rlm_sqlcounter problem

Roberto Gonzalez Azevedo rgonzalez at censanet.com.br
Fri Jun 17 19:04:16 CEST 2005


Show us your sqlcounter.conf ...

You should define 'check-item' in sqlcounter.conf ...

-------------------------
Roberto Gonzalez Azevedo
Carlos Martínez-Troncoso Cera wrote:
> Hello.
> 
> I have freradius-1.0.2 with autorizathion and authentication in LDAP and 
> accounting in MySQL. I configured to use rlm_sqlcounter to control time 
> connections, testing with NTRadping work well but testing with my Cisco NAS it 
> doesn´t work
> 
> With my cisco NAS this is the message:
> 
> rlm_sqlcounter: Entering module authorize code
> rlm_sqlcounter: Could not find Check item value pair
>   modcall[authorize]: module "noresetcounter" returns noop for request 3
> rlm_sqlcounter: Entering module authorize code
> rlm_sqlcounter: Could not find Check item value pair
>   modcall[authorize]: module "monthlycounter" returns noop for request 3
> 
> 
> With NTRadPing the message is:
> 
> rlm_sqlcounter: (Check item - counter) is greater than zero
> rlm_sqlcounter: Authorized user cmartinez, check_item=108000, counter=106750
> rlm_sqlcounter: Sent Reply-Item for user cmartinez, Type=Session-Timeout, value=1250
>   modcall[authorize]: module "monthlycounter" returns ok for request 8
> 
> 
> My relevant conf files:
> ------------------------------------
> clients.conf
> 
> #PC with NTRadping
> client 172.16.31.43/32 {
>        secret          = xxxxx
>        shortname       = Carlos
>        type            = other
> }
> #Cisco NAS
> client 200.106.138.14/32 {
>     secret        = xxxxxx
>     shortname    = cisco
>     type        = cisco
> }
> ------------------------------------
> radiusd.conf
> 
> prefix = /usr
> exec_prefix = /usr
> sysconfdir = /etc
> localstatedir = /var
> sbindir = /usr/sbin
> logdir = ${localstatedir}/log/radius
> raddbdir = ${sysconfdir}/raddb
> radacctdir = ${logdir}/radacct
> confdir = ${raddbdir}
> run_dir = ${localstatedir}/run/radiusd
> log_file = ${logdir}/radius.log
> libdir = /usr/local/lib
> pidfile = ${run_dir}/radiusd.pid
> user = radiusd
> group = radiusd
> max_request_time = 30
> delete_blocked_requests = no
> cleanup_delay = 5
> max_requests = 1024
> bind_address = *
> port = 1812
> hostname_lookups = no
> allow_core_dumps = no
> regular_expressions    = yes
> extended_expressions    = yes
> log_stripped_names = yes
> log_auth = yes
> log_auth_badpass = no
> log_auth_goodpass = no
> usercollide = no
> lower_user = no
> lower_pass = no
> nospace_user = no
> nospace_pass = no
> checkrad = ${sbindir}/checkrad
> 
> security {
>     max_attributes = 200
>     reject_delay = 1
>     status_server = no
> }
> 
> proxy_requests  = no
> $INCLUDE  ${confdir}/clients.conf
> snmp    = no
> $INCLUDE  ${confdir}/snmp.conf
> 
> thread pool {
>     start_servers = 5
>     max_servers = 32
>     min_spare_servers = 3
>     max_spare_servers = 10
>     max_requests_per_server = 0
> }
> 
> modules {
> 
>     pap {
>         encryption_scheme = crypt
>     }
> 
>     chap {
>         authtype = CHAP
>     }
> 
>     pam {
>         pam_auth = radiusd
>     }
> 
>     $INCLUDE  ${confdir}/sql.conf
>     $INCLUDE  ${confdir}/sqlcounter.conf       
> 
>     mschap {
>         authtype = MS-CHAP
>     }
> 
>     ldap {
>         server = "200.xx.xx.xx"
>         port = "390"
>         identity = "cn=Directory Manager"
>         password = xxxxxxxxxx
>         basedn = "o=yy,o=yy"
>         password_attribute = "userPassword"
>         filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
>         start_tls = no
>         access_attr = "dialupAccess"
>         dictionary_mapping = ${raddbdir}/ldap.attrmap
>         ldap_connections_number = 5
>         timeout = 4
>         timelimit = 3
>         net_timeout = 1
>     }
> 
>     checkval {
>         item-name = Max-Monthly-Session
>         check-name = Max-Monthly-Session
>         data-type = string
>     }
>    
>     preprocess {
>         huntgroups = ${confdir}/huntgroups
>         hints = ${confdir}/hints
>         with_ascend_hack = no
>         ascend_channels_per_line = 23
>         with_ntdomain_hack = no
>         with_specialix_jetstream_hack = no
>         with_cisco_vsa_hack = no
>     }
> 
>     files {
>         usersfile = ${confdir}/users
>         acctusersfile = ${confdir}/acct_users
>         compat = no
>     }
> 
>     detail {
>         detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d
>         detailperm = 0600
>     }
> 
>         detail auth_log {
>          detailfile = ${radacctdir}/%{Client-IP-Address}/auth-detail-%Y%m%d
>          detailperm = 0600
>      }
> 
>     detailfile = ${radacctdir}/%{Client-IP-Address}/reply-detail-%Y%m%d
>       detailperm = 0600
> 
>     acct_unique {
>         key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, 
> NAS-Port"
>     }
> 
>     radutmp {
>         filename = ${logdir}/radutmp
>         username = %{User-Name}
>         case_sensitive = yes
>         check_with_nas = yes       
>         perm = 0600
>         callerid = "yes"
>     }
> 
>     radutmp sradutmp {
>         filename = ${logdir}/sradutmp
>         perm = 0644
>         callerid = "no"
>     }
> 
>     attr_filter {
>         attrsfile = ${confdir}/attrs
>     }
> 
>     always fail {
>         rcode = fail
>     }
>     always reject {
>         rcode = reject
>     }
>     always ok {
>         rcode = ok
>         simulcount = 0
>         mpp = no
>     }
> 
>     expr {
>     }
> 
>     digest {
>     }
> 
>     exec {
>         wait = yes
>         input_pairs = request
>     }
> 
>     exec echo {
>         wait = yes
>         program = "/bin/echo %{User-Name}"
>         input_pairs = request
>         output_pairs = reply
>     }
> 
>     ippool main_pool {
>         range-start = 192.168.1.1
>         range-stop = 192.168.3.254
>         netmask = 255.255.255.0
>         cache-size = 800
>         session-db = ${raddbdir}/db.ippool
>         ip-index = ${raddbdir}/db.ipindex
>         override = no
>         maximum-timeout = 0
>     }
> }
> 
> instantiate {
>     exec
>     expr
>     monthlycounter
> }
> 
> authorize {
>     preprocess
>     auth_log
>         chap
>     mschap
>     files
>     ldap
>     noresetcounter
>     monthlycounter
> }
> 
> authenticate {
>     Auth-Type PAP {
>         pap
>     }
>     Auth-Type CHAP {
>         chap
>     }
>     Auth-Type MS-CHAP {
>         mschap
>     }
>     Auth-Type LDAP {
>         ldap
>     }
> }
> 
> preacct {
>     preprocess
>     acct_unique
> }
> 
> accounting {
>     detail
>     radutmp
>     sradutmp
>     sql
> }
> 
> session {
>     radutmp
>     sql
> }
> 
> post-auth {
> }
> 
> pre-proxy {
> }
> 
> post-proxy {
> }
> 
> -------------------------------------
> users
> 
> DEFAULT Auth-Type = ldap
>     Fall-Through = 1
> 
> DEFAULT Simultaneous-Use := 1
>     Fall-Through = 1
> 
> DEFAULT Framed-Protocol == PPP
>     Framed-Protocol = PPP,
>     Framed-Compression = Van-Jacobson-TCP-IP
> 
> testuser Max-Monthly-Session := 108000, Auth-Type := ldap
>     Service-Type = Framed-User,
>     Framed-Protocol = PPP
> 
> 
> Any help will be appreciated.
> 
> Thanks a lot
> 
> -- 
> Carlos Martínez-Troncoso Cera
> Coordinador de Servicios Internet/Intranet
> Universidad del Norte
> Barranquilla, Colombia
> 
> 
> 
> ------------------------------------------------------------------------
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html





More information about the Freeradius-Users mailing list