rlm_sqlcounter problem

Carlos Martínez-Troncoso Cera cmartinez at uninorte.edu.co
Fri Jun 17 19:19:41 CEST 2005


ok Roberto:
sqlcounter noresetcounter {
                counter-name = Max-All-Session-Time
                check-name = Max-All-Session
                sqlmod-inst = sql
                key = User-Name
                reset = never
                query = "SELECT SUM(AcctSessionTime) FROM radacct WHERE 
UserName='%{%k}'"
        }

sqlcounter dailycounter {
                driver = "rlm_sqlcounter"
                counter-name = Daily-Session-Time
                check-name = Max-Daily-Session
                sqlmod-inst = sql
                key = User-Name
                reset = daily
                query = "SELECT SUM(AcctSessionTime - GREATEST((%b - 
UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{%k}' 
AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'"
        }

sqlcounter monthlycounter {
                counter-name = Monthly-Session-Time
                check-name = Max-Monthly-Session
                sqlmod-inst = sql
                key = User-Name
                reset = monthly
                query = "SELECT SUM(AcctSessionTime - GREATEST((%b - 
UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{%k}' 
AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'"
    }



Carlos Martínez-Troncoso Cera
Coordinador de Servicios Internet/Intranet
Universidad del Norte
Barranquilla, Colombia
Tel: 57 5 3509367



Roberto Gonzalez Azevedo wrote:

> Show us your sqlcounter.conf ...
>
> You should define 'check-item' in sqlcounter.conf ...
>
> -------------------------
> Roberto Gonzalez Azevedo
> Carlos Martínez-Troncoso Cera wrote:
>
>> Hello.
>>
>> I have freradius-1.0.2 with autorizathion and authentication in LDAP 
>> and accounting in MySQL. I configured to use rlm_sqlcounter to 
>> control time connections, testing with NTRadping work well but 
>> testing with my Cisco NAS it doesn´t work
>>
>> With my cisco NAS this is the message:
>>
>> rlm_sqlcounter: Entering module authorize code
>> rlm_sqlcounter: Could not find Check item value pair
>>   modcall[authorize]: module "noresetcounter" returns noop for request 3
>> rlm_sqlcounter: Entering module authorize code
>> rlm_sqlcounter: Could not find Check item value pair
>>   modcall[authorize]: module "monthlycounter" returns noop for request 3
>>
>>
>> With NTRadPing the message is:
>>
>> rlm_sqlcounter: (Check item - counter) is greater than zero
>> rlm_sqlcounter: Authorized user cmartinez, check_item=108000, 
>> counter=106750
>> rlm_sqlcounter: Sent Reply-Item for user cmartinez, 
>> Type=Session-Timeout, value=1250
>>   modcall[authorize]: module "monthlycounter" returns ok for request 8
>>
>>
>> My relevant conf files:
>> ------------------------------------
>> clients.conf
>>
>> #PC with NTRadping
>> client 172.16.31.43/32 {
>>        secret          = xxxxx
>>        shortname       = Carlos
>>        type            = other
>> }
>> #Cisco NAS
>> client 200.106.138.14/32 {
>>     secret        = xxxxxx
>>     shortname    = cisco
>>     type        = cisco
>> }
>> ------------------------------------
>> radiusd.conf
>>
>> prefix = /usr
>> exec_prefix = /usr
>> sysconfdir = /etc
>> localstatedir = /var
>> sbindir = /usr/sbin
>> logdir = ${localstatedir}/log/radius
>> raddbdir = ${sysconfdir}/raddb
>> radacctdir = ${logdir}/radacct
>> confdir = ${raddbdir}
>> run_dir = ${localstatedir}/run/radiusd
>> log_file = ${logdir}/radius.log
>> libdir = /usr/local/lib
>> pidfile = ${run_dir}/radiusd.pid
>> user = radiusd
>> group = radiusd
>> max_request_time = 30
>> delete_blocked_requests = no
>> cleanup_delay = 5
>> max_requests = 1024
>> bind_address = *
>> port = 1812
>> hostname_lookups = no
>> allow_core_dumps = no
>> regular_expressions    = yes
>> extended_expressions    = yes
>> log_stripped_names = yes
>> log_auth = yes
>> log_auth_badpass = no
>> log_auth_goodpass = no
>> usercollide = no
>> lower_user = no
>> lower_pass = no
>> nospace_user = no
>> nospace_pass = no
>> checkrad = ${sbindir}/checkrad
>>
>> security {
>>     max_attributes = 200
>>     reject_delay = 1
>>     status_server = no
>> }
>>
>> proxy_requests  = no
>> $INCLUDE  ${confdir}/clients.conf
>> snmp    = no
>> $INCLUDE  ${confdir}/snmp.conf
>>
>> thread pool {
>>     start_servers = 5
>>     max_servers = 32
>>     min_spare_servers = 3
>>     max_spare_servers = 10
>>     max_requests_per_server = 0
>> }
>>
>> modules {
>>
>>     pap {
>>         encryption_scheme = crypt
>>     }
>>
>>     chap {
>>         authtype = CHAP
>>     }
>>
>>     pam {
>>         pam_auth = radiusd
>>     }
>>
>>     $INCLUDE  ${confdir}/sql.conf
>>     $INCLUDE  ${confdir}/sqlcounter.conf      
>>     mschap {
>>         authtype = MS-CHAP
>>     }
>>
>>     ldap {
>>         server = "200.xx.xx.xx"
>>         port = "390"
>>         identity = "cn=Directory Manager"
>>         password = xxxxxxxxxx
>>         basedn = "o=yy,o=yy"
>>         password_attribute = "userPassword"
>>         filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
>>         start_tls = no
>>         access_attr = "dialupAccess"
>>         dictionary_mapping = ${raddbdir}/ldap.attrmap
>>         ldap_connections_number = 5
>>         timeout = 4
>>         timelimit = 3
>>         net_timeout = 1
>>     }
>>
>>     checkval {
>>         item-name = Max-Monthly-Session
>>         check-name = Max-Monthly-Session
>>         data-type = string
>>     }
>>        preprocess {
>>         huntgroups = ${confdir}/huntgroups
>>         hints = ${confdir}/hints
>>         with_ascend_hack = no
>>         ascend_channels_per_line = 23
>>         with_ntdomain_hack = no
>>         with_specialix_jetstream_hack = no
>>         with_cisco_vsa_hack = no
>>     }
>>
>>     files {
>>         usersfile = ${confdir}/users
>>         acctusersfile = ${confdir}/acct_users
>>         compat = no
>>     }
>>
>>     detail {
>>         detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d
>>         detailperm = 0600
>>     }
>>
>>         detail auth_log {
>>          detailfile = 
>> ${radacctdir}/%{Client-IP-Address}/auth-detail-%Y%m%d
>>          detailperm = 0600
>>      }
>>
>>     detailfile = ${radacctdir}/%{Client-IP-Address}/reply-detail-%Y%m%d
>>       detailperm = 0600
>>
>>     acct_unique {
>>         key = "User-Name, Acct-Session-Id, NAS-IP-Address, 
>> Client-IP-Address, NAS-Port"
>>     }
>>
>>     radutmp {
>>         filename = ${logdir}/radutmp
>>         username = %{User-Name}
>>         case_sensitive = yes
>>         check_with_nas = yes               perm = 0600
>>         callerid = "yes"
>>     }
>>
>>     radutmp sradutmp {
>>         filename = ${logdir}/sradutmp
>>         perm = 0644
>>         callerid = "no"
>>     }
>>
>>     attr_filter {
>>         attrsfile = ${confdir}/attrs
>>     }
>>
>>     always fail {
>>         rcode = fail
>>     }
>>     always reject {
>>         rcode = reject
>>     }
>>     always ok {
>>         rcode = ok
>>         simulcount = 0
>>         mpp = no
>>     }
>>
>>     expr {
>>     }
>>
>>     digest {
>>     }
>>
>>     exec {
>>         wait = yes
>>         input_pairs = request
>>     }
>>
>>     exec echo {
>>         wait = yes
>>         program = "/bin/echo %{User-Name}"
>>         input_pairs = request
>>         output_pairs = reply
>>     }
>>
>>     ippool main_pool {
>>         range-start = 192.168.1.1
>>         range-stop = 192.168.3.254
>>         netmask = 255.255.255.0
>>         cache-size = 800
>>         session-db = ${raddbdir}/db.ippool
>>         ip-index = ${raddbdir}/db.ipindex
>>         override = no
>>         maximum-timeout = 0
>>     }
>> }
>>
>> instantiate {
>>     exec
>>     expr
>>     monthlycounter
>> }
>>
>> authorize {
>>     preprocess
>>     auth_log
>>         chap
>>     mschap
>>     files
>>     ldap
>>     noresetcounter
>>     monthlycounter
>> }
>>
>> authenticate {
>>     Auth-Type PAP {
>>         pap
>>     }
>>     Auth-Type CHAP {
>>         chap
>>     }
>>     Auth-Type MS-CHAP {
>>         mschap
>>     }
>>     Auth-Type LDAP {
>>         ldap
>>     }
>> }
>>
>> preacct {
>>     preprocess
>>     acct_unique
>> }
>>
>> accounting {
>>     detail
>>     radutmp
>>     sradutmp
>>     sql
>> }
>>
>> session {
>>     radutmp
>>     sql
>> }
>>
>> post-auth {
>> }
>>
>> pre-proxy {
>> }
>>
>> post-proxy {
>> }
>>
>> -------------------------------------
>> users
>>
>> DEFAULT Auth-Type = ldap
>>     Fall-Through = 1
>>
>> DEFAULT Simultaneous-Use := 1
>>     Fall-Through = 1
>>
>> DEFAULT Framed-Protocol == PPP
>>     Framed-Protocol = PPP,
>>     Framed-Compression = Van-Jacobson-TCP-IP
>>
>> testuser Max-Monthly-Session := 108000, Auth-Type := ldap
>>     Service-Type = Framed-User,
>>     Framed-Protocol = PPP
>>
>>
>> Any help will be appreciated.
>>
>> Thanks a lot
>>
>> -- 
>> Carlos Martínez-Troncoso Cera
>> Coordinador de Servicios Internet/Intranet
>> Universidad del Norte
>> Barranquilla, Colombia
>>
>>
>>
>> ------------------------------------------------------------------------
>>
>> - List info/subscribe/unsubscribe? See 
>> http://www.freeradius.org/list/users.html
>
>
>
> - List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html
>



More information about the Freeradius-Users mailing list