sqlcounter does not work
Philemon Jaomalaza
philemon.jaomalaza at gmail.com
Thu Jan 10 06:36:12 CET 2019
Hello,
I still have issues on sqlcounter both time counter or data counter using sql , when a user with Max-Daily-Session login, after the time allowed, the user was disconnected but it can reconnect again on the same day.
I see this on debug mode on first login and when the user re-login again :
..............
........................
(0) dailycounter: No integer found in result string "". May be first session, setting counter to 0
(0) dailycounter: Allowing user, &control: Max-Daily-Session value (1048576) is greater than counter value (0)
(0) dailycounter: Setting &reply: Session-Timeout value to 600
(0) [dailycounter] = ok
...................
.....................
It does not find the time already used and it set the counter to 0 then the user has again the alowed time. Where is my issues ?
Someone can help me? Say me if I need to post here the full debug
JMLZ
-----Message d'origine-----
De : Freeradius-Users [mailto:freeradius-users-bounces+philemon.jaomalaza=gmail.com at lists.freeradius.org] De la part de Uchenna Nebedum
Envoyé : mardi 8 janvier 2019 11:55
À : FreeRadius users mailing list <Freeradius-Users at lists.freeradius.org>
Objet : Re: sqlcounter does not work
It will work for Coova-Chilli
Uchenna Nebedum
On Tue, Jan 8, 2019, 09:48 Philemon Jaomalaza <philemon.jaomalaza at gmail.com
wrote:
> Thank you,
>
> My NAS use Coova (chillispot), I will try it if this way will work for
> chillispot.
>
> But for now, I wish to continue to try it on freeradius using SQL
> beacause now I use Daloradius (Liran Tal) Web Management to manage it.
>
> I saw somewhere that that even freeradius 2.x requires a patch to make
> data counters Work but this is it right way for version 3?
>
> If it is necessary to patch, they made this like : diff -u
> rlm_sqlcounter.c.ori rlm_sqlcounter.c
>
> but I do not know where to find this file sqlcounter.c on the system
> (I use linux debian9)
>
> JMLZ
>
> -----Message d'origine-----
> De : Freeradius-Users
> [mailto:freeradius-users-bounces+philemon.jaomalaza=
> gmail.com at lists.freeradius.org] De la part de Uchenna Nebedum Envoyé :
> mardi 8 janvier 2019 09:44 À : FreeRadius users mailing list
> <Freeradius-Users at lists.freeradius.org>
> Objet : Re: sqlcounter does not work
>
> There's a data usage limiting example in the FreeRADIUS beginners
> guide by Dirk Van Der Walt.
>
> It works if your NAS has a reply attribute similar to
> 'Mikrotik-Total-Limit' and it uses the perl module.
>
> Edit FreeRADiUS dictionary and add the following
>
> ATTRIBUTE FRBG-Reset-Type 3050 string
> ATTRIBUTE FRBG-Total-Bytes 3051 string
> ATTRIBUTE FRBG-Start-Time 3052 integer
> ATTRIBUTE FRBG-Used-Bytes 3053 string
> ATTRIBUTE FRBG-Avail-Bytes 3054 string
>
>
> Create two perl modules reset_time and check_usage in the modules
> directory
>
> ###reset_time#####
> perl reset_time { module = ${confdir}/reset_time.pl }
>
> ####check_usage####
> perl check_usage { module = ${confdir}/check_usage.pl }
>
> Create the scripts in the conf directory
>
> ######reset_time.pl#########
> <http://reset_time.pl#%23%23%23%23%23%23%23%23>
>
> *#! /usr/bin/perl -w use strict; use POSIX; # use ... # This is very
> important ! use vars qw(%RAD_CHECK); use constant RLM_MODULE_OK=>
> 2;# /* the module is OK, continue */ use constant RLM_MODULE_NOOP=>
> 7; use constant RLM_MODULE_UPDATED=> 8;# /* OK (pairs modified) */*
>
> *sub authorize { #Find out when the reset time should be
> if($RAD_CHECK{'FRBG-Reset-Type'} =~ /monthly/i){
> $RAD_CHECK{'FRBG-Start-Time'} = start_of_month() }
> if($RAD_CHECK{'FRBG-Reset-Type'} =~ /weekly/i){
> $RAD_CHECK{'FRBG-Start-Time'} = start_of_week() }
> if($RAD_CHECK{'FRBG-Reset-Type'} =~ /daily/i){
> $RAD_CHECK{'FRBG-Start-Time'} = start_of_day() }
> if(exists($RAD_CHECK{'FRBG-Start-Time'})){ return
> RLM_MODULE_UPDATED; }else{ return RLM_MODULE_NOOP;
> } } sub start_of_month { #Get the current timestamp; my
> $reset_on = 1; #you decide when the monthly CAP will reset my
> $unixtime; my
> ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst)=localtim e(time);
> if($mday < $reset_on ){ $unixtime = mktime (0, 0, 0, $reset_on,
> $mon-1, $year, 0, 0); #We use the previous month }else{
> $unixtime = mktime (0, 0, 0, $reset_on, $mon, $year, 0, 0); #We
> use this month } return $unixtime; } sub start_of_week { #Get
> the current timestamp; my
> ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst)=localtim e(time);
> #create a new timestamp: my $unixtime = mktime (0, 0, 0, $mday-$wday,
> $mon, $year, 0, 0); return $unixtime; } sub start_of_day { #Get the
> current timestamp;*
> * my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst)=localtim
> e(time); #create a new timestamp: my $unixtime = mktime (0, 0, 0,
> $mday, $mon, $year, 0, 0); return $unixtime; }*
>
> *#####check_usage.pl###### <http://check_usage.pl#%23%23%23%23%23> <
> http://check_usage.pl######>*
>
> *#! usr/bin/perl -w use strict; # use ... # This is very important! use
> vars qw(%RAD_CHECK %RAD_REPLY); use constant RLM_MODULE_OK=> 2;#
> /* the module is OK, continue */ use constant RLM_MODULE_UPDATED=>
> 8;# /* OK (pairs modified) */ use constant RLM_MODULE_REJECT=> 0;#
> /* immediately reject the request */ use constant RLM_MODULE_NOOP=>
> 7; my $int_max = 4294967296; sub authorize { #We will reply,
> depending on the usage #If FRBG-Total-Bytes is larger than the
> 32-bit limit we have to set a Gigaword attribute
> if(exists($RAD_CHECK{'FRBG-Total-Bytes'}) && exists($RAD_
> CHECK{'FRBG-Used-Bytes'})){ $RAD_CHECK{'FRBG-Avail-Bytes'}
> = $RAD_CHECK{'FRBGTotal-Bytes'} - $RAD_CHECK{'FRBG-Used-Bytes'};
> }else{ return RLM_MODULE_NOOP; }*
>
> * if($RAD_CHECK{'FRBG-Avail-Bytes'} <= $RAD_CHECK{'FRBG-UsedBytes'}){
> if($RAD_CHECK{'FRBG-Reset-Type'} ne 'never'){
> $RAD_REPLY{'Reply-Message'} = "Maximum $RAD_
> CHECK{'FRBG-Reset-Type'} usage exceeded"; }else{
> $RAD_REPLY{'Reply-Message'} = "Maximum usage exceeded";
> } } return RLM_MODULE_REJECT;
> if($RAD_CHECK{'FRBG-Avail-Bytes'} >= $int_max){ #Mikrotik's reply
> attributes $RAD_REPLY{'Mikrotik-Total-Limit'} =
> $RAD_CHECK{'FRBGAvail-Bytes'} %
> $int_max; $RAD_REPLY{'Mikrotik-Total-Limit-Gigawords'} =
> int($RAD_CHECK{'FRBG-Avail-Bytes'} / $int_max ); #Coova
> Chilli's reply attributes
> $RAD_REPLY{'ChilliSpot-Max-Total-Octets'} = $RAD_
> CHECK{'FRBG-Avail-Bytes'} % $int_max;
> $RAD_REPLY{'ChilliSpot-Max-Total-Gigawords'} =
> int($RAD_CHECK{'FRBG-Avail-Bytes'} / $int_max ); }else{
> Avail-Bytes'}; $RAD_REPLY{'Mikrotik-Total-Limit'} =
> $RAD_CHECK{'FRBG $RAD_REPLY{'ChilliSpot-Max-Total-Octets'} =
> $RAD_ CHECK{'FRBG-Avail-Bytes'}; } return
> RLM_MODULE_UPDATED; }*
>
> Add this unlang to the virtual server after the daily entry.
>
> *if((control:FRBG-Total-Bytes)&&(control:FRBG-Reset-Type)){ reset_time
> if(updated){ # Reset Time was updated, # we can
> now use it in a query update control { #Get the total
> usage up to now: FRBG-Used-Bytes := "%{sql:SELECT
> IFNULL(SUM(acctinputoctets - GREATEST((%{control:FRBGStart-Time} -
> UNIX_TIMESTAMP(acctstarttime)), 0))+ SUM(acctoutputoctets
> -GREATEST((%{control:FRBG-Start-Time} -
> UNIX_TIMESTAMP(acctstarttime)),
> 0)),0) FROM radacct WHERE username='%{request:User-Name}' AND
> UNIX_TIMESTAMP(acctstarttime) + acctsessiontime >
> '%{control:FRBG-Start-Time}'}" } } else{ #Asumes
> reset type = never #Get the total usage of the user update
> control { FRBG-Used-Bytes := "%{sql:SELECT IFNULL(SUM(ac
> ctinputoctets)+SUM(acctoutputoctets),0) FROM radacct WHERE
> username='%{request:User-Name}'}" } } #Now we know how much
> they are allowed to use and the usage. check_usage }*
>
> Then create users with the following check attributes
>
> *FRBG-Total-Bytes and FRBG-Reset-Type.*
>
> Please go through the perl code as there are a few typos in it. You
> can get the book and get a full understanding.
>
> Uchenna Nebedum
>
> On Tue, Jan 8, 2019, 06:51 Philemon Jaomalaza <
> philemon.jaomalaza at gmail.com
> wrote:
>
> > Hello Dear,
> >
> >
> >
> > I use time counters to limit session time without any problem.
> >
> > Now, on the same system, I must also configure the traffic limit.
> >
> >
> >
> > The problem is that if you use a traffic counter (daily or monthly),
> > the user stays connected even if the quota is exceeded.
> >
> >
> >
> > To do it, I proceeded like this:
> >
> >
> >
> > # nano /etc/freeradius/3.0/dictionary and add this:
> >
> >
> >
> > ATTRIBUTE Max-Monthly-Traffic 3003 integer
> >
> > ATTRIBUTE Monthly-Traffic-Limit 3004 integer
> >
> >
> >
> > #nano /mods-config/sql/counter/mysql/monthlytrafficcounter.conf and
> > add
> > this:
> >
> >
> >
> > query = "SELECT SUM (acctinputoctets + acctoutputoctets) FROM
> > radacct WHERE UserName = '% {$ {key}}' AND UNIX_TIMESTAMP
> > (AcctStartTime)> '%%
> b'"
> >
> >
> >
> > Then, in / mods-available / sqlcounter, I added:
> >
> >
> >
> > sqlcounter monthlytrafficcounter {
> >
> > sql_module_instance = sql
> >
> > #dialect = $ {modules.sql.dialect}
> >
> > dialect = "mysql"
> >
> > counter_name = Monthly-Traffic
> >
> > check_name = Max-Monthly-Traffic
> >
> > reply_name = Monthly-Traffic-Limit
> >
> > key = User-Name
> >
> > reset = monthly
> >
> > $ INCLUDE $ {modconfdir} / sql / counter / $ {dialect} / $ {.:
> > instance} .conf
> >
> > }
> >
> >
> >
> > and enable it:
> >
> >
> >
> > # cd /etc/freeradius/3.0/mods-enabled
> >
> > ln -s ../mods-available/sqlcounter sqlcounter
> >
> >
> >
> > # nano /etc/freeradius/3.0/sites-enabled/default
> >
> > authorize {
> >
> > ...
> >
> > sql
> >
> > # check monthly usage limit
> >
> > monthlytrafficcounter
> >
> > ...
> >
> > }
> >
> >
> >
> > and restart freeradius
> >
> >
> >
> > Could you help me to find out why it does not work?
> >
> >
> >
> >
> >
> > JMLZ
> >
> >
> >
> >
> >
> > ---
> > L'absence de virus dans ce courrier électronique a été vérifiée par
> > le logiciel antivirus Avast.
> > https://www.avast.com/antivirus
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
> ---
> L'absence de virus dans ce courrier électronique a été vérifiée par le
> logiciel antivirus Avast.
> https://www.avast.com/antivirus
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
---
L'absence de virus dans ce courrier électronique a été vérifiée par le logiciel antivirus Avast.
https://www.avast.com/antivirus
More information about the Freeradius-Users
mailing list