Accounting doesn't increase Daily's count.
Pablo Zanitti
pz.radiusd at gmail.com
Wed Sep 23 20:21:16 CEST 2009
Good day.
I'm having problems with rlm_counter on FreeRADIUS Version 1.1.7. I've
set my NAS to send Stop/Start packets every minute, but it only
refreshes count once. That means once an user is logged in, it will
count his first minute but then he will be able to access
indefinitely.
My user
-----------------
Prueba3 User-Password == "a", Simultaneous-Use += 5, Max-Daily-Session := 300
Session-Timeout := 60
-----------------
My conf
-----------------
prefix = /usr/local
exec_prefix = ${prefix}
sysconfdir = ${prefix}/etc
localstatedir = /var
sbindir = ${exec_prefix}/sbin
logdir = /var/log
raddbdir = ${sysconfdir}/raddb
radacctdir = ${logdir}/radacct
confdir = ${raddbdir}
run_dir = ${localstatedir}/run/radiusd
log_file = ${logdir}/radius.log
libdir = ${exec_prefix}/lib
pidfile = ${run_dir}/radiusd.pid
#user = nobody
#group = nobody
max_request_time = 30
delete_blocked_requests = no
cleanup_delay = 5
max_requests = 1024
bind_address = 192.168.63.1
port = 1892
hostname_lookups = no
allow_core_dumps = no
regular_expressions = yes
extended_expressions = yes
log_stripped_names = no
log_auth = yes
log_auth_badpass = yes
log_auth_goodpass = yes
usercollide = no
lower_user = no
lower_pass = no
nospace_user = no
nospace_pass = no
checkrad = ${sbindir}/checkrad
security {
max_attributes = 200
reject_delay = 1
status_server = no
}
proxy_requests = yes
$INCLUDE ${confdir}/proxy.conf
$INCLUDE ${confdir}/clients.conf
snmp = no
$INCLUDE ${confdir}/snmp.conf
thread pool {
start_servers = 5
max_servers = 32
min_spare_servers = 3
max_spare_servers = 10
max_requests_per_server = 0
}
modules {
chap {
authtype = CHAP
}
preprocess {
huntgroups = ${confdir}/huntgroups
hints = ${confdir}/hints
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
}
files {
usersfile = ${confdir}/users
acctusersfile = ${confdir}/acct_users
preproxy_usersfile = ${confdir}/preproxy_users
compat = no
}
detail {
detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d
detailperm = 0600
}
acct_unique {
key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port"
}
radutmp {
filename = ${logdir}/radutmp
username = %{User-Name}
case_sensitive = yes
check_with_nas = yes
perm = 0600
callerid = "yes"
}
radutmp sradutmp {
filename = ${logdir}/sradutmp
perm = 0644
callerid = "no"
}
attr_filter {
attrsfile = ${confdir}/attrs
}
counter daily {
filename = ${raddbdir}/db.daily
key = User-Name
count-attribute = Acct-Session-Time
reset = daily
counter-name = Daily-Session-Time
check-name = Max-Daily-Session
cache-size = 5000
}
counter weekly {
filename = ${raddbdir}/db.weekly
key = User-Name
count-attribute = Acct-Session-Time
reset = weekly
counter-name = Weekly-Session-Time
check-name = Max-Weekly-Session
cache-size = 5000
}
counter monthly {
filename = ${raddbdir}/db.monthly
key = User-Name
count-attribute = Acct-Session-Time
reset = monthly
counter-name = Monthly-Session-Time
check-name = Max-Monthly-Session
cache-size = 5000
}
counter forever {
filename = ${raddbdir}/db.forever
key = User-Name
count-attribute = Acct-Session-Time
reset = never
counter-name = Forever-Session-Time
check-name = Max-Forever-Session
cache-size = 5000
}
always fail {
rcode = fail
}
always reject {
rcode = reject
}
always ok {
rcode = ok
simulcount = 0
mpp = no
}
expr {
}
digest {
}
}
instantiate {
daily
weekly
monthly
forever
}
authorize {
preprocess
chap
files
daily
weekly
monthly
forever
}
authenticate {
Auth-Type CHAP {
chap
}
}
preacct {
preprocess
acct_unique
files
}
accounting {
detail
daily
weekly
monthly
forever
radutmp
}
session {
radutmp
#sql
}
post-auth {
}
-----------------
Here is it starting:
------------------
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /usr/local/etc/raddb/proxy.conf
Config: including file: /usr/local/etc/raddb/clients.conf
Config: including file: /usr/local/etc/raddb/snmp.conf
main: prefix = "/usr/local"
main: localstatedir = "/var"
main: logdir = "/var/log"
main: libdir = "/usr/local/lib"
main: radacctdir = "/var/log/radacct"
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 1892
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = "/var/log/radius.log"
main: log_auth = yes
main: log_auth_badpass = yes
main: log_auth_goodpass = yes
main: pidfile = "/var/run/radiusd/radiusd.pid"
main: bind_address = 192.168.63.1 IP address [192.168.63.1]
main: user = "(null)"
main: group = "(null)"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/local/sbin/checkrad"
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = no
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded Counter
counter: filename = "/usr/local/etc/raddb/db.daily"
counter: key = "User-Name"
counter: reset = "daily"
counter: count-attribute = "Acct-Session-Time"
counter: counter-name = "Daily-Session-Time"
counter: check-name = "Max-Daily-Session"
counter: allowed-servicetype = "(null)"
counter: cache-size = 5000
rlm_counter: Counter attribute Daily-Session-Time is number 1830
rlm_counter: Current Time: 1253729323 [2009-09-23 18:08:43], Next
reset 1253750400 [2009-09-24 00:00:00]
Module: Instantiated counter (daily)
counter: filename = "/usr/local/etc/raddb/db.weekly"
counter: key = "User-Name"
counter: reset = "weekly"
counter: count-attribute = "Acct-Session-Time"
counter: counter-name = "Weekly-Session-Time"
counter: check-name = "Max-Weekly-Session"
counter: allowed-servicetype = "(null)"
counter: cache-size = 5000
rlm_counter: Counter attribute Weekly-Session-Time is number 1832
rlm_counter: Current Time: 1253729323 [2009-09-23 18:08:43], Next
reset 1254009600 [2009-09-27 00:00:00]
Module: Instantiated counter (weekly)
counter: filename = "/usr/local/etc/raddb/db.monthly"
counter: key = "User-Name"
counter: reset = "monthly"
counter: count-attribute = "Acct-Session-Time"
counter: counter-name = "Monthly-Session-Time"
counter: check-name = "Max-Monthly-Session"
counter: allowed-servicetype = "(null)"
counter: cache-size = 5000
rlm_counter: Counter attribute Monthly-Session-Time is number 1834
rlm_counter: Current Time: 1253729323 [2009-09-23 18:08:43], Next
reset 1254355200 [2009-10-01 00:00:00]
Module: Instantiated counter (monthly)
counter: filename = "/usr/local/etc/raddb/db.forever"
counter: key = "User-Name"
counter: reset = "never"
counter: count-attribute = "Acct-Session-Time"
counter: counter-name = "Forever-Session-Time"
counter: check-name = "Max-Forever-Session"
counter: allowed-servicetype = "(null)"
counter: cache-size = 5000
rlm_counter: Counter attribute Forever-Session-Time is number 1836
rlm_counter: Current Time: 1253729323 [2009-09-23 18:08:43], Next
reset 0 [2009-09-23 18:00:00]
Module: Instantiated counter (forever)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded preprocess
preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups"
preprocess: hints = "/usr/local/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
preprocess: with_alvarion_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded files
files: usersfile = "/usr/local/etc/raddb/users"
files: acctusersfile = "/usr/local/etc/raddb/acct_users"
files: preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users"
files: compat = "no"
Module: Instantiated files (files)
Module: Loaded Acct-Unique-Session-Id
acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port"
Module: Instantiated acct_unique (acct_unique)
Module: Loaded detail
detail: detailfile = "/var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
radutmp: filename = "/var/log/radutmp"
radutmp: username = "%{User-Name}"
radutmp: case_sensitive = yes
radutmp: check_with_nas = yes
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on authentication 192.168.63.1:1892
Listening on accounting 192.168.63.1:1893
Ready to process requests.
------------------
Here is it logging in fine
------------------
rad_recv: Access-Request packet from host 192.168.63.1:3422, id=172, length=130
NAS-IP-Address = 192.168.11.146
NAS-Identifier = "pfSense.local"
User-Name = "Prueba3"
User-Password = "a"
Service-Type = Login-User
NAS-Port-Type = Ethernet
NAS-Port = 0
Framed-IP-Address = 192.168.63.132
Called-Station-Id = "08:00:27:dc:bf:b1"
Calling-Station-Id = "00:16:76:60:3d:81"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
users: Matched entry Prueba3 at line 1
modcall[authorize]: module "files" returns ok for request 0
rlm_counter: Entering module authorize code
rlm_counter: Searching the database for key 'Prueba3'
rlm_counter: Key Found.
rlm_counter: Check item = 300, Count = 22
rlm_counter: res is greater than zero
rlm_counter: (Check item - counter) is greater than zero
rlm_counter: Authorized user Prueba3, check_item=300, counter=22
rlm_counter: Sent Reply-Item for user Prueba3, Type=Session-Timeout, value=278
modcall[authorize]: module "daily" returns ok for request 0
rlm_counter: Entering module authorize code
rlm_counter: Could not find Check item value pair
modcall[authorize]: module "weekly" returns noop for request 0
rlm_counter: Entering module authorize code
rlm_counter: Could not find Check item value pair
modcall[authorize]: module "monthly" returns noop for request 0
rlm_counter: Entering module authorize code
rlm_counter: Could not find Check item value pair
modcall[authorize]: module "forever" returns noop for request 0
modcall: leaving group authorize (returns ok) for request 0
auth: type Local
auth: user supplied User-Password matches local User-Password
Processing the session section of radiusd.conf
modcall: entering group session for request 0
radius_xlat: '/var/log/radutmp'
radius_xlat: 'Prueba3'
modcall[session]: module "radutmp" returns ok for request 0
modcall: leaving group session (returns ok) for request 0
Login OK: [Prueba3/a] (from client Local port 0 cli 00:16:76:60:3d:81)
Sending Access-Accept of id 172 to 192.168.63.1 port 3422
Session-Timeout := 60
Finished request 0
------------------------
Here it is complaining it only works with Stop/Start
------------------------
rad_recv: Accounting-Request packet from host 192.168.63.1:12908,
id=175, length=142
NAS-IP-Address = 192.168.11.146
NAS-Identifier = "pfSense.local"
User-Name = "Prueba3"
Acct-Status-Type = Start
Acct-Authentic = RADIUS
Service-Type = Login-User
NAS-Port-Type = Ethernet
NAS-Port = 0
Acct-Session-Id = "01e56ba6b4be990c"
Framed-IP-Address = 192.168.63.132
Called-Station-Id = "08:00:27:dc:bf:b1"
Calling-Station-Id = "00:16:76:60:3d:81"
Processing the preacct section of radiusd.conf
modcall: entering group preacct for request 1
modcall[preacct]: module "preprocess" returns noop for request 1
rlm_acct_unique: Hashing 'NAS-Port = 0,Client-IP-Address =
192.168.63.1,NAS-IP-Address = 192.168.11.146,Acct-Session-Id =
"01e56ba6b4be990c",User-Name = "Prueba3"'
rlm_acct_unique: Acct-Unique-Session-ID = "c968f78b6779a240".
modcall[preacct]: module "acct_unique" returns ok for request 1
modcall[preacct]: module "files" returns noop for request 1
modcall: leaving group preacct (returns ok) for request 1
Processing the accounting section of radiusd.conf
modcall: entering group accounting for request 1
radius_xlat: '/var/log/radacct/192.168.63.1/detail-20090923'
rlm_detail: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d
expands to /var/log/radacct/192.168.63.1/detail-20090923
modcall[accounting]: module "detail" returns ok for request 1
rlm_counter: We only run on Accounting-Stop packets.
modcall[accounting]: module "daily" returns noop for request 1
rlm_counter: We only run on Accounting-Stop packets.
modcall[accounting]: module "weekly" returns noop for request 1
rlm_counter: We only run on Accounting-Stop packets.
modcall[accounting]: module "monthly" returns noop for request 1
rlm_counter: We only run on Accounting-Stop packets.
modcall[accounting]: module "forever" returns noop for request 1
radius_xlat: '/var/log/radutmp'
radius_xlat: 'Prueba3'
modcall[accounting]: module "radutmp" returns ok for request 1
modcall: leaving group accounting (returns ok) for request 1
Sending Accounting-Response of id 175 to 192.168.63.1 port 12908
Finished request 1
------------------------
Here is it updating counters on the first Stop/Start
------------------------
rad_recv: Accounting-Request packet from host 192.168.63.1:24160,
id=190, length=196
NAS-IP-Address = 192.168.11.146
NAS-Identifier = "pfSense.local"
User-Name = "Prueba3"
Acct-Status-Type = Stop
Acct-Session-Time = 39
Acct-Authentic = RADIUS
Service-Type = Login-User
NAS-Port-Type = Ethernet
NAS-Port = 0
Acct-Session-Id = "01e56ba6b4be990c"
Framed-IP-Address = 192.168.63.132
Called-Station-Id = "08:00:27:dc:bf:b1"
Calling-Station-Id = "00:16:76:60:3d:81"
Acct-Input-Packets = 84
Acct-Input-Octets = 6610
Acct-Input-Gigawords = 0
Acct-Output-Packets = 103
Acct-Output-Octets = 140013
Acct-Output-Gigawords = 0
Acct-Session-Time = 39
Acct-Terminate-Cause = NAS-Request
Processing the preacct section of radiusd.conf
modcall: entering group preacct for request 2
modcall[preacct]: module "preprocess" returns noop for request 2
rlm_acct_unique: Hashing 'NAS-Port = 0,Client-IP-Address =
192.168.63.1,NAS-IP-Address = 192.168.11.146,Acct-Session-Id =
"01e56ba6b4be990c",User-Name = "Prueba3"'
rlm_acct_unique: Acct-Unique-Session-ID = "c968f78b6779a240".
modcall[preacct]: module "acct_unique" returns ok for request 2
modcall[preacct]: module "files" returns noop for request 2
modcall: leaving group preacct (returns ok) for request 2
Processing the accounting section of radiusd.conf
modcall: entering group accounting for request 2
radius_xlat: '/var/log/radacct/192.168.63.1/detail-20090923'
rlm_detail: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d
expands to /var/log/radacct/192.168.63.1/detail-20090923
modcall[accounting]: module "detail" returns ok for request 2
rlm_counter: Packet Unique ID = 'c968f78b6779a240'
rlm_counter: Searching the database for key 'Prueba3'
rlm_counter: Key found.
rlm_counter: Counter Unique ID = '015d06e249366c2b'
rlm_counter: User=Prueba3, Counter=22.
rlm_counter: User=Prueba3, New Counter=61.
rlm_counter: Storing new value in database.
rlm_counter: New value stored successfully.
modcall[accounting]: module "daily" returns ok for request 2
rlm_counter: Packet Unique ID = 'c968f78b6779a240'
rlm_counter: Searching the database for key 'Prueba3'
rlm_counter: Key found.
rlm_counter: Counter Unique ID = '015d06e249366c2b'
rlm_counter: User=Prueba3, Counter=40.
rlm_counter: User=Prueba3, New Counter=79.
rlm_counter: Storing new value in database.
rlm_counter: New value stored successfully.
modcall[accounting]: module "weekly" returns ok for request 2
rlm_counter: Packet Unique ID = 'c968f78b6779a240'
rlm_counter: Searching the database for key 'Prueba3'
rlm_counter: Key found.
rlm_counter: Counter Unique ID = '015d06e249366c2b'
rlm_counter: User=Prueba3, Counter=40.
rlm_counter: User=Prueba3, New Counter=79.
rlm_counter: Storing new value in database.
rlm_counter: New value stored successfully.
modcall[accounting]: module "monthly" returns ok for request 2
rlm_counter: Packet Unique ID = 'c968f78b6779a240'
rlm_counter: Searching the database for key 'Prueba3'
rlm_counter: Key found.
rlm_counter: Counter Unique ID = '015d06e249366c2b'
rlm_counter: User=Prueba3, Counter=40.
rlm_counter: User=Prueba3, New Counter=79.
rlm_counter: Storing new value in database.
rlm_counter: New value stored successfully.
modcall[accounting]: module "forever" returns ok for request 2
radius_xlat: '/var/log/radutmp'
radius_xlat: 'Prueba3'
modcall[accounting]: module "radutmp" returns ok for request 2
modcall: leaving group accounting (returns ok) for request 2
Sending Accounting-Response of id 190 to 192.168.63.1 port 24160
Finished request 2
----------------------------
Here it is refusing to update on Stop/Start
----------------------------
rad_recv: Access-Request packet from host 192.168.63.1:28882, id=33, length=130
NAS-IP-Address = 192.168.11.146
NAS-Identifier = "pfSense.local"
User-Name = "Prueba3"
User-Password = "a"
Service-Type = Login-User
NAS-Port-Type = Ethernet
NAS-Port = 0
Framed-IP-Address = 192.168.63.132
Called-Station-Id = "08:00:27:dc:bf:b1"
Calling-Station-Id = "00:16:76:60:3d:81"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 4
modcall[authorize]: module "preprocess" returns ok for request 4
modcall[authorize]: module "chap" returns noop for request 4
users: Matched entry Prueba3 at line 1
modcall[authorize]: module "files" returns ok for request 4
rlm_counter: Entering module authorize code
rlm_counter: Searching the database for key 'Prueba3'
rlm_counter: Key Found.
rlm_counter: Check item = 300, Count = 61
rlm_counter: res is greater than zero
rlm_counter: (Check item - counter) is greater than zero
rlm_counter: Authorized user Prueba3, check_item=300, counter=61
rlm_counter: Sent Reply-Item for user Prueba3, Type=Session-Timeout, value=239
modcall[authorize]: module "daily" returns ok for request 4
rlm_counter: Entering module authorize code
rlm_counter: Could not find Check item value pair
modcall[authorize]: module "weekly" returns noop for request 4
rlm_counter: Entering module authorize code
rlm_counter: Could not find Check item value pair
modcall[authorize]: module "monthly" returns noop for request 4
rlm_counter: Entering module authorize code
rlm_counter: Could not find Check item value pair
modcall[authorize]: module "forever" returns noop for request 4
modcall: leaving group authorize (returns ok) for request 4
auth: type Local
auth: user supplied User-Password matches local User-Password
Processing the session section of radiusd.conf
modcall: entering group session for request 4
radius_xlat: '/var/log/radutmp'
radius_xlat: 'Prueba3'
modcall[session]: module "radutmp" returns ok for request 4
modcall: leaving group session (returns ok) for request 4
Login OK: [Prueba3/a] (from client Local port 0 cli 00:16:76:60:3d:81)
Sending Access-Accept of id 33 to 192.168.63.1 port 28882
Session-Timeout := 60
Finished request 4
----------------------
And after that, on every reauthentication, the count value remains the
same, so count will never be larger than 300.
----------------------
rad_recv: Access-Request packet from host 192.168.63.1:18612, id=32, length=130
NAS-IP-Address = 192.168.11.146
NAS-Identifier = "pfSense.local"
User-Name = "Prueba3"
User-Password = "a"
Service-Type = Login-User
NAS-Port-Type = Ethernet
NAS-Port = 0
Framed-IP-Address = 192.168.63.132
Called-Station-Id = "08:00:27:dc:bf:b1"
Calling-Station-Id = "00:16:76:60:3d:81"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 7
modcall[authorize]: module "preprocess" returns ok for request 7
modcall[authorize]: module "chap" returns noop for request 7
users: Matched entry Prueba3 at line 1
modcall[authorize]: module "files" returns ok for request 7
rlm_counter: Entering module authorize code
rlm_counter: Searching the database for key 'Prueba3'
rlm_counter: Key Found.
rlm_counter: Check item = 300, Count = 61
rlm_counter: res is greater than zero
rlm_counter: (Check item - counter) is greater than zero
rlm_counter: Authorized user Prueba3, check_item=300, counter=61
rlm_counter: Sent Reply-Item for user Prueba3, Type=Session-Timeout, value=239
modcall[authorize]: module "daily" returns ok for request 7
rlm_counter: Entering module authorize code
rlm_counter: Could not find Check item value pair
modcall[authorize]: module "weekly" returns noop for request 7
rlm_counter: Entering module authorize code
rlm_counter: Could not find Check item value pair
modcall[authorize]: module "monthly" returns noop for request 7
rlm_counter: Entering module authorize code
rlm_counter: Could not find Check item value pair
modcall[authorize]: module "forever" returns noop for request 7
modcall: leaving group authorize (returns ok) for request 7
auth: type Local
auth: user supplied User-Password matches local User-Password
Processing the session section of radiusd.conf
modcall: entering group session for request 7
radius_xlat: '/var/log/radutmp'
radius_xlat: 'Prueba3'
modcall[session]: module "radutmp" returns ok for request 7
modcall: leaving group session (returns ok) for request 7
Login OK: [Prueba3/a] (from client Local port 0 cli 00:16:76:60:3d:81)
Sending Access-Accept of id 32 to 192.168.63.1 port 18612
Session-Timeout := 60
Finished request 7
More information about the Freeradius-Users
mailing list