Max-All-Session counter module problem
Bishal Pun
bishal at baayu.com.np
Sun Aug 30 08:41:21 CEST 2009
Hi,
I am posting the debug of another user who has same problem:
rad_recv: Access-Request packet from host 202.79.xx.XX port 65050,
id=12, length=189
NAS-Identifier = "pppoe-bhw."
Acct-Session-Id = "1633129-mpd-pppoe-70"
NAS-Port = 70
NAS-Port-Type = Ethernet
Service-Type = Framed-User
Framed-Protocol = PPP
Calling-Station-Id = "0016768aaa28"
Called-Station-Id = "WIFITEST"
NAS-Port-Id = "rl0"
Vendor-12341-Attr-12 = 0x6d70642d7070706f652d3730
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Client-Endpoint:0 = "00:16:76:8a:aa:28"
User-Name = "sneha"
User-Password = "123"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "sneha", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[sql] expand: %{User-Name} -> sneha
[sql] sql_set_user escaped user --> 'sneha'
rlm_sql (sql): Reserving sql socket id: 1
[sql] expand: SELECT id, username, attribute, value, op FROM
radcheck WHERE username = '%{SQL-User-Name}' ORDER
BY id -> SELECT id, username, attribute, value, op FROM
radcheck WHERE username = 'sneha' ORDER BY id
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op FROM
radreply WHERE username = '%{SQL-User-Name}' ORDER
BY id -> SELECT id, username, attribute, value, op FROM
radreply WHERE username = 'sneha' ORDER BY id
[sql] expand: SELECT groupname FROM radusergroup
WHERE username = '%{SQL-User-Name}' ORDER BY priority ->
SELECT groupname FROM radusergroup WHERE username =
'sneha' ORDER BY priority
[sql] expand: SELECT id, groupname, attribute, Value,
op FROM radgroupcheck WHERE groupname =
'%{Sql-Group}' ORDER BY id -> SELECT id, groupname,
attribute, Value, op FROM radgroupcheck
WHERE groupname = 'Prepaid Hours' ORDER BY id
[sql] User found in group Prepaid Hours
[sql] expand: SELECT id, groupname, attribute, value,
op FROM radgroupreply WHERE groupname =
'%{Sql-Group}' ORDER BY id -> SELECT id, groupname,
attribute, value, op FROM radgroupreply
WHERE groupname = 'Prepaid Hours' ORDER BY id
rlm_sql (sql): Released sql socket id: 1
++[sql] returns ok
[ldap] performing user authorization for sneha
[ldap] WARNING: Deprecated conditional expansion ":-". See "man unlang"
for details
[ldap] expand: (cn=%{Stripped-User-Name:-%{User-Name}}) -> (cn=sneha)
[ldap] expand: ou=users,ou=radius,dc=resunganet,dc=com,dc=np ->
ou=users,ou=radius,dc=resunganet,dc=com,dc=np
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in
ou=users,ou=radius,dc=resunganet,dc=com,dc=np, with filter (cn=sneha)
[ldap] checking if remote access for sneha is allowed by dialupAccess
[ldap] Added User-Password = {SSHA}zG7/cgoBWWNIVo7WtLMria1ui7GJAztI in
check items
[ldap] looking for check items in directory...
[ldap] looking for reply items in directory...
[ldap] user sneha authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap] returns ok
rlm_sqlcounter: Entering module authorize code
sqlcounter_expand: 'SELECT SUM(AcctSessionTime) FROM radacct WHERE
UserName='%{User-Name}''
[noresetcounter] expand: SELECT SUM(AcctSessionTime) FROM radacct
WHERE UserName='%{User-Name}' -> SELECT SUM(AcctSessionTime) FROM
radacct WHERE UserName='sneha'
sqlcounter_expand: '%{sql:SELECT SUM(AcctSessionTime) FROM radacct
WHERE UserName='sneha'}'
[noresetcounter] sql_xlat
[noresetcounter] expand: %{User-Name} -> sneha
[noresetcounter] sql_set_user escaped user --> 'sneha'
[noresetcounter] expand: SELECT SUM(AcctSessionTime) FROM radacct
WHERE UserName='sneha' -> SELECT SUM(AcctSessionTime) FROM radacct WHERE
UserName='sneha'
rlm_sql (sql): Reserving sql socket id: 0
[noresetcounter] sql_xlat finished
rlm_sql (sql): Released sql socket id: 0
[noresetcounter] expand: %{sql:SELECT SUM(AcctSessionTime) FROM
radacct WHERE UserName='sneha'} -> 90001
rlm_sqlcounter: (Check item - counter) is less than zero
rlm_sqlcounter: Rejected user sneha, check_item=90000, counter=90001
++[noresetcounter] returns reject
Invalid user (rlm_sqlcounter: Maximum never usage time reached): [sneha]
(from client pppoe-bhw port 70 cli 0016768aaa28)
Using Post-Auth-Type Reject
+- entering group REJECT {...}
===================
check_item shows 90000 whereas I have updated the radcheck
Max-All-Session Value by 180000 but still Reject with Maximum never
usage time reached?
radcheck table output of user sneha:
2901 | sneha | Max-All-Session | := | 180000 |
Thank you
Bishal
> I am using Freeradius 2.1.6 with LDAP for authentication and mysql for
> accounting in FreeBSD 7.2. radcheck table for user is like below.
> However when user tries to connect radius log shows: Maximum never usage
> time has reached for this user.
>
> id | username | attribute | op | value |
> +------+-----------+--------------------+----+--------------
> | 2002 | shrinagar | Max-All-Session | :=3D | 180000|
>
>
> While calculating the total accounting time in radacct table it stil
> shows 90000 seconds left for user shrinagar but still the user can't
> connect. What's wrong with freeradius can anybody tell me what I have
> done wrong. If I delete all the accounting session from radacct table
> for that user then he can connect.
>
> mysql> select 180000 - sum(acctsessiontime) from radacct where
> username=3D'shrinagar';
> +-------------------------------+
> | 180000 - sum(acctsessiontime) |
> +-------------------------------+
> | 90000 |
> +-------------------------------+
Post the debug.
Ivan Kalik
Kalik Informatika ISP
More information about the Freeradius-Users
mailing list