Freeradius with daily counter

Ali Jawad alijawad1 at
Tue Jul 15 12:59:18 CEST 2014

I did setup Freeradius with SQL backend and connected it to a l2tp vpn
server. Connecting works great and accounting is logged into the radacct
table. So far so good, now I am experimenting with limits. And I chose
daily session time to test out first.

I did insert into radcheck "where username is obviously test"

test Max-Daily-Session := 100000000

When I did that, logon fails

Now, here is where I might have messed up

In sites-enabled/default I did uncomment


        #  Enforce daily limits on time spent logged in.



accounting {


In radiusd.conf I did uncomment

instantiate {

        # We add the counter module here so that it registers

        # the check-name attribute before any module which sets

        # it


modules/counter includes

counter daily {

        filename = ${db_dir}/db.daily

        key = User-Name

        count-attribute = Acct-Session-Time

        reset = daily

        counter-name = Daily-Session-Time

        check-name = Max-Daily-Session

        reply-name = Session-Timeout

        allowed-servicetype = Framed-User

        cache-size = 5000


When I start radiusd -X I can see the following :

 radiusd: #### Instantiating modules ####

 instantiate {

 Module: Linked to module rlm_exec

 Module: Instantiating module "exec" from file /etc/raddb/modules/exec

  exec {

        wait = no

        input_pairs = "request"

        shell_escape = yes


 Module: Linked to module rlm_expr

 Module: Instantiating module "expr" from file /etc/raddb/modules/expr

 Module: Linked to module rlm_counter

 Module: Instantiating module "daily" from file /etc/raddb/modules/counter

  counter daily {

        filename = "/etc/raddb/db.daily"

        key = "User-Name"

        reset = "daily"

        count-attribute = "Acct-Session-Time"

        counter-name = "Daily-Session-Time"

        check-name = "Max-Daily-Session"

        reply-name = "Session-Timeout"

        allowed-servicetype = "Framed-User"

        cache-size = 5000


rlm_counter: Counter attribute Daily-Session-Time is number 11273

rlm_counter: Current Time: 1405421724 [2014-07-15 05:55:24], Next reset
1405486800 [2014-07-16 00:00:00]

rlm_counter: Failed to open file /etc/raddb/db.daily: Permission denied

/etc/raddb/modules/counter[71]: Instantiation failed for module "daily"

What strikes me as weird is  why does freeradius try to look in db.daily
which does not exist, instead of the MySQL table radacct ? I did try to
create a file db.daily "just for testing" and seLinux is disabled.

[root at localhost raddb]# ls -lart /etc/raddb/db.daily

-rw-r--r-- 1 root radiusd 0 Jul 15 05:35 /etc/raddb/db.daily

[root at localhost raddb]# getenforce


This is more or less a default CentOS RPM installation user and group are
listed below

user = radiusd

group = radiusd

Am I barking up the wrong tree here ?

Any pointers in the right directions please?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Freeradius-Users mailing list