<div dir="ltr">After recent fixes, i have a problem with FR3 and rlm_counter.<div>My configuration in mods-enabled/counter:</div><div><br></div><div><div>counter daily {</div><div> filename = ${db_dir}/db.daily</div>
<div> key = User-Name</div><div> count_attribute = Acct-Session-Time</div><div> reset = daily</div><div> counter_name = Daily-Session-Time</div><div> check_name = Max-Daily-Session</div>
<div> reply_name = Session-Timeout</div><div> #allowed_service_type = Framed-User</div><div> cache_size = 5000</div></div><div>}</div><div><br></div><div>my sites-enabled/default configuration is as i found after a compile. Before "expiration" i just added "daily".</div>
<div><br></div><div>Radclient command that i'm using for tests:</div><div><br></div><div>echo "User-Name = marco,User-Password = XXXXXXXX" | /usr/local/bin/radclient localhost:1812 auth testing123<br></div>
<div><div><br></div><div>If i comment "daily" in the authorize section i have:</div><div><br></div><div><div>Received reply ID 141, code 2, length = 32</div><div><span style="white-space:pre-wrap"> </span>Idle-Timeout = 600</div>
<div><span style="white-space:pre-wrap"> </span>Session-Timeout = 120</div></div><div><br></div><div><br></div><div>if I uncomment "daily" i have:</div><div><br></div><div>Received reply ID 124, code 2, length = 38</div>
<div><span style="white-space:pre-wrap"> </span>Idle-Timeout = 600</div><div><span style="white-space:pre-wrap"> </span>Session-Timeout = 120</div><div><span style="white-space:pre-wrap"> </span>Session-Timeout = 120</div>
</div><div><br></div><div><br></div><div>So "Session-Timeout" is duplicated. What happens?</div><div>"marco" user belongs to a group named "Users" that have a radgroupreply "Session-Timeout" = 120</div>
<div><br></div><div>This is a complete log when "daily" is commented:</div><div><br></div><div><div>rad_recv: Access-Request packet from host 127.0.0.1 port 43737, id=141, length=51</div><div><span style="white-space:pre-wrap"> </span>User-Name = 'marco@prova'</div>
<div><span style="white-space:pre-wrap"> </span>User-Password = 'XXXXXXXX'</div><div>(1) # Executing section authorize from file /etc/freeradius//sites-enabled/default</div><div>(1) authorize {</div><div>(1) filter_username filter_username {</div>
<div>(1) ? if (!User-Name) </div><div>(1) ? if (!User-Name) -> FALSE</div><div>(1) ? if (User-Name != "%{tolower:%{User-Name}}") </div><div>(1) <span style="white-space:pre-wrap"> </span>expand: "%{tolower:%{User-Name}}" -> 'marco@prova'</div>
<div>(1) ? if (User-Name != "%{tolower:%{User-Name}}") -> FALSE</div><div>(1) ? if (User-Name =~ / /) </div><div>(1) ? if (User-Name =~ / /) -> FALSE</div><div>(1) ? if (User-Name =~ /@.*@/ ) </div>
<div>(1) ? if (User-Name =~ /@.*@/ ) -> FALSE</div><div>(1) ? if (User-Name =~ /\\.\\./ ) </div><div>(1) ? if (User-Name =~ /\\.\\./ ) -> FALSE</div><div>(1) ? if (User-Name =~ /\\.$/) </div><div>(1) ? if (User-Name =~ /\\.$/) -> FALSE</div>
<div>(1) ? if (User-Name =~ /@\\./) </div><div>(1) ? if (User-Name =~ /@\\./) -> FALSE</div><div>(1) } # filter_username filter_username = notfound</div><div>(1) [preprocess] = ok</div><div>(1) [chap] = noop</div>
<div>(1) [mschap] = noop</div><div>(1) [digest] = noop</div><div>(1) suffix : Looking up realm "prova" for User-Name = "marco@prova"</div><div>(1) suffix : Found realm "prova"</div><div>
(1) suffix : Adding Stripped-User-Name = "marco"</div>
<div>(1) suffix : Adding Realm = "prova"</div><div>(1) suffix : Authentication realm is LOCAL</div><div>(1) [suffix] = ok</div><div>(1) eap : No EAP-Message, not doing EAP</div><div>(1) [eap] = noop</div><div>
(1) [files] = noop</div><div>(1) sql : <span style="white-space:pre-wrap"> </span>expand: "%{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}}" -> 'marco'</div><div>(1) sql : SQL-User-Name set to 'marco'</div>
<div>rlm_sql (sql): Reserved connection (4)</div><div>(1) sql : <span style="white-space:pre-wrap"> </span>expand: "SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id" -> 'SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'marco' ORDER BY id'</div>
<div>rlm_sql (sql): Executing query: 'SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'marco' ORDER BY id'</div><div>(1) sql : User found in radcheck table</div><div>(1) sql : Check items matched</div>
<div>(1) sql : <span style="white-space:pre-wrap"> </span>expand: "SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id" -> 'SELECT id, username, attribute, value, op FROM radreply WHERE username = 'marco' ORDER BY id'</div>
<div>rlm_sql (sql): Executing query: 'SELECT id, username, attribute, value, op FROM radreply WHERE username = 'marco' ORDER BY id'</div><div>(1) sql : <span style="white-space:pre-wrap"> </span>expand: "SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority" -> 'SELECT groupname FROM radusergroup WHERE username = 'marco' ORDER BY priority'</div>
<div>rlm_sql (sql): Executing query: 'SELECT groupname FROM radusergroup WHERE username = 'marco' ORDER BY priority'</div><div>(1) sql : User found in the group table</div><div>(1) sql : <span style="white-space:pre-wrap"> </span>expand: "SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id" -> 'SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'Users' ORDER BY id'</div>
<div>rlm_sql (sql): Executing query: 'SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'Users' ORDER BY id'</div><div>(1) sql : Group "Users" check items matched</div>
<div>(1) sql : <span style="white-space:pre-wrap"> </span>expand: "SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id" -> 'SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'Users' ORDER BY id'</div>
<div>rlm_sql (sql): Executing query: 'SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'Users' ORDER BY id'</div><div>(1) sql : Group "Users" reply items processed</div>
<div>rlm_sql (sql): Released connection (4)</div><div>rlm_sql (sql): Closing connection (0): Too many free connections (5 > 3)</div><div>rlm_sql_mysql: Socket destructor called, closing socket</div><div>(1) [sql] = ok</div>
<div>(1) [expiration] = noop</div><div>(1) [logintime] = noop</div><div>(1) [pap] = updated</div><div>(1) } # authorize = updated</div><div>(1) Found Auth-Type = PAP</div><div>(1) # Executing group from file /etc/freeradius//sites-enabled/default</div>
<div>(1) Auth-Type PAP {</div><div>(1) pap : Login attempt with password</div><div>(1) pap : User authenticated successfully</div><div>(1) [pap] = ok</div><div>(1) } # Auth-Type PAP = ok</div><div>(1) # Executing section post-auth from file /etc/freeradius//sites-enabled/default</div>
<div>(1) post-auth {</div><div>(1) [-sql] = noop</div><div>(1) [exec] = noop</div><div>(1) remove_reply_message_if_eap remove_reply_message_if_eap {</div><div>(1) ? if (reply:EAP-Message && reply:Reply-Message) </div>
<div>(1) ? if (reply:EAP-Message && reply:Reply-Message) -> FALSE</div><div>(1) else else {</div><div>(1) [noop] = noop</div><div>(1) } # else else = noop</div><div>(1) } # remove_reply_message_if_eap remove_reply_message_if_eap = noop</div>
<div>(1) } # post-auth = noop</div><div>Sending Access-Accept of id 141 from 127.0.0.1 port 1812 to 127.0.0.1 port 43737</div><div><span style="white-space:pre-wrap"> </span>Idle-Timeout = 600</div><div><span style="white-space:pre-wrap"> </span>Session-Timeout = 120</div>
<div>(1) Finished request 1.</div><div>Waking up in 0.3 seconds.</div><div>Waking up in 4.6 seconds.</div><div>(1) Cleaning up request packet ID 141 with timestamp +58</div></div><div><br></div><div><br></div><div><br></div>
<div>Instead, this is a complete log when "daily" is enabled:</div><div><br></div><div><div>rad_recv: Access-Request packet from host 127.0.0.1 port 34562, id=124, length=45</div><div><span class="" style="white-space:pre"> </span>User-Name = 'marco'</div>
<div><span class="" style="white-space:pre"> </span>User-Password = 'mc68hc908'</div><div>(1) # Executing section authorize from file /etc/freeradius//sites-enabled/default</div><div>(1) authorize {</div><div>(1) filter_username filter_username {</div>
<div>(1) ? if (!User-Name) </div><div>(1) ? if (!User-Name) -> FALSE</div><div>(1) ? if (User-Name != "%{tolower:%{User-Name}}") </div><div>(1) <span class="" style="white-space:pre"> </span>expand: "%{tolower:%{User-Name}}" -> 'marco'</div>
<div>(1) ? if (User-Name != "%{tolower:%{User-Name}}") -> FALSE</div><div>(1) ? if (User-Name =~ / /) </div><div>(1) ? if (User-Name =~ / /) -> FALSE</div><div>(1) ? if (User-Name =~ /@.*@/ ) </div>
<div>(1) ? if (User-Name =~ /@.*@/ ) -> FALSE</div><div>(1) ? if (User-Name =~ /\\.\\./ ) </div><div>(1) ? if (User-Name =~ /\\.\\./ ) -> FALSE</div><div>(1) ? if (User-Name =~ /\\.$/) </div><div>(1) ? if (User-Name =~ /\\.$/) -> FALSE</div>
<div>(1) ? if (User-Name =~ /@\\./) </div><div>(1) ? if (User-Name =~ /@\\./) -> FALSE</div><div>(1) } # filter_username filter_username = notfound</div><div>(1) [preprocess] = ok</div><div>(1) [chap] = noop</div>
<div>(1) [mschap] = noop</div><div>(1) [digest] = noop</div><div>(1) suffix : No '@' in User-Name = "marco", looking up realm NULL</div><div>(1) suffix : No such realm "NULL"</div><div>(1) [suffix] = noop</div>
<div>(1) eap : No EAP-Message, not doing EAP</div><div>(1) [eap] = noop</div><div>(1) [files] = noop</div><div>(1) sql : <span class="" style="white-space:pre"> </span>expand: "%{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}}" -> 'marco'</div>
<div>(1) sql : SQL-User-Name set to 'marco'</div><div>rlm_sql (sql): Reserved connection (4)</div><div>(1) sql : <span class="" style="white-space:pre"> </span>expand: "SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id" -> 'SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'marco' ORDER BY id'</div>
<div>rlm_sql (sql): Executing query: 'SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'marco' ORDER BY id'</div><div>(1) sql : User found in radcheck table</div><div>(1) sql : Check items matched</div>
<div>(1) sql : <span class="" style="white-space:pre"> </span>expand: "SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id" -> 'SELECT id, username, attribute, value, op FROM radreply WHERE username = 'marco' ORDER BY id'</div>
<div>rlm_sql (sql): Executing query: 'SELECT id, username, attribute, value, op FROM radreply WHERE username = 'marco' ORDER BY id'</div><div>(1) sql : <span class="" style="white-space:pre"> </span>expand: "SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority" -> 'SELECT groupname FROM radusergroup WHERE username = 'marco' ORDER BY priority'</div>
<div>rlm_sql (sql): Executing query: 'SELECT groupname FROM radusergroup WHERE username = 'marco' ORDER BY priority'</div><div>(1) sql : User found in the group table</div><div>(1) sql : <span class="" style="white-space:pre"> </span>expand: "SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id" -> 'SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'Users' ORDER BY id'</div>
<div>rlm_sql (sql): Executing query: 'SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'Users' ORDER BY id'</div><div>(1) sql : Group "Users" check items matched</div>
<div>(1) sql : <span class="" style="white-space:pre"> </span>expand: "SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id" -> 'SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'Users' ORDER BY id'</div>
<div>rlm_sql (sql): Executing query: 'SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'Users' ORDER BY id'</div><div>(1) sql : Group "Users" reply items processed</div>
<div>rlm_sql (sql): Released connection (4)</div><div>(1) [sql] = ok</div><div>rlm_counter: Entering module authorize code</div><div>rlm_counter: Searching the database for key 'marco'</div><div>rlm_counter: Could not find the requested key in the database</div>
<div>rlm_counter: Check item = 120, Count = 0</div><div>rlm_counter: res is greater than zero</div><div>rlm_counter: (Check item - counter) is greater than zero<br></div><div>rlm_counter: Authorized user marco, check_item=120, counter=0</div>
<div>rlm_counter: Sent Reply-Item for user marco, Type=Session-Timeout, value=120</div><div>(1) [daily] = ok</div><div>(1) [expiration] = noop</div><div>(1) [logintime] = noop</div><div>(1) [pap] = updated</div><div>
(1) } # authorize = updated</div><div>(1) Found Auth-Type = PAP</div><div>(1) # Executing group from file /etc/freeradius//sites-enabled/default</div><div>(1) Auth-Type PAP {</div><div>(1) pap : Login attempt with password</div>
<div>(1) pap : User authenticated successfully</div><div>(1) [pap] = ok</div><div>(1) } # Auth-Type PAP = ok</div><div>(1) # Executing section post-auth from file /etc/freeradius//sites-enabled/default</div><div>(1) post-auth {</div>
<div>(1) [-sql] = noop</div><div>(1) [exec] = noop</div><div>(1) remove_reply_message_if_eap remove_reply_message_if_eap {</div><div>(1) ? if (reply:EAP-Message && reply:Reply-Message) </div><div>(1) ? if (reply:EAP-Message && reply:Reply-Message) -> FALSE</div>
<div>(1) else else {</div><div>(1) [noop] = noop</div><div>(1) } # else else = noop</div><div>(1) } # remove_reply_message_if_eap remove_reply_message_if_eap = noop</div><div>(1) } # post-auth = noop</div><div>
Sending Access-Accept of id 124 from 127.0.0.1 port 1812 to 127.0.0.1 port 34562</div><div><span class="" style="white-space:pre"> </span>Idle-Timeout = 600</div><div><span class="" style="white-space:pre"> </span>Session-Timeout = 120</div>
<div><span class="" style="white-space:pre"> </span>Session-Timeout = 120</div><div>(1) Finished request 1.</div><div>Waking up in 0.3 seconds.</div><div>Waking up in 0.6 seconds.</div><div>(0) Cleaning up request packet ID 198 with timestamp +5</div>
</div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div>Thanks</div><div><br></div></div>