attribute Access-Period dont work
Sergio Diaz
sdiazf at logitel.com.mx
Thu May 21 20:17:36 CEST 2015
Hello guys
I have a FreeRADIUS Version 2.1.12 with mysql db
I have a hotspot with coova chilli devices like Access point (open-mesh with cloud controller cloudtrax), everything Works fine except with the attribute” Access-Period” . I need limit a user access period for 1 day ,1 hour or 1 week from his first time he login using a prepaid card. In my test i put 3 minutes to this user, so after this time should Disconnected it when time limit exceed , but this not happens, the user still connected and enjoying the internet. I hope you can help me.
1. In the radcheck table i have this user :
Id username attribute op value
930 513o Auth-Type := Accept
3015 513o Access-Period := 180
3016 513o Simultaneous-Use := 1
2. In the file default i have this in the authorize section:
# See "Authorization Queries" in sql.conf #
sql
#
# If you are using /etc/smbpasswd, and are also doing
# mschap authentication, the un-comment this line, and
# configure the 'etc_smbpasswd' module, above.
# etc_smbpasswd
#
# The ldap module will set Auth-Type to LDAP if it has not
# already been set
# ldap
#
# Enforce daily limits on time spent logged in.
# daily
#
# Use the checkval module
# checkval
expiration
logintime
noresetcounter
accessperiod
3. in the file counter.conf i have this:
sqlcounter noresetcounter {
counter-name = Max-All-Session-Time
check-name = Max-All-Session
sqlmod-inst = sql
key = User-Name
reset = never
query = "SELECT IFNULL(SUM(AcctSessionTime),0) FROM radacct WHERE UserName='%{%k}'"
}
sqlcounter accessperiod {
counter-name = Max-Access-Period-Time
check-name = Access-Period
sqlmod-inst = sql
key = User-Name
reset = never
query = “SELECT UNIX_TIMESTAMP() – UNIX_TIMESTAMP(AcctStartTime) FROM radacct WHERE UserName = ‘%{%k}’ ORDER BY AcctStartTime LIMIT 1″
}
4. in the table radacct i see this registry:
Username nasipaddress acctstarttime acctstoptime acctsessiontime
513o 10.255.216.1 1 Wireless-802.11 2015-05-21 10:45:11 null 3301
5. In my debug i see this , i hope you can help me.
Ready to process requests.
rad_recv: Access-Request packet from host 192.16.1.6 port 56055, id=122, length=301
ChilliSpot-Version = "1.2.8"
User-Name = "513o"
CHAP-Challenge = 0x6c50106ac087331ba01d102ffed40df6
CHAP-Password = 0x001757cc38635b5efdfc132cef6ef21fa7
Service-Type = Login-User
Acct-Session-Id = "555e206c00000001"
Framed-IP-Address = 10.255.216.63
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
NAS-Port-Id = "00000001"
Calling-Station-Id = "E0-06-E6-0E-4F-0B"
Called-Station-Id = "AC-86-74-1D-9B-F0"
NAS-IP-Address = 10.255.216.1
NAS-Identifier = "AP2"
WISPr-Location-ID = "isocc=,cc=,ac=,network=Coova,Wicoin_Test"
WISPr-Location-Name = "Wicoin_Test"
WISPr-Logoff-URL = "http://10.255.216.1:3990/logoff"
Message-Authenticator = 0xcd49be7589ebf0e0f806bd65d37b73e3
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++- entering policy filter_username {...}
+++? if (User-Name =~ /^ /)
? Evaluating (User-Name =~ /^ /) -> FALSE
+++? if (User-Name =~ /^ /) -> FALSE
+++? if (User-Name =~ / $$/)
? Evaluating (User-Name =~ / $$/) -> FALSE
+++? if (User-Name =~ / $$/) -> FALSE
+++? if (User-Name != "%{tolower:%{User-Name}}")
expand: %{User-Name} -> 513o
expand: %{tolower:%{User-Name}} -> 513o
? Evaluating (User-Name != "%{tolower:%{User-Name}}") -> FALSE
+++? if (User-Name != "%{tolower:%{User-Name}}") -> FALSE
++- policy filter_username returns notfound
++[preprocess] returns ok
[chap] Setting 'Auth-Type := CHAP'
++[chap] returns ok
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "513o", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
[sql] expand: %{User-Name} -> 513o
[sql] sql_set_user escaped user --> '513o'
rlm_sql (sql): Reserving sql socket id: 24
[sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = '513o' ORDER BY id
rlm_sql_mysql: MYSQL check_error: 2006, returning SQL_DOWN
rlm_sql (sql): Attempting to connect rlm_sql_mysql #24
rlm_sql_mysql: Starting connect to MySQL server for #24
rlm_sql (sql): Connected new DB handle, #24
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = '513o' ORDER BY id
[sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = '513o' ORDER BY priority
rlm_sql (sql): Released sql socket id: 24
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
++[noresetcounter] returns noop
rlm_sqlcounter: Entering module authorize code
sqlcounter_expand: '.SELECT'
[accessperiod] expand: .SELECT -> .SELECT
WARNING: Please replace '%S' with '${sqlmod-inst}'
sqlcounter_expand: '%{sql:.SELECT}'
[accessperiod] sql_xlat
[accessperiod] expand: %{User-Name} -> 513o
[accessperiod] sql_set_user escaped user --> '513o'
[accessperiod] expand: .SELECT -> .SELECT
rlm_sql (sql): Reserving sql socket id: 23
rlm_sql_mysql: MYSQL check_error: 2006, returning SQL_DOWN
rlm_sql (sql): Attempting to connect rlm_sql_mysql #23
rlm_sql_mysql: Starting connect to MySQL server for #23
rlm_sql (sql): Connected new DB handle, #23
rlm_sql_mysql: MYSQL check_error: 1064 received
rlm_sql (sql): failed after re-connect
rlm_sql (sql): database query error, .SELECT: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '.SELECT' at line 1
rlm_sql (sql): Released sql socket id: 23
[accessperiod] expand: %{sql:.SELECT} ->
rlm_sqlcounter: No integer found in string ""
++[accessperiod] returns noop
[pap] WARNING: Auth-Type already set. Not setting to PAP
++[pap] returns noop
Found Auth-Type = Accept
Auth-Type = Accept, accepting the user
# Executing section session from file /etc/freeradius/sites-enabled/default
+- entering group session {...}
[radutmp] expand: /var/log/freeradius/radutmp -> /var/log/freeradius/radutmp
[radutmp] expand: %{User-Name} -> 513o
++[radutmp] returns ok
# Executing section post-auth from file /etc/freeradius/sites-enabled/default
+- entering group post-auth {...}
[sql] expand: %{User-Name} -> 513o
[sql] sql_set_user escaped user --> '513o'
[sql] expand: %{User-Password} ->
[sql] ... expanding second conditional
[sql] expand: %{Chap-Password} -> 0x001757cc38635b5efdfc132cef6ef21fa7
[sql] expand: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '513o', '0x001757cc38635b5efdfc132cef6ef21fa7', 'Access-Accept', '2015-05-21 13:14:16')
rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '513o', '0x001757cc38635b5efdfc132cef6ef21fa7', 'Access-Accept', '2015-05-21 13:14:16')
rlm_sql (sql): Reserving sql socket id: 22
rlm_sql_mysql: MYSQL check_error: 2006, returning SQL_DOWN
rlm_sql (sql): Attempting to connect rlm_sql_mysql #22
rlm_sql_mysql: Starting connect to MySQL server for #22
rlm_sql (sql): Connected new DB handle, #22
rlm_sql (sql): Released sql socket id: 22
++[sql] returns ok
++[exec] returns noop
Sending Access-Accept of id 122 to 192.16.1.6 port 56055
Finished request 82.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Accounting-Request packet from host 192.16.1.6 port 54159, id=91, length=225
ChilliSpot-Version = "1.2.8"
ChilliSpot-Attr-10 = 0x00000002
Event-Timestamp = "May 21 2015 13:14:16 CDT"
Acct-Status-Type = Start
User-Name = "513o"
Acct-Session-Id = "555e206c00000001"
Framed-IP-Address = 10.255.216.63
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
NAS-Port-Id = "00000001"
Calling-Station-Id = "E0-06-E6-0E-4F-0B"
Called-Station-Id = "AC-86-74-1D-9B-F0"
NAS-IP-Address = 10.255.216.1
NAS-Identifier = "AP2"
WISPr-Location-ID = "isocc=,cc=,ac=,network=Coova,Wicoin_Test"
WISPr-Location-Name = "Wicoin_Test"
# Executing section preacct from file /etc/freeradius/sites-enabled/default
+- entering group preacct {...}
++[preprocess] returns ok
[acct_unique] Hashing 'NAS-Port = 1,Client-IP-Address = 192.16.1.6,NAS-IP-Address = 10.255.216.1,Acct-Session-Id = "555e206c00000001",User-Name = "513o"'
[acct_unique] Acct-Unique-Session-ID = "392d59c5bb1cc208".
++[acct_unique] returns ok
[suffix] No '@' in User-Name = "513o", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[files] returns noop
# Executing section accounting from file /etc/freeradius/sites-enabled/default
+- entering group accounting {...}
[detail] expand: %{Packet-Src-IP-Address} -> 192.16.1.6
[detail] expand: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d -> /var/log/freeradius/radacct/192.16.1.6/detail-20150521
[detail] /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d expands to /var/log/freeradius/radacct/192.16.1.6/detail-20150521
[detail] expand: %t -> Thu May 21 13:14:16 2015
++[detail] returns ok
++[unix] returns ok
[radutmp] expand: /var/log/freeradius/radutmp -> /var/log/freeradius/radutmp
[radutmp] expand: %{User-Name} -> 513o
++[radutmp] returns ok
[sql] expand: %{User-Name} -> 513o
[sql] sql_set_user escaped user --> '513o'
[sql] expand: %{Acct-Delay-Time} ->
[sql] ... expanding second conditional
[sql] expand: INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress, acctstartdelay, acctstopdelay, xascendsessionsvrkey) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S', NULL, '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}',
rlm_sql (sql): Reserving sql socket id: 21
rlm_sql_mysql: MYSQL check_error: 2006, returning SQL_DOWN
rlm_sql (sql): Attempting to connect rlm_sql_mysql #21
rlm_sql_mysql: Starting connect to MySQL server for #21
rlm_sql (sql): Connected new DB handle, #21
rlm_sql (sql): Released sql socket id: 21
++[sql] returns ok
++[exec] returns noop
[attr_filter.accounting_response] expand: %{User-Name} -> 513o
attr_filter: Matched entry DEFAULT at line 12
++[attr_filter.accounting_response] returns updated
Sending Accounting-Response of id 91 to 192.16.1.6 port 54159
Finished request 83.
Cleaning up request 83 ID 91 with timestamp +4782
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 82 ID 122 with timestamp +4782
Ready to process requests.
Saludos Cordiales,
Sergio Diaz
More information about the Freeradius-Users
mailing list