rlm_sqlcounter problem

classic Classic list List threaded Threaded
7 messages Options
| Threaded
Open this post in threaded view
|

rlm_sqlcounter problem

"Carlos Martínez-Troncoso C."
Hello.

I have freradius-1.0.2 with autorizathion and authentication in LDAP and accounting in MySQL. I configured to use rlm_sqlcounter to control time connections, testing with NTRadping work well but testing with my Cisco NAS it doesn´t work

With my cisco NAS this is the message:

rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
  modcall[authorize]: module "noresetcounter" returns noop for request 3
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
  modcall[authorize]: module "monthlycounter" returns noop for request 3


With NTRadPing the message is:

rlm_sqlcounter: (Check item - counter) is greater than zero
rlm_sqlcounter: Authorized user cmartinez, check_item=108000, counter=106750
rlm_sqlcounter: Sent Reply-Item for user cmartinez, Type=Session-Timeout, value=1250
  modcall[authorize]: module "monthlycounter" returns ok for request 8


My relevant conf files:
------------------------------------
clients.conf

#PC with NTRadping
client 172.16.31.43/32 {
       secret          = xxxxx
       shortname       = Carlos
       type            = other
}
#Cisco NAS
client 200.106.138.14/32 {
    secret        = xxxxxx
    shortname    = cisco
    type        = cisco
}
------------------------------------
radiusd.conf

prefix = /usr
exec_prefix = /usr
sysconfdir = /etc
localstatedir = /var
sbindir = /usr/sbin
logdir = ${localstatedir}/log/radius
raddbdir = ${sysconfdir}/raddb
radacctdir = ${logdir}/radacct
confdir = ${raddbdir}
run_dir = ${localstatedir}/run/radiusd
log_file = ${logdir}/radius.log
libdir = /usr/local/lib
pidfile = ${run_dir}/radiusd.pid
user = radiusd
group = radiusd
max_request_time = 30
delete_blocked_requests = no
cleanup_delay = 5
max_requests = 1024
bind_address = *
port = 1812
hostname_lookups = no
allow_core_dumps = no
regular_expressions    = yes
extended_expressions    = yes
log_stripped_names = yes
log_auth = yes
log_auth_badpass = no
log_auth_goodpass = no
usercollide = no
lower_user = no
lower_pass = no
nospace_user = no
nospace_pass = no
checkrad = ${sbindir}/checkrad

security {
    max_attributes = 200
    reject_delay = 1
    status_server = no
}

proxy_requests  = no
$INCLUDE  ${confdir}/clients.conf
snmp    = no
$INCLUDE  ${confdir}/snmp.conf

thread pool {
    start_servers = 5
    max_servers = 32
    min_spare_servers = 3
    max_spare_servers = 10
    max_requests_per_server = 0
}

modules {

    pap {
        encryption_scheme = crypt
    }

    chap {
        authtype = CHAP
    }

    pam {
        pam_auth = radiusd
    }

    $INCLUDE  ${confdir}/sql.conf
    $INCLUDE  ${confdir}/sqlcounter.conf       

    mschap {
        authtype = MS-CHAP
    }

    ldap {
        server = "200.xx.xx.xx"
        port = "390"
        identity = "cn=Directory Manager"
        password = xxxxxxxxxx
        basedn = "o=yy,o=yy"
        password_attribute = "userPassword"
        filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
        start_tls = no
        access_attr = "dialupAccess"
        dictionary_mapping = ${raddbdir}/ldap.attrmap
        ldap_connections_number = 5
        timeout = 4
        timelimit = 3
        net_timeout = 1
    }

    checkval {
        item-name = Max-Monthly-Session
        check-name = Max-Monthly-Session
        data-type = string
    }
   
    preprocess {
        huntgroups = ${confdir}/huntgroups
        hints = ${confdir}/hints
        with_ascend_hack = no
        ascend_channels_per_line = 23
        with_ntdomain_hack = no
        with_specialix_jetstream_hack = no
        with_cisco_vsa_hack = no
    }

    files {
        usersfile = ${confdir}/users
        acctusersfile = ${confdir}/acct_users
        compat = no
    }

    detail {
        detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d
        detailperm = 0600
    }

        detail auth_log {
         detailfile = ${radacctdir}/%{Client-IP-Address}/auth-detail-%Y%m%d
         detailperm = 0600
     }

    detailfile = ${radacctdir}/%{Client-IP-Address}/reply-detail-%Y%m%d
      detailperm = 0600

    acct_unique {
        key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
    }

    radutmp {
        filename = ${logdir}/radutmp
        username = %{User-Name}
        case_sensitive = yes
        check_with_nas = yes       
        perm = 0600
        callerid = "yes"
    }

    radutmp sradutmp {
        filename = ${logdir}/sradutmp
        perm = 0644
        callerid = "no"
    }

    attr_filter {
        attrsfile = ${confdir}/attrs
    }

    always fail {
        rcode = fail
    }
    always reject {
        rcode = reject
    }
    always ok {
        rcode = ok
        simulcount = 0
        mpp = no
    }

    expr {
    }

    digest {
    }

    exec {
        wait = yes
        input_pairs = request
    }

    exec echo {
        wait = yes
        program = "/bin/echo %{User-Name}"
        input_pairs = request
        output_pairs = reply
    }

    ippool main_pool {
        range-start = 192.168.1.1
        range-stop = 192.168.3.254
        netmask = 255.255.255.0
        cache-size = 800
        session-db = ${raddbdir}/db.ippool
        ip-index = ${raddbdir}/db.ipindex
        override = no
        maximum-timeout = 0
    }
}

instantiate {
    exec
    expr
    monthlycounter
}

authorize {
    preprocess
    auth_log
        chap
    mschap
    files
    ldap
    noresetcounter
    monthlycounter
}

authenticate {
    Auth-Type PAP {
        pap
    }
    Auth-Type CHAP {
        chap
    }
    Auth-Type MS-CHAP {
        mschap
    }
    Auth-Type LDAP {
        ldap
    }
}

preacct {
    preprocess
    acct_unique
}

accounting {
    detail
    radutmp
    sradutmp
    sql
}

session {
    radutmp
    sql
}

post-auth {
}

pre-proxy {
}

post-proxy {
}

-------------------------------------
users

DEFAULT Auth-Type = ldap
    Fall-Through = 1

DEFAULT Simultaneous-Use := 1
    Fall-Through = 1

DEFAULT Framed-Protocol == PPP
    Framed-Protocol = PPP,
    Framed-Compression = Van-Jacobson-TCP-IP

testuser Max-Monthly-Session := 108000, Auth-Type := ldap
    Service-Type = Framed-User,
    Framed-Protocol = PPP


Any help will be appreciated.

Thanks a lot

-- 
Carlos Martínez-Troncoso Cera
Coordinador de Servicios Internet/Intranet
Universidad del Norte
Barranquilla, Colombia

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: rlm_sqlcounter problem

Roberto Gonzalez Azevedo
Show us your sqlcounter.conf ...

You should define 'check-item' in sqlcounter.conf ...

-------------------------
Roberto Gonzalez Azevedo
Carlos Martínez-Troncoso Cera wrote:

> Hello.
>
> I have freradius-1.0.2 with autorizathion and authentication in LDAP and
> accounting in MySQL. I configured to use rlm_sqlcounter to control time
> connections, testing with NTRadping work well but testing with my Cisco NAS it
> doesn´t work
>
> With my cisco NAS this is the message:
>
> rlm_sqlcounter: Entering module authorize code
> rlm_sqlcounter: Could not find Check item value pair
>   modcall[authorize]: module "noresetcounter" returns noop for request 3
> rlm_sqlcounter: Entering module authorize code
> rlm_sqlcounter: Could not find Check item value pair
>   modcall[authorize]: module "monthlycounter" returns noop for request 3
>
>
> With NTRadPing the message is:
>
> rlm_sqlcounter: (Check item - counter) is greater than zero
> rlm_sqlcounter: Authorized user cmartinez, check_item=108000, counter=106750
> rlm_sqlcounter: Sent Reply-Item for user cmartinez, Type=Session-Timeout, value=1250
>   modcall[authorize]: module "monthlycounter" returns ok for request 8
>
>
> My relevant conf files:
> ------------------------------------
> clients.conf
>
> #PC with NTRadping
> client 172.16.31.43/32 {
>        secret          = xxxxx
>        shortname       = Carlos
>        type            = other
> }
> #Cisco NAS
> client 200.106.138.14/32 {
>     secret        = xxxxxx
>     shortname    = cisco
>     type        = cisco
> }
> ------------------------------------
> radiusd.conf
>
> prefix = /usr
> exec_prefix = /usr
> sysconfdir = /etc
> localstatedir = /var
> sbindir = /usr/sbin
> logdir = ${localstatedir}/log/radius
> raddbdir = ${sysconfdir}/raddb
> radacctdir = ${logdir}/radacct
> confdir = ${raddbdir}
> run_dir = ${localstatedir}/run/radiusd
> log_file = ${logdir}/radius.log
> libdir = /usr/local/lib
> pidfile = ${run_dir}/radiusd.pid
> user = radiusd
> group = radiusd
> max_request_time = 30
> delete_blocked_requests = no
> cleanup_delay = 5
> max_requests = 1024
> bind_address = *
> port = 1812
> hostname_lookups = no
> allow_core_dumps = no
> regular_expressions    = yes
> extended_expressions    = yes
> log_stripped_names = yes
> log_auth = yes
> log_auth_badpass = no
> log_auth_goodpass = no
> usercollide = no
> lower_user = no
> lower_pass = no
> nospace_user = no
> nospace_pass = no
> checkrad = ${sbindir}/checkrad
>
> security {
>     max_attributes = 200
>     reject_delay = 1
>     status_server = no
> }
>
> proxy_requests  = no
> $INCLUDE  ${confdir}/clients.conf
> snmp    = no
> $INCLUDE  ${confdir}/snmp.conf
>
> thread pool {
>     start_servers = 5
>     max_servers = 32
>     min_spare_servers = 3
>     max_spare_servers = 10
>     max_requests_per_server = 0
> }
>
> modules {
>
>     pap {
>         encryption_scheme = crypt
>     }
>
>     chap {
>         authtype = CHAP
>     }
>
>     pam {
>         pam_auth = radiusd
>     }
>
>     $INCLUDE  ${confdir}/sql.conf
>     $INCLUDE  ${confdir}/sqlcounter.conf      
>
>     mschap {
>         authtype = MS-CHAP
>     }
>
>     ldap {
>         server = "200.xx.xx.xx"
>         port = "390"
>         identity = "cn=Directory Manager"
>         password = xxxxxxxxxx
>         basedn = "o=yy,o=yy"
>         password_attribute = "userPassword"
>         filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
>         start_tls = no
>         access_attr = "dialupAccess"
>         dictionary_mapping = ${raddbdir}/ldap.attrmap
>         ldap_connections_number = 5
>         timeout = 4
>         timelimit = 3
>         net_timeout = 1
>     }
>
>     checkval {
>         item-name = Max-Monthly-Session
>         check-name = Max-Monthly-Session
>         data-type = string
>     }
>    
>     preprocess {
>         huntgroups = ${confdir}/huntgroups
>         hints = ${confdir}/hints
>         with_ascend_hack = no
>         ascend_channels_per_line = 23
>         with_ntdomain_hack = no
>         with_specialix_jetstream_hack = no
>         with_cisco_vsa_hack = no
>     }
>
>     files {
>         usersfile = ${confdir}/users
>         acctusersfile = ${confdir}/acct_users
>         compat = no
>     }
>
>     detail {
>         detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d
>         detailperm = 0600
>     }
>
>         detail auth_log {
>          detailfile = ${radacctdir}/%{Client-IP-Address}/auth-detail-%Y%m%d
>          detailperm = 0600
>      }
>
>     detailfile = ${radacctdir}/%{Client-IP-Address}/reply-detail-%Y%m%d
>       detailperm = 0600
>
>     acct_unique {
>         key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address,
> NAS-Port"
>     }
>
>     radutmp {
>         filename = ${logdir}/radutmp
>         username = %{User-Name}
>         case_sensitive = yes
>         check_with_nas = yes      
>         perm = 0600
>         callerid = "yes"
>     }
>
>     radutmp sradutmp {
>         filename = ${logdir}/sradutmp
>         perm = 0644
>         callerid = "no"
>     }
>
>     attr_filter {
>         attrsfile = ${confdir}/attrs
>     }
>
>     always fail {
>         rcode = fail
>     }
>     always reject {
>         rcode = reject
>     }
>     always ok {
>         rcode = ok
>         simulcount = 0
>         mpp = no
>     }
>
>     expr {
>     }
>
>     digest {
>     }
>
>     exec {
>         wait = yes
>         input_pairs = request
>     }
>
>     exec echo {
>         wait = yes
>         program = "/bin/echo %{User-Name}"
>         input_pairs = request
>         output_pairs = reply
>     }
>
>     ippool main_pool {
>         range-start = 192.168.1.1
>         range-stop = 192.168.3.254
>         netmask = 255.255.255.0
>         cache-size = 800
>         session-db = ${raddbdir}/db.ippool
>         ip-index = ${raddbdir}/db.ipindex
>         override = no
>         maximum-timeout = 0
>     }
> }
>
> instantiate {
>     exec
>     expr
>     monthlycounter
> }
>
> authorize {
>     preprocess
>     auth_log
>         chap
>     mschap
>     files
>     ldap
>     noresetcounter
>     monthlycounter
> }
>
> authenticate {
>     Auth-Type PAP {
>         pap
>     }
>     Auth-Type CHAP {
>         chap
>     }
>     Auth-Type MS-CHAP {
>         mschap
>     }
>     Auth-Type LDAP {
>         ldap
>     }
> }
>
> preacct {
>     preprocess
>     acct_unique
> }
>
> accounting {
>     detail
>     radutmp
>     sradutmp
>     sql
> }
>
> session {
>     radutmp
>     sql
> }
>
> post-auth {
> }
>
> pre-proxy {
> }
>
> post-proxy {
> }
>
> -------------------------------------
> users
>
> DEFAULT Auth-Type = ldap
>     Fall-Through = 1
>
> DEFAULT Simultaneous-Use := 1
>     Fall-Through = 1
>
> DEFAULT Framed-Protocol == PPP
>     Framed-Protocol = PPP,
>     Framed-Compression = Van-Jacobson-TCP-IP
>
> testuser Max-Monthly-Session := 108000, Auth-Type := ldap
>     Service-Type = Framed-User,
>     Framed-Protocol = PPP
>
>
> Any help will be appreciated.
>
> Thanks a lot
>
> --
> Carlos Martínez-Troncoso Cera
> Coordinador de Servicios Internet/Intranet
> Universidad del Norte
> Barranquilla, Colombia
>
>
>
> ------------------------------------------------------------------------
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: rlm_sqlcounter problem

"Carlos Martínez-Troncoso C."
Ok Roberto, here is my sqlcounter.conf

sqlcounter noresetcounter {
                counter-name = Max-All-Session-Time
                check-name = Max-All-Session
                sqlmod-inst = sql
                key = User-Name
                reset = never
                query = "SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='%{%k}'"
        }

sqlcounter dailycounter {
                driver = "rlm_sqlcounter"
                counter-name = Daily-Session-Time
                check-name = Max-Daily-Session
                sqlmod-inst = sql
                key = User-Name
                reset = daily
                query = "SELECT SUM(AcctSessionTime - GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'"
        }

sqlcounter monthlycounter {
                counter-name = Monthly-Session-Time
                check-name = Max-Monthly-Session
                sqlmod-inst = sql
                key = User-Name
                reset = monthly
                query = "SELECT SUM(AcctSessionTime - GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'"
    }


Carlos Martínez-Troncoso Cera
Coordinador de Servicios Internet/Intranet
Universidad del Norte
Barranquilla, Colombia
Tel: 57 5 3509367


Roberto Gonzalez Azevedo wrote:
Show us your sqlcounter.conf ...

You should define 'check-item' in sqlcounter.conf ...

-------------------------
Roberto Gonzalez Azevedo
Carlos Martínez-Troncoso Cera wrote:
Hello.

I have freradius-1.0.2 with autorizathion and authentication in LDAP and accounting in MySQL. I configured to use rlm_sqlcounter to control time connections, testing with NTRadping work well but testing with my Cisco NAS it doesn´t work

With my cisco NAS this is the message:

rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
  modcall[authorize]: module "noresetcounter" returns noop for request 3
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
  modcall[authorize]: module "monthlycounter" returns noop for request 3


With NTRadPing the message is:

rlm_sqlcounter: (Check item - counter) is greater than zero
rlm_sqlcounter: Authorized user cmartinez, check_item=108000, counter=106750
rlm_sqlcounter: Sent Reply-Item for user cmartinez, Type=Session-Timeout, value=1250
  modcall[authorize]: module "monthlycounter" returns ok for request 8


My relevant conf files:
------------------------------------
clients.conf

#PC with NTRadping
client 172.16.31.43/32 {
       secret          = xxxxx
       shortname       = Carlos
       type            = other
}
#Cisco NAS
client 200.106.138.14/32 {
    secret        = xxxxxx
    shortname    = cisco
    type        = cisco
}
------------------------------------
radiusd.conf

prefix = /usr
exec_prefix = /usr
sysconfdir = /etc
localstatedir = /var
sbindir = /usr/sbin
logdir = ${localstatedir}/log/radius
raddbdir = ${sysconfdir}/raddb
radacctdir = ${logdir}/radacct
confdir = ${raddbdir}
run_dir = ${localstatedir}/run/radiusd
log_file = ${logdir}/radius.log
libdir = /usr/local/lib
pidfile = ${run_dir}/radiusd.pid
user = radiusd
group = radiusd
max_request_time = 30
delete_blocked_requests = no
cleanup_delay = 5
max_requests = 1024
bind_address = *
port = 1812
hostname_lookups = no
allow_core_dumps = no
regular_expressions    = yes
extended_expressions    = yes
log_stripped_names = yes
log_auth = yes
log_auth_badpass = no
log_auth_goodpass = no
usercollide = no
lower_user = no
lower_pass = no
nospace_user = no
nospace_pass = no
checkrad = ${sbindir}/checkrad

security {
    max_attributes = 200
    reject_delay = 1
    status_server = no
}

proxy_requests  = no
$INCLUDE  ${confdir}/clients.conf
snmp    = no
$INCLUDE  ${confdir}/snmp.conf

thread pool {
    start_servers = 5
    max_servers = 32
    min_spare_servers = 3
    max_spare_servers = 10
    max_requests_per_server = 0
}

modules {

    pap {
        encryption_scheme = crypt
    }

    chap {
        authtype = CHAP
    }

    pam {
        pam_auth = radiusd
    }

    $INCLUDE  ${confdir}/sql.conf
    $INCLUDE  ${confdir}/sqlcounter.conf      
    mschap {
        authtype = MS-CHAP
    }

    ldap {
        server = "200.xx.xx.xx"
        port = "390"
        identity = "cn=Directory Manager"
        password = xxxxxxxxxx
        basedn = "o=yy,o=yy"
        password_attribute = "userPassword"
        filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
        start_tls = no
        access_attr = "dialupAccess"
        dictionary_mapping = ${raddbdir}/ldap.attrmap
        ldap_connections_number = 5
        timeout = 4
        timelimit = 3
        net_timeout = 1
    }

    checkval {
        item-name = Max-Monthly-Session
        check-name = Max-Monthly-Session
        data-type = string
    }
       preprocess {
        huntgroups = ${confdir}/huntgroups
        hints = ${confdir}/hints
        with_ascend_hack = no
        ascend_channels_per_line = 23
        with_ntdomain_hack = no
        with_specialix_jetstream_hack = no
        with_cisco_vsa_hack = no
    }

    files {
        usersfile = ${confdir}/users
        acctusersfile = ${confdir}/acct_users
        compat = no
    }

    detail {
        detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d
        detailperm = 0600
    }

        detail auth_log {
         detailfile = ${radacctdir}/%{Client-IP-Address}/auth-detail-%Y%m%d
         detailperm = 0600
     }

    detailfile = ${radacctdir}/%{Client-IP-Address}/reply-detail-%Y%m%d
      detailperm = 0600

    acct_unique {
        key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
    }

    radutmp {
        filename = ${logdir}/radutmp
        username = %{User-Name}
        case_sensitive = yes
        check_with_nas = yes               perm = 0600
        callerid = "yes"
    }

    radutmp sradutmp {
        filename = ${logdir}/sradutmp
        perm = 0644
        callerid = "no"
    }

    attr_filter {
        attrsfile = ${confdir}/attrs
    }

    always fail {
        rcode = fail
    }
    always reject {
        rcode = reject
    }
    always ok {
        rcode = ok
        simulcount = 0
        mpp = no
    }

    expr {
    }

    digest {
    }

    exec {
        wait = yes
        input_pairs = request
    }

    exec echo {
        wait = yes
        program = "/bin/echo %{User-Name}"
        input_pairs = request
        output_pairs = reply
    }

    ippool main_pool {
        range-start = 192.168.1.1
        range-stop = 192.168.3.254
        netmask = 255.255.255.0
        cache-size = 800
        session-db = ${raddbdir}/db.ippool
        ip-index = ${raddbdir}/db.ipindex
        override = no
        maximum-timeout = 0
    }
}

instantiate {
    exec
    expr
    monthlycounter
}

authorize {
    preprocess
    auth_log
        chap
    mschap
    files
    ldap
    noresetcounter
    monthlycounter
}

authenticate {
    Auth-Type PAP {
        pap
    }
    Auth-Type CHAP {
        chap
    }
    Auth-Type MS-CHAP {
        mschap
    }
    Auth-Type LDAP {
        ldap
    }
}

preacct {
    preprocess
    acct_unique
}

accounting {
    detail
    radutmp
    sradutmp
    sql
}

session {
    radutmp
    sql
}

post-auth {
}

pre-proxy {
}

post-proxy {
}

-------------------------------------
users

DEFAULT Auth-Type = ldap
    Fall-Through = 1

DEFAULT Simultaneous-Use := 1
    Fall-Through = 1

DEFAULT Framed-Protocol == PPP
    Framed-Protocol = PPP,
    Framed-Compression = Van-Jacobson-TCP-IP

testuser Max-Monthly-Session := 108000, Auth-Type := ldap
    Service-Type = Framed-User,
    Framed-Protocol = PPP


Any help will be appreciated.

Thanks a lot

-- 
Carlos Martínez-Troncoso Cera
Coordinador de Servicios Internet/Intranet
Universidad del Norte
Barranquilla, Colombia



------------------------------------------------------------------------

- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: rlm_sqlcounter problem

"Carlos Martínez-Troncoso C."
In reply to this post by Roberto Gonzalez Azevedo
ok Roberto:
sqlcounter noresetcounter {
                counter-name = Max-All-Session-Time
                check-name = Max-All-Session
                sqlmod-inst = sql
                key = User-Name
                reset = never
                query = "SELECT SUM(AcctSessionTime) FROM radacct WHERE
UserName='%{%k}'"
        }

sqlcounter dailycounter {
                driver = "rlm_sqlcounter"
                counter-name = Daily-Session-Time
                check-name = Max-Daily-Session
                sqlmod-inst = sql
                key = User-Name
                reset = daily
                query = "SELECT SUM(AcctSessionTime - GREATEST((%b -
UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{%k}'
AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'"
        }

sqlcounter monthlycounter {
                counter-name = Monthly-Session-Time
                check-name = Max-Monthly-Session
                sqlmod-inst = sql
                key = User-Name
                reset = monthly
                query = "SELECT SUM(AcctSessionTime - GREATEST((%b -
UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{%k}'
AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'"
    }



Carlos Martínez-Troncoso Cera
Coordinador de Servicios Internet/Intranet
Universidad del Norte
Barranquilla, Colombia
Tel: 57 5 3509367



Roberto Gonzalez Azevedo wrote:

> Show us your sqlcounter.conf ...
>
> You should define 'check-item' in sqlcounter.conf ...
>
> -------------------------
> Roberto Gonzalez Azevedo
> Carlos Martínez-Troncoso Cera wrote:
>
>> Hello.
>>
>> I have freradius-1.0.2 with autorizathion and authentication in LDAP
>> and accounting in MySQL. I configured to use rlm_sqlcounter to
>> control time connections, testing with NTRadping work well but
>> testing with my Cisco NAS it doesn´t work
>>
>> With my cisco NAS this is the message:
>>
>> rlm_sqlcounter: Entering module authorize code
>> rlm_sqlcounter: Could not find Check item value pair
>>   modcall[authorize]: module "noresetcounter" returns noop for request 3
>> rlm_sqlcounter: Entering module authorize code
>> rlm_sqlcounter: Could not find Check item value pair
>>   modcall[authorize]: module "monthlycounter" returns noop for request 3
>>
>>
>> With NTRadPing the message is:
>>
>> rlm_sqlcounter: (Check item - counter) is greater than zero
>> rlm_sqlcounter: Authorized user cmartinez, check_item=108000,
>> counter=106750
>> rlm_sqlcounter: Sent Reply-Item for user cmartinez,
>> Type=Session-Timeout, value=1250
>>   modcall[authorize]: module "monthlycounter" returns ok for request 8
>>
>>
>> My relevant conf files:
>> ------------------------------------
>> clients.conf
>>
>> #PC with NTRadping
>> client 172.16.31.43/32 {
>>        secret          = xxxxx
>>        shortname       = Carlos
>>        type            = other
>> }
>> #Cisco NAS
>> client 200.106.138.14/32 {
>>     secret        = xxxxxx
>>     shortname    = cisco
>>     type        = cisco
>> }
>> ------------------------------------
>> radiusd.conf
>>
>> prefix = /usr
>> exec_prefix = /usr
>> sysconfdir = /etc
>> localstatedir = /var
>> sbindir = /usr/sbin
>> logdir = ${localstatedir}/log/radius
>> raddbdir = ${sysconfdir}/raddb
>> radacctdir = ${logdir}/radacct
>> confdir = ${raddbdir}
>> run_dir = ${localstatedir}/run/radiusd
>> log_file = ${logdir}/radius.log
>> libdir = /usr/local/lib
>> pidfile = ${run_dir}/radiusd.pid
>> user = radiusd
>> group = radiusd
>> max_request_time = 30
>> delete_blocked_requests = no
>> cleanup_delay = 5
>> max_requests = 1024
>> bind_address = *
>> port = 1812
>> hostname_lookups = no
>> allow_core_dumps = no
>> regular_expressions    = yes
>> extended_expressions    = yes
>> log_stripped_names = yes
>> log_auth = yes
>> log_auth_badpass = no
>> log_auth_goodpass = no
>> usercollide = no
>> lower_user = no
>> lower_pass = no
>> nospace_user = no
>> nospace_pass = no
>> checkrad = ${sbindir}/checkrad
>>
>> security {
>>     max_attributes = 200
>>     reject_delay = 1
>>     status_server = no
>> }
>>
>> proxy_requests  = no
>> $INCLUDE  ${confdir}/clients.conf
>> snmp    = no
>> $INCLUDE  ${confdir}/snmp.conf
>>
>> thread pool {
>>     start_servers = 5
>>     max_servers = 32
>>     min_spare_servers = 3
>>     max_spare_servers = 10
>>     max_requests_per_server = 0
>> }
>>
>> modules {
>>
>>     pap {
>>         encryption_scheme = crypt
>>     }
>>
>>     chap {
>>         authtype = CHAP
>>     }
>>
>>     pam {
>>         pam_auth = radiusd
>>     }
>>
>>     $INCLUDE  ${confdir}/sql.conf
>>     $INCLUDE  ${confdir}/sqlcounter.conf      
>>     mschap {
>>         authtype = MS-CHAP
>>     }
>>
>>     ldap {
>>         server = "200.xx.xx.xx"
>>         port = "390"
>>         identity = "cn=Directory Manager"
>>         password = xxxxxxxxxx
>>         basedn = "o=yy,o=yy"
>>         password_attribute = "userPassword"
>>         filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
>>         start_tls = no
>>         access_attr = "dialupAccess"
>>         dictionary_mapping = ${raddbdir}/ldap.attrmap
>>         ldap_connections_number = 5
>>         timeout = 4
>>         timelimit = 3
>>         net_timeout = 1
>>     }
>>
>>     checkval {
>>         item-name = Max-Monthly-Session
>>         check-name = Max-Monthly-Session
>>         data-type = string
>>     }
>>        preprocess {
>>         huntgroups = ${confdir}/huntgroups
>>         hints = ${confdir}/hints
>>         with_ascend_hack = no
>>         ascend_channels_per_line = 23
>>         with_ntdomain_hack = no
>>         with_specialix_jetstream_hack = no
>>         with_cisco_vsa_hack = no
>>     }
>>
>>     files {
>>         usersfile = ${confdir}/users
>>         acctusersfile = ${confdir}/acct_users
>>         compat = no
>>     }
>>
>>     detail {
>>         detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d
>>         detailperm = 0600
>>     }
>>
>>         detail auth_log {
>>          detailfile =
>> ${radacctdir}/%{Client-IP-Address}/auth-detail-%Y%m%d
>>          detailperm = 0600
>>      }
>>
>>     detailfile = ${radacctdir}/%{Client-IP-Address}/reply-detail-%Y%m%d
>>       detailperm = 0600
>>
>>     acct_unique {
>>         key = "User-Name, Acct-Session-Id, NAS-IP-Address,
>> Client-IP-Address, NAS-Port"
>>     }
>>
>>     radutmp {
>>         filename = ${logdir}/radutmp
>>         username = %{User-Name}
>>         case_sensitive = yes
>>         check_with_nas = yes               perm = 0600
>>         callerid = "yes"
>>     }
>>
>>     radutmp sradutmp {
>>         filename = ${logdir}/sradutmp
>>         perm = 0644
>>         callerid = "no"
>>     }
>>
>>     attr_filter {
>>         attrsfile = ${confdir}/attrs
>>     }
>>
>>     always fail {
>>         rcode = fail
>>     }
>>     always reject {
>>         rcode = reject
>>     }
>>     always ok {
>>         rcode = ok
>>         simulcount = 0
>>         mpp = no
>>     }
>>
>>     expr {
>>     }
>>
>>     digest {
>>     }
>>
>>     exec {
>>         wait = yes
>>         input_pairs = request
>>     }
>>
>>     exec echo {
>>         wait = yes
>>         program = "/bin/echo %{User-Name}"
>>         input_pairs = request
>>         output_pairs = reply
>>     }
>>
>>     ippool main_pool {
>>         range-start = 192.168.1.1
>>         range-stop = 192.168.3.254
>>         netmask = 255.255.255.0
>>         cache-size = 800
>>         session-db = ${raddbdir}/db.ippool
>>         ip-index = ${raddbdir}/db.ipindex
>>         override = no
>>         maximum-timeout = 0
>>     }
>> }
>>
>> instantiate {
>>     exec
>>     expr
>>     monthlycounter
>> }
>>
>> authorize {
>>     preprocess
>>     auth_log
>>         chap
>>     mschap
>>     files
>>     ldap
>>     noresetcounter
>>     monthlycounter
>> }
>>
>> authenticate {
>>     Auth-Type PAP {
>>         pap
>>     }
>>     Auth-Type CHAP {
>>         chap
>>     }
>>     Auth-Type MS-CHAP {
>>         mschap
>>     }
>>     Auth-Type LDAP {
>>         ldap
>>     }
>> }
>>
>> preacct {
>>     preprocess
>>     acct_unique
>> }
>>
>> accounting {
>>     detail
>>     radutmp
>>     sradutmp
>>     sql
>> }
>>
>> session {
>>     radutmp
>>     sql
>> }
>>
>> post-auth {
>> }
>>
>> pre-proxy {
>> }
>>
>> post-proxy {
>> }
>>
>> -------------------------------------
>> users
>>
>> DEFAULT Auth-Type = ldap
>>     Fall-Through = 1
>>
>> DEFAULT Simultaneous-Use := 1
>>     Fall-Through = 1
>>
>> DEFAULT Framed-Protocol == PPP
>>     Framed-Protocol = PPP,
>>     Framed-Compression = Van-Jacobson-TCP-IP
>>
>> testuser Max-Monthly-Session := 108000, Auth-Type := ldap
>>     Service-Type = Framed-User,
>>     Framed-Protocol = PPP
>>
>>
>> Any help will be appreciated.
>>
>> Thanks a lot
>>
>> --
>> Carlos Martínez-Troncoso Cera
>> Coordinador de Servicios Internet/Intranet
>> Universidad del Norte
>> Barranquilla, Colombia
>>
>>
>>
>> ------------------------------------------------------------------------
>>
>> - List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>
>
>
> - List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: rlm_sqlcounter problem

Roberto Gonzalez Azevedo
sqlcounter noresetcounter {
## Look here
                driver = "rlm_sqlcounter"
                counter-name = Max-All-Session-Time
                check-name = Max-All-Session
## Look here
                check-item = Max-All-Session
                sqlmod-inst = sql
                key = User-Name
                reset = never
                query = "SELECT SUM(AcctSessionTime) FROM radacct WHERE
UserName='%{%k}'"
        }

sqlcounter dailycounter {
                driver = "rlm_sqlcounter"
                counter-name = Daily-Session-Time
                check-name = Max-Daily-Session
## Look here
                check-item = Max-Daily-Session
                sqlmod-inst = sql
                key = User-Name
                reset = daily
                query = "SELECT SUM(AcctSessionTime - GREATEST((%b -
UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{%k}'
AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'"
        }

sqlcounter monthlycounter {
## Look here
                driver = "rlm_sqlcounter"
                counter-name = Monthly-Session-Time
                check-name = Max-Monthly-Session
## Look here
                check-item = Max-Monthly-Session
                sqlmod-inst = sql
                key = User-Name
                reset = monthly
                query = "SELECT SUM(AcctSessionTime - GREATEST((%b -
UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{%k}'
AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'"
    }

thanks ...
-------------------------
Roberto Gonzalez Azevedo

Carlos Martínez-Troncoso Cera wrote:

> ok Roberto:
> sqlcounter noresetcounter {
>                counter-name = Max-All-Session-Time
>                check-name = Max-All-Session
>                sqlmod-inst = sql
>                key = User-Name
>                reset = never
>                query = "SELECT SUM(AcctSessionTime) FROM radacct WHERE
> UserName='%{%k}'"
>        }
>
> sqlcounter dailycounter {
>                driver = "rlm_sqlcounter"
>                counter-name = Daily-Session-Time
>                check-name = Max-Daily-Session
>                sqlmod-inst = sql
>                key = User-Name
>                reset = daily
>                query = "SELECT SUM(AcctSessionTime - GREATEST((%b -
> UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{%k}'
> AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'"
>        }
>
> sqlcounter monthlycounter {
>                counter-name = Monthly-Session-Time
>                check-name = Max-Monthly-Session
>                sqlmod-inst = sql
>                key = User-Name
>                reset = monthly
>                query = "SELECT SUM(AcctSessionTime - GREATEST((%b -
> UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{%k}'
> AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'"
>    }
>
>
>
> Carlos Martínez-Troncoso Cera
> Coordinador de Servicios Internet/Intranet
> Universidad del Norte
> Barranquilla, Colombia
> Tel: 57 5 3509367
>
>
>
> Roberto Gonzalez Azevedo wrote:
>
>> Show us your sqlcounter.conf ...
>>
>> You should define 'check-item' in sqlcounter.conf ...
>>
>> -------------------------
>> Roberto Gonzalez Azevedo
>> Carlos Martínez-Troncoso Cera wrote:
>>
>>> Hello.
>>>
>>> I have freradius-1.0.2 with autorizathion and authentication in LDAP
>>> and accounting in MySQL. I configured to use rlm_sqlcounter to
>>> control time connections, testing with NTRadping work well but
>>> testing with my Cisco NAS it doesn´t work
>>>
>>> With my cisco NAS this is the message:
>>>
>>> rlm_sqlcounter: Entering module authorize code
>>> rlm_sqlcounter: Could not find Check item value pair
>>>   modcall[authorize]: module "noresetcounter" returns noop for request 3
>>> rlm_sqlcounter: Entering module authorize code
>>> rlm_sqlcounter: Could not find Check item value pair
>>>   modcall[authorize]: module "monthlycounter" returns noop for request 3
>>>
>>>
>>> With NTRadPing the message is:
>>>
>>> rlm_sqlcounter: (Check item - counter) is greater than zero
>>> rlm_sqlcounter: Authorized user cmartinez, check_item=108000,
>>> counter=106750
>>> rlm_sqlcounter: Sent Reply-Item for user cmartinez,
>>> Type=Session-Timeout, value=1250
>>>   modcall[authorize]: module "monthlycounter" returns ok for request 8
>>>
>>>
>>> My relevant conf files:
>>> ------------------------------------
>>> clients.conf
>>>
>>> #PC with NTRadping
>>> client 172.16.31.43/32 {
>>>        secret          = xxxxx
>>>        shortname       = Carlos
>>>        type            = other
>>> }
>>> #Cisco NAS
>>> client 200.106.138.14/32 {
>>>     secret        = xxxxxx
>>>     shortname    = cisco
>>>     type        = cisco
>>> }
>>> ------------------------------------
>>> radiusd.conf
>>>
>>> prefix = /usr
>>> exec_prefix = /usr
>>> sysconfdir = /etc
>>> localstatedir = /var
>>> sbindir = /usr/sbin
>>> logdir = ${localstatedir}/log/radius
>>> raddbdir = ${sysconfdir}/raddb
>>> radacctdir = ${logdir}/radacct
>>> confdir = ${raddbdir}
>>> run_dir = ${localstatedir}/run/radiusd
>>> log_file = ${logdir}/radius.log
>>> libdir = /usr/local/lib
>>> pidfile = ${run_dir}/radiusd.pid
>>> user = radiusd
>>> group = radiusd
>>> max_request_time = 30
>>> delete_blocked_requests = no
>>> cleanup_delay = 5
>>> max_requests = 1024
>>> bind_address = *
>>> port = 1812
>>> hostname_lookups = no
>>> allow_core_dumps = no
>>> regular_expressions    = yes
>>> extended_expressions    = yes
>>> log_stripped_names = yes
>>> log_auth = yes
>>> log_auth_badpass = no
>>> log_auth_goodpass = no
>>> usercollide = no
>>> lower_user = no
>>> lower_pass = no
>>> nospace_user = no
>>> nospace_pass = no
>>> checkrad = ${sbindir}/checkrad
>>>
>>> security {
>>>     max_attributes = 200
>>>     reject_delay = 1
>>>     status_server = no
>>> }
>>>
>>> proxy_requests  = no
>>> $INCLUDE  ${confdir}/clients.conf
>>> snmp    = no
>>> $INCLUDE  ${confdir}/snmp.conf
>>>
>>> thread pool {
>>>     start_servers = 5
>>>     max_servers = 32
>>>     min_spare_servers = 3
>>>     max_spare_servers = 10
>>>     max_requests_per_server = 0
>>> }
>>>
>>> modules {
>>>
>>>     pap {
>>>         encryption_scheme = crypt
>>>     }
>>>
>>>     chap {
>>>         authtype = CHAP
>>>     }
>>>
>>>     pam {
>>>         pam_auth = radiusd
>>>     }
>>>
>>>     $INCLUDE  ${confdir}/sql.conf
>>>     $INCLUDE  ${confdir}/sqlcounter.conf          mschap {
>>>         authtype = MS-CHAP
>>>     }
>>>
>>>     ldap {
>>>         server = "200.xx.xx.xx"
>>>         port = "390"
>>>         identity = "cn=Directory Manager"
>>>         password = xxxxxxxxxx
>>>         basedn = "o=yy,o=yy"
>>>         password_attribute = "userPassword"
>>>         filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
>>>         start_tls = no
>>>         access_attr = "dialupAccess"
>>>         dictionary_mapping = ${raddbdir}/ldap.attrmap
>>>         ldap_connections_number = 5
>>>         timeout = 4
>>>         timelimit = 3
>>>         net_timeout = 1
>>>     }
>>>
>>>     checkval {
>>>         item-name = Max-Monthly-Session
>>>         check-name = Max-Monthly-Session
>>>         data-type = string
>>>     }
>>>        preprocess {
>>>         huntgroups = ${confdir}/huntgroups
>>>         hints = ${confdir}/hints
>>>         with_ascend_hack = no
>>>         ascend_channels_per_line = 23
>>>         with_ntdomain_hack = no
>>>         with_specialix_jetstream_hack = no
>>>         with_cisco_vsa_hack = no
>>>     }
>>>
>>>     files {
>>>         usersfile = ${confdir}/users
>>>         acctusersfile = ${confdir}/acct_users
>>>         compat = no
>>>     }
>>>
>>>     detail {
>>>         detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d
>>>         detailperm = 0600
>>>     }
>>>
>>>         detail auth_log {
>>>          detailfile =
>>> ${radacctdir}/%{Client-IP-Address}/auth-detail-%Y%m%d
>>>          detailperm = 0600
>>>      }
>>>
>>>     detailfile = ${radacctdir}/%{Client-IP-Address}/reply-detail-%Y%m%d
>>>       detailperm = 0600
>>>
>>>     acct_unique {
>>>         key = "User-Name, Acct-Session-Id, NAS-IP-Address,
>>> Client-IP-Address, NAS-Port"
>>>     }
>>>
>>>     radutmp {
>>>         filename = ${logdir}/radutmp
>>>         username = %{User-Name}
>>>         case_sensitive = yes
>>>         check_with_nas = yes               perm = 0600
>>>         callerid = "yes"
>>>     }
>>>
>>>     radutmp sradutmp {
>>>         filename = ${logdir}/sradutmp
>>>         perm = 0644
>>>         callerid = "no"
>>>     }
>>>
>>>     attr_filter {
>>>         attrsfile = ${confdir}/attrs
>>>     }
>>>
>>>     always fail {
>>>         rcode = fail
>>>     }
>>>     always reject {
>>>         rcode = reject
>>>     }
>>>     always ok {
>>>         rcode = ok
>>>         simulcount = 0
>>>         mpp = no
>>>     }
>>>
>>>     expr {
>>>     }
>>>
>>>     digest {
>>>     }
>>>
>>>     exec {
>>>         wait = yes
>>>         input_pairs = request
>>>     }
>>>
>>>     exec echo {
>>>         wait = yes
>>>         program = "/bin/echo %{User-Name}"
>>>         input_pairs = request
>>>         output_pairs = reply
>>>     }
>>>
>>>     ippool main_pool {
>>>         range-start = 192.168.1.1
>>>         range-stop = 192.168.3.254
>>>         netmask = 255.255.255.0
>>>         cache-size = 800
>>>         session-db = ${raddbdir}/db.ippool
>>>         ip-index = ${raddbdir}/db.ipindex
>>>         override = no
>>>         maximum-timeout = 0
>>>     }
>>> }
>>>
>>> instantiate {
>>>     exec
>>>     expr
>>>     monthlycounter
>>> }
>>>
>>> authorize {
>>>     preprocess
>>>     auth_log
>>>         chap
>>>     mschap
>>>     files
>>>     ldap
>>>     noresetcounter
>>>     monthlycounter
>>> }
>>>
>>> authenticate {
>>>     Auth-Type PAP {
>>>         pap
>>>     }
>>>     Auth-Type CHAP {
>>>         chap
>>>     }
>>>     Auth-Type MS-CHAP {
>>>         mschap
>>>     }
>>>     Auth-Type LDAP {
>>>         ldap
>>>     }
>>> }
>>>
>>> preacct {
>>>     preprocess
>>>     acct_unique
>>> }
>>>
>>> accounting {
>>>     detail
>>>     radutmp
>>>     sradutmp
>>>     sql
>>> }
>>>
>>> session {
>>>     radutmp
>>>     sql
>>> }
>>>
>>> post-auth {
>>> }
>>>
>>> pre-proxy {
>>> }
>>>
>>> post-proxy {
>>> }
>>>
>>> -------------------------------------
>>> users
>>>
>>> DEFAULT Auth-Type = ldap
>>>     Fall-Through = 1
>>>
>>> DEFAULT Simultaneous-Use := 1
>>>     Fall-Through = 1
>>>
>>> DEFAULT Framed-Protocol == PPP
>>>     Framed-Protocol = PPP,
>>>     Framed-Compression = Van-Jacobson-TCP-IP
>>>
>>> testuser Max-Monthly-Session := 108000, Auth-Type := ldap
>>>     Service-Type = Framed-User,
>>>     Framed-Protocol = PPP
>>>
>>>
>>> Any help will be appreciated.
>>>
>>> Thanks a lot
>>>
>>> --
>>> Carlos Martínez-Troncoso Cera
>>> Coordinador de Servicios Internet/Intranet
>>> Universidad del Norte
>>> Barranquilla, Colombia
>>>
>>>
>>>
>>> ------------------------------------------------------------------------
>>>
>>> - List info/subscribe/unsubscribe? See
>>> http://www.freeradius.org/list/users.html
>>
>>
>>
>>
>> - List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
> - List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: rlm_sqlcounter problem

"Carlos Martínez-Troncoso C."
Thanks Roberto for your answer but I did the changes in sqlcounter.conf and with my cisco, sqlcounter doesn´t work, with NTRadping it works very well. I looked into the source code in freeradius 1.0.4 but this module is the same for 1.0.2 version (I have working 1.0.2)
What can I do?
Do you know how can I debug this module?

This is the message with radiusd -X -A (with Cisco):

rlm_ldap: user cmartinez authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
  modcall[authorize]: module "ldap" returns ok for request 5
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
  modcall[authorize]: module "monthlycounter" returns noop for request 5
modcall: group authorize returns ok for request 5
  rad_check_password:  Found Auth-Type ldap
auth: type "LDAP"
  Processing the authenticate section of radiusd.conf

-------------------------------------------------------------------------

with NTRadping:

rlm_ldap: ldap_release_conn: Release Id: 0
  modcall[authorize]: module "ldap" returns ok for request 0
rlm_sqlcounter: Entering module authorize code
sqlcounter_expand:  'SELECT SUM(AcctSessionTime - GREATEST((1117602000 - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{User-Name}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '1117602000''
radius_xlat:  'SELECT SUM(AcctSessionTime - GREATEST((1117602000 - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='cmartinez' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '1117602000''
sqlcounter_expand:  '%{sql:SELECT SUM(AcctSessionTime - GREATEST((1117602000 - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='cmartinez' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '1117602000'}'
radius_xlat: Running registered xlat function of module sql for string 'SELECT SUM(AcctSessionTime - GREATEST((1117602000 - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='cmartinez' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '1117602000''
rlm_sql (sql): - sql_xlat
radius_xlat:  'cmartinez'
rlm_sql (sql): sql_set_user escaped user --> 'cmartinez'
radius_xlat:  'SELECT SUM(AcctSessionTime - GREATEST((1117602000 - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='cmartinez' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '1117602000''
rlm_sql (sql): Reserving sql socket id: 4
rlm_sql (sql): - sql_xlat finished
rlm_sql (sql): Released sql socket id: 4
radius_xlat:  '107853'
rlm_sqlcounter: (Check item - counter) is less than zero
rlm_sqlcounter: Rejected user cmartinez, check_item=100000, counter=107853
 

Thanks for your help!
Carlos Martínez-Troncoso Cera
Coordinador de Servicios Internet/Intranet
Universidad del Norte
Barranquilla, Colombia
Tel: 57 5 3509367


Roberto Gonzalez Azevedo wrote:
sqlcounter noresetcounter {
## Look here
        driver = "rlm_sqlcounter"
               counter-name = Max-All-Session-Time
               check-name = Max-All-Session
## Look here
        check-item = Max-All-Session
               sqlmod-inst = sql
               key = User-Name
               reset = never
               query = "SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='%{%k}'"
       }

sqlcounter dailycounter {
               driver = "rlm_sqlcounter"
               counter-name = Daily-Session-Time
               check-name = Max-Daily-Session
## Look here
        check-item = Max-Daily-Session
               sqlmod-inst = sql
               key = User-Name
               reset = daily
               query = "SELECT SUM(AcctSessionTime - GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'"
       }

sqlcounter monthlycounter {
## Look here
        driver = "rlm_sqlcounter"
               counter-name = Monthly-Session-Time
               check-name = Max-Monthly-Session
## Look here
        check-item = Max-Monthly-Session
               sqlmod-inst = sql
               key = User-Name
               reset = monthly
               query = "SELECT SUM(AcctSessionTime - GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'"
   }

thanks ...
-------------------------
Roberto Gonzalez Azevedo

Carlos Martínez-Troncoso Cera wrote:
ok Roberto:
sqlcounter noresetcounter {
               counter-name = Max-All-Session-Time
               check-name = Max-All-Session
               sqlmod-inst = sql
               key = User-Name
               reset = never
               query = "SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='%{%k}'"
       }

sqlcounter dailycounter {
               driver = "rlm_sqlcounter"
               counter-name = Daily-Session-Time
               check-name = Max-Daily-Session
               sqlmod-inst = sql
               key = User-Name
               reset = daily
               query = "SELECT SUM(AcctSessionTime - GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'"
       }

sqlcounter monthlycounter {
               counter-name = Monthly-Session-Time
               check-name = Max-Monthly-Session
               sqlmod-inst = sql
               key = User-Name
               reset = monthly
               query = "SELECT SUM(AcctSessionTime - GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'"
   }



Carlos Martínez-Troncoso Cera
Coordinador de Servicios Internet/Intranet
Universidad del Norte
Barranquilla, Colombia
Tel: 57 5 3509367



Roberto Gonzalez Azevedo wrote:

Show us your sqlcounter.conf ...

You should define 'check-item' in sqlcounter.conf ...

-------------------------
Roberto Gonzalez Azevedo
Carlos Martínez-Troncoso Cera wrote:

Hello.

I have freradius-1.0.2 with autorizathion and authentication in LDAP and accounting in MySQL. I configured to use rlm_sqlcounter to control time connections, testing with NTRadping work well but testing with my Cisco NAS it doesn´t work

With my cisco NAS this is the message:

rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
  modcall[authorize]: module "noresetcounter" returns noop for request 3
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
  modcall[authorize]: module "monthlycounter" returns noop for request 3


With NTRadPing the message is:

rlm_sqlcounter: (Check item - counter) is greater than zero
rlm_sqlcounter: Authorized user cmartinez, check_item=108000, counter=106750
rlm_sqlcounter: Sent Reply-Item for user cmartinez, Type=Session-Timeout, value=1250
  modcall[authorize]: module "monthlycounter" returns ok for request 8


My relevant conf files:
------------------------------------
clients.conf

#PC with NTRadping
client 172.16.31.43/32 {
       secret          = xxxxx
       shortname       = Carlos
       type            = other
}
#Cisco NAS
client 200.106.138.14/32 {
    secret        = xxxxxx
    shortname    = cisco
    type        = cisco
}
------------------------------------
radiusd.conf

prefix = /usr
exec_prefix = /usr
sysconfdir = /etc
localstatedir = /var
sbindir = /usr/sbin
logdir = ${localstatedir}/log/radius
raddbdir = ${sysconfdir}/raddb
radacctdir = ${logdir}/radacct
confdir = ${raddbdir}
run_dir = ${localstatedir}/run/radiusd
log_file = ${logdir}/radius.log
libdir = /usr/local/lib
pidfile = ${run_dir}/radiusd.pid
user = radiusd
group = radiusd
max_request_time = 30
delete_blocked_requests = no
cleanup_delay = 5
max_requests = 1024
bind_address = *
port = 1812
hostname_lookups = no
allow_core_dumps = no
regular_expressions    = yes
extended_expressions    = yes
log_stripped_names = yes
log_auth = yes
log_auth_badpass = no
log_auth_goodpass = no
usercollide = no
lower_user = no
lower_pass = no
nospace_user = no
nospace_pass = no
checkrad = ${sbindir}/checkrad

security {
    max_attributes = 200
    reject_delay = 1
    status_server = no
}

proxy_requests  = no
$INCLUDE  ${confdir}/clients.conf
snmp    = no
$INCLUDE  ${confdir}/snmp.conf

thread pool {
    start_servers = 5
    max_servers = 32
    min_spare_servers = 3
    max_spare_servers = 10
    max_requests_per_server = 0
}

modules {

    pap {
        encryption_scheme = crypt
    }

    chap {
        authtype = CHAP
    }

    pam {
        pam_auth = radiusd
    }

    $INCLUDE  ${confdir}/sql.conf
    $INCLUDE  ${confdir}/sqlcounter.conf          mschap {
        authtype = MS-CHAP
    }

    ldap {
        server = "200.xx.xx.xx"
        port = "390"
        identity = "cn=Directory Manager"
        password = xxxxxxxxxx
        basedn = "o=yy,o=yy"
        password_attribute = "userPassword"
        filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
        start_tls = no
        access_attr = "dialupAccess"
        dictionary_mapping = ${raddbdir}/ldap.attrmap
        ldap_connections_number = 5
        timeout = 4
        timelimit = 3
        net_timeout = 1
    }

    checkval {
        item-name = Max-Monthly-Session
        check-name = Max-Monthly-Session
        data-type = string
    }
       preprocess {
        huntgroups = ${confdir}/huntgroups
        hints = ${confdir}/hints
        with_ascend_hack = no
        ascend_channels_per_line = 23
        with_ntdomain_hack = no
        with_specialix_jetstream_hack = no
        with_cisco_vsa_hack = no
    }

    files {
        usersfile = ${confdir}/users
        acctusersfile = ${confdir}/acct_users
        compat = no
    }

    detail {
        detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d
        detailperm = 0600
    }

        detail auth_log {
         detailfile = ${radacctdir}/%{Client-IP-Address}/auth-detail-%Y%m%d
         detailperm = 0600
     }

    detailfile = ${radacctdir}/%{Client-IP-Address}/reply-detail-%Y%m%d
      detailperm = 0600

    acct_unique {
        key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
    }

    radutmp {
        filename = ${logdir}/radutmp
        username = %{User-Name}
        case_sensitive = yes
        check_with_nas = yes               perm = 0600
        callerid = "yes"
    }

    radutmp sradutmp {
        filename = ${logdir}/sradutmp
        perm = 0644
        callerid = "no"
    }

    attr_filter {
        attrsfile = ${confdir}/attrs
    }

    always fail {
        rcode = fail
    }
    always reject {
        rcode = reject
    }
    always ok {
        rcode = ok
        simulcount = 0
        mpp = no
    }

    expr {
    }

    digest {
    }

    exec {
        wait = yes
        input_pairs = request
    }

    exec echo {
        wait = yes
        program = "/bin/echo %{User-Name}"
        input_pairs = request
        output_pairs = reply
    }

    ippool main_pool {
        range-start = 192.168.1.1
        range-stop = 192.168.3.254
        netmask = 255.255.255.0
        cache-size = 800
        session-db = ${raddbdir}/db.ippool
        ip-index = ${raddbdir}/db.ipindex
        override = no
        maximum-timeout = 0
    }
}

instantiate {
    exec
    expr
    monthlycounter
}

authorize {
    preprocess
    auth_log
        chap
    mschap
    files
    ldap
    noresetcounter
    monthlycounter
}

authenticate {
    Auth-Type PAP {
        pap
    }
    Auth-Type CHAP {
        chap
    }
    Auth-Type MS-CHAP {
        mschap
    }
    Auth-Type LDAP {
        ldap
    }
}

preacct {
    preprocess
    acct_unique
}

accounting {
    detail
    radutmp
    sradutmp
    sql
}

session {
    radutmp
    sql
}

post-auth {
}

pre-proxy {
}

post-proxy {
}

-------------------------------------
users

DEFAULT Auth-Type = ldap
    Fall-Through = 1

DEFAULT Simultaneous-Use := 1
    Fall-Through = 1

DEFAULT Framed-Protocol == PPP
    Framed-Protocol = PPP,
    Framed-Compression = Van-Jacobson-TCP-IP

testuser Max-Monthly-Session := 108000, Auth-Type := ldap
    Service-Type = Framed-User,
    Framed-Protocol = PPP


Any help will be appreciated.

Thanks a lot

-- 
Carlos Martínez-Troncoso Cera
Coordinador de Servicios Internet/Intranet
Universidad del Norte
Barranquilla, Colombia



------------------------------------------------------------------------

- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html




- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: rlm_sqlcounter problem

"Carlos Martínez-Troncoso C."
I modified the users file and now it works, user is now like:

DEFAULT Simultaneous-Use := 1
    Fall-Through = 1

cmartinez Max-Monthly-Session := 108000, Auth-Type := ldap
    Service-Type = Framed-User,
    Framed -Protocol = PPP

--------------------------

Thanks a lot to Roberto and Alan for their time and help.

Carlos Martínez-Troncoso Cera
Coordinador de Servicios Internet/Intranet
Universidad del Norte
Barranquilla, Colombia
Tel: 57 5 3509367



Carlos Martínez-Troncoso Cera wrote:

> Thanks Roberto for your answer but I did the changes in
> sqlcounter.conf and with my cisco, sqlcounter doesn´t work, with
> NTRadping it works very well. I looked into the source code in
> freeradius 1.0.4 but this module is the same for 1.0.2 version (I have
> working 1.0.2)
> What can I do?
> Do you know how can I debug this module?
>
> This is the message with radiusd -X -A (with Cisco):
>
> rlm_ldap: user cmartinez authorized to use remote access
> rlm_ldap: ldap_release_conn: Release Id: 0
>   modcall[authorize]: module "ldap" returns ok for request 5
> rlm_sqlcounter: Entering module authorize code
> rlm_sqlcounter: Could not find Check item value pair
>   modcall[authorize]: module "monthlycounter" returns noop for request 5
> modcall: group authorize returns ok for request 5
>   rad_check_password:  Found Auth-Type ldap
> auth: type "LDAP"
>   Processing the authenticate section of radiusd.conf
>
> -------------------------------------------------------------------------
>
> with NTRadping:
>
> rlm_ldap: ldap_release_conn: Release Id: 0
>   modcall[authorize]: module "ldap" returns ok for request 0
> rlm_sqlcounter: Entering module authorize code
> sqlcounter_expand:  'SELECT SUM(AcctSessionTime - GREATEST((1117602000
> - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE
> UserName='%{User-Name}' AND UNIX_TIMESTAMP(AcctStartTime) +
> AcctSessionTime > '1117602000''
> radius_xlat:  'SELECT SUM(AcctSessionTime - GREATEST((1117602000 -
> UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE
> UserName='cmartinez' AND UNIX_TIMESTAMP(AcctStartTime) +
> AcctSessionTime > '1117602000''
> sqlcounter_expand:  '%{sql:SELECT SUM(AcctSessionTime -
> GREATEST((1117602000 - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM
> radacct WHERE UserName='cmartinez' AND UNIX_TIMESTAMP(AcctStartTime) +
> AcctSessionTime > '1117602000'}'
> radius_xlat: Running registered xlat function of module sql for string
> 'SELECT SUM(AcctSessionTime - GREATEST((1117602000 -
> UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE
> UserName='cmartinez' AND UNIX_TIMESTAMP(AcctStartTime) +
> AcctSessionTime > '1117602000''
> rlm_sql (sql): - sql_xlat
> radius_xlat:  'cmartinez'
> rlm_sql (sql): sql_set_user escaped user --> 'cmartinez'
> radius_xlat:  'SELECT SUM(AcctSessionTime - GREATEST((1117602000 -
> UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE
> UserName='cmartinez' AND UNIX_TIMESTAMP(AcctStartTime) +
> AcctSessionTime > '1117602000''
> rlm_sql (sql): Reserving sql socket id: 4
> rlm_sql (sql): - sql_xlat finished
> rlm_sql (sql): Released sql socket id: 4
> radius_xlat:  '107853'
> rlm_sqlcounter: (Check item - counter) is less than zero
> rlm_sqlcounter: Rejected user cmartinez, check_item=100000, counter=107853
>  
>
> Thanks for your help!
>
>Carlos Martínez-Troncoso Cera
>Coordinador de Servicios Internet/Intranet
>Universidad del Norte
>Barranquilla, Colombia
>Tel: 57 5 3509367
>
>
>
> Roberto Gonzalez Azevedo wrote:
>
>> sqlcounter noresetcounter {
>> ## Look here
>>         driver = "rlm_sqlcounter"
>>                counter-name = Max-All-Session-Time
>>                check-name = Max-All-Session
>> ## Look here
>>         check-item = Max-All-Session
>>                sqlmod-inst = sql
>>                key = User-Name
>>                reset = never
>>                query = "SELECT SUM(AcctSessionTime) FROM radacct
>> WHERE UserName='%{%k}'"
>>        }
>>
>> sqlcounter dailycounter {
>>                driver = "rlm_sqlcounter"
>>                counter-name = Daily-Session-Time
>>                check-name = Max-Daily-Session
>> ## Look here
>>         check-item = Max-Daily-Session
>>                sqlmod-inst = sql
>>                key = User-Name
>>                reset = daily
>>                query = "SELECT SUM(AcctSessionTime - GREATEST((%b -
>> UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE
>> UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime
>> > '%b'"
>>        }
>>
>> sqlcounter monthlycounter {
>> ## Look here
>>         driver = "rlm_sqlcounter"
>>                counter-name = Monthly-Session-Time
>>                check-name = Max-Monthly-Session
>> ## Look here
>>         check-item = Max-Monthly-Session
>>                sqlmod-inst = sql
>>                key = User-Name
>>                reset = monthly
>>                query = "SELECT SUM(AcctSessionTime - GREATEST((%b -
>> UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE
>> UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime
>> > '%b'"
>>    }
>>
>> thanks ...
>> -------------------------
>> Roberto Gonzalez Azevedo
>>
>> Carlos Martínez-Troncoso Cera wrote:
>>
>>> ok Roberto:
>>> sqlcounter noresetcounter {
>>>                counter-name = Max-All-Session-Time
>>>                check-name = Max-All-Session
>>>                sqlmod-inst = sql
>>>                key = User-Name
>>>                reset = never
>>>                query = "SELECT SUM(AcctSessionTime) FROM radacct
>>> WHERE UserName='%{%k}'"
>>>        }
>>>
>>> sqlcounter dailycounter {
>>>                driver = "rlm_sqlcounter"
>>>                counter-name = Daily-Session-Time
>>>                check-name = Max-Daily-Session
>>>                sqlmod-inst = sql
>>>                key = User-Name
>>>                reset = daily
>>>                query = "SELECT SUM(AcctSessionTime - GREATEST((%b -
>>> UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE
>>> UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime
>>> > '%b'"
>>>        }
>>>
>>> sqlcounter monthlycounter {
>>>                counter-name = Monthly-Session-Time
>>>                check-name = Max-Monthly-Session
>>>                sqlmod-inst = sql
>>>                key = User-Name
>>>                reset = monthly
>>>                query = "SELECT SUM(AcctSessionTime - GREATEST((%b -
>>> UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE
>>> UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime
>>> > '%b'"
>>>    }
>>>
>>>
>>>
>>> Carlos Martínez-Troncoso Cera
>>> Coordinador de Servicios Internet/Intranet
>>> Universidad del Norte
>>> Barranquilla, Colombia
>>> Tel: 57 5 3509367
>>>
>>>
>>>
>>> Roberto Gonzalez Azevedo wrote:
>>>
>>>> Show us your sqlcounter.conf ...
>>>>
>>>> You should define 'check-item' in sqlcounter.conf ...
>>>>
>>>> -------------------------
>>>> Roberto Gonzalez Azevedo
>>>> Carlos Martínez-Troncoso Cera wrote:
>>>>
>>>>> Hello.
>>>>>
>>>>> I have freradius-1.0.2 with autorizathion and authentication in
>>>>> LDAP and accounting in MySQL. I configured to use rlm_sqlcounter
>>>>> to control time connections, testing with NTRadping work well but
>>>>> testing with my Cisco NAS it doesn´t work
>>>>>
>>>>> With my cisco NAS this is the message:
>>>>>
>>>>> rlm_sqlcounter: Entering module authorize code
>>>>> rlm_sqlcounter: Could not find Check item value pair
>>>>>   modcall[authorize]: module "noresetcounter" returns noop for
>>>>> request 3
>>>>> rlm_sqlcounter: Entering module authorize code
>>>>> rlm_sqlcounter: Could not find Check item value pair
>>>>>   modcall[authorize]: module "monthlycounter" returns noop for
>>>>> request 3
>>>>>
>>>>>
>>>>> With NTRadPing the message is:
>>>>>
>>>>> rlm_sqlcounter: (Check item - counter) is greater than zero
>>>>> rlm_sqlcounter: Authorized user cmartinez, check_item=108000,
>>>>> counter=106750
>>>>> rlm_sqlcounter: Sent Reply-Item for user cmartinez,
>>>>> Type=Session-Timeout, value=1250
>>>>>   modcall[authorize]: module "monthlycounter" returns ok for
>>>>> request 8
>>>>>
>>>>>
>>>>> My relevant conf files:
>>>>> ------------------------------------
>>>>> clients.conf
>>>>>
>>>>> #PC with NTRadping
>>>>> client 172.16.31.43/32 {
>>>>>        secret          = xxxxx
>>>>>        shortname       = Carlos
>>>>>        type            = other
>>>>> }
>>>>> #Cisco NAS
>>>>> client 200.106.138.14/32 {
>>>>>     secret        = xxxxxx
>>>>>     shortname    = cisco
>>>>>     type        = cisco
>>>>> }
>>>>> ------------------------------------
>>>>> radiusd.conf
>>>>>
>>>>> prefix = /usr
>>>>> exec_prefix = /usr
>>>>> sysconfdir = /etc
>>>>> localstatedir = /var
>>>>> sbindir = /usr/sbin
>>>>> logdir = ${localstatedir}/log/radius
>>>>> raddbdir = ${sysconfdir}/raddb
>>>>> radacctdir = ${logdir}/radacct
>>>>> confdir = ${raddbdir}
>>>>> run_dir = ${localstatedir}/run/radiusd
>>>>> log_file = ${logdir}/radius.log
>>>>> libdir = /usr/local/lib
>>>>> pidfile = ${run_dir}/radiusd.pid
>>>>> user = radiusd
>>>>> group = radiusd
>>>>> max_request_time = 30
>>>>> delete_blocked_requests = no
>>>>> cleanup_delay = 5
>>>>> max_requests = 1024
>>>>> bind_address = *
>>>>> port = 1812
>>>>> hostname_lookups = no
>>>>> allow_core_dumps = no
>>>>> regular_expressions    = yes
>>>>> extended_expressions    = yes
>>>>> log_stripped_names = yes
>>>>> log_auth = yes
>>>>> log_auth_badpass = no
>>>>> log_auth_goodpass = no
>>>>> usercollide = no
>>>>> lower_user = no
>>>>> lower_pass = no
>>>>> nospace_user = no
>>>>> nospace_pass = no
>>>>> checkrad = ${sbindir}/checkrad
>>>>>
>>>>> security {
>>>>>     max_attributes = 200
>>>>>     reject_delay = 1
>>>>>     status_server = no
>>>>> }
>>>>>
>>>>> proxy_requests  = no
>>>>> $INCLUDE  ${confdir}/clients.conf
>>>>> snmp    = no
>>>>> $INCLUDE  ${confdir}/snmp.conf
>>>>>
>>>>> thread pool {
>>>>>     start_servers = 5
>>>>>     max_servers = 32
>>>>>     min_spare_servers = 3
>>>>>     max_spare_servers = 10
>>>>>     max_requests_per_server = 0
>>>>> }
>>>>>
>>>>> modules {
>>>>>
>>>>>     pap {
>>>>>         encryption_scheme = crypt
>>>>>     }
>>>>>
>>>>>     chap {
>>>>>         authtype = CHAP
>>>>>     }
>>>>>
>>>>>     pam {
>>>>>         pam_auth = radiusd
>>>>>     }
>>>>>
>>>>>     $INCLUDE  ${confdir}/sql.conf
>>>>>     $INCLUDE  ${confdir}/sqlcounter.conf          mschap {
>>>>>         authtype = MS-CHAP
>>>>>     }
>>>>>
>>>>>     ldap {
>>>>>         server = "200.xx.xx.xx"
>>>>>         port = "390"
>>>>>         identity = "cn=Directory Manager"
>>>>>         password = xxxxxxxxxx
>>>>>         basedn = "o=yy,o=yy"
>>>>>         password_attribute = "userPassword"
>>>>>         filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
>>>>>         start_tls = no
>>>>>         access_attr = "dialupAccess"
>>>>>         dictionary_mapping = ${raddbdir}/ldap.attrmap
>>>>>         ldap_connections_number = 5
>>>>>         timeout = 4
>>>>>         timelimit = 3
>>>>>         net_timeout = 1
>>>>>     }
>>>>>
>>>>>     checkval {
>>>>>         item-name = Max-Monthly-Session
>>>>>         check-name = Max-Monthly-Session
>>>>>         data-type = string
>>>>>     }
>>>>>        preprocess {
>>>>>         huntgroups = ${confdir}/huntgroups
>>>>>         hints = ${confdir}/hints
>>>>>         with_ascend_hack = no
>>>>>         ascend_channels_per_line = 23
>>>>>         with_ntdomain_hack = no
>>>>>         with_specialix_jetstream_hack = no
>>>>>         with_cisco_vsa_hack = no
>>>>>     }
>>>>>
>>>>>     files {
>>>>>         usersfile = ${confdir}/users
>>>>>         acctusersfile = ${confdir}/acct_users
>>>>>         compat = no
>>>>>     }
>>>>>
>>>>>     detail {
>>>>>         detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d
>>>>>         detailperm = 0600
>>>>>     }
>>>>>
>>>>>         detail auth_log {
>>>>>          detailfile =
>>>>> ${radacctdir}/%{Client-IP-Address}/auth-detail-%Y%m%d
>>>>>          detailperm = 0600
>>>>>      }
>>>>>
>>>>>     detailfile =
>>>>> ${radacctdir}/%{Client-IP-Address}/reply-detail-%Y%m%d
>>>>>       detailperm = 0600
>>>>>
>>>>>     acct_unique {
>>>>>         key = "User-Name, Acct-Session-Id, NAS-IP-Address,
>>>>> Client-IP-Address, NAS-Port"
>>>>>     }
>>>>>
>>>>>     radutmp {
>>>>>         filename = ${logdir}/radutmp
>>>>>         username = %{User-Name}
>>>>>         case_sensitive = yes
>>>>>         check_with_nas = yes               perm = 0600
>>>>>         callerid = "yes"
>>>>>     }
>>>>>
>>>>>     radutmp sradutmp {
>>>>>         filename = ${logdir}/sradutmp
>>>>>         perm = 0644
>>>>>         callerid = "no"
>>>>>     }
>>>>>
>>>>>     attr_filter {
>>>>>         attrsfile = ${confdir}/attrs
>>>>>     }
>>>>>
>>>>>     always fail {
>>>>>         rcode = fail
>>>>>     }
>>>>>     always reject {
>>>>>         rcode = reject
>>>>>     }
>>>>>     always ok {
>>>>>         rcode = ok
>>>>>         simulcount = 0
>>>>>         mpp = no
>>>>>     }
>>>>>
>>>>>     expr {
>>>>>     }
>>>>>
>>>>>     digest {
>>>>>     }
>>>>>
>>>>>     exec {
>>>>>         wait = yes
>>>>>         input_pairs = request
>>>>>     }
>>>>>
>>>>>     exec echo {
>>>>>         wait = yes
>>>>>         program = "/bin/echo %{User-Name}"
>>>>>         input_pairs = request
>>>>>         output_pairs = reply
>>>>>     }
>>>>>
>>>>>     ippool main_pool {
>>>>>         range-start = 192.168.1.1
>>>>>         range-stop = 192.168.3.254
>>>>>         netmask = 255.255.255.0
>>>>>         cache-size = 800
>>>>>         session-db = ${raddbdir}/db.ippool
>>>>>         ip-index = ${raddbdir}/db.ipindex
>>>>>         override = no
>>>>>         maximum-timeout = 0
>>>>>     }
>>>>> }
>>>>>
>>>>> instantiate {
>>>>>     exec
>>>>>     expr
>>>>>     monthlycounter
>>>>> }
>>>>>
>>>>> authorize {
>>>>>     preprocess
>>>>>     auth_log
>>>>>         chap
>>>>>     mschap
>>>>>     files
>>>>>     ldap
>>>>>     noresetcounter
>>>>>     monthlycounter
>>>>> }
>>>>>
>>>>> authenticate {
>>>>>     Auth-Type PAP {
>>>>>         pap
>>>>>     }
>>>>>     Auth-Type CHAP {
>>>>>         chap
>>>>>     }
>>>>>     Auth-Type MS-CHAP {
>>>>>         mschap
>>>>>     }
>>>>>     Auth-Type LDAP {
>>>>>         ldap
>>>>>     }
>>>>> }
>>>>>
>>>>> preacct {
>>>>>     preprocess
>>>>>     acct_unique
>>>>> }
>>>>>
>>>>> accounting {
>>>>>     detail
>>>>>     radutmp
>>>>>     sradutmp
>>>>>     sql
>>>>> }
>>>>>
>>>>> session {
>>>>>     radutmp
>>>>>     sql
>>>>> }
>>>>>
>>>>> post-auth {
>>>>> }
>>>>>
>>>>> pre-proxy {
>>>>> }
>>>>>
>>>>> post-proxy {
>>>>> }
>>>>>
>>>>> -------------------------------------
>>>>> users
>>>>>
>>>>> DEFAULT Auth-Type = ldap
>>>>>     Fall-Through = 1
>>>>>
>>>>> DEFAULT Simultaneous-Use := 1
>>>>>     Fall-Through = 1
>>>>>
>>>>> DEFAULT Framed-Protocol == PPP
>>>>>     Framed-Protocol = PPP,
>>>>>     Framed-Compression = Van-Jacobson-TCP-IP
>>>>>
>>>>> testuser Max-Monthly-Session := 108000, Auth-Type := ldap
>>>>>     Service-Type = Framed-User,
>>>>>     Framed-Protocol = PPP
>>>>>
>>>>>
>>>>> Any help will be appreciated.
>>>>>
>>>>> Thanks a lot
>>>>>
>>>>> --
>>>>> Carlos Martínez-Troncoso Cera
>>>>> Coordinador de Servicios Internet/Intranet
>>>>> Universidad del Norte
>>>>> Barranquilla, Colombia
>>>>>
>>>>>
>>>>>
>>>>> ------------------------------------------------------------------------
>>>>>
>>>>>
>>>>> - List info/subscribe/unsubscribe? See
>>>>> http://www.freeradius.org/list/users.html
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> - List info/subscribe/unsubscribe? See
>>>> http://www.freeradius.org/list/users.html
>>>>
>>> - List info/subscribe/unsubscribe? See
>>> http://www.freeradius.org/list/users.html
>>
>>
>>
>> - List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>------------------------------------------------------------------------
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html