Execute script to enable rlm counter module

freeradius freeradius at reiner-rottmann.de
Thu Oct 27 13:19:33 CEST 2005


Hello,

I want to execute a script in the authentication process that simulates accounting with radclient so that the counter module starts measuring time. But I do not know what data freeradius expects to start counting.

The whole story with debug info:

Currently I write a diploma involving a freeradius server. The platform is debian and windows xp (cygwin compiled version of freeradius -> nearly identical configuration).

I create useraccounts dynamically and I load them through fastusers. So no SQL is involved (does not work in the win32 version). I want to disable a user account 60 minutes after he uses the account to authenticate on the radius server through eap-md5. The authentication part works fine with the client.

The calculation of the session time with daily counter does not work. I suppose  because the NAS does not support radius accounting. And with my understanding of the manual and various posts to this mailinglist it is mandatory to get the counter working. 

I use the standard radius configfile and I have uncommented the counter daily in the appropriate sections in raddb.conf.  In users I have implemented the DEFAULT rule to reject  60 minutes after first use.

 DEFAULT  Daily-Session-Time > 3600, Auth-Type = Reject
 Reply-Message = "You've used up more than one hour today"

According to the debug information the counter is correctly instantiated:

Module: Loaded Counter
 counter: filename = "../etc/raddb/db.daily"
 counter: key = "User-Name"
 counter: reset = "monthly"
 counter: count-attribute = "Acct-Session-Time"
 counter: counter-name = "Daily-Session-Time"
 counter: check-name = "Max-Daily-Session"
 counter: allowed-servicetype = "(null)"
 counter: cache-size = 5000
rlm_counter: Counter attribute Daily-Session-Time is number 1671
rlm_counter: Current Time: 1130410681 [2005-10-27 12:58:01], Next reset 11307960
00 [2005-10-31 23:00:00]
Module: Instantiated counter (daily)

freeradius is listening:

Listening on authentication *:1812
Listening on accounting *:1813
Listening on proxy *:1814
Ready to process requests.

When a user logs in the counter returns:

rlm_counter: Entering module authorize code
rlm_counter: Could not find Check item value pair
  modcall[authorize]: module "daily" returns noop for request 0

There is the accounting database db.daily with ~4kb binary data. I suppose that there is no accounting data in it and so the counter could not check the item value pair.

The counter module daily does not begin accounting because the user only authorizes himself and it could be possible that he does not use the service.

---> So I want to trick freeradius with fake accounting data.

I want to execute a script in the authentication process that simulates accounting with the radclient. I managed to execute a script to start radclient. But I do not know what data is needed so that freeradius really thinks that the user uses his account.

If I send an the standard test accounting packet  with radclient I receive this:

Nothing to do.  Sleeping until we see a request.
rad_recv: Accounting-Request packet from host 127.0.0.1:1846, id=48, length=60
        User-Name = "John Doe"
        User-Password = "\203\373\033%bk82\356\250\227\016\005\031\375\023"
        NAS-IP-Address = 127.0.0.1
        NAS-Port = 123
  Processing the preacct section of radiusd.conf
modcall: entering group preacct for request 1
  modcall[preacct]: module "preprocess" returns noop for request 1
rlm_acct_unique: WARNING: Attribute Acct-Session-Id was not found in request, un
ique ID MAY be inconsistent
rlm_acct_unique: Hashing 'NAS-Port = 123,Client-IP-Address = 127.0.0.1,NAS-IP-Ad
dress = 127.0.0.1,,User-Name = "John Doe"'
rlm_acct_unique: Acct-Unique-Session-ID = "40560ac3fd77d64a".
  modcall[preacct]: module "acct_unique" returns ok for request 1
    rlm_realm: No '@' in User-Name = "John Doe", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[preacct]: module "suffix" returns noop for request 1
  modcall[preacct]: module "files" returns noop for request 1
modcall: group preacct returns ok for request 1
  Processing the accounting section of radiusd.conf
modcall: entering group accounting for request 1
radius_xlat:  '../var/log/radius/radacct/127.0.0.1/detail-20051027'
rlm_detail: ../var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands
 to ../var/log/radius/radacct/127.0.0.1/detail-20051027
  modcall[accounting]: module "detail" returns ok for request 1
rlm_counter: Could not find account status type in packet.
  modcall[accounting]: module "daily" returns noop for request 1
rlm_unix: no Accounting-Status-Type attribute in request.
  modcall[accounting]: module "unix" returns noop for request 1
rlm_radutmp: No Accounting-Status-Type record.
  modcall[accounting]: module "radutmp" returns noop for request 1
modcall: group accounting returns ok for request 1
Sending Accounting-Response of id 48 to 127.0.0.1:1846
Finished request 1
Going to the next request
--- Walking the entire request list ---
Cleaning up request 1 ID 48 with timestamp 4360b4e1
Nothing to do.  Sleeping until we see a request.

So what is the appropriate data to feed to freeradius so that the time will be measured?

Can someone help me in this matter?

Thanks you for your patience reading this and for your suggestions,

Reiner Rottmann.










More information about the Freeradius-Users mailing list