Max-All-Session counter module problem[SOLVED]

Bishal Pun bishal at baayu.com.np
Sun Aug 30 09:26:07 CEST 2009


Hello all,

 Problem is solved. Actually it was due to radgroupcheck table. There I have inserted Max-All-Session as 90000. I deleted it and now the user can log in.


Thank you
Bishal

 




Hi,

I am posting the debug of another user who has same problem:

rad_recv: Access-Request packet from host 202.79.xx.XX port 65050,
id=12, length=189
       NAS-Identifier = "pppoe-bhw."
       Acct-Session-Id = "1633129-mpd-pppoe-70"
       NAS-Port = 70
       NAS-Port-Type = Ethernet
       Service-Type = Framed-User
       Framed-Protocol = PPP
       Calling-Station-Id = "0016768aaa28"
       Called-Station-Id = "WIFITEST"
       NAS-Port-Id = "rl0"
       Vendor-12341-Attr-12 = 0x6d70642d7070706f652d3730
       Tunnel-Medium-Type:0 = IEEE-802
       Tunnel-Client-Endpoint:0 = "00:16:76:8a:aa:28"
       User-Name = "sneha"
       User-Password = "123"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "sneha", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[sql]   expand: %{User-Name} -> sneha
[sql] sql_set_user escaped user --> 'sneha'
rlm_sql (sql): Reserving sql socket id: 1
[sql]   expand: SELECT id, username, attribute, value, op           FROM
radcheck           WHERE username = '%{SQL-User-Name}'           ORDER
BY id -> SELECT id, username, attribute, value, op           FROM
radcheck           WHERE username = 'sneha'           ORDER BY id
[sql] User found in radcheck table
[sql]   expand: SELECT id, username, attribute, value, op           FROM
radreply           WHERE username = '%{SQL-User-Name}'           ORDER
BY id -> SELECT id, username, attribute, value, op           FROM
radreply           WHERE username = 'sneha'           ORDER BY id

[sql] expand: SELECT groupname FROM radusergroup WHERE username = 
'%{SQL-User-Name}' ORDER BY priority ->

SELECT groupname           FROM radusergroup           WHERE username =
'sneha'           ORDER BY priority
[sql]   expand: SELECT id, groupname, attribute,           Value,
op           FROM radgroupcheck           WHERE groupname =
'%{Sql-Group}'           ORDER BY id -> SELECT id, groupname,

attribute, Value, op FROM radgroupcheck WHERE groupname = 'Prepaid 
Hours' ORDER BY id

[sql] User found in group Prepaid Hours
[sql]   expand: SELECT id, groupname, attribute,           value,
op           FROM radgroupreply           WHERE groupname =
'%{Sql-Group}'           ORDER BY id -> SELECT id, groupname,

attribute, value, op FROM radgroupreply WHERE groupname = 'Prepaid 
Hours' ORDER BY id

rlm_sql (sql): Released sql socket id: 1
++[sql] returns ok
[ldap] performing user authorization for sneha
[ldap] WARNING: Deprecated conditional expansion ":-".  See "man unlang"
for details
[ldap]  expand: (cn=%{Stripped-User-Name:-%{User-Name}}) -> (cn=sneha)
[ldap]  expand: ou=users,ou=radius,dc=resunganet,dc=com,dc=np ->
ou=users,ou=radius,dc=resunganet,dc=com,dc=np
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in
ou=users,ou=radius,dc=resunganet,dc=com,dc=np, with filter (cn=sneha)
[ldap] checking if remote access for sneha is allowed by dialupAccess
[ldap] Added User-Password = {SSHA}zG7/cgoBWWNIVo7WtLMria1ui7GJAztI in
check items
[ldap] looking for check items in directory...
[ldap] looking for reply items in directory...
[ldap] user sneha authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap] returns ok
rlm_sqlcounter: Entering module authorize code
sqlcounter_expand:  'SELECT SUM(AcctSessionTime) FROM radacct WHERE
UserName='%{User-Name}''
[noresetcounter]        expand: SELECT SUM(AcctSessionTime) FROM radacct
WHERE UserName='%{User-Name}' -> SELECT SUM(AcctSessionTime) FROM
radacct WHERE UserName='sneha'
sqlcounter_expand:  '%{sql:SELECT SUM(AcctSessionTime) FROM radacct
WHERE UserName='sneha'}'
[noresetcounter] sql_xlat
[noresetcounter]        expand: %{User-Name} -> sneha
[noresetcounter] sql_set_user escaped user --> 'sneha'
[noresetcounter]        expand: SELECT SUM(AcctSessionTime) FROM radacct
WHERE UserName='sneha' -> SELECT SUM(AcctSessionTime) FROM radacct WHERE
UserName='sneha'
rlm_sql (sql): Reserving sql socket id: 0
[noresetcounter] sql_xlat finished
rlm_sql (sql): Released sql socket id: 0
[noresetcounter]        expand: %{sql:SELECT SUM(AcctSessionTime) FROM
radacct WHERE UserName='sneha'} -> 90001
rlm_sqlcounter: (Check item - counter) is less than zero
rlm_sqlcounter: Rejected user sneha, check_item=90000, counter=90001
++[noresetcounter] returns reject
Invalid user (rlm_sqlcounter: Maximum never usage time reached): [sneha]
(from client pppoe-bhw port 70 cli 0016768aaa28)
Using Post-Auth-Type Reject
+- entering group REJECT {...}
===================
check_item shows 90000 whereas I have updated the radcheck
Max-All-Session Value by 180000 but still Reject with Maximum never
usage time reached?

radcheck table output of user sneha:

2901 | sneha    | Max-All-Session    | := | 180000      |


Thank you
Bishal




More information about the Freeradius-Users mailing list