<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
<font size="-1"><font face="Verdana">Thanks Roberto for your answer but
I did the changes in sqlcounter.conf and with my cisco, sqlcounter
doesn´t work, with NTRadping it works very well. I looked into the
source code in freeradius 1.0.4 but this module is the same for 1.0.2
version (I have working 1.0.2)<br>
What can I do?<br>
Do you know how can I debug this module?<br>
<br>
This is the message with radiusd -X -A (with Cisco):<br>
<br>
rlm_ldap: user cmartinez authorized to use remote access<br>
rlm_ldap: ldap_release_conn: Release Id: 0<br>
modcall[authorize]: module "ldap" returns ok for request 5<br>
rlm_sqlcounter: Entering module authorize code<br>
rlm_sqlcounter: Could not find Check item value pair<br>
modcall[authorize]: module "monthlycounter" returns noop for request 5<br>
modcall: group authorize returns ok for request 5<br>
rad_check_password: Found Auth-Type ldap<br>
auth: type "LDAP"<br>
Processing the authenticate section of radiusd.conf<br>
<br>
-------------------------------------------------------------------------<br>
<br>
with NTRadping:<br>
<br>
rlm_ldap: ldap_release_conn: Release Id: 0<br>
modcall[authorize]: module "ldap" returns ok for request 0<br>
rlm_sqlcounter: Entering module authorize code<br>
sqlcounter_expand: 'SELECT SUM(AcctSessionTime - GREATEST((1117602000
- UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE
UserName='%{User-Name}' AND UNIX_TIMESTAMP(AcctStartTime) +
AcctSessionTime > '1117602000''<br>
radius_xlat: 'SELECT SUM(AcctSessionTime - GREATEST((1117602000 -
UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE
UserName='cmartinez' AND UNIX_TIMESTAMP(AcctStartTime) +
AcctSessionTime > '1117602000''<br>
sqlcounter_expand: '%{sql:SELECT SUM(AcctSessionTime -
GREATEST((1117602000 - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct
WHERE UserName='cmartinez' AND UNIX_TIMESTAMP(AcctStartTime) +
AcctSessionTime > '1117602000'}'<br>
radius_xlat: Running registered xlat function of module sql for string
'SELECT SUM(AcctSessionTime - GREATEST((1117602000 -
UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE
UserName='cmartinez' AND UNIX_TIMESTAMP(AcctStartTime) +
AcctSessionTime > '1117602000''<br>
rlm_sql (sql): - sql_xlat<br>
radius_xlat: 'cmartinez'<br>
rlm_sql (sql): sql_set_user escaped user --> 'cmartinez'<br>
radius_xlat: 'SELECT SUM(AcctSessionTime - GREATEST((1117602000 -
UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE
UserName='cmartinez' AND UNIX_TIMESTAMP(AcctStartTime) +
AcctSessionTime > '1117602000''<br>
rlm_sql (sql): Reserving sql socket id: 4<br>
rlm_sql (sql): - sql_xlat finished<br>
rlm_sql (sql): Released sql socket id: 4<br>
radius_xlat: '107853'<br>
rlm_sqlcounter: (Check item - counter) is less than zero<br>
rlm_sqlcounter: Rejected user cmartinez, check_item=100000,
counter=107853<br>
<br>
<br>
Thanks for your help!<br>
</font></font>
<pre class="moz-signature" cols="72">Carlos Martínez-Troncoso Cera
Coordinador de Servicios Internet/Intranet
Universidad del Norte
Barranquilla, Colombia
Tel: 57 5 3509367</pre>
<br>
<br>
Roberto Gonzalez Azevedo wrote:
<blockquote cite="mid42B40760.5000900@censanet.com.br" type="cite">sqlcounter
noresetcounter {
<br>
## Look here
<br>
driver = "rlm_sqlcounter"
<br>
counter-name = Max-All-Session-Time
<br>
check-name = Max-All-Session
<br>
## Look here
<br>
check-item = Max-All-Session
<br>
sqlmod-inst = sql
<br>
key = User-Name
<br>
reset = never
<br>
query = "SELECT SUM(AcctSessionTime) FROM radacct WHERE
UserName='%{%k}'"
<br>
}
<br>
<br>
sqlcounter dailycounter {
<br>
driver = "rlm_sqlcounter"
<br>
counter-name = Daily-Session-Time
<br>
check-name = Max-Daily-Session
<br>
## Look here
<br>
check-item = Max-Daily-Session
<br>
sqlmod-inst = sql
<br>
key = User-Name
<br>
reset = daily
<br>
query = "SELECT SUM(AcctSessionTime - GREATEST((%b -
UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{%k}'
AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'"
<br>
}
<br>
<br>
sqlcounter monthlycounter {
<br>
## Look here
<br>
driver = "rlm_sqlcounter"
<br>
counter-name = Monthly-Session-Time
<br>
check-name = Max-Monthly-Session
<br>
## Look here
<br>
check-item = Max-Monthly-Session
<br>
sqlmod-inst = sql
<br>
key = User-Name
<br>
reset = monthly
<br>
query = "SELECT SUM(AcctSessionTime - GREATEST((%b -
UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{%k}'
AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'"
<br>
}
<br>
<br>
thanks ...
<br>
-------------------------
<br>
Roberto Gonzalez Azevedo
<br>
<br>
Carlos Martínez-Troncoso Cera wrote:
<br>
<blockquote type="cite">ok Roberto:
<br>
sqlcounter noresetcounter {
<br>
counter-name = Max-All-Session-Time
<br>
check-name = Max-All-Session
<br>
sqlmod-inst = sql
<br>
key = User-Name
<br>
reset = never
<br>
query = "SELECT SUM(AcctSessionTime) FROM radacct WHERE
UserName='%{%k}'"
<br>
}
<br>
<br>
sqlcounter dailycounter {
<br>
driver = "rlm_sqlcounter"
<br>
counter-name = Daily-Session-Time
<br>
check-name = Max-Daily-Session
<br>
sqlmod-inst = sql
<br>
key = User-Name
<br>
reset = daily
<br>
query = "SELECT SUM(AcctSessionTime - GREATEST((%b -
UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{%k}'
AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'"
<br>
}
<br>
<br>
sqlcounter monthlycounter {
<br>
counter-name = Monthly-Session-Time
<br>
check-name = Max-Monthly-Session
<br>
sqlmod-inst = sql
<br>
key = User-Name
<br>
reset = monthly
<br>
query = "SELECT SUM(AcctSessionTime - GREATEST((%b -
UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{%k}'
AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'"
<br>
}
<br>
<br>
<br>
<br>
Carlos Martínez-Troncoso Cera
<br>
Coordinador de Servicios Internet/Intranet
<br>
Universidad del Norte
<br>
Barranquilla, Colombia
<br>
Tel: 57 5 3509367
<br>
<br>
<br>
<br>
Roberto Gonzalez Azevedo wrote:
<br>
<br>
<blockquote type="cite">Show us your sqlcounter.conf ...
<br>
<br>
You should define 'check-item' in sqlcounter.conf ...
<br>
<br>
-------------------------
<br>
Roberto Gonzalez Azevedo
<br>
Carlos Martínez-Troncoso Cera wrote:
<br>
<br>
<blockquote type="cite">Hello.
<br>
<br>
I have freradius-1.0.2 with autorizathion and authentication in LDAP
and accounting in MySQL. I configured to use rlm_sqlcounter to control
time connections, testing with NTRadping work well but testing with my
Cisco NAS it doesn´t work
<br>
<br>
With my cisco NAS this is the message:
<br>
<br>
rlm_sqlcounter: Entering module authorize code
<br>
rlm_sqlcounter: Could not find Check item value pair
<br>
modcall[authorize]: module "noresetcounter" returns noop for request
3
<br>
rlm_sqlcounter: Entering module authorize code
<br>
rlm_sqlcounter: Could not find Check item value pair
<br>
modcall[authorize]: module "monthlycounter" returns noop for request
3
<br>
<br>
<br>
With NTRadPing the message is:
<br>
<br>
rlm_sqlcounter: (Check item - counter) is greater than zero
<br>
rlm_sqlcounter: Authorized user cmartinez, check_item=108000,
counter=106750
<br>
rlm_sqlcounter: Sent Reply-Item for user cmartinez,
Type=Session-Timeout, value=1250
<br>
modcall[authorize]: module "monthlycounter" returns ok for request 8
<br>
<br>
<br>
My relevant conf files:
<br>
------------------------------------
<br>
clients.conf
<br>
<br>
#PC with NTRadping
<br>
client 172.16.31.43/32 {
<br>
secret = xxxxx
<br>
shortname = Carlos
<br>
type = other
<br>
}
<br>
#Cisco NAS
<br>
client 200.106.138.14/32 {
<br>
secret = xxxxxx
<br>
shortname = cisco
<br>
type = cisco
<br>
}
<br>
------------------------------------
<br>
radiusd.conf
<br>
<br>
prefix = /usr
<br>
exec_prefix = /usr
<br>
sysconfdir = /etc
<br>
localstatedir = /var
<br>
sbindir = /usr/sbin
<br>
logdir = ${localstatedir}/log/radius
<br>
raddbdir = ${sysconfdir}/raddb
<br>
radacctdir = ${logdir}/radacct
<br>
confdir = ${raddbdir}
<br>
run_dir = ${localstatedir}/run/radiusd
<br>
log_file = ${logdir}/radius.log
<br>
libdir = /usr/local/lib
<br>
pidfile = ${run_dir}/radiusd.pid
<br>
user = radiusd
<br>
group = radiusd
<br>
max_request_time = 30
<br>
delete_blocked_requests = no
<br>
cleanup_delay = 5
<br>
max_requests = 1024
<br>
bind_address = *
<br>
port = 1812
<br>
hostname_lookups = no
<br>
allow_core_dumps = no
<br>
regular_expressions = yes
<br>
extended_expressions = yes
<br>
log_stripped_names = yes
<br>
log_auth = yes
<br>
log_auth_badpass = no
<br>
log_auth_goodpass = no
<br>
usercollide = no
<br>
lower_user = no
<br>
lower_pass = no
<br>
nospace_user = no
<br>
nospace_pass = no
<br>
checkrad = ${sbindir}/checkrad
<br>
<br>
security {
<br>
max_attributes = 200
<br>
reject_delay = 1
<br>
status_server = no
<br>
}
<br>
<br>
proxy_requests = no
<br>
$INCLUDE ${confdir}/clients.conf
<br>
snmp = no
<br>
$INCLUDE ${confdir}/snmp.conf
<br>
<br>
thread pool {
<br>
start_servers = 5
<br>
max_servers = 32
<br>
min_spare_servers = 3
<br>
max_spare_servers = 10
<br>
max_requests_per_server = 0
<br>
}
<br>
<br>
modules {
<br>
<br>
pap {
<br>
encryption_scheme = crypt
<br>
}
<br>
<br>
chap {
<br>
authtype = CHAP
<br>
}
<br>
<br>
pam {
<br>
pam_auth = radiusd
<br>
}
<br>
<br>
$INCLUDE ${confdir}/sql.conf
<br>
$INCLUDE ${confdir}/sqlcounter.conf mschap {
<br>
authtype = MS-CHAP
<br>
}
<br>
<br>
ldap {
<br>
server = "200.xx.xx.xx"
<br>
port = "390"
<br>
identity = "cn=Directory Manager"
<br>
password = xxxxxxxxxx
<br>
basedn = "o=yy,o=yy"
<br>
password_attribute = "userPassword"
<br>
filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
<br>
start_tls = no
<br>
access_attr = "dialupAccess"
<br>
dictionary_mapping = ${raddbdir}/ldap.attrmap
<br>
ldap_connections_number = 5
<br>
timeout = 4
<br>
timelimit = 3
<br>
net_timeout = 1
<br>
}
<br>
<br>
checkval {
<br>
item-name = Max-Monthly-Session
<br>
check-name = Max-Monthly-Session
<br>
data-type = string
<br>
}
<br>
preprocess {
<br>
huntgroups = ${confdir}/huntgroups
<br>
hints = ${confdir}/hints
<br>
with_ascend_hack = no
<br>
ascend_channels_per_line = 23
<br>
with_ntdomain_hack = no
<br>
with_specialix_jetstream_hack = no
<br>
with_cisco_vsa_hack = no
<br>
}
<br>
<br>
files {
<br>
usersfile = ${confdir}/users
<br>
acctusersfile = ${confdir}/acct_users
<br>
compat = no
<br>
}
<br>
<br>
detail {
<br>
detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d
<br>
detailperm = 0600
<br>
}
<br>
<br>
detail auth_log {
<br>
detailfile =
${radacctdir}/%{Client-IP-Address}/auth-detail-%Y%m%d
<br>
detailperm = 0600
<br>
}
<br>
<br>
detailfile = ${radacctdir}/%{Client-IP-Address}/reply-detail-%Y%m%d
<br>
detailperm = 0600
<br>
<br>
acct_unique {
<br>
key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port"
<br>
}
<br>
<br>
radutmp {
<br>
filename = ${logdir}/radutmp
<br>
username = %{User-Name}
<br>
case_sensitive = yes
<br>
check_with_nas = yes perm = 0600
<br>
callerid = "yes"
<br>
}
<br>
<br>
radutmp sradutmp {
<br>
filename = ${logdir}/sradutmp
<br>
perm = 0644
<br>
callerid = "no"
<br>
}
<br>
<br>
attr_filter {
<br>
attrsfile = ${confdir}/attrs
<br>
}
<br>
<br>
always fail {
<br>
rcode = fail
<br>
}
<br>
always reject {
<br>
rcode = reject
<br>
}
<br>
always ok {
<br>
rcode = ok
<br>
simulcount = 0
<br>
mpp = no
<br>
}
<br>
<br>
expr {
<br>
}
<br>
<br>
digest {
<br>
}
<br>
<br>
exec {
<br>
wait = yes
<br>
input_pairs = request
<br>
}
<br>
<br>
exec echo {
<br>
wait = yes
<br>
program = "/bin/echo %{User-Name}"
<br>
input_pairs = request
<br>
output_pairs = reply
<br>
}
<br>
<br>
ippool main_pool {
<br>
range-start = 192.168.1.1
<br>
range-stop = 192.168.3.254
<br>
netmask = 255.255.255.0
<br>
cache-size = 800
<br>
session-db = ${raddbdir}/db.ippool
<br>
ip-index = ${raddbdir}/db.ipindex
<br>
override = no
<br>
maximum-timeout = 0
<br>
}
<br>
}
<br>
<br>
instantiate {
<br>
exec
<br>
expr
<br>
monthlycounter
<br>
}
<br>
<br>
authorize {
<br>
preprocess
<br>
auth_log
<br>
chap
<br>
mschap
<br>
files
<br>
ldap
<br>
noresetcounter
<br>
monthlycounter
<br>
}
<br>
<br>
authenticate {
<br>
Auth-Type PAP {
<br>
pap
<br>
}
<br>
Auth-Type CHAP {
<br>
chap
<br>
}
<br>
Auth-Type MS-CHAP {
<br>
mschap
<br>
}
<br>
Auth-Type LDAP {
<br>
ldap
<br>
}
<br>
}
<br>
<br>
preacct {
<br>
preprocess
<br>
acct_unique
<br>
}
<br>
<br>
accounting {
<br>
detail
<br>
radutmp
<br>
sradutmp
<br>
sql
<br>
}
<br>
<br>
session {
<br>
radutmp
<br>
sql
<br>
}
<br>
<br>
post-auth {
<br>
}
<br>
<br>
pre-proxy {
<br>
}
<br>
<br>
post-proxy {
<br>
}
<br>
<br>
-------------------------------------
<br>
users
<br>
<br>
DEFAULT Auth-Type = ldap
<br>
Fall-Through = 1
<br>
<br>
DEFAULT Simultaneous-Use := 1
<br>
Fall-Through = 1
<br>
<br>
DEFAULT Framed-Protocol == PPP
<br>
Framed-Protocol = PPP,
<br>
Framed-Compression = Van-Jacobson-TCP-IP
<br>
<br>
testuser Max-Monthly-Session := 108000, Auth-Type := ldap
<br>
Service-Type = Framed-User,
<br>
Framed-Protocol = PPP
<br>
<br>
<br>
Any help will be appreciated.
<br>
<br>
Thanks a lot
<br>
<br>
-- <br>
Carlos Martínez-Troncoso Cera
<br>
Coordinador de Servicios Internet/Intranet
<br>
Universidad del Norte
<br>
Barranquilla, Colombia
<br>
<br>
<br>
<br>
------------------------------------------------------------------------
<br>
<br>
- List info/subscribe/unsubscribe? See
<a class="moz-txt-link-freetext" href="http://www.freeradius.org/list/users.html">http://www.freeradius.org/list/users.html</a>
<br>
</blockquote>
<br>
<br>
<br>
<br>
- List info/subscribe/unsubscribe? See
<a class="moz-txt-link-freetext" href="http://www.freeradius.org/list/users.html">http://www.freeradius.org/list/users.html</a>
<br>
<br>
</blockquote>
- List info/subscribe/unsubscribe? See
<a class="moz-txt-link-freetext" href="http://www.freeradius.org/list/users.html">http://www.freeradius.org/list/users.html</a>
<br>
</blockquote>
<br>
<br>
- List info/subscribe/unsubscribe? See
<a class="moz-txt-link-freetext" href="http://www.freeradius.org/list/users.html">http://www.freeradius.org/list/users.html</a>
<br>
<br>
</blockquote>
</body>
</html>