noresetcounter
Russell Mike
radius.sir at gmail.com
Mon Apr 1 16:12:36 CEST 2013
Because you have disable the valid check item & Query using "#"
sqlcounter forevertimecounter {
counter-name = "Max-All-Session-Time"
check-name = "Max-All-Session"
count-attribute = "Acct-Session-Time"
reply-name = "Session-Timeout"
sqlmod-inst = "sql"
key = "User-Name"
reset = "never"
cache-size = "5000"
query = "SELECT IFNULL(SUM(AcctSessionTime),0) FROM radacct
WHERE UserName='%{%k}'"
*Check Items:*
Max-All-Session 3600
Session-Timeout 3600
*Reply Items: *
Session-Timeout 3600
Idle-Timeout 60
Thanks RM --
On Mon, Apr 1, 2013 at 1:35 PM, Muhammad Nuzaihan Kamal Luddin <
muhammad at taqisystems.com> wrote:
> Hi,
>
> My objective to configure freeradius is that the user automatically gets
> logged out during the accounting process by noresetcounter statement.
>
> But currently, the user that is logged in keeps being connected even
> when the time is up.
>
> Here's my counter.conf:
>
> ---
>
> sqlcounter noresetcounter {
> counter-name = Session-Timeout
> # check-name = Max-All-Session
> check-name = Session-Timeout
> reply-name = Session-Timeout
> sqlmod-inst = sql
> key = User-Name
> reset = never
> # query = "SELECT IFNULL(SUM(AcctSessionTime),0) FROM radacct WHERE
> UserName='%{%k}'"
> query = "SELECT SUM(AcctSessionTime) FROM radacct WHERE
> UserName='%{%k}'"
> }
>
>
> And the logs:
>
> rad_recv: Access-Request packet from host 192.168.233.9 port 2052, id=0,
> length=200
> User-Name = "34"
> User-Password = "EEawKbR3"
> NAS-IP-Address = 0.0.0.0
> Service-Type = Login-User
> Framed-IP-Address = 192.168.182.2
> Calling-Station-Id = "00-26-82-15-4E-3D"
> Called-Station-Id = "00-0F-66-59-DD-33"
> NAS-Identifier = "taqihotspot1"
> Acct-Session-Id = "515a088400000000"
> NAS-Port-Type = Wireless-802.11
> NAS-Port = 0
> Message-Authenticator = 0x48faf6d6c674bceef3469467121e5eae
> WISPr-Logoff-URL = "http://192.168.182.1:3990/logoff"
> Mon Apr 1 21:22:51 2013 : Info: # Executing section authorize from file
> /etc/freeradius/sites-enabled/default
> Mon Apr 1 21:22:51 2013 : Info: +- entering group authorize {...}
> Mon Apr 1 21:22:51 2013 : Info: ++[preprocess] returns ok
> Mon Apr 1 21:22:51 2013 : Info: ++[chap] returns noop
> Mon Apr 1 21:22:51 2013 : Info: ++[mschap] returns noop
> Mon Apr 1 21:22:51 2013 : Info: ++[digest] returns noop
> Mon Apr 1 21:22:51 2013 : Info: [suffix] No '@' in User-Name = "34",
> looking up realm NULL
> Mon Apr 1 21:22:51 2013 : Info: [suffix] No such realm "NULL"
> Mon Apr 1 21:22:51 2013 : Info: ++[suffix] returns noop
> Mon Apr 1 21:22:51 2013 : Info: [eap] No EAP-Message, not doing EAP
> Mon Apr 1 21:22:51 2013 : Info: ++[eap] returns noop
> Mon Apr 1 21:22:51 2013 : Info: [sql] expand: %{User-Name} -> 34
> Mon Apr 1 21:22:51 2013 : Info: [sql] sql_set_user escaped user --> '34'
> Mon Apr 1 21:22:51 2013 : Debug: rlm_sql (sql): Reserving sql socket id: 4
> Mon Apr 1 21:22:51 2013 : Info: [sql] expand: SELECT id, username,
> attribute, value, op FROM radcheck WHERE username =
> '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute,
> value, op FROM radcheck WHERE username = '34'
> ORDER BY id
> Mon Apr 1 21:22:51 2013 : Info: [sql] User found in radcheck table
> Mon Apr 1 21:22:51 2013 : Info: [sql] expand: SELECT id, username,
> attribute, value, op FROM radreply WHERE username =
> '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute,
> value, op FROM radreply WHERE username = '34'
> ORDER BY id
> Mon Apr 1 21:22:51 2013 : Info: [sql] expand: SELECT groupname
> FROM radusergroup WHERE username = '%{SQL-User-Name}'
> ORDER BY priority -> SELECT groupname FROM radusergroup
> WHERE username = '34' ORDER BY priority
> Mon Apr 1 21:22:51 2013 : Info: [sql] expand: SELECT id, groupname,
> attribute, Value, op FROM radgroupcheck WHERE
> groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname,
> attribute, Value, op FROM radgroupcheck WHERE
> groupname = '3mins' ORDER BY id
> Mon Apr 1 21:22:51 2013 : Debug: rlm_sql (sql): Released sql socket id: 4
> Mon Apr 1 21:22:51 2013 : Info: ++[sql] returns ok
> Mon Apr 1 21:22:51 2013 : Info: ++[logintime] returns noop
> Mon Apr 1 21:22:51 2013 : Info: ++[pap] returns updated
> Mon Apr 1 21:22:51 2013 : Debug: rlm_sqlcounter: Entering module
> authorize code
> Mon Apr 1 21:22:51 2013 : Debug: rlm_sqlcounter: Could not find Check
> item value pair
> Mon Apr 1 21:22:51 2013 : Info: ++[noresetcounter] returns noop
> Mon Apr 1 21:22:51 2013 : Debug: rlm_sqlcounter: Entering module
> authorize code
> Mon Apr 1 21:22:51 2013 : Debug: rlm_sqlcounter: Could not find Check
> item value pair
> Mon Apr 1 21:22:51 2013 : Info: ++[chillispot_max_bytes] returns noop
> Mon Apr 1 21:22:51 2013 : Info: Found Auth-Type = PAP
> Mon Apr 1 21:22:51 2013 : Info:
> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
> Mon Apr 1 21:22:51 2013 : Info: !!! Replacing User-Password in config
> items with Cleartext-Password. !!!
> Mon Apr 1 21:22:51 2013 : Info:
> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
> Mon Apr 1 21:22:51 2013 : Info: !!! Please update your configuration so
> that the "known good" !!!
> Mon Apr 1 21:22:51 2013 : Info: !!! clear text password is in
> Cleartext-Password, and not in User-Password. !!!
> Mon Apr 1 21:22:51 2013 : Info:
> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
> Mon Apr 1 21:22:51 2013 : Info: # Executing group from file
> /etc/freeradius/sites-enabled/default
> Mon Apr 1 21:22:51 2013 : Info: +- entering group PAP {...}
> Mon Apr 1 21:22:51 2013 : Info: [pap] login attempt with password
> "EEawKbR3"
> Mon Apr 1 21:22:51 2013 : Info: [pap] Using clear text password "EEawKbR3"
> Mon Apr 1 21:22:51 2013 : Info: [pap] User authenticated successfully
> Mon Apr 1 21:22:51 2013 : Info: ++[pap] returns ok
> Mon Apr 1 21:22:51 2013 : Info: # Executing section post-auth from file
> /etc/freeradius/sites-enabled/default
> Mon Apr 1 21:22:51 2013 : Info: +- entering group post-auth {...}
> Mon Apr 1 21:22:51 2013 : Info: ++[exec] returns noop
> Sending Access-Accept of id 0 to 192.168.233.9 port 2052
> Mon Apr 1 21:22:51 2013 : Info: Finished request 5.
> Mon Apr 1 21:22:51 2013 : Debug: Going to the next request
> Mon Apr 1 21:22:51 2013 : Debug: Waking up in 4.9 seconds.
> rad_recv: Accounting-Request packet from host 192.168.233.9 port 2050,
> id=0, length=134
> Acct-Status-Type = Start
> User-Name = "34"
> Calling-Station-Id = "00-26-82-15-4E-3D"
> Called-Station-Id = "00-0F-66-59-DD-33"
> NAS-Port-Type = Wireless-802.11
> NAS-Port = 0
> NAS-Port-Id = "00000000"
> NAS-IP-Address = 0.0.0.0
> NAS-Identifier = "taqihotspot1"
> Framed-IP-Address = 192.168.182.2
> Acct-Session-Id = "515a088400000000"
> Mon Apr 1 21:22:51 2013 : Info: # Executing section preacct from file
> /etc/freeradius/sites-enabled/default
> Mon Apr 1 21:22:51 2013 : Info: +- entering group preacct {...}
> Mon Apr 1 21:22:51 2013 : Info: ++[preprocess] returns ok
> Mon Apr 1 21:22:51 2013 : Info: [acct_unique] Hashing 'NAS-Port =
> 0,Client-IP-Address = 192.168.233.9,NAS-IP-Address =
> 0.0.0.0,Acct-Session-Id = "515a088400000000",User-Name = "34"'
> Mon Apr 1 21:22:51 2013 : Info: [acct_unique] Acct-Unique-Session-ID =
> "589c09967ffad6f7".
> Mon Apr 1 21:22:51 2013 : Info: ++[acct_unique] returns ok
> Mon Apr 1 21:22:51 2013 : Info: [suffix] No '@' in User-Name = "34",
> looking up realm NULL
> Mon Apr 1 21:22:51 2013 : Info: [suffix] No such realm "NULL"
> Mon Apr 1 21:22:51 2013 : Info: ++[suffix] returns noop
> Mon Apr 1 21:22:51 2013 : Info: ++[files] returns noop
> Mon Apr 1 21:22:51 2013 : Info: # Executing section accounting from file
> /etc/freeradius/sites-enabled/default
> Mon Apr 1 21:22:51 2013 : Info: +- entering group accounting {...}
> Mon Apr 1 21:22:51 2013 : Info: [detail] expand:
> %{Packet-Src-IP-Address} -> 192.168.233.9
> Mon Apr 1 21:22:51 2013 : Info: [detail] expand:
> /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d
> -> /var/log/freeradius/radacct/192.168.233.9/detail-20130401
> Mon Apr 1 21:22:51 2013 : Info: [detail]
> /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d
> expands to /var/log/freeradius/radacct/192.168.233.9/detail-20130401
> Mon Apr 1 21:22:51 2013 : Info: [detail] expand: %t -> Mon Apr 1
> 21:22:51 2013
> Mon Apr 1 21:22:51 2013 : Info: ++[detail] returns ok
> Mon Apr 1 21:22:51 2013 : Info: ++[unix] returns ok
> Mon Apr 1 21:22:51 2013 : Info: [radutmp] expand:
> /var/log/freeradius/radutmp -> /var/log/freeradius/radutmp
> Mon Apr 1 21:22:51 2013 : Info: [radutmp] expand: %{User-Name} -> 34
> Mon Apr 1 21:22:51 2013 : Info: ++[radutmp] returns ok
> Mon Apr 1 21:22:51 2013 : Info: [sql] expand: %{User-Name} -> 34
> Mon Apr 1 21:22:51 2013 : Info: [sql] sql_set_user escaped user --> '34'
> Mon Apr 1 21:22:51 2013 : Info: [sql] expand: %{Acct-Delay-Time} ->
> Mon Apr 1 21:22:51 2013 : Info: [sql] ... expanding second conditional
> Mon Apr 1 21:22:51 2013 : Info: [sql] expand: INSERT INTO
> radacct (acctsessionid, acctuniqueid, username,
> realm, nasipaddress, nasportid,
> nasporttype, acctstarttime, acctstoptime,
> acctsessiontime, acctauthentic, connectinfo_start,
> connectinfo_stop, acctinputoctets, acctoutputoctets,
> calledstationid, callingstationid, acctterminatecause,
> servicetype, framedprotocol, framedipaddress,
> acctstartdelay, acctstopdelay, xascendsessionsvrkey) VALUES
> ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',
> '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}',
> '%{NAS-Port}', '%{NAS-Port-Type}', '%S', NULL,
> '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0',
> '%{Called-Station-Id}', '%{Calling-Station-Id}', '',
> '%{!
> Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}',
> Mon Apr 1 21:22:51 2013 : Debug: rlm_sql (sql): Reserving sql socket id: 3
> Mon Apr 1 21:22:51 2013 : Debug: rlm_sql (sql): Released sql socket id: 3
> Mon Apr 1 21:22:51 2013 : Info: ++[sql] returns ok
> Mon Apr 1 21:22:51 2013 : Info: ++[exec] returns noop
> Mon Apr 1 21:22:51 2013 : Info: [attr_filter.accounting_response]
> expand: %{User-Name} -> 34
> Mon Apr 1 21:22:51 2013 : Debug: attr_filter: Matched entry DEFAULT at
> line 12
> Mon Apr 1 21:22:51 2013 : Info: ++[attr_filter.accounting_response]
> returns updated
> Sending Accounting-Response of id 0 to 192.168.233.9 port 2050
> Mon Apr 1 21:22:51 2013 : Info: Finished request 6.
> Mon Apr 1 21:22:51 2013 : Info: Cleaning up request 6 ID 0 with timestamp
> +1106
> Mon Apr 1 21:22:51 2013 : Debug: Going to the next request
> Mon Apr 1 21:22:51 2013 : Debug: Waking up in 4.9 seconds.
> Mon Apr 1 21:22:56 2013 : Info: Cleaning up request 5 ID 0 with timestamp
> +1106
> Mon Apr 1 21:22:56 2013 : Info: Ready to process requests.
> ----
>
> Regards,
> Muhammad Nuzaihan Bin Kamal Luddin
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130401/51e9da1d/attachment-0001.html>
More information about the Freeradius-Users
mailing list