rlm_sqlcounter problem
Carlos Martínez-Troncoso Cera
cmartinez at uninorte.edu.co
Fri Jun 17 19:19:41 CEST 2005
ok Roberto:
sqlcounter noresetcounter {
counter-name = Max-All-Session-Time
check-name = Max-All-Session
sqlmod-inst = sql
key = User-Name
reset = never
query = "SELECT SUM(AcctSessionTime) FROM radacct WHERE
UserName='%{%k}'"
}
sqlcounter dailycounter {
driver = "rlm_sqlcounter"
counter-name = Daily-Session-Time
check-name = Max-Daily-Session
sqlmod-inst = sql
key = User-Name
reset = daily
query = "SELECT SUM(AcctSessionTime - GREATEST((%b -
UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{%k}'
AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'"
}
sqlcounter monthlycounter {
counter-name = Monthly-Session-Time
check-name = Max-Monthly-Session
sqlmod-inst = sql
key = User-Name
reset = monthly
query = "SELECT SUM(AcctSessionTime - GREATEST((%b -
UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{%k}'
AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'"
}
Carlos Martínez-Troncoso Cera
Coordinador de Servicios Internet/Intranet
Universidad del Norte
Barranquilla, Colombia
Tel: 57 5 3509367
Roberto Gonzalez Azevedo wrote:
> Show us your sqlcounter.conf ...
>
> You should define 'check-item' in sqlcounter.conf ...
>
> -------------------------
> Roberto Gonzalez Azevedo
> Carlos Martínez-Troncoso Cera wrote:
>
>> Hello.
>>
>> I have freradius-1.0.2 with autorizathion and authentication in LDAP
>> and accounting in MySQL. I configured to use rlm_sqlcounter to
>> control time connections, testing with NTRadping work well but
>> testing with my Cisco NAS it doesn´t work
>>
>> With my cisco NAS this is the message:
>>
>> rlm_sqlcounter: Entering module authorize code
>> rlm_sqlcounter: Could not find Check item value pair
>> modcall[authorize]: module "noresetcounter" returns noop for request 3
>> rlm_sqlcounter: Entering module authorize code
>> rlm_sqlcounter: Could not find Check item value pair
>> modcall[authorize]: module "monthlycounter" returns noop for request 3
>>
>>
>> With NTRadPing the message is:
>>
>> rlm_sqlcounter: (Check item - counter) is greater than zero
>> rlm_sqlcounter: Authorized user cmartinez, check_item=108000,
>> counter=106750
>> rlm_sqlcounter: Sent Reply-Item for user cmartinez,
>> Type=Session-Timeout, value=1250
>> modcall[authorize]: module "monthlycounter" returns ok for request 8
>>
>>
>> My relevant conf files:
>> ------------------------------------
>> clients.conf
>>
>> #PC with NTRadping
>> client 172.16.31.43/32 {
>> secret = xxxxx
>> shortname = Carlos
>> type = other
>> }
>> #Cisco NAS
>> client 200.106.138.14/32 {
>> secret = xxxxxx
>> shortname = cisco
>> type = cisco
>> }
>> ------------------------------------
>> radiusd.conf
>>
>> prefix = /usr
>> exec_prefix = /usr
>> sysconfdir = /etc
>> localstatedir = /var
>> sbindir = /usr/sbin
>> logdir = ${localstatedir}/log/radius
>> raddbdir = ${sysconfdir}/raddb
>> radacctdir = ${logdir}/radacct
>> confdir = ${raddbdir}
>> run_dir = ${localstatedir}/run/radiusd
>> log_file = ${logdir}/radius.log
>> libdir = /usr/local/lib
>> pidfile = ${run_dir}/radiusd.pid
>> user = radiusd
>> group = radiusd
>> max_request_time = 30
>> delete_blocked_requests = no
>> cleanup_delay = 5
>> max_requests = 1024
>> bind_address = *
>> port = 1812
>> hostname_lookups = no
>> allow_core_dumps = no
>> regular_expressions = yes
>> extended_expressions = yes
>> log_stripped_names = yes
>> log_auth = yes
>> log_auth_badpass = no
>> log_auth_goodpass = no
>> usercollide = no
>> lower_user = no
>> lower_pass = no
>> nospace_user = no
>> nospace_pass = no
>> checkrad = ${sbindir}/checkrad
>>
>> security {
>> max_attributes = 200
>> reject_delay = 1
>> status_server = no
>> }
>>
>> proxy_requests = no
>> $INCLUDE ${confdir}/clients.conf
>> snmp = no
>> $INCLUDE ${confdir}/snmp.conf
>>
>> thread pool {
>> start_servers = 5
>> max_servers = 32
>> min_spare_servers = 3
>> max_spare_servers = 10
>> max_requests_per_server = 0
>> }
>>
>> modules {
>>
>> pap {
>> encryption_scheme = crypt
>> }
>>
>> chap {
>> authtype = CHAP
>> }
>>
>> pam {
>> pam_auth = radiusd
>> }
>>
>> $INCLUDE ${confdir}/sql.conf
>> $INCLUDE ${confdir}/sqlcounter.conf
>> mschap {
>> authtype = MS-CHAP
>> }
>>
>> ldap {
>> server = "200.xx.xx.xx"
>> port = "390"
>> identity = "cn=Directory Manager"
>> password = xxxxxxxxxx
>> basedn = "o=yy,o=yy"
>> password_attribute = "userPassword"
>> filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
>> start_tls = no
>> access_attr = "dialupAccess"
>> dictionary_mapping = ${raddbdir}/ldap.attrmap
>> ldap_connections_number = 5
>> timeout = 4
>> timelimit = 3
>> net_timeout = 1
>> }
>>
>> checkval {
>> item-name = Max-Monthly-Session
>> check-name = Max-Monthly-Session
>> data-type = string
>> }
>> preprocess {
>> huntgroups = ${confdir}/huntgroups
>> hints = ${confdir}/hints
>> with_ascend_hack = no
>> ascend_channels_per_line = 23
>> with_ntdomain_hack = no
>> with_specialix_jetstream_hack = no
>> with_cisco_vsa_hack = no
>> }
>>
>> files {
>> usersfile = ${confdir}/users
>> acctusersfile = ${confdir}/acct_users
>> compat = no
>> }
>>
>> detail {
>> detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d
>> detailperm = 0600
>> }
>>
>> detail auth_log {
>> detailfile =
>> ${radacctdir}/%{Client-IP-Address}/auth-detail-%Y%m%d
>> detailperm = 0600
>> }
>>
>> detailfile = ${radacctdir}/%{Client-IP-Address}/reply-detail-%Y%m%d
>> detailperm = 0600
>>
>> acct_unique {
>> key = "User-Name, Acct-Session-Id, NAS-IP-Address,
>> Client-IP-Address, NAS-Port"
>> }
>>
>> radutmp {
>> filename = ${logdir}/radutmp
>> username = %{User-Name}
>> case_sensitive = yes
>> check_with_nas = yes perm = 0600
>> callerid = "yes"
>> }
>>
>> radutmp sradutmp {
>> filename = ${logdir}/sradutmp
>> perm = 0644
>> callerid = "no"
>> }
>>
>> attr_filter {
>> attrsfile = ${confdir}/attrs
>> }
>>
>> always fail {
>> rcode = fail
>> }
>> always reject {
>> rcode = reject
>> }
>> always ok {
>> rcode = ok
>> simulcount = 0
>> mpp = no
>> }
>>
>> expr {
>> }
>>
>> digest {
>> }
>>
>> exec {
>> wait = yes
>> input_pairs = request
>> }
>>
>> exec echo {
>> wait = yes
>> program = "/bin/echo %{User-Name}"
>> input_pairs = request
>> output_pairs = reply
>> }
>>
>> ippool main_pool {
>> range-start = 192.168.1.1
>> range-stop = 192.168.3.254
>> netmask = 255.255.255.0
>> cache-size = 800
>> session-db = ${raddbdir}/db.ippool
>> ip-index = ${raddbdir}/db.ipindex
>> override = no
>> maximum-timeout = 0
>> }
>> }
>>
>> instantiate {
>> exec
>> expr
>> monthlycounter
>> }
>>
>> authorize {
>> preprocess
>> auth_log
>> chap
>> mschap
>> files
>> ldap
>> noresetcounter
>> monthlycounter
>> }
>>
>> authenticate {
>> Auth-Type PAP {
>> pap
>> }
>> Auth-Type CHAP {
>> chap
>> }
>> Auth-Type MS-CHAP {
>> mschap
>> }
>> Auth-Type LDAP {
>> ldap
>> }
>> }
>>
>> preacct {
>> preprocess
>> acct_unique
>> }
>>
>> accounting {
>> detail
>> radutmp
>> sradutmp
>> sql
>> }
>>
>> session {
>> radutmp
>> sql
>> }
>>
>> post-auth {
>> }
>>
>> pre-proxy {
>> }
>>
>> post-proxy {
>> }
>>
>> -------------------------------------
>> users
>>
>> DEFAULT Auth-Type = ldap
>> Fall-Through = 1
>>
>> DEFAULT Simultaneous-Use := 1
>> Fall-Through = 1
>>
>> DEFAULT Framed-Protocol == PPP
>> Framed-Protocol = PPP,
>> Framed-Compression = Van-Jacobson-TCP-IP
>>
>> testuser Max-Monthly-Session := 108000, Auth-Type := ldap
>> Service-Type = Framed-User,
>> Framed-Protocol = PPP
>>
>>
>> Any help will be appreciated.
>>
>> Thanks a lot
>>
>> --
>> Carlos Martínez-Troncoso Cera
>> Coordinador de Servicios Internet/Intranet
>> Universidad del Norte
>> Barranquilla, Colombia
>>
>>
>>
>> ------------------------------------------------------------------------
>>
>> - List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>
>
>
> - List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list