rlm_sqlcounter problem
Carlos Martínez-Troncoso Cera
cmartinez at uninorte.edu.co
Mon Jun 20 21:16:51 CEST 2005
I modified the users file and now it works, user is now like:
DEFAULT Simultaneous-Use := 1
Fall-Through = 1
cmartinez Max-Monthly-Session := 108000, Auth-Type := ldap
Service-Type = Framed-User,
Framed -Protocol = PPP
--------------------------
Thanks a lot to Roberto and Alan for their time and help.
Carlos Martínez-Troncoso Cera
Coordinador de Servicios Internet/Intranet
Universidad del Norte
Barranquilla, Colombia
Tel: 57 5 3509367
Carlos Martínez-Troncoso Cera wrote:
> Thanks Roberto for your answer but I did the changes in
> sqlcounter.conf and with my cisco, sqlcounter doesn´t work, with
> NTRadping it works very well. I looked into the source code in
> freeradius 1.0.4 but this module is the same for 1.0.2 version (I have
> working 1.0.2)
> What can I do?
> Do you know how can I debug this module?
>
> This is the message with radiusd -X -A (with Cisco):
>
> rlm_ldap: user cmartinez authorized to use remote access
> rlm_ldap: ldap_release_conn: Release Id: 0
> modcall[authorize]: module "ldap" returns ok for request 5
> rlm_sqlcounter: Entering module authorize code
> rlm_sqlcounter: Could not find Check item value pair
> modcall[authorize]: module "monthlycounter" returns noop for request 5
> modcall: group authorize returns ok for request 5
> rad_check_password: Found Auth-Type ldap
> auth: type "LDAP"
> Processing the authenticate section of radiusd.conf
>
> -------------------------------------------------------------------------
>
> with NTRadping:
>
> rlm_ldap: ldap_release_conn: Release Id: 0
> modcall[authorize]: module "ldap" returns ok for request 0
> rlm_sqlcounter: Entering module authorize code
> sqlcounter_expand: 'SELECT SUM(AcctSessionTime - GREATEST((1117602000
> - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE
> UserName='%{User-Name}' AND UNIX_TIMESTAMP(AcctStartTime) +
> AcctSessionTime > '1117602000''
> radius_xlat: 'SELECT SUM(AcctSessionTime - GREATEST((1117602000 -
> UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE
> UserName='cmartinez' AND UNIX_TIMESTAMP(AcctStartTime) +
> AcctSessionTime > '1117602000''
> sqlcounter_expand: '%{sql:SELECT SUM(AcctSessionTime -
> GREATEST((1117602000 - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM
> radacct WHERE UserName='cmartinez' AND UNIX_TIMESTAMP(AcctStartTime) +
> AcctSessionTime > '1117602000'}'
> radius_xlat: Running registered xlat function of module sql for string
> 'SELECT SUM(AcctSessionTime - GREATEST((1117602000 -
> UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE
> UserName='cmartinez' AND UNIX_TIMESTAMP(AcctStartTime) +
> AcctSessionTime > '1117602000''
> rlm_sql (sql): - sql_xlat
> radius_xlat: 'cmartinez'
> rlm_sql (sql): sql_set_user escaped user --> 'cmartinez'
> radius_xlat: 'SELECT SUM(AcctSessionTime - GREATEST((1117602000 -
> UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE
> UserName='cmartinez' AND UNIX_TIMESTAMP(AcctStartTime) +
> AcctSessionTime > '1117602000''
> rlm_sql (sql): Reserving sql socket id: 4
> rlm_sql (sql): - sql_xlat finished
> rlm_sql (sql): Released sql socket id: 4
> radius_xlat: '107853'
> rlm_sqlcounter: (Check item - counter) is less than zero
> rlm_sqlcounter: Rejected user cmartinez, check_item=100000, counter=107853
>
>
> Thanks for your help!
>
>Carlos Martínez-Troncoso Cera
>Coordinador de Servicios Internet/Intranet
>Universidad del Norte
>Barranquilla, Colombia
>Tel: 57 5 3509367
>
>
>
> Roberto Gonzalez Azevedo wrote:
>
>> sqlcounter noresetcounter {
>> ## Look here
>> driver = "rlm_sqlcounter"
>> counter-name = Max-All-Session-Time
>> check-name = Max-All-Session
>> ## Look here
>> check-item = Max-All-Session
>> sqlmod-inst = sql
>> key = User-Name
>> reset = never
>> query = "SELECT SUM(AcctSessionTime) FROM radacct
>> WHERE UserName='%{%k}'"
>> }
>>
>> sqlcounter dailycounter {
>> driver = "rlm_sqlcounter"
>> counter-name = Daily-Session-Time
>> check-name = Max-Daily-Session
>> ## Look here
>> check-item = Max-Daily-Session
>> sqlmod-inst = sql
>> key = User-Name
>> reset = daily
>> query = "SELECT SUM(AcctSessionTime - GREATEST((%b -
>> UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE
>> UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime
>> > '%b'"
>> }
>>
>> sqlcounter monthlycounter {
>> ## Look here
>> driver = "rlm_sqlcounter"
>> counter-name = Monthly-Session-Time
>> check-name = Max-Monthly-Session
>> ## Look here
>> check-item = Max-Monthly-Session
>> sqlmod-inst = sql
>> key = User-Name
>> reset = monthly
>> query = "SELECT SUM(AcctSessionTime - GREATEST((%b -
>> UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE
>> UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime
>> > '%b'"
>> }
>>
>> thanks ...
>> -------------------------
>> Roberto Gonzalez Azevedo
>>
>> Carlos Martínez-Troncoso Cera wrote:
>>
>>> ok Roberto:
>>> sqlcounter noresetcounter {
>>> counter-name = Max-All-Session-Time
>>> check-name = Max-All-Session
>>> sqlmod-inst = sql
>>> key = User-Name
>>> reset = never
>>> query = "SELECT SUM(AcctSessionTime) FROM radacct
>>> WHERE UserName='%{%k}'"
>>> }
>>>
>>> sqlcounter dailycounter {
>>> driver = "rlm_sqlcounter"
>>> counter-name = Daily-Session-Time
>>> check-name = Max-Daily-Session
>>> sqlmod-inst = sql
>>> key = User-Name
>>> reset = daily
>>> query = "SELECT SUM(AcctSessionTime - GREATEST((%b -
>>> UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE
>>> UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime
>>> > '%b'"
>>> }
>>>
>>> sqlcounter monthlycounter {
>>> counter-name = Monthly-Session-Time
>>> check-name = Max-Monthly-Session
>>> sqlmod-inst = sql
>>> key = User-Name
>>> reset = monthly
>>> query = "SELECT SUM(AcctSessionTime - GREATEST((%b -
>>> UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE
>>> UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime
>>> > '%b'"
>>> }
>>>
>>>
>>>
>>> Carlos Martínez-Troncoso Cera
>>> Coordinador de Servicios Internet/Intranet
>>> Universidad del Norte
>>> Barranquilla, Colombia
>>> Tel: 57 5 3509367
>>>
>>>
>>>
>>> Roberto Gonzalez Azevedo wrote:
>>>
>>>> Show us your sqlcounter.conf ...
>>>>
>>>> You should define 'check-item' in sqlcounter.conf ...
>>>>
>>>> -------------------------
>>>> Roberto Gonzalez Azevedo
>>>> Carlos Martínez-Troncoso Cera wrote:
>>>>
>>>>> Hello.
>>>>>
>>>>> I have freradius-1.0.2 with autorizathion and authentication in
>>>>> LDAP and accounting in MySQL. I configured to use rlm_sqlcounter
>>>>> to control time connections, testing with NTRadping work well but
>>>>> testing with my Cisco NAS it doesn´t work
>>>>>
>>>>> With my cisco NAS this is the message:
>>>>>
>>>>> rlm_sqlcounter: Entering module authorize code
>>>>> rlm_sqlcounter: Could not find Check item value pair
>>>>> modcall[authorize]: module "noresetcounter" returns noop for
>>>>> request 3
>>>>> rlm_sqlcounter: Entering module authorize code
>>>>> rlm_sqlcounter: Could not find Check item value pair
>>>>> modcall[authorize]: module "monthlycounter" returns noop for
>>>>> request 3
>>>>>
>>>>>
>>>>> With NTRadPing the message is:
>>>>>
>>>>> rlm_sqlcounter: (Check item - counter) is greater than zero
>>>>> rlm_sqlcounter: Authorized user cmartinez, check_item=108000,
>>>>> counter=106750
>>>>> rlm_sqlcounter: Sent Reply-Item for user cmartinez,
>>>>> Type=Session-Timeout, value=1250
>>>>> modcall[authorize]: module "monthlycounter" returns ok for
>>>>> request 8
>>>>>
>>>>>
>>>>> My relevant conf files:
>>>>> ------------------------------------
>>>>> clients.conf
>>>>>
>>>>> #PC with NTRadping
>>>>> client 172.16.31.43/32 {
>>>>> secret = xxxxx
>>>>> shortname = Carlos
>>>>> type = other
>>>>> }
>>>>> #Cisco NAS
>>>>> client 200.106.138.14/32 {
>>>>> secret = xxxxxx
>>>>> shortname = cisco
>>>>> type = cisco
>>>>> }
>>>>> ------------------------------------
>>>>> radiusd.conf
>>>>>
>>>>> prefix = /usr
>>>>> exec_prefix = /usr
>>>>> sysconfdir = /etc
>>>>> localstatedir = /var
>>>>> sbindir = /usr/sbin
>>>>> logdir = ${localstatedir}/log/radius
>>>>> raddbdir = ${sysconfdir}/raddb
>>>>> radacctdir = ${logdir}/radacct
>>>>> confdir = ${raddbdir}
>>>>> run_dir = ${localstatedir}/run/radiusd
>>>>> log_file = ${logdir}/radius.log
>>>>> libdir = /usr/local/lib
>>>>> pidfile = ${run_dir}/radiusd.pid
>>>>> user = radiusd
>>>>> group = radiusd
>>>>> max_request_time = 30
>>>>> delete_blocked_requests = no
>>>>> cleanup_delay = 5
>>>>> max_requests = 1024
>>>>> bind_address = *
>>>>> port = 1812
>>>>> hostname_lookups = no
>>>>> allow_core_dumps = no
>>>>> regular_expressions = yes
>>>>> extended_expressions = yes
>>>>> log_stripped_names = yes
>>>>> log_auth = yes
>>>>> log_auth_badpass = no
>>>>> log_auth_goodpass = no
>>>>> usercollide = no
>>>>> lower_user = no
>>>>> lower_pass = no
>>>>> nospace_user = no
>>>>> nospace_pass = no
>>>>> checkrad = ${sbindir}/checkrad
>>>>>
>>>>> security {
>>>>> max_attributes = 200
>>>>> reject_delay = 1
>>>>> status_server = no
>>>>> }
>>>>>
>>>>> proxy_requests = no
>>>>> $INCLUDE ${confdir}/clients.conf
>>>>> snmp = no
>>>>> $INCLUDE ${confdir}/snmp.conf
>>>>>
>>>>> thread pool {
>>>>> start_servers = 5
>>>>> max_servers = 32
>>>>> min_spare_servers = 3
>>>>> max_spare_servers = 10
>>>>> max_requests_per_server = 0
>>>>> }
>>>>>
>>>>> modules {
>>>>>
>>>>> pap {
>>>>> encryption_scheme = crypt
>>>>> }
>>>>>
>>>>> chap {
>>>>> authtype = CHAP
>>>>> }
>>>>>
>>>>> pam {
>>>>> pam_auth = radiusd
>>>>> }
>>>>>
>>>>> $INCLUDE ${confdir}/sql.conf
>>>>> $INCLUDE ${confdir}/sqlcounter.conf mschap {
>>>>> authtype = MS-CHAP
>>>>> }
>>>>>
>>>>> ldap {
>>>>> server = "200.xx.xx.xx"
>>>>> port = "390"
>>>>> identity = "cn=Directory Manager"
>>>>> password = xxxxxxxxxx
>>>>> basedn = "o=yy,o=yy"
>>>>> password_attribute = "userPassword"
>>>>> filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
>>>>> start_tls = no
>>>>> access_attr = "dialupAccess"
>>>>> dictionary_mapping = ${raddbdir}/ldap.attrmap
>>>>> ldap_connections_number = 5
>>>>> timeout = 4
>>>>> timelimit = 3
>>>>> net_timeout = 1
>>>>> }
>>>>>
>>>>> checkval {
>>>>> item-name = Max-Monthly-Session
>>>>> check-name = Max-Monthly-Session
>>>>> data-type = string
>>>>> }
>>>>> preprocess {
>>>>> huntgroups = ${confdir}/huntgroups
>>>>> hints = ${confdir}/hints
>>>>> with_ascend_hack = no
>>>>> ascend_channels_per_line = 23
>>>>> with_ntdomain_hack = no
>>>>> with_specialix_jetstream_hack = no
>>>>> with_cisco_vsa_hack = no
>>>>> }
>>>>>
>>>>> files {
>>>>> usersfile = ${confdir}/users
>>>>> acctusersfile = ${confdir}/acct_users
>>>>> compat = no
>>>>> }
>>>>>
>>>>> detail {
>>>>> detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d
>>>>> detailperm = 0600
>>>>> }
>>>>>
>>>>> detail auth_log {
>>>>> detailfile =
>>>>> ${radacctdir}/%{Client-IP-Address}/auth-detail-%Y%m%d
>>>>> detailperm = 0600
>>>>> }
>>>>>
>>>>> detailfile =
>>>>> ${radacctdir}/%{Client-IP-Address}/reply-detail-%Y%m%d
>>>>> detailperm = 0600
>>>>>
>>>>> acct_unique {
>>>>> key = "User-Name, Acct-Session-Id, NAS-IP-Address,
>>>>> Client-IP-Address, NAS-Port"
>>>>> }
>>>>>
>>>>> radutmp {
>>>>> filename = ${logdir}/radutmp
>>>>> username = %{User-Name}
>>>>> case_sensitive = yes
>>>>> check_with_nas = yes perm = 0600
>>>>> callerid = "yes"
>>>>> }
>>>>>
>>>>> radutmp sradutmp {
>>>>> filename = ${logdir}/sradutmp
>>>>> perm = 0644
>>>>> callerid = "no"
>>>>> }
>>>>>
>>>>> attr_filter {
>>>>> attrsfile = ${confdir}/attrs
>>>>> }
>>>>>
>>>>> always fail {
>>>>> rcode = fail
>>>>> }
>>>>> always reject {
>>>>> rcode = reject
>>>>> }
>>>>> always ok {
>>>>> rcode = ok
>>>>> simulcount = 0
>>>>> mpp = no
>>>>> }
>>>>>
>>>>> expr {
>>>>> }
>>>>>
>>>>> digest {
>>>>> }
>>>>>
>>>>> exec {
>>>>> wait = yes
>>>>> input_pairs = request
>>>>> }
>>>>>
>>>>> exec echo {
>>>>> wait = yes
>>>>> program = "/bin/echo %{User-Name}"
>>>>> input_pairs = request
>>>>> output_pairs = reply
>>>>> }
>>>>>
>>>>> ippool main_pool {
>>>>> range-start = 192.168.1.1
>>>>> range-stop = 192.168.3.254
>>>>> netmask = 255.255.255.0
>>>>> cache-size = 800
>>>>> session-db = ${raddbdir}/db.ippool
>>>>> ip-index = ${raddbdir}/db.ipindex
>>>>> override = no
>>>>> maximum-timeout = 0
>>>>> }
>>>>> }
>>>>>
>>>>> instantiate {
>>>>> exec
>>>>> expr
>>>>> monthlycounter
>>>>> }
>>>>>
>>>>> authorize {
>>>>> preprocess
>>>>> auth_log
>>>>> chap
>>>>> mschap
>>>>> files
>>>>> ldap
>>>>> noresetcounter
>>>>> monthlycounter
>>>>> }
>>>>>
>>>>> authenticate {
>>>>> Auth-Type PAP {
>>>>> pap
>>>>> }
>>>>> Auth-Type CHAP {
>>>>> chap
>>>>> }
>>>>> Auth-Type MS-CHAP {
>>>>> mschap
>>>>> }
>>>>> Auth-Type LDAP {
>>>>> ldap
>>>>> }
>>>>> }
>>>>>
>>>>> preacct {
>>>>> preprocess
>>>>> acct_unique
>>>>> }
>>>>>
>>>>> accounting {
>>>>> detail
>>>>> radutmp
>>>>> sradutmp
>>>>> sql
>>>>> }
>>>>>
>>>>> session {
>>>>> radutmp
>>>>> sql
>>>>> }
>>>>>
>>>>> post-auth {
>>>>> }
>>>>>
>>>>> pre-proxy {
>>>>> }
>>>>>
>>>>> post-proxy {
>>>>> }
>>>>>
>>>>> -------------------------------------
>>>>> users
>>>>>
>>>>> DEFAULT Auth-Type = ldap
>>>>> Fall-Through = 1
>>>>>
>>>>> DEFAULT Simultaneous-Use := 1
>>>>> Fall-Through = 1
>>>>>
>>>>> DEFAULT Framed-Protocol == PPP
>>>>> Framed-Protocol = PPP,
>>>>> Framed-Compression = Van-Jacobson-TCP-IP
>>>>>
>>>>> testuser Max-Monthly-Session := 108000, Auth-Type := ldap
>>>>> Service-Type = Framed-User,
>>>>> Framed-Protocol = PPP
>>>>>
>>>>>
>>>>> Any help will be appreciated.
>>>>>
>>>>> Thanks a lot
>>>>>
>>>>> --
>>>>> Carlos Martínez-Troncoso Cera
>>>>> Coordinador de Servicios Internet/Intranet
>>>>> Universidad del Norte
>>>>> Barranquilla, Colombia
>>>>>
>>>>>
>>>>>
>>>>> ------------------------------------------------------------------------
>>>>>
>>>>>
>>>>> - List info/subscribe/unsubscribe? See
>>>>> http://www.freeradius.org/list/users.html
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> - List info/subscribe/unsubscribe? See
>>>> http://www.freeradius.org/list/users.html
>>>>
>>> - List info/subscribe/unsubscribe? See
>>> http://www.freeradius.org/list/users.html
>>
>>
>>
>> - List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>------------------------------------------------------------------------
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list