Hi, I am posting the debug of another user who has same problem: rad_recv: Access-Request packet from host 202.79.xx.XX port 65050, id=12, length=189 NAS-Identifier = "pppoe-bhw." Acct-Session-Id = "1633129-mpd-pppoe-70" NAS-Port = 70 NAS-Port-Type = Ethernet Service-Type = Framed-User Framed-Protocol = PPP Calling-Station-Id = "0016768aaa28" Called-Station-Id = "WIFITEST" NAS-Port-Id = "rl0" Vendor-12341-Attr-12 = 0x6d70642d7070706f652d3730 Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Client-Endpoint:0 = "00:16:76:8a:aa:28" User-Name = "sneha" User-Password = "123" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "sneha", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [sql] expand: %{User-Name} -> sneha [sql] sql_set_user escaped user --> 'sneha' rlm_sql (sql): Reserving sql socket id: 1 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'sneha' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'sneha' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'sneha' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'Prepaid Hours' ORDER BY id [sql] User found in group Prepaid Hours [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'Prepaid Hours' ORDER BY id rlm_sql (sql): Released sql socket id: 1 ++[sql] returns ok [ldap] performing user authorization for sneha [ldap] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details [ldap] expand: (cn=%{Stripped-User-Name:-%{User-Name}}) -> (cn=sneha) [ldap] expand: ou=users,ou=radius,dc=resunganet,dc=com,dc=np -> ou=users,ou=radius,dc=resunganet,dc=com,dc=np rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=users,ou=radius,dc=resunganet,dc=com,dc=np, with filter (cn=sneha) [ldap] checking if remote access for sneha is allowed by dialupAccess [ldap] Added User-Password = {SSHA}zG7/cgoBWWNIVo7WtLMria1ui7GJAztI in check items [ldap] looking for check items in directory... [ldap] looking for reply items in directory... [ldap] user sneha authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 ++[ldap] returns ok rlm_sqlcounter: Entering module authorize code sqlcounter_expand: 'SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='%{User-Name}'' [noresetcounter] expand: SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='%{User-Name}' -> SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='sneha' sqlcounter_expand: '%{sql:SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='sneha'}' [noresetcounter] sql_xlat [noresetcounter] expand: %{User-Name} -> sneha [noresetcounter] sql_set_user escaped user --> 'sneha' [noresetcounter] expand: SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='sneha' -> SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='sneha' rlm_sql (sql): Reserving sql socket id: 0 [noresetcounter] sql_xlat finished rlm_sql (sql): Released sql socket id: 0 [noresetcounter] expand: %{sql:SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='sneha'} -> 90001 rlm_sqlcounter: (Check item - counter) is less than zero rlm_sqlcounter: Rejected user sneha, check_item=90000, counter=90001 ++[noresetcounter] returns reject Invalid user (rlm_sqlcounter: Maximum never usage time reached): [sneha] (from client pppoe-bhw port 70 cli 0016768aaa28) Using Post-Auth-Type Reject +- entering group REJECT {...} =================== check_item shows 90000 whereas I have updated the radcheck Max-All-Session Value by 180000 but still Reject with Maximum never usage time reached? radcheck table output of user sneha: 2901 | sneha | Max-All-Session | := | 180000 | Thank you Bishal
I am using Freeradius 2.1.6 with LDAP for authentication and mysql for accounting in FreeBSD 7.2. radcheck table for user is like below. However when user tries to connect radius log shows: Maximum never usage time has reached for this user.
id | username | attribute | op | value | +------+-----------+--------------------+----+-------------- | 2002 | shrinagar | Max-All-Session | :=3D | 180000|
While calculating the total accounting time in radacct table it stil shows 90000 seconds left for user shrinagar but still the user can't connect. What's wrong with freeradius can anybody tell me what I have done wrong. If I delete all the accounting session from radacct table for that user then he can connect.
mysql> select 180000 - sum(acctsessiontime) from radacct where username=3D'shrinagar'; +-------------------------------+ | 180000 - sum(acctsessiontime) | +-------------------------------+ | 90000 | +-------------------------------+
Post the debug. Ivan Kalik Kalik Informatika ISP
participants (1)
-
Bishal Pun