Time and traffic limits

Mobin Yazarlou yazarlou.m at gmail.com
Sun Aug 28 13:14:46 CEST 2011


Hello,
 I have the following user in the database:

mysql> SELECT * FROM radcheck;
+----+----------+--------------------+----+---------+
| id | username | attribute          | op | value   |
+----+----------+--------------------+----+---------+
|  1 | sqltest  | Cleartext-Password | := | testpwd |
|  2 | sqltest  | Max-All-Session    | := | 600     |
+----+----------+--------------------+----+---------+
2 rows in set (0.00 sec)


 Well, freeRADIUS should allow this user to connect and stay online for 10
minutes but I can't even connect. Here is the freeRADIUS debug log:

Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on authentication address 127.0.0.1 port 18120 as server
inner-tunnel
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host xx.xx.72.127 port 33451, id=15,
length=135
        Service-Type = Framed-User
        Framed-Protocol = PPP
        User-Name = "sqltest"
        MS-CHAP-Challenge = 0xd237c3a9ecf61e669d362193cfb6b33b
        MS-CHAP2-Response =
0x6600d5135b141fa0f0fb3671adef9107716a000000000000000061a6f1db763fb3554c35008e7dec3f57936ca9ca1d2375b7
        NAS-IP-Address = 127.0.1.1
        NAS-Port = 0
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
[mschap] Found MS-CHAP attributes.  Setting 'Auth-Type  = mschap'
++[mschap] returns ok
++[digest] returns noop
[suffix] No '@' in User-Name = "sqltest", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
[files] users: Matched entry DEFAULT at line 172
++[files] returns ok
[sql]   expand: %{User-Name} -> sqltest
[sql] sql_set_user escaped user --> 'sqltest'
rlm_sql (sql): Reserving sql socket id: 3
[sql]   expand: SELECT id, username, attribute, value, op           FROM
radcheck           WHERE username = '%{SQL-User-Name}'           ORDER BY id
-> SELECT id, username, attribute, value, op           FROM radcheck
  WHERE username = 'sqltest'           ORDER BY id
rlm_sql: Failed to create the pair: Invalid octet string "600" for attribute
name "Max-All-Session"
rlm_sql (sql): Error getting data from database
[sql] SQL query error; rejecting user
rlm_sql (sql): Released sql socket id: 3
++[sql] returns fail
Using Post-Auth-Type Reject
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject]     expand: %{User-Name} -> sqltest
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 15 to xx.xx.72.127 port 33451
Waking up in 4.9 seconds.
Cleaning up request 0 ID 15 with timestamp +25
Ready to process requests.
rlm_sql: Failed to create the pair: Invalid octet stringrad_recv:
Access-Request packet from host xx.xx.72.127 port 40062, id=16, length=135
        Service-Type = Framed-User
        Framed-Protocol = PPP
        User-Name = "sqltest"
        MS-CHAP-Challenge = 0x6214c3aad82e064f6e9118c3aa9751d2
        MS-CHAP2-Response =
0x280073eab0bdcb6b149e34b5d5a3be5dd7dc0000000000000000c9652cb77bbd8cf74273f9aa924c7dbe8b6a53968ffb7c6a
        NAS-IP-Address = 127.0.1.1
        NAS-Port = 0
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
[mschap] Found MS-CHAP attributes.  Setting 'Auth-Type  = mschap'
++[mschap] returns ok
++[digest] returns noop
[suffix] No '@' in User-Name = "sqltest", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
[files] users: Matched entry DEFAULT at line 172
++[files] returns ok
[sql]   expand: %{User-Name} -> sqltest
[sql] sql_set_user escaped user --> 'sqltest'
rlm_sql (sql): Reserving sql socket id: 2
[sql]   expand: SELECT id, username, attribute, value, op           FROM
radcheck           WHERE username = '%{SQL-User-Name}'           ORDER BY id
-> SELECT id, username, attribute, value, op           FROM radcheck
  WHERE username = 'sqltest'           ORDER BY id
rlm_sql: Failed to create the pair: Invalid octet string "600" for attribute
name "Max-All-Session"
rlm_sql (sql): Error getting data from database
[sql] SQL query error; rejecting user
rlm_sql (sql): Released sql socket id: 2
++[sql] returns fail
Using Post-Auth-Type Reject
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject]     expand: %{User-Name} -> sqltest
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 1 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 1
Sending Access-Reject of id 16 to xx.xx.72.127 port 40062
Waking up in 4.9 seconds.
Cleaning up request 1 ID 16 with timestamp +93
Ready to process requests.
rad_recv: Access-Request packet from host xx.xx.72.127 port 40203, id=17,
length=135
        Service-Type = Framed-User
        Framed-Protocol = PPP
        User-Name = "sqltest"
        MS-CHAP-Challenge = 0x470c8b8089c5b8a4a322d16b51ab1a91
        MS-CHAP2-Response =
0x3300c3bac8e9819c7a7e962f3611fad2cda20000000000000000c8e0d842bdff8a8183104ac176bb16835ea6626028a146da
        NAS-IP-Address = 127.0.1.1
        NAS-Port = 0
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
[mschap] Found MS-CHAP attributes.  Setting 'Auth-Type  = mschap'
++[mschap] returns ok
++[digest] returns noop
[suffix] No '@' in User-Name = "sqltest", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
[files] users: Matched entry DEFAULT at line 172
++[files] returns ok
[sql]   expand: %{User-Name} -> sqltest
[sql] sql_set_user escaped user --> 'sqltest'
rlm_sql (sql): Reserving sql socket id: 1
[sql]   expand: SELECT id, username, attribute, value, op           FROM
radcheck           WHERE username = '%{SQL-User-Name}'           ORDER BY id
-> SELECT id, username, attribute, value, op           FROM radcheck
  WHERE username = 'sqltest'           ORDER BY id
rlm_sql: Failed to create the pair: Invalid octet string "600" for attribute
name "Max-All-Session"
rlm_sql (sql): Error getting data from database
[sql] SQL query error; rejecting user
rlm_sql (sql): Released sql socket id: 1
++[sql] returns fail
Using Post-Auth-Type Reject
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject]     expand: %{User-Name} -> sqltest
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 2 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 2
Sending Access-Reject of id 17 to xx.xx.72.127 port 40203
Waking up in 4.9 seconds.
Cleaning up request 2 ID 17 with timestamp +469
Ready to process requests.


I was so happy that I could install freeRADIUS last week! I can't disconnect
users using freeRADIUS cause there is no NAS in my network and if I can't
get time and traffic limits to work I would have to code a script to do it
myself maybe.

I would be thankful if someone helps to work it out.

PS: I have just noticed that radacct table is empty. I had the session logs
in this table when pptpd and freeRADIUS servers where on the same machine
but I can't see anything in this table now. Do I have to setup something on
the pptpd server to have to session logs in freeRADIUS database?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110828/215da045/attachment.html>


More information about the Freeradius-Users mailing list