Freeradius with daily counter

Ali Jawad alijawad1 at gmail.com
Tue Jul 15 12:59:18 CEST 2014 

Hi
I did setup Freeradius with SQL backend and connected it to a l2tp vpn
server. Connecting works great and accounting is logged into the radacct
table. So far so good, now I am experimenting with limits. And I chose
daily session time to test out first.

I did insert into radcheck "where username is obviously test"

test Max-Daily-Session := 100000000

When I did that, logon fails

Now, here is where I might have messed up

In sites-enabled/default I did uncomment

authorise{

        #  Enforce daily limits on time spent logged in.

        daily


and


accounting {

        daily

In radiusd.conf I did uncomment


instantiate {

        # We add the counter module here so that it registers

        # the check-name attribute before any module which sets

        # it

        daily




modules/counter includes


counter daily {

        filename = ${db_dir}/db.daily

        key = User-Name

        count-attribute = Acct-Session-Time

        reset = daily

        counter-name = Daily-Session-Time

        check-name = Max-Daily-Session

        reply-name = Session-Timeout

        allowed-servicetype = Framed-User

        cache-size = 5000

}



When I start radiusd -X I can see the following :


 radiusd: #### Instantiating modules ####

 instantiate {

 Module: Linked to module rlm_exec

 Module: Instantiating module "exec" from file /etc/raddb/modules/exec

  exec {

        wait = no

        input_pairs = "request"

        shell_escape = yes

  }

 Module: Linked to module rlm_expr

 Module: Instantiating module "expr" from file /etc/raddb/modules/expr

 Module: Linked to module rlm_counter

 Module: Instantiating module "daily" from file /etc/raddb/modules/counter

  counter daily {

        filename = "/etc/raddb/db.daily"

        key = "User-Name"

        reset = "daily"

        count-attribute = "Acct-Session-Time"

        counter-name = "Daily-Session-Time"

        check-name = "Max-Daily-Session"

        reply-name = "Session-Timeout"

        allowed-servicetype = "Framed-User"

        cache-size = 5000

  }

rlm_counter: Counter attribute Daily-Session-Time is number 11273

rlm_counter: Current Time: 1405421724 [2014-07-15 05:55:24], Next reset
1405486800 [2014-07-16 00:00:00]

rlm_counter: Failed to open file /etc/raddb/db.daily: Permission denied

/etc/raddb/modules/counter[71]: Instantiation failed for module "daily"




What strikes me as weird is  why does freeradius try to look in db.daily
which does not exist, instead of the MySQL table radacct ? I did try to
create a file db.daily "just for testing" and seLinux is disabled.

[root at localhost raddb]# ls -lart /etc/raddb/db.daily

-rw-r--r-- 1 root radiusd 0 Jul 15 05:35 /etc/raddb/db.daily

[root at localhost raddb]# getenforce

Disabled

This is more or less a default CentOS RPM installation user and group are
listed below

user = radiusd

group = radiusd



Am I barking up the wrong tree here ?


Any pointers in the right directions please?


Regards
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140715/80bfd42c/attachment.html>

More information about the Freeradius-Users mailing list