noresetcounter

Russell Mike radius.sir at gmail.com
Mon Apr 1 16:12:36 CEST 2013


Because you have disable the valid check item & Query using "#"

sqlcounter forevertimecounter {
                counter-name = "Max-All-Session-Time"
                check-name = "Max-All-Session"
                count-attribute = "Acct-Session-Time"
                reply-name = "Session-Timeout"
                sqlmod-inst = "sql"
                key = "User-Name"
                reset = "never"
                cache-size = "5000"
                query = "SELECT IFNULL(SUM(AcctSessionTime),0) FROM radacct
WHERE UserName='%{%k}'"

*Check Items:*
Max-All-Session 3600
Session-Timeout 3600

*Reply Items: *
Session-Timeout 3600
Idle-Timeout 60

Thanks RM --


On Mon, Apr 1, 2013 at 1:35 PM, Muhammad Nuzaihan Kamal Luddin <
muhammad at taqisystems.com> wrote:

> Hi,
>
> My objective to configure freeradius is that the user automatically gets
> logged out during the accounting process by noresetcounter statement.
>
> But currently, the user that is logged in keeps being connected even
> when the time is up.
>
> Here's my counter.conf:
>
> ---
>
> sqlcounter noresetcounter {
>                 counter-name = Session-Timeout
> #                check-name = Max-All-Session
>                 check-name = Session-Timeout
>                 reply-name = Session-Timeout
>                 sqlmod-inst = sql
>                 key = User-Name
>                 reset = never
> #        query = "SELECT IFNULL(SUM(AcctSessionTime),0) FROM radacct WHERE
> UserName='%{%k}'"
>          query = "SELECT SUM(AcctSessionTime) FROM radacct WHERE
> UserName='%{%k}'"
> }
>
>


> And the logs:
>
> rad_recv: Access-Request packet from host 192.168.233.9 port 2052, id=0,
> length=200
>         User-Name = "34"
>         User-Password = "EEawKbR3"
>         NAS-IP-Address = 0.0.0.0
>         Service-Type = Login-User
>         Framed-IP-Address = 192.168.182.2
>         Calling-Station-Id = "00-26-82-15-4E-3D"
>         Called-Station-Id = "00-0F-66-59-DD-33"
>         NAS-Identifier = "taqihotspot1"
>         Acct-Session-Id = "515a088400000000"
>         NAS-Port-Type = Wireless-802.11
>         NAS-Port = 0
>         Message-Authenticator = 0x48faf6d6c674bceef3469467121e5eae
>         WISPr-Logoff-URL = "http://192.168.182.1:3990/logoff"
> Mon Apr  1 21:22:51 2013 : Info: # Executing section authorize from file
> /etc/freeradius/sites-enabled/default
> Mon Apr  1 21:22:51 2013 : Info: +- entering group authorize {...}
> Mon Apr  1 21:22:51 2013 : Info: ++[preprocess] returns ok
> Mon Apr  1 21:22:51 2013 : Info: ++[chap] returns noop
> Mon Apr  1 21:22:51 2013 : Info: ++[mschap] returns noop
> Mon Apr  1 21:22:51 2013 : Info: ++[digest] returns noop
> Mon Apr  1 21:22:51 2013 : Info: [suffix] No '@' in User-Name = "34",
> looking up realm NULL
> Mon Apr  1 21:22:51 2013 : Info: [suffix] No such realm "NULL"
> Mon Apr  1 21:22:51 2013 : Info: ++[suffix] returns noop
> Mon Apr  1 21:22:51 2013 : Info: [eap] No EAP-Message, not doing EAP
> Mon Apr  1 21:22:51 2013 : Info: ++[eap] returns noop
> Mon Apr  1 21:22:51 2013 : Info: [sql]  expand: %{User-Name} -> 34
> Mon Apr  1 21:22:51 2013 : Info: [sql] sql_set_user escaped user --> '34'
> Mon Apr  1 21:22:51 2013 : Debug: rlm_sql (sql): Reserving sql socket id: 4
> Mon Apr  1 21:22:51 2013 : Info: [sql]  expand: SELECT id, username,
> attribute, value, op           FROM radcheck           WHERE username =
> '%{SQL-User-Name}'           ORDER BY id -> SELECT id, username, attribute,
> value, op           FROM radcheck           WHERE username = '34'
> ORDER BY id
> Mon Apr  1 21:22:51 2013 : Info: [sql] User found in radcheck table
> Mon Apr  1 21:22:51 2013 : Info: [sql]  expand: SELECT id, username,
> attribute, value, op           FROM radreply           WHERE username =
> '%{SQL-User-Name}'           ORDER BY id -> SELECT id, username, attribute,
> value, op           FROM radreply           WHERE username = '34'
> ORDER BY id
> Mon Apr  1 21:22:51 2013 : Info: [sql]  expand: SELECT groupname
> FROM radusergroup           WHERE username = '%{SQL-User-Name}'
> ORDER BY priority -> SELECT groupname           FROM radusergroup
> WHERE username = '34'           ORDER BY priority
> Mon Apr  1 21:22:51 2013 : Info: [sql]  expand: SELECT id, groupname,
> attribute,           Value, op           FROM radgroupcheck           WHERE
> groupname = '%{Sql-Group}'           ORDER BY id -> SELECT id, groupname,
> attribute,           Value, op           FROM radgroupcheck           WHERE
> groupname = '3mins'           ORDER BY id
> Mon Apr  1 21:22:51 2013 : Debug: rlm_sql (sql): Released sql socket id: 4
> Mon Apr  1 21:22:51 2013 : Info: ++[sql] returns ok
> Mon Apr  1 21:22:51 2013 : Info: ++[logintime] returns noop
> Mon Apr  1 21:22:51 2013 : Info: ++[pap] returns updated
> Mon Apr  1 21:22:51 2013 : Debug: rlm_sqlcounter: Entering module
> authorize code
> Mon Apr  1 21:22:51 2013 : Debug: rlm_sqlcounter: Could not find Check
> item value pair
> Mon Apr  1 21:22:51 2013 : Info: ++[noresetcounter] returns noop
> Mon Apr  1 21:22:51 2013 : Debug: rlm_sqlcounter: Entering module
> authorize code
> Mon Apr  1 21:22:51 2013 : Debug: rlm_sqlcounter: Could not find Check
> item value pair
> Mon Apr  1 21:22:51 2013 : Info: ++[chillispot_max_bytes] returns noop
> Mon Apr  1 21:22:51 2013 : Info: Found Auth-Type = PAP
> Mon Apr  1 21:22:51 2013 : Info:
> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
> Mon Apr  1 21:22:51 2013 : Info: !!!    Replacing User-Password in config
> items with Cleartext-Password.     !!!
> Mon Apr  1 21:22:51 2013 : Info:
> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
> Mon Apr  1 21:22:51 2013 : Info: !!! Please update your configuration so
> that the "known good"               !!!
> Mon Apr  1 21:22:51 2013 : Info: !!! clear text password is in
> Cleartext-Password, and not in User-Password. !!!
> Mon Apr  1 21:22:51 2013 : Info:
> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
> Mon Apr  1 21:22:51 2013 : Info: # Executing group from file
> /etc/freeradius/sites-enabled/default
> Mon Apr  1 21:22:51 2013 : Info: +- entering group PAP {...}
> Mon Apr  1 21:22:51 2013 : Info: [pap] login attempt with password
> "EEawKbR3"
> Mon Apr  1 21:22:51 2013 : Info: [pap] Using clear text password "EEawKbR3"
> Mon Apr  1 21:22:51 2013 : Info: [pap] User authenticated successfully
> Mon Apr  1 21:22:51 2013 : Info: ++[pap] returns ok
> Mon Apr  1 21:22:51 2013 : Info: # Executing section post-auth from file
> /etc/freeradius/sites-enabled/default
> Mon Apr  1 21:22:51 2013 : Info: +- entering group post-auth {...}
> Mon Apr  1 21:22:51 2013 : Info: ++[exec] returns noop
> Sending Access-Accept of id 0 to 192.168.233.9 port 2052
> Mon Apr  1 21:22:51 2013 : Info: Finished request 5.
> Mon Apr  1 21:22:51 2013 : Debug: Going to the next request
> Mon Apr  1 21:22:51 2013 : Debug: Waking up in 4.9 seconds.
> rad_recv: Accounting-Request packet from host 192.168.233.9 port 2050,
> id=0, length=134
>         Acct-Status-Type = Start
>         User-Name = "34"
>         Calling-Station-Id = "00-26-82-15-4E-3D"
>         Called-Station-Id = "00-0F-66-59-DD-33"
>         NAS-Port-Type = Wireless-802.11
>         NAS-Port = 0
>         NAS-Port-Id = "00000000"
>         NAS-IP-Address = 0.0.0.0
>         NAS-Identifier = "taqihotspot1"
>         Framed-IP-Address = 192.168.182.2
>         Acct-Session-Id = "515a088400000000"
> Mon Apr  1 21:22:51 2013 : Info: # Executing section preacct from file
> /etc/freeradius/sites-enabled/default
> Mon Apr  1 21:22:51 2013 : Info: +- entering group preacct {...}
> Mon Apr  1 21:22:51 2013 : Info: ++[preprocess] returns ok
> Mon Apr  1 21:22:51 2013 : Info: [acct_unique] Hashing 'NAS-Port =
> 0,Client-IP-Address = 192.168.233.9,NAS-IP-Address =
> 0.0.0.0,Acct-Session-Id = "515a088400000000",User-Name = "34"'
> Mon Apr  1 21:22:51 2013 : Info: [acct_unique] Acct-Unique-Session-ID =
> "589c09967ffad6f7".
> Mon Apr  1 21:22:51 2013 : Info: ++[acct_unique] returns ok
> Mon Apr  1 21:22:51 2013 : Info: [suffix] No '@' in User-Name = "34",
> looking up realm NULL
> Mon Apr  1 21:22:51 2013 : Info: [suffix] No such realm "NULL"
> Mon Apr  1 21:22:51 2013 : Info: ++[suffix] returns noop
> Mon Apr  1 21:22:51 2013 : Info: ++[files] returns noop
> Mon Apr  1 21:22:51 2013 : Info: # Executing section accounting from file
> /etc/freeradius/sites-enabled/default
> Mon Apr  1 21:22:51 2013 : Info: +- entering group accounting {...}
> Mon Apr  1 21:22:51 2013 : Info: [detail]       expand:
> %{Packet-Src-IP-Address} -> 192.168.233.9
> Mon Apr  1 21:22:51 2013 : Info: [detail]       expand:
> /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d
> -> /var/log/freeradius/radacct/192.168.233.9/detail-20130401
> Mon Apr  1 21:22:51 2013 : Info: [detail]
> /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d
> expands to /var/log/freeradius/radacct/192.168.233.9/detail-20130401
> Mon Apr  1 21:22:51 2013 : Info: [detail]       expand: %t -> Mon Apr  1
> 21:22:51 2013
> Mon Apr  1 21:22:51 2013 : Info: ++[detail] returns ok
> Mon Apr  1 21:22:51 2013 : Info: ++[unix] returns ok
> Mon Apr  1 21:22:51 2013 : Info: [radutmp]      expand:
> /var/log/freeradius/radutmp -> /var/log/freeradius/radutmp
> Mon Apr  1 21:22:51 2013 : Info: [radutmp]      expand: %{User-Name} -> 34
> Mon Apr  1 21:22:51 2013 : Info: ++[radutmp] returns ok
> Mon Apr  1 21:22:51 2013 : Info: [sql]  expand: %{User-Name} -> 34
> Mon Apr  1 21:22:51 2013 : Info: [sql] sql_set_user escaped user --> '34'
> Mon Apr  1 21:22:51 2013 : Info: [sql]  expand: %{Acct-Delay-Time} ->
> Mon Apr  1 21:22:51 2013 : Info: [sql]  ... expanding second conditional
> Mon Apr  1 21:22:51 2013 : Info: [sql]  expand:            INSERT INTO
> radacct             (acctsessionid,    acctuniqueid,     username,
>      realm,            nasipaddress,     nasportid,
>  nasporttype,      acctstarttime,    acctstoptime,
>  acctsessiontime,  acctauthentic,    connectinfo_start,
>  connectinfo_stop, acctinputoctets,  acctoutputoctets,
>  calledstationid,  callingstationid, acctterminatecause,
>  servicetype,      framedprotocol,   framedipaddress,
>  acctstartdelay,   acctstopdelay,    xascendsessionsvrkey)           VALUES
>             ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',
>  '%{SQL-User-Name}',              '%{Realm}', '%{NAS-IP-Address}',
> '%{NAS-Port}',              '%{NAS-Port-Type}', '%S', NULL,
>  '0', '%{Acct-Authentic}', '%{Connect-Info}',              '', '0', '0',
>            '%{Called-Station-Id}', '%{Calling-Station-Id}', '',
>  '%{!
>  Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}',
> Mon Apr  1 21:22:51 2013 : Debug: rlm_sql (sql): Reserving sql socket id: 3
> Mon Apr  1 21:22:51 2013 : Debug: rlm_sql (sql): Released sql socket id: 3
> Mon Apr  1 21:22:51 2013 : Info: ++[sql] returns ok
> Mon Apr  1 21:22:51 2013 : Info: ++[exec] returns noop
> Mon Apr  1 21:22:51 2013 : Info: [attr_filter.accounting_response]
>  expand: %{User-Name} -> 34
> Mon Apr  1 21:22:51 2013 : Debug: attr_filter: Matched entry DEFAULT at
> line 12
> Mon Apr  1 21:22:51 2013 : Info: ++[attr_filter.accounting_response]
> returns updated
> Sending Accounting-Response of id 0 to 192.168.233.9 port 2050
> Mon Apr  1 21:22:51 2013 : Info: Finished request 6.
> Mon Apr  1 21:22:51 2013 : Info: Cleaning up request 6 ID 0 with timestamp
> +1106
> Mon Apr  1 21:22:51 2013 : Debug: Going to the next request
> Mon Apr  1 21:22:51 2013 : Debug: Waking up in 4.9 seconds.
> Mon Apr  1 21:22:56 2013 : Info: Cleaning up request 5 ID 0 with timestamp
> +1106
> Mon Apr  1 21:22:56 2013 : Info: Ready to process requests.
> ----
>
> Regards,
> Muhammad Nuzaihan Bin Kamal Luddin
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130401/51e9da1d/attachment-0001.html>


More information about the Freeradius-Users mailing list