attribute Access-Period dont work

Sergio Diaz sdiazf at logitel.com.mx
Thu May 21 20:17:36 CEST 2015


Hello guys

I have a FreeRADIUS Version 2.1.12 with mysql db

I have a hotspot with coova chilli devices like Access point (open-mesh with cloud controller cloudtrax), everything Works fine except with the attribute” Access-Period” .  I need limit a user access period for 1 day ,1 hour or 1 week from his first time he login using a prepaid card. In my test i put 3 minutes to this user, so after this time should Disconnected it when time limit exceed , but this not happens, the user still connected and enjoying the internet.  I hope you can help me.


1. In the radcheck table i have this user :


Id		username	attribute		op	value
930		513o		Auth-Type		:=	Accept
3015		513o		Access-Period		:=	180
3016		513o		Simultaneous-Use	:=	1


2.  In the file default i have this in the authorize section:

#  See "Authorization Queries" in sql.conf #
        sql     

        #
        #  If you are using /etc/smbpasswd, and are also doing
        #  mschap authentication, the un-comment this line, and
        #  configure the 'etc_smbpasswd' module, above.
#       etc_smbpasswd

        #
        #  The ldap module will set Auth-Type to LDAP if it has not
        #  already been set
#       ldap

        #
        #  Enforce daily limits on time spent logged in.
#       daily

        #
        # Use the checkval module
#       checkval

        expiration
        logintime
        noresetcounter
        accessperiod


3. in the file counter.conf i have this: 



sqlcounter noresetcounter {
        counter-name = Max-All-Session-Time
                check-name = Max-All-Session
                sqlmod-inst = sql
                key = User-Name
                reset = never
        query = "SELECT IFNULL(SUM(AcctSessionTime),0) FROM radacct WHERE UserName='%{%k}'"

}

sqlcounter accessperiod {

counter-name = Max-Access-Period-Time
 check-name = Access-Period
 sqlmod-inst = sql
 key = User-Name
 reset = never
 query = “SELECT UNIX_TIMESTAMP() – UNIX_TIMESTAMP(AcctStartTime) FROM radacct WHERE UserName = ‘%{%k}’ ORDER BY AcctStartTime LIMIT 1″
}

4. in the table radacct i see this registry:

Username		nasipaddress					acctstarttime		acctstoptime		acctsessiontime
513o			10.255.216.1	1	Wireless-802.11	2015-05-21 10:45:11		null		3301							
							

5. In my debug i see this , i hope you can help me.


Ready to process requests.
rad_recv: Access-Request packet from host 192.16.1.6 port 56055, id=122, length=301
        ChilliSpot-Version = "1.2.8"
        User-Name = "513o"
        CHAP-Challenge = 0x6c50106ac087331ba01d102ffed40df6
        CHAP-Password = 0x001757cc38635b5efdfc132cef6ef21fa7
        Service-Type = Login-User
        Acct-Session-Id = "555e206c00000001"
        Framed-IP-Address = 10.255.216.63
        NAS-Port-Type = Wireless-802.11
        NAS-Port = 1
        NAS-Port-Id = "00000001"
        Calling-Station-Id = "E0-06-E6-0E-4F-0B"
        Called-Station-Id = "AC-86-74-1D-9B-F0"
        NAS-IP-Address = 10.255.216.1
        NAS-Identifier = "AP2"
        WISPr-Location-ID = "isocc=,cc=,ac=,network=Coova,Wicoin_Test"
        WISPr-Location-Name = "Wicoin_Test"
        WISPr-Logoff-URL = "http://10.255.216.1:3990/logoff"
        Message-Authenticator = 0xcd49be7589ebf0e0f806bd65d37b73e3
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++- entering policy filter_username {...}
+++? if (User-Name =~ /^ /)
? Evaluating (User-Name =~ /^ /) -> FALSE
+++? if (User-Name =~ /^ /) -> FALSE
+++? if (User-Name =~ / $$/)
? Evaluating (User-Name =~ / $$/) -> FALSE
+++? if (User-Name =~ / $$/) -> FALSE
+++? if (User-Name != "%{tolower:%{User-Name}}")
        expand: %{User-Name} -> 513o
        expand: %{tolower:%{User-Name}} -> 513o
? Evaluating (User-Name != "%{tolower:%{User-Name}}") -> FALSE
+++? if (User-Name != "%{tolower:%{User-Name}}") -> FALSE
++- policy filter_username returns notfound
++[preprocess] returns ok
[chap] Setting 'Auth-Type := CHAP'
++[chap] returns ok
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "513o", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
[sql]   expand: %{User-Name} -> 513o
[sql] sql_set_user escaped user --> '513o'
rlm_sql (sql): Reserving sql socket id: 24
[sql]   expand: SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = '513o'           ORDER BY id
rlm_sql_mysql: MYSQL check_error: 2006, returning SQL_DOWN
rlm_sql (sql): Attempting to connect rlm_sql_mysql #24
rlm_sql_mysql: Starting connect to MySQL server for #24
rlm_sql (sql): Connected new DB handle, #24
[sql] User found in radcheck table
[sql]   expand: SELECT id, username, attribute, value, op           FROM radreply           WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id, username, attribute, value, op           FROM radreply           WHERE username = '513o'           ORDER BY id
[sql]   expand: SELECT groupname           FROM radusergroup           WHERE username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT groupname           FROM radusergroup           WHERE username = '513o'           ORDER BY priority
rlm_sql (sql): Released sql socket id: 24
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
++[noresetcounter] returns noop
rlm_sqlcounter: Entering module authorize code
sqlcounter_expand:  '.SELECT'
[accessperiod]  expand: .SELECT -> .SELECT
WARNING: Please replace '%S' with '${sqlmod-inst}'
sqlcounter_expand:  '%{sql:.SELECT}'
[accessperiod] sql_xlat
[accessperiod]  expand: %{User-Name} -> 513o
[accessperiod] sql_set_user escaped user --> '513o'
[accessperiod]  expand: .SELECT -> .SELECT
rlm_sql (sql): Reserving sql socket id: 23
rlm_sql_mysql: MYSQL check_error: 2006, returning SQL_DOWN
rlm_sql (sql): Attempting to connect rlm_sql_mysql #23
rlm_sql_mysql: Starting connect to MySQL server for #23
rlm_sql (sql): Connected new DB handle, #23
rlm_sql_mysql: MYSQL check_error: 1064 received
rlm_sql (sql): failed after re-connect
rlm_sql (sql): database query error, .SELECT: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '.SELECT' at line 1
rlm_sql (sql): Released sql socket id: 23
[accessperiod]  expand: %{sql:.SELECT} ->
rlm_sqlcounter: No integer found in string ""
++[accessperiod] returns noop
[pap] WARNING: Auth-Type already set.  Not setting to PAP
++[pap] returns noop
Found Auth-Type = Accept
Auth-Type = Accept, accepting the user
# Executing section session from file /etc/freeradius/sites-enabled/default
+- entering group session {...}
[radutmp]       expand: /var/log/freeradius/radutmp -> /var/log/freeradius/radutmp
[radutmp]       expand: %{User-Name} -> 513o
++[radutmp] returns ok
# Executing section post-auth from file /etc/freeradius/sites-enabled/default
+- entering group post-auth {...}
[sql]   expand: %{User-Name} -> 513o
[sql] sql_set_user escaped user --> '513o'
[sql]   expand: %{User-Password} ->
[sql]   ... expanding second conditional
[sql]   expand: %{Chap-Password} -> 0x001757cc38635b5efdfc132cef6ef21fa7
[sql]   expand: INSERT INTO radpostauth                           (username, pass, reply, authdate)                           VALUES (                           '%{User-Name}',                           '%{%{User-Password}:-%{Chap-Password}}',                           '%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth                           (username, pass, reply, authdate)                           VALUES (                           '513o',                           '0x001757cc38635b5efdfc132cef6ef21fa7',                           'Access-Accept', '2015-05-21 13:14:16')
rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth                           (username, pass, reply, authdate)                           VALUES (                           '513o',                           '0x001757cc38635b5efdfc132cef6ef21fa7',                           'Access-Accept', '2015-05-21 13:14:16')
rlm_sql (sql): Reserving sql socket id: 22
rlm_sql_mysql: MYSQL check_error: 2006, returning SQL_DOWN
rlm_sql (sql): Attempting to connect rlm_sql_mysql #22
rlm_sql_mysql: Starting connect to MySQL server for #22
rlm_sql (sql): Connected new DB handle, #22
rlm_sql (sql): Released sql socket id: 22
++[sql] returns ok
++[exec] returns noop
Sending Access-Accept of id 122 to 192.16.1.6 port 56055
Finished request 82.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Accounting-Request packet from host 192.16.1.6 port 54159, id=91, length=225
        ChilliSpot-Version = "1.2.8"
        ChilliSpot-Attr-10 = 0x00000002
        Event-Timestamp = "May 21 2015 13:14:16 CDT"
        Acct-Status-Type = Start
        User-Name = "513o"
        Acct-Session-Id = "555e206c00000001"
        Framed-IP-Address = 10.255.216.63
        NAS-Port-Type = Wireless-802.11
        NAS-Port = 1
        NAS-Port-Id = "00000001"
        Calling-Station-Id = "E0-06-E6-0E-4F-0B"
        Called-Station-Id = "AC-86-74-1D-9B-F0"
        NAS-IP-Address = 10.255.216.1
        NAS-Identifier = "AP2"
        WISPr-Location-ID = "isocc=,cc=,ac=,network=Coova,Wicoin_Test"
        WISPr-Location-Name = "Wicoin_Test"
# Executing section preacct from file /etc/freeradius/sites-enabled/default
+- entering group preacct {...}
++[preprocess] returns ok
[acct_unique] Hashing 'NAS-Port = 1,Client-IP-Address = 192.16.1.6,NAS-IP-Address = 10.255.216.1,Acct-Session-Id = "555e206c00000001",User-Name = "513o"'
[acct_unique] Acct-Unique-Session-ID = "392d59c5bb1cc208".
++[acct_unique] returns ok
[suffix] No '@' in User-Name = "513o", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[files] returns noop
# Executing section accounting from file /etc/freeradius/sites-enabled/default
+- entering group accounting {...}
[detail]        expand: %{Packet-Src-IP-Address} -> 192.16.1.6
[detail]        expand: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d -> /var/log/freeradius/radacct/192.16.1.6/detail-20150521
[detail] /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d expands to /var/log/freeradius/radacct/192.16.1.6/detail-20150521
[detail]        expand: %t -> Thu May 21 13:14:16 2015
++[detail] returns ok
++[unix] returns ok
[radutmp]       expand: /var/log/freeradius/radutmp -> /var/log/freeradius/radutmp
[radutmp]       expand: %{User-Name} -> 513o
++[radutmp] returns ok
[sql]   expand: %{User-Name} -> 513o
[sql] sql_set_user escaped user --> '513o'
[sql]   expand: %{Acct-Delay-Time} ->
[sql]   ... expanding second conditional
[sql]   expand:            INSERT INTO radacct             (acctsessionid,    acctuniqueid,     username,              realm,            nasipaddress,     nasportid,              nasporttype,      acctstarttime,    acctstoptime,              acctsessiontime,  acctauthentic,    connectinfo_start,              connectinfo_stop, acctinputoctets,  acctoutputoctets,              calledstationid,  callingstationid, acctterminatecause,              servicetype,      framedprotocol,   framedipaddress,              acctstartdelay,   acctstopdelay,    xascendsessionsvrkey)           VALUES             ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',              '%{SQL-User-Name}',              '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',              '%{NAS-Port-Type}', '%S', NULL,              '0', '%{Acct-Authentic}', '%{Connect-Info}',              '', '0', '0',              '%{Called-Station-Id}', '%{Calling-Station-Id}', '',              '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}',
rlm_sql (sql): Reserving sql socket id: 21
rlm_sql_mysql: MYSQL check_error: 2006, returning SQL_DOWN
rlm_sql (sql): Attempting to connect rlm_sql_mysql #21
rlm_sql_mysql: Starting connect to MySQL server for #21
rlm_sql (sql): Connected new DB handle, #21
rlm_sql (sql): Released sql socket id: 21
++[sql] returns ok
++[exec] returns noop
[attr_filter.accounting_response]       expand: %{User-Name} -> 513o
attr_filter: Matched entry DEFAULT at line 12
++[attr_filter.accounting_response] returns updated
Sending Accounting-Response of id 91 to 192.16.1.6 port 54159
Finished request 83.
Cleaning up request 83 ID 91 with timestamp +4782
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 82 ID 122 with timestamp +4782
Ready to process requests.




Saludos Cordiales,

 Sergio Diaz
  




More information about the Freeradius-Users mailing list