Hello,
I want to execute a script in the authentication process that simulates
accounting with radclient so that the counter module starts measuring time. But
I do not know what data freeradius expects to start counting.
The whole story with debug info:
Currently I write a diploma involving a freeradius server. The platform is
debian and windows xp (cygwin compiled version of freeradius -> nearly
identical configuration).
I create useraccounts dynamically and I load them through fastusers. So no SQL
is involved (does not work in the win32 version). I want to disable a user
account 60 minutes after he uses the account to authenticate on the radius
server through eap-md5. The authentication part works fine with the client.
The calculation of the session time with daily counter does not work. I suppose
because the NAS does not support radius accounting. And with my understanding
of the manual and various posts to this mailinglist it is mandatory to get the
counter working.
I use the standard radius configfile and I have uncommented the counter daily
in the appropriate sections in raddb.conf. In users I have implemented the
DEFAULT rule to reject 60 minutes after first use.
DEFAULT Daily-Session-Time > 3600, Auth-Type = Reject
Reply-Message = "You've used up more than one hour today"
According to the debug information the counter is correctly instantiated:
Module: Loaded Counter
counter: filename = "../etc/raddb/db.daily"
counter: key = "User-Name"
counter: reset = "monthly"
counter: count-attribute = "Acct-Session-Time"
counter: counter-name = "Daily-Session-Time"
counter: check-name = "Max-Daily-Session"
counter: allowed-servicetype = "(null)"
counter: cache-size = 5000
rlm_counter: Counter attribute Daily-Session-Time is number 1671
rlm_counter: Current Time: 1130410681 [2005-10-27 12:58:01], Next reset 11307960
00 [2005-10-31 23:00:00]
Module: Instantiated counter (daily)
freeradius is listening:
Listening on authentication *:1812
Listening on accounting *:1813
Listening on proxy *:1814
Ready to process requests.
When a user logs in the counter returns:
rlm_counter: Entering module authorize code
rlm_counter: Could not find Check item value pair
modcall[authorize]: module "daily" returns noop for request 0
There is the accounting database db.daily with ~4kb binary data. I suppose that
there is no accounting data in it and so the counter could not check the item
value pair.
The counter module daily does not begin accounting because the user only
authorizes himself and it could be possible that he does not use the service.
---> So I want to trick freeradius with fake accounting data.
I want to execute a script in the authentication process that simulates
accounting with the radclient. I managed to execute a script to start
radclient. But I do not know what data is needed so that freeradius really
thinks that the user uses his account.
If I send an the standard test accounting packet with radclient I receive this:
Nothing to do. Sleeping until we see a request.
rad_recv: Accounting-Request packet from host 127.0.0.1:1846, id=48, length=60
User-Name = "John Doe"
User-Password = "\203\373\033%bk82\356\250\227\016\005\031\375\023"
NAS-IP-Address = 127.0.0.1
NAS-Port = 123
Processing the preacct section of radiusd.conf
modcall: entering group preacct for request 1
modcall[preacct]: module "preprocess" returns noop for request 1
rlm_acct_unique: WARNING: Attribute Acct-Session-Id was not found in request, un
ique ID MAY be inconsistent
rlm_acct_unique: Hashing 'NAS-Port = 123,Client-IP-Address = 127.0.0.1,NAS-IP-Ad
dress = 127.0.0.1,,User-Name = "John Doe"'
rlm_acct_unique: Acct-Unique-Session-ID = "40560ac3fd77d64a".
modcall[preacct]: module "acct_unique" returns ok for request 1
rlm_realm: No '@' in User-Name = "John Doe", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[preacct]: module "suffix" returns noop for request 1
modcall[preacct]: module "files" returns noop for request 1
modcall: group preacct returns ok for request 1
Processing the accounting section of radiusd.conf
modcall: entering group accounting for request 1
radius_xlat: '../var/log/radius/radacct/127.0.0.1/detail-20051027'
rlm_detail: ../var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands
to ../var/log/radius/radacct/127.0.0.1/detail-20051027
modcall[accounting]: module "detail" returns ok for request 1
rlm_counter: Could not find account status type in packet.
modcall[accounting]: module "daily" returns noop for request 1
rlm_unix: no Accounting-Status-Type attribute in request.
modcall[accounting]: module "unix" returns noop for request 1
rlm_radutmp: No Accounting-Status-Type record.
modcall[accounting]: module "radutmp" returns noop for request 1
modcall: group accounting returns ok for request 1
Sending Accounting-Response of id 48 to 127.0.0.1:1846
Finished request 1
Going to the next request
--- Walking the entire request list ---
Cleaning up request 1 ID 48 with timestamp 4360b4e1
Nothing to do. Sleeping until we see a request.
So what is the appropriate data to feed to freeradius so that the time will be
measured?
Can someone help me in this matter?
Thanks you for your patience reading this and for your suggestions,
Reiner Rottmann.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
