Hello!

I'm trying to use dailycounter on a LDAP authenticated user and it doesn't seem to work. I think I did all steps correctly, but then again, i have been wrong before:)

In radcheck table I added:
testuser Max-Daily-Session := 600

I enabled dailycounter in counters.conf:
sqlcounter dailycounter {
        counter-name = Daily-Session-Time
        check-name = Max-Daily-Session
        reply-name = Session-Timeout
        sqlmod-inst = sql
        key = User-Name
        reset = daily
        query = "SELECT SUM(`Acct-Session-Time` - \
                 GREATEST((%b - UNIX_TIMESTAMP(`Acct-Start-Time`)), 0)) \
                 FROM accounting WHERE `User-Name` = '%{${key}}' AND \
                 UNIX_TIMESTAMP(`Acct-Start-Time`) + `Acct-Session-Time` > '%b'"
}

In sites-available/default I have the following:
authorize {
        if (User-Password) {
                update control {
                        Auth-Type := ldap
                        Ldap-UserDN := "eduPersonPrincipalName=%{User-Name},dc=example,dc=com"

                }
        }
        sql
        dailycounter
}
authenticate {
        Auth-Type LDAP {
                ldap
        }
}

Debug output:
rad_recv: Access-Request packet from host 10.10.10.10 port 33651, id=75, length=202
        NAS-Port-Type = Wireless-802.11
        Calling-Station-Id = "00:24:D7:47:1C:XX"
        Called-Station-Id = "hs-kit-testing"
        NAS-Port-Id = "bridge-bralci"
        User-Name = "testuser"
        NAS-Port = 2151677975
        Acct-Session-Id = "80400017"
        Framed-IP-Address = 192.168.81.198
        Mikrotik-Host-IP = 192.168.81.198
        User-Password = "password"
        Service-Type = Login-User
        WISPr-Logoff-URL = "http://192.168.81.1"
        NAS-Identifier = "kit-testing"
        NAS-IP-Address = 192.168.1.116
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++? if (User-Password)
? Evaluating (User-Password) -> TRUE
++? if (User-Password) -> TRUE
++- entering if (User-Password) {...}
        expand: eduPersonPrincipalName=%{User-Name},dc=example,dc=comsi -> eduPersonPrincipalName=testuser,dc=example,dc=com
+++[control] returns notfound
++- if (User-Password) returns notfound
[sql]   expand: %{User-Name} -> testuser
[sql] sql_set_user escaped user --> 'testuser'
rlm_sql (sql): Reserving sql socket id: 2
[sql]   expand: SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = 'testuser'           ORDER BY id
rlm_sql_mysql: query:  SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = 'testuser'           ORDER BY id
[sql]   expand: SELECT groupname           FROM radusergroup           WHERE username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT groupname           FROM radusergroup           WHERE username = 'testuser'           ORDER BY priority
rlm_sql_mysql: query:  SELECT groupname           FROM radusergroup           WHERE username = 'testuser'           ORDER BY priority
rlm_sql (sql): Released sql socket id: 2
[sql] User testuser not found
++[sql] returns notfound
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
++[dailycounter] returns noop
Found Auth-Type = LDAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group LDAP {...}
[ldap] login attempt by "testuser" with password "password"
[ldap] user DN: eduPersonPrincipalName=testuser,dc=example,dc=com
  [ldap] (re)connect to ldaps.example.com:636, authentication 1
  [ldap] setting TLS mode to 1
  [ldap] bind as eduPersonPrincipalName=testuser,dc=example,dc=com/password to ldaps.example.com:636
  [ldap] waiting for bind result ...
  [ldap] Bind was successful
[ldap] user testuser authenticated succesfully
++[ldap] returns ok
# Executing section post-auth from file /etc/raddb/sites-enabled/default
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 75 to 10.10.10.10 port 33651

Why doesn't radius find Check item value pair? It does exists in radcheck table...
Does it only work for local mysql users?

Matej
-- 
---
Matej Zerovnik