Dailycounter not working
Matej Žerovnik
matej at zunaj.si
Sun Oct 19 22:05:44 CEST 2014
Hello!
I'm trying to use dailycounter on a LDAP authenticated user and it
doesn't seem to work. I think I did all steps correctly, but then again,
i have been wrong before:)
In radcheck table I added:
testuser Max-Daily-Session := 600
I enabled dailycounter in counters.conf:
sqlcounter dailycounter {
counter-name = Daily-Session-Time
check-name = Max-Daily-Session
reply-name = Session-Timeout
sqlmod-inst = sql
key = User-Name
reset = daily
query = "SELECT SUM(`Acct-Session-Time` - \
GREATEST((%b - UNIX_TIMESTAMP(`Acct-Start-Time`)), 0)) \
FROM accounting WHERE `User-Name` = '%{${key}}' AND \
UNIX_TIMESTAMP(`Acct-Start-Time`) +
`Acct-Session-Time` > '%b'"
}
In sites-available/default I have the following:
authorize {
if (User-Password) {
update control {
Auth-Type := ldap
Ldap-UserDN :=
"eduPersonPrincipalName=%{User-Name},dc=example,dc=com"
}
}
sql
dailycounter
}
authenticate {
Auth-Type LDAP {
ldap
}
}
Debug output:
rad_recv: Access-Request packet from host 10.10.10.10 port 33651, id=75,
length=202
NAS-Port-Type = Wireless-802.11
Calling-Station-Id = "00:24:D7:47:1C:XX"
Called-Station-Id = "hs-kit-testing"
NAS-Port-Id = "bridge-bralci"
User-Name = "testuser"
NAS-Port = 2151677975
Acct-Session-Id = "80400017"
Framed-IP-Address = 192.168.81.198
Mikrotik-Host-IP = 192.168.81.198
User-Password = "password"
Service-Type = Login-User
WISPr-Logoff-URL = "http://192.168.81.1"
NAS-Identifier = "kit-testing"
NAS-IP-Address = 192.168.1.116
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++? if (User-Password)
? Evaluating (User-Password) -> TRUE
++? if (User-Password) -> TRUE
++- entering if (User-Password) {...}
expand: eduPersonPrincipalName=%{User-Name},dc=example,dc=comsi
-> eduPersonPrincipalName=testuser,dc=example,dc=com
+++[control] returns notfound
++- if (User-Password) returns notfound
[sql] expand: %{User-Name} -> testuser
[sql] sql_set_user escaped user --> 'testuser'
rlm_sql (sql): Reserving sql socket id: 2
[sql] expand: SELECT id, username, attribute, value, op FROM
radcheck WHERE username = '%{SQL-User-Name}' ORDER
BY id -> SELECT id, username, attribute, value, op FROM
radcheck WHERE username = 'testuser' ORDER BY id
rlm_sql_mysql: query: SELECT id, username, attribute, value,
op FROM radcheck WHERE username =
'testuser' ORDER BY id
[sql] expand: SELECT groupname FROM radusergroup
WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT
groupname FROM radusergroup WHERE username =
'testuser' ORDER BY priority
rlm_sql_mysql: query: SELECT groupname FROM
radusergroup WHERE username = 'testuser' ORDER BY
priority
rlm_sql (sql): Released sql socket id: 2
[sql] User testuser not found
++[sql] returns notfound
*rlm_sqlcounter: Entering module authorize code**
**rlm_sqlcounter: Could not find Check item value pair**
**++[dailycounter] returns noop*
Found Auth-Type = LDAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group LDAP {...}
[ldap] login attempt by "testuser" with password "password"
[ldap] user DN: eduPersonPrincipalName=testuser,dc=example,dc=com
[ldap] (re)connect to ldaps.example.com:636, authentication 1
[ldap] setting TLS mode to 1
[ldap] bind as
eduPersonPrincipalName=testuser,dc=example,dc=com/password to
ldaps.example.com:636
[ldap] waiting for bind result ...
[ldap] Bind was successful
[ldap] user testuser authenticated succesfully
++[ldap] returns ok
# Executing section post-auth from file /etc/raddb/sites-enabled/default
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 75 to 10.10.10.10 port 33651
Why doesn't radius find Check item value pair? It does exists in
radcheck table...
Does it only work for local mysql users?
Matej
--
---
Matej Zerovnik
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20141019/ccbf8f4f/attachment.html>
More information about the Freeradius-Users
mailing list