 2.0.5:
rlm_sqlcounter: Authorized user jagoda, check_item=1000, counter=2635
rlm_sqlcounter: Sent Reply-Item for user jagoda, Type=Session-Timeout,
value=10027850
Returns value that is greater than the limit. I am using noreset
sqlcounter and that one works fine.
Ivan Kalik
Kalik Informatika ISP
Dana 24/10/2008, liran tal [EMAIL PROTECTED] piše:
Hey,
2008/10/24 [EMAIL PROTECTED]
No, he wants a data not time counter.
That's right Evan. Moreover, there is no sense in changing the attribute to
be Session-Timeout when Chilli expects something else.
Any thoughts on this issue?
Thanks,
Dana 24/10/2008, mulianto [EMAIL PROTECTED] piše:
hi..i think you should fix this one :
reply-name = ChilliSpot-Max-Total-Octets to :
reply-name = Session-Timeout
try it..
rgds,
Mulianto
http://www.indohotspot.net
Your Hotspot solution
-Original Message-
From: [EMAIL PROTECTED]
[mailto:freeradius-users-bounces+muliantofreeradius-users-bounces%2Bmulianto
[EMAIL PROTECTED]
Behalf Of liran tal
Sent: Friday, October 24, 2008 1:07 AM
To: FreeRadius users mailing list
Subject: sqlcounter returning wrong value?
Hey,
I'm experimenting with some sqlcounter directives in radiusd.conf and
chilli as the NAS.
I've defined the following sqlcounter stanza for a daily traffic limit:
sqlcounter defined in radiusd.conf:
(the query was corrected as suggested by tnt on a previous thread on the
list, correct me if I got it wrong please)
sqlcounter counterChilliSpotMaxDailyOctets {
counter-name = ChilliSpot-Max-Daily-Octets
check-name = ChilliSpot-Max-Daily-Octets
reply-name = ChilliSpot-Max-Total-Octets
sqlmod-inst = sql
key = User-Name
reset = daily
error-msg = Sorry, your maximum traffic usage (download
and upload) has exceed the provided limit
query = SELECT (SUM(AcctInputOctets +
AcctOutputOctets))
FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) +
AcctSessionTime '%b'
}
In the authorization phase, I'm seeing the following in debug log:
rlm_sqlcounter: Entering module authorize code
sqlcounter_expand: 'SELECT
(SUM(AcctInputOctets)+SUM(AcctOutputOctets))
FROM radacct WHERE UserName='%{User-Name}''
radius_xlat: 'SELECT (SUM(AcctInputOctets)+SUM(AcctOutputOctets))
FROM
radacct WHERE UserName='tester1''
sqlcounter_expand: '%{sql:SELECT
(SUM(AcctInputOctets)+SUM(AcctOutputOctets)) FROM radacct WHERE
UserName='tester1'}'
radius_xlat: Running registered xlat function of module sql for string
'SELECT (SUM(AcctInputOctets)+SUM(AcctOutputOctets)) FROM radacct WHERE
UserName='tester1''
rlm_sql (sql): - sql_xlat
radius_xlat: 'tester1'
rlm_sql (sql): sql_set_user escaped user -- 'tester1'
radius_xlat: 'SELECT (SUM(AcctInputOctets)+SUM(AcctOutputOctets))
FROM
radacct WHERE UserName='tester1''
rlm_sql (sql): Reserving sql socket id: 2
rlm_sql (sql): - sql_xlat finished
rlm_sql (sql): Released sql socket id: 2
radius_xlat: '24004370'
rlm_sqlcounter: (Check item - counter) is greater than zero
rlm_sqlcounter: Authorized user tester1, check_item=26214400,
counter=24004370
rlm_sqlcounter: Sent Reply-Item for user tester1,
Type=ChilliSpot-Max-Total-Octets, value=26239950
modcall[authorize]: module counterChilliSpotMaxDailyOctets returns
ok for request 0
The entry in radcheck is as follows:
| 346 | tester1 | ChilliSpot-Max-Daily-Octets | := | 26214400 |
What happens is that it seems the counter doesn't work as expected. When
a
user logs in, performs some traffic usage, logs out and logs in again,
the replied back attribute for chilli doesn't contain a value which is
the
remainder of the traffic usage, but something else.
According to the radius debug above, if check_item=26214400 and
counter=24004370, how come value=26239950?
So I'm guessing I'm missing something but I'm too obsessed with the
sqlcounter to notice it. (is the subtractation not a normal decimal
action?)
The FreeRADIUS version used is 1.1.7
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
