<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
  <title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
<font size="-1"><font face="Verdana">Thanks Roberto for your answer but
I did the changes in sqlcounter.conf and with my cisco, sqlcounter
doesn´t work, with NTRadping it works very well. I looked into the
source code in freeradius 1.0.4 but this module is the same for 1.0.2
version (I have working 1.0.2)<br>
What can I do?<br>
Do you know how can I debug this module?<br>
<br>
This is the message with radiusd -X -A (with Cisco):<br>
<br>
rlm_ldap: user cmartinez authorized to use remote access<br>
rlm_ldap: ldap_release_conn: Release Id: 0<br>
  modcall[authorize]: module "ldap" returns ok for request 5<br>
rlm_sqlcounter: Entering module authorize code<br>
rlm_sqlcounter: Could not find Check item value pair<br>
  modcall[authorize]: module "monthlycounter" returns noop for request 5<br>
modcall: group authorize returns ok for request 5<br>
  rad_check_password:  Found Auth-Type ldap<br>
auth: type "LDAP"<br>
  Processing the authenticate section of radiusd.conf<br>
<br>
-------------------------------------------------------------------------<br>
<br>
with NTRadping:<br>
<br>
rlm_ldap: ldap_release_conn: Release Id: 0<br>
  modcall[authorize]: module "ldap" returns ok for request 0<br>
rlm_sqlcounter: Entering module authorize code<br>
sqlcounter_expand:  'SELECT SUM(AcctSessionTime - GREATEST((1117602000
- UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE
UserName='%{User-Name}' AND UNIX_TIMESTAMP(AcctStartTime) +
AcctSessionTime > '1117602000''<br>
radius_xlat:  'SELECT SUM(AcctSessionTime - GREATEST((1117602000 -
UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE
UserName='cmartinez' AND UNIX_TIMESTAMP(AcctStartTime) +
AcctSessionTime > '1117602000''<br>
sqlcounter_expand:  '%{sql:SELECT SUM(AcctSessionTime -
GREATEST((1117602000 - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct
WHERE UserName='cmartinez' AND UNIX_TIMESTAMP(AcctStartTime) +
AcctSessionTime > '1117602000'}'<br>
radius_xlat: Running registered xlat function of module sql for string
'SELECT SUM(AcctSessionTime - GREATEST((1117602000 -
UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE
UserName='cmartinez' AND UNIX_TIMESTAMP(AcctStartTime) +
AcctSessionTime > '1117602000''<br>
rlm_sql (sql): - sql_xlat<br>
radius_xlat:  'cmartinez'<br>
rlm_sql (sql): sql_set_user escaped user --> 'cmartinez'<br>
radius_xlat:  'SELECT SUM(AcctSessionTime - GREATEST((1117602000 -
UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE
UserName='cmartinez' AND UNIX_TIMESTAMP(AcctStartTime) +
AcctSessionTime > '1117602000''<br>
rlm_sql (sql): Reserving sql socket id: 4<br>
rlm_sql (sql): - sql_xlat finished<br>
rlm_sql (sql): Released sql socket id: 4<br>
radius_xlat:  '107853'<br>
rlm_sqlcounter: (Check item - counter) is less than zero<br>
rlm_sqlcounter: Rejected user cmartinez, check_item=100000,
counter=107853<br>
 <br>
<br>
Thanks for your help!<br>
</font></font>
<pre class="moz-signature" cols="72">Carlos Martínez-Troncoso Cera
Coordinador de Servicios Internet/Intranet
Universidad del Norte
Barranquilla, Colombia
Tel: 57 5 3509367</pre>
<br>
<br>
Roberto Gonzalez Azevedo wrote:
<blockquote cite="mid42B40760.5000900@censanet.com.br" type="cite">sqlcounter
noresetcounter {
  <br>
## Look here
  <br>
        driver = "rlm_sqlcounter"
  <br>
               counter-name = Max-All-Session-Time
  <br>
               check-name = Max-All-Session
  <br>
## Look here
  <br>
        check-item = Max-All-Session
  <br>
               sqlmod-inst = sql
  <br>
               key = User-Name
  <br>
               reset = never
  <br>
               query = "SELECT SUM(AcctSessionTime) FROM radacct WHERE
UserName='%{%k}'"
  <br>
       }
  <br>
  <br>
sqlcounter dailycounter {
  <br>
               driver = "rlm_sqlcounter"
  <br>
               counter-name = Daily-Session-Time
  <br>
               check-name = Max-Daily-Session
  <br>
## Look here
  <br>
        check-item = Max-Daily-Session
  <br>
               sqlmod-inst = sql
  <br>
               key = User-Name
  <br>
               reset = daily
  <br>
               query = "SELECT SUM(AcctSessionTime - GREATEST((%b -
UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{%k}'
AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'"
  <br>
       }
  <br>
  <br>
sqlcounter monthlycounter {
  <br>
## Look here
  <br>
        driver = "rlm_sqlcounter"
  <br>
               counter-name = Monthly-Session-Time
  <br>
               check-name = Max-Monthly-Session
  <br>
## Look here
  <br>
        check-item = Max-Monthly-Session
  <br>
               sqlmod-inst = sql
  <br>
               key = User-Name
  <br>
               reset = monthly
  <br>
               query = "SELECT SUM(AcctSessionTime - GREATEST((%b -
UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{%k}'
AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'"
  <br>
   }
  <br>
  <br>
thanks ...
  <br>
-------------------------
  <br>
Roberto Gonzalez Azevedo
  <br>
  <br>
Carlos Martínez-Troncoso Cera wrote:
  <br>
  <blockquote type="cite">ok Roberto:
    <br>
sqlcounter noresetcounter {
    <br>
               counter-name = Max-All-Session-Time
    <br>
               check-name = Max-All-Session
    <br>
               sqlmod-inst = sql
    <br>
               key = User-Name
    <br>
               reset = never
    <br>
               query = "SELECT SUM(AcctSessionTime) FROM radacct WHERE
UserName='%{%k}'"
    <br>
       }
    <br>
    <br>
sqlcounter dailycounter {
    <br>
               driver = "rlm_sqlcounter"
    <br>
               counter-name = Daily-Session-Time
    <br>
               check-name = Max-Daily-Session
    <br>
               sqlmod-inst = sql
    <br>
               key = User-Name
    <br>
               reset = daily
    <br>
               query = "SELECT SUM(AcctSessionTime - GREATEST((%b -
UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{%k}'
AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'"
    <br>
       }
    <br>
    <br>
sqlcounter monthlycounter {
    <br>
               counter-name = Monthly-Session-Time
    <br>
               check-name = Max-Monthly-Session
    <br>
               sqlmod-inst = sql
    <br>
               key = User-Name
    <br>
               reset = monthly
    <br>
               query = "SELECT SUM(AcctSessionTime - GREATEST((%b -
UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{%k}'
AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'"
    <br>
   }
    <br>
    <br>
    <br>
    <br>
Carlos Martínez-Troncoso Cera
    <br>
Coordinador de Servicios Internet/Intranet
    <br>
Universidad del Norte
    <br>
Barranquilla, Colombia
    <br>
Tel: 57 5 3509367
    <br>
    <br>
    <br>
    <br>
Roberto Gonzalez Azevedo wrote:
    <br>
    <br>
    <blockquote type="cite">Show us your sqlcounter.conf ...
      <br>
      <br>
You should define 'check-item' in sqlcounter.conf ...
      <br>
      <br>
-------------------------
      <br>
Roberto Gonzalez Azevedo
      <br>
Carlos Martínez-Troncoso Cera wrote:
      <br>
      <br>
      <blockquote type="cite">Hello.
        <br>
        <br>
I have freradius-1.0.2 with autorizathion and authentication in LDAP
and accounting in MySQL. I configured to use rlm_sqlcounter to control
time connections, testing with NTRadping work well but testing with my
Cisco NAS it doesn´t work
        <br>
        <br>
With my cisco NAS this is the message:
        <br>
        <br>
rlm_sqlcounter: Entering module authorize code
        <br>
rlm_sqlcounter: Could not find Check item value pair
        <br>
  modcall[authorize]: module "noresetcounter" returns noop for request
3
        <br>
rlm_sqlcounter: Entering module authorize code
        <br>
rlm_sqlcounter: Could not find Check item value pair
        <br>
  modcall[authorize]: module "monthlycounter" returns noop for request
3
        <br>
        <br>
        <br>
With NTRadPing the message is:
        <br>
        <br>
rlm_sqlcounter: (Check item - counter) is greater than zero
        <br>
rlm_sqlcounter: Authorized user cmartinez, check_item=108000,
counter=106750
        <br>
rlm_sqlcounter: Sent Reply-Item for user cmartinez,
Type=Session-Timeout, value=1250
        <br>
  modcall[authorize]: module "monthlycounter" returns ok for request 8
        <br>
        <br>
        <br>
My relevant conf files:
        <br>
------------------------------------
        <br>
clients.conf
        <br>
        <br>
#PC with NTRadping
        <br>
client 172.16.31.43/32 {
        <br>
       secret          = xxxxx
        <br>
       shortname       = Carlos
        <br>
       type            = other
        <br>
}
        <br>
#Cisco NAS
        <br>
client 200.106.138.14/32 {
        <br>
    secret        = xxxxxx
        <br>
    shortname    = cisco
        <br>
    type        = cisco
        <br>
}
        <br>
------------------------------------
        <br>
radiusd.conf
        <br>
        <br>
prefix = /usr
        <br>
exec_prefix = /usr
        <br>
sysconfdir = /etc
        <br>
localstatedir = /var
        <br>
sbindir = /usr/sbin
        <br>
logdir = ${localstatedir}/log/radius
        <br>
raddbdir = ${sysconfdir}/raddb
        <br>
radacctdir = ${logdir}/radacct
        <br>
confdir = ${raddbdir}
        <br>
run_dir = ${localstatedir}/run/radiusd
        <br>
log_file = ${logdir}/radius.log
        <br>
libdir = /usr/local/lib
        <br>
pidfile = ${run_dir}/radiusd.pid
        <br>
user = radiusd
        <br>
group = radiusd
        <br>
max_request_time = 30
        <br>
delete_blocked_requests = no
        <br>
cleanup_delay = 5
        <br>
max_requests = 1024
        <br>
bind_address = *
        <br>
port = 1812
        <br>
hostname_lookups = no
        <br>
allow_core_dumps = no
        <br>
regular_expressions    = yes
        <br>
extended_expressions    = yes
        <br>
log_stripped_names = yes
        <br>
log_auth = yes
        <br>
log_auth_badpass = no
        <br>
log_auth_goodpass = no
        <br>
usercollide = no
        <br>
lower_user = no
        <br>
lower_pass = no
        <br>
nospace_user = no
        <br>
nospace_pass = no
        <br>
checkrad = ${sbindir}/checkrad
        <br>
        <br>
security {
        <br>
    max_attributes = 200
        <br>
    reject_delay = 1
        <br>
    status_server = no
        <br>
}
        <br>
        <br>
proxy_requests  = no
        <br>
$INCLUDE  ${confdir}/clients.conf
        <br>
snmp    = no
        <br>
$INCLUDE  ${confdir}/snmp.conf
        <br>
        <br>
thread pool {
        <br>
    start_servers = 5
        <br>
    max_servers = 32
        <br>
    min_spare_servers = 3
        <br>
    max_spare_servers = 10
        <br>
    max_requests_per_server = 0
        <br>
}
        <br>
        <br>
modules {
        <br>
        <br>
    pap {
        <br>
        encryption_scheme = crypt
        <br>
    }
        <br>
        <br>
    chap {
        <br>
        authtype = CHAP
        <br>
    }
        <br>
        <br>
    pam {
        <br>
        pam_auth = radiusd
        <br>
    }
        <br>
        <br>
    $INCLUDE  ${confdir}/sql.conf
        <br>
    $INCLUDE  ${confdir}/sqlcounter.conf          mschap {
        <br>
        authtype = MS-CHAP
        <br>
    }
        <br>
        <br>
    ldap {
        <br>
        server = "200.xx.xx.xx"
        <br>
        port = "390"
        <br>
        identity = "cn=Directory Manager"
        <br>
        password = xxxxxxxxxx
        <br>
        basedn = "o=yy,o=yy"
        <br>
        password_attribute = "userPassword"
        <br>
        filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
        <br>
        start_tls = no
        <br>
        access_attr = "dialupAccess"
        <br>
        dictionary_mapping = ${raddbdir}/ldap.attrmap
        <br>
        ldap_connections_number = 5
        <br>
        timeout = 4
        <br>
        timelimit = 3
        <br>
        net_timeout = 1
        <br>
    }
        <br>
        <br>
    checkval {
        <br>
        item-name = Max-Monthly-Session
        <br>
        check-name = Max-Monthly-Session
        <br>
        data-type = string
        <br>
    }
        <br>
       preprocess {
        <br>
        huntgroups = ${confdir}/huntgroups
        <br>
        hints = ${confdir}/hints
        <br>
        with_ascend_hack = no
        <br>
        ascend_channels_per_line = 23
        <br>
        with_ntdomain_hack = no
        <br>
        with_specialix_jetstream_hack = no
        <br>
        with_cisco_vsa_hack = no
        <br>
    }
        <br>
        <br>
    files {
        <br>
        usersfile = ${confdir}/users
        <br>
        acctusersfile = ${confdir}/acct_users
        <br>
        compat = no
        <br>
    }
        <br>
        <br>
    detail {
        <br>
        detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d
        <br>
        detailperm = 0600
        <br>
    }
        <br>
        <br>
        detail auth_log {
        <br>
         detailfile =
${radacctdir}/%{Client-IP-Address}/auth-detail-%Y%m%d
        <br>
         detailperm = 0600
        <br>
     }
        <br>
        <br>
    detailfile = ${radacctdir}/%{Client-IP-Address}/reply-detail-%Y%m%d
        <br>
      detailperm = 0600
        <br>
        <br>
    acct_unique {
        <br>
        key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port"
        <br>
    }
        <br>
        <br>
    radutmp {
        <br>
        filename = ${logdir}/radutmp
        <br>
        username = %{User-Name}
        <br>
        case_sensitive = yes
        <br>
        check_with_nas = yes               perm = 0600
        <br>
        callerid = "yes"
        <br>
    }
        <br>
        <br>
    radutmp sradutmp {
        <br>
        filename = ${logdir}/sradutmp
        <br>
        perm = 0644
        <br>
        callerid = "no"
        <br>
    }
        <br>
        <br>
    attr_filter {
        <br>
        attrsfile = ${confdir}/attrs
        <br>
    }
        <br>
        <br>
    always fail {
        <br>
        rcode = fail
        <br>
    }
        <br>
    always reject {
        <br>
        rcode = reject
        <br>
    }
        <br>
    always ok {
        <br>
        rcode = ok
        <br>
        simulcount = 0
        <br>
        mpp = no
        <br>
    }
        <br>
        <br>
    expr {
        <br>
    }
        <br>
        <br>
    digest {
        <br>
    }
        <br>
        <br>
    exec {
        <br>
        wait = yes
        <br>
        input_pairs = request
        <br>
    }
        <br>
        <br>
    exec echo {
        <br>
        wait = yes
        <br>
        program = "/bin/echo %{User-Name}"
        <br>
        input_pairs = request
        <br>
        output_pairs = reply
        <br>
    }
        <br>
        <br>
    ippool main_pool {
        <br>
        range-start = 192.168.1.1
        <br>
        range-stop = 192.168.3.254
        <br>
        netmask = 255.255.255.0
        <br>
        cache-size = 800
        <br>
        session-db = ${raddbdir}/db.ippool
        <br>
        ip-index = ${raddbdir}/db.ipindex
        <br>
        override = no
        <br>
        maximum-timeout = 0
        <br>
    }
        <br>
}
        <br>
        <br>
instantiate {
        <br>
    exec
        <br>
    expr
        <br>
    monthlycounter
        <br>
}
        <br>
        <br>
authorize {
        <br>
    preprocess
        <br>
    auth_log
        <br>
        chap
        <br>
    mschap
        <br>
    files
        <br>
    ldap
        <br>
    noresetcounter
        <br>
    monthlycounter
        <br>
}
        <br>
        <br>
authenticate {
        <br>
    Auth-Type PAP {
        <br>
        pap
        <br>
    }
        <br>
    Auth-Type CHAP {
        <br>
        chap
        <br>
    }
        <br>
    Auth-Type MS-CHAP {
        <br>
        mschap
        <br>
    }
        <br>
    Auth-Type LDAP {
        <br>
        ldap
        <br>
    }
        <br>
}
        <br>
        <br>
preacct {
        <br>
    preprocess
        <br>
    acct_unique
        <br>
}
        <br>
        <br>
accounting {
        <br>
    detail
        <br>
    radutmp
        <br>
    sradutmp
        <br>
    sql
        <br>
}
        <br>
        <br>
session {
        <br>
    radutmp
        <br>
    sql
        <br>
}
        <br>
        <br>
post-auth {
        <br>
}
        <br>
        <br>
pre-proxy {
        <br>
}
        <br>
        <br>
post-proxy {
        <br>
}
        <br>
        <br>
-------------------------------------
        <br>
users
        <br>
        <br>
DEFAULT Auth-Type = ldap
        <br>
    Fall-Through = 1
        <br>
        <br>
DEFAULT Simultaneous-Use := 1
        <br>
    Fall-Through = 1
        <br>
        <br>
DEFAULT Framed-Protocol == PPP
        <br>
    Framed-Protocol = PPP,
        <br>
    Framed-Compression = Van-Jacobson-TCP-IP
        <br>
        <br>
testuser Max-Monthly-Session := 108000, Auth-Type := ldap
        <br>
    Service-Type = Framed-User,
        <br>
    Framed-Protocol = PPP
        <br>
        <br>
        <br>
Any help will be appreciated.
        <br>
        <br>
Thanks a lot
        <br>
        <br>
-- <br>
Carlos Martínez-Troncoso Cera
        <br>
Coordinador de Servicios Internet/Intranet
        <br>
Universidad del Norte
        <br>
Barranquilla, Colombia
        <br>
        <br>
        <br>
        <br>
------------------------------------------------------------------------
        <br>
        <br>
- List info/subscribe/unsubscribe? See
<a class="moz-txt-link-freetext" href="http://www.freeradius.org/list/users.html">http://www.freeradius.org/list/users.html</a>
        <br>
      </blockquote>
      <br>
      <br>
      <br>
      <br>
- List info/subscribe/unsubscribe? See
<a class="moz-txt-link-freetext" href="http://www.freeradius.org/list/users.html">http://www.freeradius.org/list/users.html</a>
      <br>
      <br>
    </blockquote>
- List info/subscribe/unsubscribe? See
<a class="moz-txt-link-freetext" href="http://www.freeradius.org/list/users.html">http://www.freeradius.org/list/users.html</a>
    <br>
  </blockquote>
  <br>
  <br>
- List info/subscribe/unsubscribe? See
<a class="moz-txt-link-freetext" href="http://www.freeradius.org/list/users.html">http://www.freeradius.org/list/users.html</a>
  <br>
  <br>
</blockquote>
</body>
</html>