Failed to create the pair: Unknown attribute Max-All-Session

Sergio Diaz sdiazf at logitel.com.mx
Tue Apr 14 22:20:27 CEST 2015 

Hello guys


This is my first post. I hope i can explain my problem.

I have a FreeRADIUS Version 2.1.12 with mysql db

I have a hotspot with coova chilli devices like Access point (open-mesh with cloud controller cloudtrax), everything Works fine except with the attribute" Max-All-Session" in the radcheck table, when i put this attribute the users  can't authenticate, if i delete this attribute users can authenticate. I need limit a user access period for 1 day ,1 hour or 1 week from his first time he login using a prepaid card.

This user never has been authenticated, so he haven't registry in the radacct table

Id		username	attribute		op	value
2262		a1z5		Auth-Type		:=	Accept
2263		a1z5		Simultaneous-Use	:=	1
2264		a1z5		Max-All-Session	:=	3600


Even if i use other attribute like: Expiration it works with out problem.

Id	username	attribute		op	value
5	42h7		Auth-Type		:=	Accept
1017	42h7		Expiration		==	May 8 2014 11:56:01
1018	42h7		Simultaneous-Use	:=	1



In my debug i see this error, i hope you can help me.


rlm_sql: Failed to create the pair: Unknown attribute "Max-All-Session" requires a hex string, not "3600"
rlm_sql (sql): Error getting data from database [sql] SQL query error; rejecting user rlm_sql (sql): Released sql socket id: 11
++[sql] returns fail
Using Post-Auth-Type Reject
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group REJECT {...}



Ready to process requests.
rad_recv: Access-Request packet from host 192.16.1.6 port 57160, id=68, length=301
        ChilliSpot-Version = "1.2.8"
        User-Name = "a1z5"
        CHAP-Challenge = 0x29e1cac347609050f7fd312c10cbd7e0
        CHAP-Password = 0x0052b8ddaf303a9513c3ed41b81e0bf852
        Service-Type = Login-User
        Acct-Session-Id = "552d462f00000002"
        Framed-IP-Address = 10.255.216.9
        NAS-Port-Type = Wireless-802.11
        NAS-Port = 2
        NAS-Port-Id = "00000002"
        Calling-Station-Id = "40-0E-85-30-B9-03"
        Called-Station-Id = "AC-86-74-1D-9B-F0"
        NAS-IP-Address = 10.255.216.1
        NAS-Identifier = "AP2"
        WISPr-Location-ID = "isocc=,cc=,ac=,network=Coova,Wicoin_Test"
        WISPr-Location-Name = "Wicoin_Test"
        WISPr-Logoff-URL = "http://10.255.216.1:3990/logoff"
        Message-Authenticator = 0x979323917417ff7a0c783751a8ff8223
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++- entering policy filter_username {...}
+++? if (User-Name =~ /^ /)
? Evaluating (User-Name =~ /^ /) -> FALSE
+++? if (User-Name =~ /^ /) -> FALSE
+++? if (User-Name =~ / $$/)
? Evaluating (User-Name =~ / $$/) -> FALSE
+++? if (User-Name =~ / $$/) -> FALSE
+++? if (User-Name != "%{tolower:%{User-Name}}")
        expand: %{User-Name} -> a1z5
        expand: %{tolower:%{User-Name}} -> a1z5 ? Evaluating (User-Name != "%{tolower:%{User-Name}}") -> FALSE
+++? if (User-Name != "%{tolower:%{User-Name}}") -> FALSE
++- policy filter_username returns notfound [preprocess] returns ok
[chap] Setting 'Auth-Type := CHAP'
++[chap] returns ok
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "a1z5", looking up realm NULL [suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
[sql]   expand: %{User-Name} -> a1z5
[sql] sql_set_user escaped user --> 'a1z5'
rlm_sql (sql): Reserving sql socket id: 11
[sql]   expand: SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = 'a1z5'           ORDER BY id
rlm_sql: Failed to create the pair: Unknown attribute "Max-All-Session" requires a hex string, not "3600"
rlm_sql (sql): Error getting data from database [sql] SQL query error; rejecting user rlm_sql (sql): Released sql socket id: 11
++[sql] returns fail
Using Post-Auth-Type Reject
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject]     expand: %{User-Name} -> a1z5
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 2 for 1 seconds Going to the next request Waking up in 0.9 seconds.
Sending delayed reject for request 2
Sending Access-Reject of id 68 to 192.16.1.6 port 57160 Waking up in 4.9 seconds.
Cleaning up request 2 ID 68 with timestamp +57 Ready to process requests.



Saludos Cordiales,

 Sergio Diaz
 

More information about the Freeradius-Users mailing list