Max-All-Session counter module problem

Bishal Pun bishal at baayu.com.np
Sun Aug 30 08:41:21 CEST 2009


Hi,

 I am posting the debug of another user who has same problem:

rad_recv: Access-Request packet from host 202.79.xx.XX port 65050,
id=12, length=189
        NAS-Identifier = "pppoe-bhw."
        Acct-Session-Id = "1633129-mpd-pppoe-70"
        NAS-Port = 70
        NAS-Port-Type = Ethernet
        Service-Type = Framed-User
        Framed-Protocol = PPP
        Calling-Station-Id = "0016768aaa28"
        Called-Station-Id = "WIFITEST"
        NAS-Port-Id = "rl0"
        Vendor-12341-Attr-12 = 0x6d70642d7070706f652d3730
        Tunnel-Medium-Type:0 = IEEE-802
        Tunnel-Client-Endpoint:0 = "00:16:76:8a:aa:28"
        User-Name = "sneha"
        User-Password = "123"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "sneha", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[sql]   expand: %{User-Name} -> sneha
[sql] sql_set_user escaped user --> 'sneha'
rlm_sql (sql): Reserving sql socket id: 1
[sql]   expand: SELECT id, username, attribute, value, op           FROM
radcheck           WHERE username = '%{SQL-User-Name}'           ORDER
BY id -> SELECT id, username, attribute, value, op           FROM
radcheck           WHERE username = 'sneha'           ORDER BY id
[sql] User found in radcheck table
[sql]   expand: SELECT id, username, attribute, value, op           FROM
radreply           WHERE username = '%{SQL-User-Name}'           ORDER
BY id -> SELECT id, username, attribute, value, op           FROM
radreply           WHERE username = 'sneha'           ORDER BY id
[sql]   expand: SELECT groupname           FROM radusergroup          
WHERE username = '%{SQL-User-Name}'           ORDER BY priority ->
SELECT groupname           FROM radusergroup           WHERE username =
'sneha'           ORDER BY priority
[sql]   expand: SELECT id, groupname, attribute,           Value,
op           FROM radgroupcheck           WHERE groupname =
'%{Sql-Group}'           ORDER BY id -> SELECT id, groupname,
attribute,           Value, op           FROM radgroupcheck          
WHERE groupname = 'Prepaid Hours'           ORDER BY id
[sql] User found in group Prepaid Hours
[sql]   expand: SELECT id, groupname, attribute,           value,
op           FROM radgroupreply           WHERE groupname =
'%{Sql-Group}'           ORDER BY id -> SELECT id, groupname,
attribute,           value, op           FROM radgroupreply          
WHERE groupname = 'Prepaid Hours'           ORDER BY id
rlm_sql (sql): Released sql socket id: 1
++[sql] returns ok
[ldap] performing user authorization for sneha
[ldap] WARNING: Deprecated conditional expansion ":-".  See "man unlang"
for details
[ldap]  expand: (cn=%{Stripped-User-Name:-%{User-Name}}) -> (cn=sneha)
[ldap]  expand: ou=users,ou=radius,dc=resunganet,dc=com,dc=np ->
ou=users,ou=radius,dc=resunganet,dc=com,dc=np
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in
ou=users,ou=radius,dc=resunganet,dc=com,dc=np, with filter (cn=sneha)
[ldap] checking if remote access for sneha is allowed by dialupAccess
[ldap] Added User-Password = {SSHA}zG7/cgoBWWNIVo7WtLMria1ui7GJAztI in
check items
[ldap] looking for check items in directory...
[ldap] looking for reply items in directory...
[ldap] user sneha authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap] returns ok
rlm_sqlcounter: Entering module authorize code
sqlcounter_expand:  'SELECT SUM(AcctSessionTime) FROM radacct WHERE
UserName='%{User-Name}''
[noresetcounter]        expand: SELECT SUM(AcctSessionTime) FROM radacct
WHERE UserName='%{User-Name}' -> SELECT SUM(AcctSessionTime) FROM
radacct WHERE UserName='sneha'
sqlcounter_expand:  '%{sql:SELECT SUM(AcctSessionTime) FROM radacct
WHERE UserName='sneha'}'
[noresetcounter] sql_xlat
[noresetcounter]        expand: %{User-Name} -> sneha
[noresetcounter] sql_set_user escaped user --> 'sneha'
[noresetcounter]        expand: SELECT SUM(AcctSessionTime) FROM radacct
WHERE UserName='sneha' -> SELECT SUM(AcctSessionTime) FROM radacct WHERE
UserName='sneha'
rlm_sql (sql): Reserving sql socket id: 0
[noresetcounter] sql_xlat finished
rlm_sql (sql): Released sql socket id: 0
[noresetcounter]        expand: %{sql:SELECT SUM(AcctSessionTime) FROM
radacct WHERE UserName='sneha'} -> 90001
rlm_sqlcounter: (Check item - counter) is less than zero
rlm_sqlcounter: Rejected user sneha, check_item=90000, counter=90001
++[noresetcounter] returns reject
Invalid user (rlm_sqlcounter: Maximum never usage time reached): [sneha]
(from client pppoe-bhw port 70 cli 0016768aaa28)
Using Post-Auth-Type Reject
+- entering group REJECT {...}
===================
check_item shows 90000 whereas I have updated the radcheck
Max-All-Session Value by 180000 but still Reject with Maximum never
usage time reached?

radcheck table output of user sneha:

2901 | sneha    | Max-All-Session    | := | 180000      |


Thank you
Bishal

 >  I am using Freeradius 2.1.6 with LDAP for authentication and mysql for
 > accounting in FreeBSD 7.2. radcheck table for user is like below.
 > However when user tries to connect radius log shows: Maximum never usage
 > time has reached for this user.
 >
 >  id | username | attribute | op | value |
 > +------+-----------+--------------------+----+--------------
 > | 2002 | shrinagar | Max-All-Session | :=3D | 180000|
 >
 >
 > While calculating the total accounting time in radacct table it stil
 > shows 90000 seconds left for user shrinagar but still the user can't
 > connect. What's wrong with freeradius can anybody tell me what I have
 > done wrong. If I delete all the accounting session from radacct table
 > for that user then he can connect.
 >
 > mysql> select 180000 - sum(acctsessiontime) from radacct where
 > username=3D'shrinagar';
 > +-------------------------------+
 > | 180000 - sum(acctsessiontime) |
 > +-------------------------------+
 > | 90000 |
 > +-------------------------------+

Post the debug.

Ivan Kalik
Kalik Informatika ISP



More information about the Freeradius-Users mailing list