CoA reply a wrong Session-Timeout

prometeotv at tiscali.it prometeotv at tiscali.it
Fri Sep 16 14:28:28 CEST 2016 

  Hi to all
I am running freeradius ver 2.1.12-6 on CentOS 6.0. I have
configured freeradius with sql_counter module and all is working
fine.
Now I have to configure CoA but on my NAS (Mikrotik) I receive the
Session-Timeout equal to 0 and the same is for the Traffic
(Mikrotik-XMit-Limit attribute)
Which is the freeradius variable to pass
to Session-Timeout inside the "update coa{" in order to have the
residual credit time of the user?
This is the freeradius
configuration:

/ETC/SITE-AVAILABLE/DEFAULT

authorize {

rewrite.calling_station_id
 preprocess
 chap
 mschap
 suffix
 eap {
 ok
= return
 }
 unix
 sql
 expiration
 logintime

pap
noresetcounter
dailycounter
monthlycounter
noresettrafficcounter
dailytraffic
monthlytraffic
pppoetrafficcounter
pppoedailytraffic
pppoemonthlytraffic


update control {
 Auth-Type := `/usr/bin/php -f
/sitiweb/hotspot/functions/freeradiusauthorize.php %{User-Name}
%{User-Password} %{Calling-Station-Id} %{NAS-IP-Address}
%{Called-Station-ID}`
 }
}

accounting {

 rewrite.calling_station_id

unix
 sql

#COA
 update coa {
 User-Name = "%{User-Name}"

Acct-Session-Id = "%{Acct-Session-Id}"
 NAS-IP-Address =
"%{NAS-IP-Address}"
 Framed-IP-Address = "%{Framed-IP-Address}"


Session-Timeout = "%{Session-Timeout}"

# Session-Timeout =
"%{Credit-Time}"
# Session-Timeout = "%{noresetcounter:Credit-Time}"
#
Session-Timeout = "%{Session-Timeout}"
# Session-Timeout = "%{sql:SELECT
SUM(AcctSessionTime) FROM radacct WHERE UserName='%{User-Name}'}"
#
Session-Timeout = "%{noresetcounter}"
# Session-Timeout =
"%{rlm_sqlcounter:noresetcounter}"
 Mikrotik-XMit-Limit =
"%{Mikrotik-XMit-Limit}"
# Mikrotik-XMit-Limit =
"%{Monthly-Credit-Traffic}"
 }
# update control {
# Send-CoA-Request =
Yes
# }

}

CLIENTS.CONF:

client 0.0.0.0/0 {
 secret = hshelioos

require_message_authenticator = no
 nastype = other
}

#COA
home_server
piazzalaterale-coa {
 type = coa

 #
 # Note that a home server of type
"coa" MUST be a real NAS,
 # with an ipaddr or ipv6addr. It CANNOT point
to a virtual
 # server.
 #
 ipaddr = 192.168.0.201
 port = 3799

 # This
secret SHOULD NOT be the same as the shared
 # secret in a "client"
section.
 secret = hshelioos

 # CoA specific parameters. See
raddb/proxy.conf for details.
 coa {
 irt = 2
 mrt = 16
 mrc = 5
 mrd =
30
 }
}

 SQLCOUNTER.CONF:

sqlcounter noresetcounter {
counter-name =
Max-All-Session-Time
check-name = Credit-Time
sqlmod-inst = sql
key =
User-Name
reset = never
query = "SELECT SUM(AcctSessionTime) FROM
radacct WHERE UserName='%{%k}'"
}

sqlcounter dailycounter {
driver =
"rlm_sqlcounter"
counter-name = Daily-Session-Time
check-name =
Daily-Credit-Time
sqlmod-inst = sql
key = User-Name
#reset = daily
reset
= never
#query = "SELECT SUM(AcctSessionTime - GREATEST((%b -
UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{%k}'
AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'"
#query =
"SELECT SUM(SessionTime) FROM (SELECT SUM(AcctSessionTime - GREATEST((%b
- UNIX_TIMESTAMP(AcctStartTime)), 0)) AS SessionTime FROM radacct WHERE
UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime >
'%b' UNION SELECT 0 AS SessionTime) AS Results"
query = "SELECT
SUM(SessionTime) FROM (SELECT SUM(AcctSessionTime) AS SessionTime FROM
radacct WHERE UserName='%{%k}' AND DATE(NOW())=DATE(acctstoptime) UNION
SELECT 0 AS SessionTime) AS Results"
}

sqlcounter monthlycounter
{
counter-name = Monthly-Session-Time
check-name =
Monthly-Credit-Time
sqlmod-inst = sql
key = User-Name
#reset =
daily
reset = never
#query = "SELECT SUM(AcctSessionTime - GREATEST((%b
- UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE
UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime >
'%b'"
#query = "SELECT SUM(SessionTime) FROM (SELECT SUM(AcctSessionTime
- GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) AS SessionTime FROM
radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) +
AcctSessionTime > '%b' UNION SELECT 0 AS SessionTime) AS Results"
query
= "SELECT SUM(SessionTime) FROM (SELECT SUM(AcctSessionTime) AS
SessionTime FROM radacct WHERE UserName='%{%k}' AND MONTH(acctstoptime)
= MONTH(NOW()) AND YEAR(acctstoptime) = YEAR(NOW()) UNION SELECT 0 AS
SessionTime) AS Results"
}

and this is the LOG of "radiusd -X"
command:

Listening on authentication address 127.0.0.1 port 18120 as
server inner-tunnel
Listening on proxy address * port 1814
Ready to
process requests.
rad_recv: Access-Request packet from host
192.168.0.201 port 33465, id=32, length=230
 NAS-Port-Type =
Wireless-802.11
 Calling-Station-Id = "00:22:5F:0F:58:84"

Called-Station-Id = "Piazza Laterale"
 NAS-Port-Id = "hs-bridge"

User-Name = "00393383880766 at BarCentrale"
 NAS-Port = 2151677962

Acct-Session-Id = "8040000a"
 Framed-IP-Address = 10.0.200.105

Mikrotik-Host-IP = 10.0.200.105
 CHAP-Challenge =
0x980558b3c7d785a90bcc313cb3d36f05
 CHAP-Password =
0xb857266bd68f0ad533ce1801e25f165f64
 Service-Type = Login-User

WISPr-Logoff-URL = "http://0.0.0.0/logout"
 NAS-Identifier = "Piazza
Laterale"
 NAS-IP-Address = 192.168.0.201
# Executing section authorize
from file /etc/raddb/sites-enabled/default
+- entering group authorize
{...}
++- entering policy rewrite.calling_station_id {...}
+++? if
((Calling-Station-Id) && "%{Calling-Station-Id}" =~
/^%{config:policy.mac-addr}$/i)
?? Evaluating (Calling-Station-Id) ->
TRUE
 expand: %{Calling-Station-Id} -> 00:22:5F:0F:58:84
 expand:
policy.mac-addr -> policy.mac-addr
 expand: ^%{config:policy.mac-addr}$
->
^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$
?
Evaluating ("%{Calling-Station-Id}" =~ /^%{config:policy.mac-addr}$/i)
-> TRUE
+++? if ((Calling-Station-Id) && "%{Calling-Station-Id}" =~
/^%{config:policy.mac-addr}$/i) -> TRUE
+++- entering if
((Calling-Station-Id) && "%{Calling-Station-Id}" =~
/^%{config:policy.mac-addr}$/i) {...}
 expand:
%{1}:%{2}:%{3}:%{4}:%{5}:%{6} -> 00:22:5F:0F:58:84
 expand:
%{toupper:%{1}:%{2}:%{3}:%{4}:%{5}:%{6}} ->
00:22:5F:0F:58:84
++++[request] returns notfound
++++[updated] returns
updated
+++- if ((Calling-Station-Id) && "%{Calling-Station-Id}" =~
/^%{config:policy.mac-addr}$/i) returns updated
+++ ... skipping else
for request 0: Preceding "if" was taken
++- policy
rewrite.calling_station_id returns updated
++[preprocess] returns
ok
[chap] Setting 'Auth-Type := CHAP'
++[chap] returns ok
++[mschap]
returns noop
[suffix] Looking up realm "BarCentrale" for User-Name =
"00393383880766 at BarCentrale"
[suffix] No such realm
"BarCentrale"
++[suffix] returns noop
[eap] No EAP-Message, not doing
EAP
++[eap] returns noop
++[unix] returns notfound
[sql] expand:
%{User-Name} -> 00393383880766 at BarCentrale
[sql] sql_set_user escaped
user --> '00393383880766 at BarCentrale'
rlm_sql (sql): Reserving sql
socket id: 4
[sql] expand: SELECT id, username, attribute, value, op
FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT
id, username, attribute, value, op FROM radcheck WHERE username =
'00393383880766 at BarCentrale' ORDER BY id
[sql] User found in radcheck
table
[sql] expand: SELECT id, username, attribute, value, op FROM
radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id,
username, attribute, value, op FROM radreply WHERE username =
'00393383880766 at BarCentrale' ORDER BY id
[sql] expand: SELECT groupname
FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority
-> SELECT groupname FROM radusergroup WHERE username =
'00393383880766 at BarCentrale' ORDER BY priority
[sql] expand: SELECT id,
groupname, attribute, Value, op FROM radgroupcheck WHERE groupname =
'%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op
FROM radgroupcheck WHERE groupname = 'DEFAULT2048K-256K-5DEVICES' ORDER
BY id
[sql] User found in group DEFAULT2048K-256K-5DEVICES
[sql] expand:
SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE
groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname,
attribute, value, op FROM radgroupreply WHERE groupname =
'DEFAULT2048K-256K-5DEVICES' ORDER BY id
rlm_sql (sql): Released sql
socket id: 4
++[sql] returns ok
++[expiration] returns
noop
++[logintime] returns noop
[pap] WARNING: Auth-Type already set.
Not setting to PAP
++[pap] returns noop
rlm_sqlcounter: Entering module
authorize code
WARNING: Please replace '%k' with
'${key}'
sqlcounter_expand: 'SELECT SUM(AcctSessionTime) FROM radacct
WHERE UserName='%{User-Name}''
[noresetcounter] expand: SELECT
SUM(AcctSessionTime) FROM radacct WHERE UserName='%{User-Name}' ->
SELECT SUM(AcctSessionTime) FROM radacct WHERE
UserName='00393383880766 at BarCentrale'
WARNING: Please replace '%S' with
'${sqlmod-inst}'
sqlcounter_expand: '%{sql:SELECT SUM(AcctSessionTime)
FROM radacct WHERE
UserName='00393383880766 at BarCentrale'}'
[noresetcounter]
sql_xlat
[noresetcounter] expand: %{User-Name} ->
00393383880766 at BarCentrale
[noresetcounter] sql_set_user escaped user
--> '00393383880766 at BarCentrale'
[noresetcounter] expand: SELECT
SUM(AcctSessionTime) FROM radacct WHERE
UserName='00393383880766 at BarCentrale' -> SELECT SUM(AcctSessionTime)
FROM radacct WHERE UserName='00393383880766 at BarCentrale'
rlm_sql (sql):
Reserving sql socket id: 3
[noresetcounter] sql_xlat finished
rlm_sql
(sql): Released sql socket id: 3
[noresetcounter] expand: %{sql:SELECT
SUM(AcctSessionTime) FROM radacct WHERE
UserName='00393383880766 at BarCentrale'} -> 747
rlm_sqlcounter: Check item
is greater than query result
rlm_sqlcounter: Authorized user
00393383880766 at BarCentrale, check_item=2700, counter=747
rlm_sqlcounter:
Sent Reply-Item for user 00393383880766 at BarCentrale,
Type=Session-Timeout, value=1953
++[noresetcounter] returns
ok
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could
not find Check item value pair
++[dailycounter] returns
noop
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter:
Could not find Check item value pair
++[monthlycounter] returns
noop
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter:
Could not find Check item value pair
++[noresettrafficcounter] returns
noop
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter:
Could not find Check item value pair
++[dailytraffic] returns
noop
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter:
Could not find Check item value pair
++[monthlytraffic] returns
noop
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter:
Could not find Check item value pair
++[pppoetrafficcounter] returns
noop
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter:
Could not find Check item value pair
++[pppoedailytraffic] returns
noop
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter:
Could not find Check item value pair
++[pppoemonthlytraffic] returns
noop
 expand: %{User-Name} -> 00393383880766 at BarCentrale
 expand:
%{User-Password} ->
 expand: %{Calling-Station-Id} -> 00:22:5F:0F:58:84

expand: %{NAS-IP-Address} -> 192.168.0.201
 expand: %{Called-Station-ID}
-> Piazza Laterale
Exec-Program output:
Exec-Program: returned:
0
++[control] returns noop
Found Auth-Type = Local
WARNING: Please
update your configuration, and remove 'Auth-Type = Local'
WARNING: Use
the PAP or CHAP modules instead.
CHAP-Password is correct.
# Executing
section session from file /etc/raddb/sites-enabled/default
+- entering
group session {...}
[sql] expand: %{User-Name} ->
00393383880766 at BarCentrale
[sql] sql_set_user escaped user -->
'00393383880766 at BarCentrale'
[sql] expand: SELECT COUNT(*) FROM radacct
WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL -> SELECT
COUNT(*) FROM radacct WHERE username = '00393383880766 at BarCentrale' AND
acctstoptime IS NULL
rlm_sql (sql): Reserving sql socket id: 2
rlm_sql
(sql): Released sql socket id: 2
++[sql] returns ok
# Executing section
post-auth from file /etc/raddb/sites-enabled/default
+- entering group
post-auth {...}
[sql] expand: %{User-Name} ->
00393383880766 at BarCentrale
[sql] sql_set_user escaped user -->
'00393383880766 at BarCentrale'
[sql] expand: %{User-Password} ->
[sql] ...
expanding second conditional
[sql] expand: %{Chap-Password} ->
0xb857266bd68f0ad533ce1801e25f165f64
[sql] expand: INSERT INTO
radpostauth (username, pass, reply, authdate) VALUES ( '%{User-Name}',
'%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S')
-> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES (
'00393383880766 at BarCentrale', '0xb857266bd68f0ad533ce1801e25f165f64',
'Access-Accept', '2016-09-16 14:22:23')
rlm_sql (sql) in sql_postauth:
query is INSERT INTO radpostauth (username, pass, reply, authdate)
VALUES ( '00393383880766 at BarCentrale',
'0xb857266bd68f0ad533ce1801e25f165f64', 'Access-Accept', '2016-09-16
14:22:23')
rlm_sql (sql): Reserving sql socket id: 1
rlm_sql (sql):
Released sql socket id: 1
++[sql] returns ok
++[exec] returns
noop
Sending Access-Accept of id 32 to 192.168.0.201 port 33465

SESSION-TIMEOUT := 1953
 Idle-Timeout := 180
 WISPr-Bandwidth-Max-Down
:= 2048000
 WISPr-Bandwidth-Max-Up := 256000
 Mikrotik-Rate-Limit :=
"256000/2048000"
Finished request 0.
Going to the next request
Waking up
in 4.9 seconds.
rad_recv: Accounting-Request packet from host
192.168.0.201 port 55450, id=33, length=176
 Acct-Status-Type = Start

NAS-Port-Type = Wireless-802.11
 Calling-Station-Id =
"00:22:5F:0F:58:84"
 Called-Station-Id = "Piazza Laterale"
 NAS-Port-Id
= "hs-bridge"
 User-Name = "00393383880766 at BarCentrale"
 NAS-Port =
2151677962
 Acct-Session-Id = "8040000a"
 Framed-IP-Address =
10.0.200.105
 Mikrotik-Host-IP = 10.0.200.105
 Event-Timestamp = "Sep 16
2016 14:22:23 CEST"
 NAS-Identifier = "Piazza Laterale"
 Acct-Delay-Time
= 0
 NAS-IP-Address = 192.168.0.201
# Executing section preacct from
file /etc/raddb/radiusd.conf
+- entering group preacct
{...}
[acct_unique] Hashing 'Client-IP-Address =
192.168.0.201,NAS-IP-Address = 192.168.0.201,Acct-Session-Id =
"8040000a",User-Name = "00393383880766 at BarCentrale"'
[acct_unique]
Acct-Unique-Session-ID = "9fbe06198361f0df".
++[acct_unique] returns
ok
# Executing section accounting from file
/etc/raddb/sites-enabled/default
+- entering group accounting {...}
++-
entering policy rewrite.calling_station_id {...}
+++? if
((Calling-Station-Id) && "%{Calling-Station-Id}" =~
/^%{config:policy.mac-addr}$/i)
?? Evaluating (Calling-Station-Id) ->
TRUE
 expand: %{Calling-Station-Id} -> 00:22:5F:0F:58:84
 expand:
policy.mac-addr -> policy.mac-addr
 expand: ^%{config:policy.mac-addr}$
->
^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$
?
Evaluating ("%{Calling-Station-Id}" =~ /^%{config:policy.mac-addr}$/i)
-> TRUE
+++? if ((Calling-Station-Id) && "%{Calling-Station-Id}" =~
/^%{config:policy.mac-addr}$/i) -> TRUE
+++- entering if
((Calling-Station-Id) && "%{Calling-Station-Id}" =~
/^%{config:policy.mac-addr}$/i) {...}
 expand:
%{1}:%{2}:%{3}:%{4}:%{5}:%{6} -> 00:22:5F:0F:58:84
 expand:
%{toupper:%{1}:%{2}:%{3}:%{4}:%{5}:%{6}} ->
00:22:5F:0F:58:84
++++[request] returns noop
++++[updated] returns
updated
+++- if ((Calling-Station-Id) && "%{Calling-Station-Id}" =~
/^%{config:policy.mac-addr}$/i) returns updated
+++ ... skipping else
for request 1: Preceding "if" was taken
++- policy
rewrite.calling_station_id returns updated
++[unix] returns ok
[sql]
expand: %{User-Name} -> 00393383880766 at BarCentrale
[sql] sql_set_user
escaped user --> '00393383880766 at BarCentrale'
[sql] expand:
%{Acct-Delay-Time} -> 0
[sql] expand: INSERT INTO radacct
(acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid,
nasporttype, acctstarttime, acctstoptime, acctsessiontime,
acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets,
acctoutputoctets, calledstationid, callingstationid, acctterminatecause,
servicetype, framedprotocol, framedipaddress, acctstartdelay,
acctstopdelay, xascendsessionsvrkey) VALUES ('%{Acct-Session-Id}',
'%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}',
'%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S', NULL, '0',
'%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0',
'%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}',
'%{Framed-Protocol}', '%{Framed-IP-Address}',
rlm_sql (sql): Reserving
sql socket id: 0
rlm_sql (sql): Released sql socket id: 0
++[sql]
returns ok
[attr_filter.accounting_response] expand: %{User-Name} ->
00393383880766 at BarCentrale
attr_filter: Matched entry DEFAULT at line
12
++[attr_filter.accounting_response] returns updated
 expand:
%{User-Name} -> 00393383880766 at BarCentrale
 expand: %{Acct-Session-Id}
-> 8040000a
 expand: %{NAS-IP-Address} -> 192.168.0.201
 expand:
%{Framed-IP-Address} -> 10.0.200.105
 EXPAND: %{SESSION-TIMEOUT}
->
++[coa] returns updated
Sending Accounting-Response of id 33 to
192.168.0.201 port 55450
 WARNING: Empty pre-proxy section. Using
default return values.
SENDING COA-REQUEST OF ID 217 TO 192.168.0.201
PORT 3799
 User-Name = "00393383880766 at BarCentrale"
 Acct-Session-Id =
"8040000a"
 NAS-IP-Address = 192.168.0.201
 Framed-IP-Address =
10.0.200.105
 SESSION-TIMEOUT = 0
Finished request 1.
Cleaning up
request 1 ID 33 with timestamp +134
Going to the next request
Waking up
in 1.8 seconds.
rad_recv: CoA-ACK packet from host 192.168.0.201 port
3799, id=217, length=43
 NAS-Identifier = "Piazza Laterale"

NAS-IP-Address = 192.168.0.201
# Executing section post-proxy from file
/etc/raddb/sites-enabled/default

As you can see from the LOG, CoA is
working correctly but send as Session-Timeout 0, instead of the correct
credit Traffic for the user that is 1953.

I have tried a lot of
variable on the "coa update" for Session-Timeout and Mikrotik-XMit-Limit
but none work.

Can someone help me?

Best regards
  


Con Smart 3 Giga a 9 euro/4 sett navighi veloce, chiami e invii SMS dal tuo smartphone verso tutti i fissi e mobili in Italia. Passa a Tiscali Mobile! http://casa.tiscali.it/mobile/

More information about the Freeradius-Users mailing list