rlm_sqlcounter problem
Locked
|
Threaded
Open this post in threaded view
|
♦
♦
rlm_sqlcounter problem
 
|
I have freradius-1.0.2 with autorizathion and authentication in LDAP and accounting in MySQL. I configured to use rlm_sqlcounter to control time connections, testing with NTRadping work well but testing with my Cisco NAS it doesn´t work With my cisco NAS this is the message: rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair modcall[authorize]: module "noresetcounter" returns noop for request 3 rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair modcall[authorize]: module "monthlycounter" returns noop for request 3 With NTRadPing the message is: rlm_sqlcounter: (Check item - counter) is greater than zero rlm_sqlcounter: Authorized user cmartinez, check_item=108000, counter=106750 rlm_sqlcounter: Sent Reply-Item for user cmartinez, Type=Session-Timeout, value=1250 modcall[authorize]: module "monthlycounter" returns ok for request 8 My relevant conf files: ------------------------------------ clients.conf #PC with NTRadping client 172.16.31.43/32 { secret = xxxxx shortname = Carlos type = other } #Cisco NAS client 200.106.138.14/32 { secret = xxxxxx shortname = cisco type = cisco } ------------------------------------ radiusd.conf prefix = /usr exec_prefix = /usr sysconfdir = /etc localstatedir = /var sbindir = /usr/sbin logdir = ${localstatedir}/log/radius raddbdir = ${sysconfdir}/raddb radacctdir = ${logdir}/radacct confdir = ${raddbdir} run_dir = ${localstatedir}/run/radiusd log_file = ${logdir}/radius.log libdir = /usr/local/lib pidfile = ${run_dir}/radiusd.pid user = radiusd group = radiusd max_request_time = 30 delete_blocked_requests = no cleanup_delay = 5 max_requests = 1024 bind_address = * port = 1812 hostname_lookups = no allow_core_dumps = no regular_expressions = yes extended_expressions = yes log_stripped_names = yes log_auth = yes log_auth_badpass = no log_auth_goodpass = no usercollide = no lower_user = no lower_pass = no nospace_user = no nospace_pass = no checkrad = ${sbindir}/checkrad security { max_attributes = 200 reject_delay = 1 status_server = no } proxy_requests = no $INCLUDE ${confdir}/clients.conf snmp = no $INCLUDE ${confdir}/snmp.conf thread pool { start_servers = 5 max_servers = 32 min_spare_servers = 3 max_spare_servers = 10 max_requests_per_server = 0 } modules { pap { encryption_scheme = crypt } chap { authtype = CHAP } pam { pam_auth = radiusd } $INCLUDE ${confdir}/sql.conf $INCLUDE ${confdir}/sqlcounter.conf mschap { authtype = MS-CHAP } ldap { server = "200.xx.xx.xx" port = "390" identity = "cn=Directory Manager" password = xxxxxxxxxx basedn = "o=yy,o=yy" password_attribute = "userPassword" filter = "(uid=%{Stripped-User-Name:-%{User-Name}})" start_tls = no access_attr = "dialupAccess" dictionary_mapping = ${raddbdir}/ldap.attrmap ldap_connections_number = 5 timeout = 4 timelimit = 3 net_timeout = 1 } checkval { item-name = Max-Monthly-Session check-name = Max-Monthly-Session data-type = string } preprocess { huntgroups = ${confdir}/huntgroups hints = ${confdir}/hints with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no } files { usersfile = ${confdir}/users acctusersfile = ${confdir}/acct_users compat = no } detail { detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d detailperm = 0600 } detail auth_log { detailfile = ${radacctdir}/%{Client-IP-Address}/auth-detail-%Y%m%d detailperm = 0600 } detailfile = ${radacctdir}/%{Client-IP-Address}/reply-detail-%Y%m%d detailperm = 0600 acct_unique { key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" } radutmp { filename = ${logdir}/radutmp username = %{User-Name} case_sensitive = yes check_with_nas = yes perm = 0600 callerid = "yes" } radutmp sradutmp { filename = ${logdir}/sradutmp perm = 0644 callerid = "no" } attr_filter { attrsfile = ${confdir}/attrs } always fail { rcode = fail } always reject { rcode = reject } always ok { rcode = ok simulcount = 0 mpp = no } expr { } digest { } exec { wait = yes input_pairs = request } exec echo { wait = yes program = "/bin/echo %{User-Name}" input_pairs = request output_pairs = reply } ippool main_pool { range-start = 192.168.1.1 range-stop = 192.168.3.254 netmask = 255.255.255.0 cache-size = 800 session-db = ${raddbdir}/db.ippool ip-index = ${raddbdir}/db.ipindex override = no maximum-timeout = 0 } } instantiate { exec expr monthlycounter } authorize { preprocess auth_log chap mschap files ldap noresetcounter monthlycounter } authenticate { Auth-Type PAP { pap } Auth-Type CHAP { chap } Auth-Type MS-CHAP { mschap } Auth-Type LDAP { ldap } } preacct { preprocess acct_unique } accounting { detail radutmp sradutmp sql } session { radutmp sql } post-auth { } pre-proxy { } post-proxy { } ------------------------------------- users DEFAULT Auth-Type = ldap Fall-Through = 1 DEFAULT Simultaneous-Use := 1 Fall-Through = 1 DEFAULT Framed-Protocol == PPP Framed-Protocol = PPP, Framed-Compression = Van-Jacobson-TCP-IP testuser Max-Monthly-Session := 108000, Auth-Type := ldap Service-Type = Framed-User, Framed-Protocol = PPP Any help will be appreciated. Thanks a lot -- Carlos Martínez-Troncoso Cera Coordinador de Servicios Internet/Intranet Universidad del Norte Barranquilla, Colombia - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html |
|
Threaded
Open this post in threaded view
|
♦
♦
Re: rlm_sqlcounter problem
|
|
Show us your sqlcounter.conf ...
You should define 'check-item' in sqlcounter.conf ... ------------------------- Roberto Gonzalez Azevedo Carlos Martínez-Troncoso Cera wrote: > Hello. > > I have freradius-1.0.2 with autorizathion and authentication in LDAP and > accounting in MySQL. I configured to use rlm_sqlcounter to control time > connections, testing with NTRadping work well but testing with my Cisco NAS it > doesn´t work > > With my cisco NAS this is the message: > > rlm_sqlcounter: Entering module authorize code > rlm_sqlcounter: Could not find Check item value pair > modcall[authorize]: module "noresetcounter" returns noop for request 3 > rlm_sqlcounter: Entering module authorize code > rlm_sqlcounter: Could not find Check item value pair > modcall[authorize]: module "monthlycounter" returns noop for request 3 > > > With NTRadPing the message is: > > rlm_sqlcounter: (Check item - counter) is greater than zero > rlm_sqlcounter: Authorized user cmartinez, check_item=108000, counter=106750 > rlm_sqlcounter: Sent Reply-Item for user cmartinez, Type=Session-Timeout, value=1250 > modcall[authorize]: module "monthlycounter" returns ok for request 8 > > > My relevant conf files: > ------------------------------------ > clients.conf > > #PC with NTRadping > client 172.16.31.43/32 { > secret = xxxxx > shortname = Carlos > type = other > } > #Cisco NAS > client 200.106.138.14/32 { > secret = xxxxxx > shortname = cisco > type = cisco > } > ------------------------------------ > radiusd.conf > > prefix = /usr > exec_prefix = /usr > sysconfdir = /etc > localstatedir = /var > sbindir = /usr/sbin > logdir = ${localstatedir}/log/radius > raddbdir = ${sysconfdir}/raddb > radacctdir = ${logdir}/radacct > confdir = ${raddbdir} > run_dir = ${localstatedir}/run/radiusd > log_file = ${logdir}/radius.log > libdir = /usr/local/lib > pidfile = ${run_dir}/radiusd.pid > user = radiusd > group = radiusd > max_request_time = 30 > delete_blocked_requests = no > cleanup_delay = 5 > max_requests = 1024 > bind_address = * > port = 1812 > hostname_lookups = no > allow_core_dumps = no > regular_expressions = yes > extended_expressions = yes > log_stripped_names = yes > log_auth = yes > log_auth_badpass = no > log_auth_goodpass = no > usercollide = no > lower_user = no > lower_pass = no > nospace_user = no > nospace_pass = no > checkrad = ${sbindir}/checkrad > > security { > max_attributes = 200 > reject_delay = 1 > status_server = no > } > > proxy_requests = no > $INCLUDE ${confdir}/clients.conf > snmp = no > $INCLUDE ${confdir}/snmp.conf > > thread pool { > start_servers = 5 > max_servers = 32 > min_spare_servers = 3 > max_spare_servers = 10 > max_requests_per_server = 0 > } > > modules { > > pap { > encryption_scheme = crypt > } > > chap { > authtype = CHAP > } > > pam { > pam_auth = radiusd > } > > $INCLUDE ${confdir}/sql.conf > $INCLUDE ${confdir}/sqlcounter.conf > > mschap { > authtype = MS-CHAP > } > > ldap { > server = "200.xx.xx.xx" > port = "390" > identity = "cn=Directory Manager" > password = xxxxxxxxxx > basedn = "o=yy,o=yy" > password_attribute = "userPassword" > filter = "(uid=%{Stripped-User-Name:-%{User-Name}})" > start_tls = no > access_attr = "dialupAccess" > dictionary_mapping = ${raddbdir}/ldap.attrmap > ldap_connections_number = 5 > timeout = 4 > timelimit = 3 > net_timeout = 1 > } > > checkval { > item-name = Max-Monthly-Session > check-name = Max-Monthly-Session > data-type = string > } > > preprocess { > huntgroups = ${confdir}/huntgroups > hints = ${confdir}/hints > with_ascend_hack = no > ascend_channels_per_line = 23 > with_ntdomain_hack = no > with_specialix_jetstream_hack = no > with_cisco_vsa_hack = no > } > > files { > usersfile = ${confdir}/users > acctusersfile = ${confdir}/acct_users > compat = no > } > > detail { > detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d > detailperm = 0600 > } > > detail auth_log { > detailfile = ${radacctdir}/%{Client-IP-Address}/auth-detail-%Y%m%d > detailperm = 0600 > } > > detailfile = ${radacctdir}/%{Client-IP-Address}/reply-detail-%Y%m%d > detailperm = 0600 > > acct_unique { > key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, > NAS-Port" > } > > radutmp { > filename = ${logdir}/radutmp > username = %{User-Name} > case_sensitive = yes > check_with_nas = yes > perm = 0600 > callerid = "yes" > } > > radutmp sradutmp { > filename = ${logdir}/sradutmp > perm = 0644 > callerid = "no" > } > > attr_filter { > attrsfile = ${confdir}/attrs > } > > always fail { > rcode = fail > } > always reject { > rcode = reject > } > always ok { > rcode = ok > simulcount = 0 > mpp = no > } > > expr { > } > > digest { > } > > exec { > wait = yes > input_pairs = request > } > > exec echo { > wait = yes > program = "/bin/echo %{User-Name}" > input_pairs = request > output_pairs = reply > } > > ippool main_pool { > range-start = 192.168.1.1 > range-stop = 192.168.3.254 > netmask = 255.255.255.0 > cache-size = 800 > session-db = ${raddbdir}/db.ippool > ip-index = ${raddbdir}/db.ipindex > override = no > maximum-timeout = 0 > } > } > > instantiate { > exec > expr > monthlycounter > } > > authorize { > preprocess > auth_log > chap > mschap > files > ldap > noresetcounter > monthlycounter > } > > authenticate { > Auth-Type PAP { > pap > } > Auth-Type CHAP { > chap > } > Auth-Type MS-CHAP { > mschap > } > Auth-Type LDAP { > ldap > } > } > > preacct { > preprocess > acct_unique > } > > accounting { > detail > radutmp > sradutmp > sql > } > > session { > radutmp > sql > } > > post-auth { > } > > pre-proxy { > } > > post-proxy { > } > > ------------------------------------- > users > > DEFAULT Auth-Type = ldap > Fall-Through = 1 > > DEFAULT Simultaneous-Use := 1 > Fall-Through = 1 > > DEFAULT Framed-Protocol == PPP > Framed-Protocol = PPP, > Framed-Compression = Van-Jacobson-TCP-IP > > testuser Max-Monthly-Session := 108000, Auth-Type := ldap > Service-Type = Framed-User, > Framed-Protocol = PPP > > > Any help will be appreciated. > > Thanks a lot > > -- > Carlos Martínez-Troncoso Cera > Coordinador de Servicios Internet/Intranet > Universidad del Norte > Barranquilla, Colombia > > > > ------------------------------------------------------------------------ > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html |
|
Threaded
Open this post in threaded view
|
♦
♦
Re: rlm_sqlcounter problem
|
|
sqlcounter noresetcounter { counter-name = Max-All-Session-Time check-name = Max-All-Session sqlmod-inst = sql key = User-Name reset = never query = "SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='%{%k}'" } sqlcounter dailycounter { driver = "rlm_sqlcounter" counter-name = Daily-Session-Time check-name = Max-Daily-Session sqlmod-inst = sql key = User-Name reset = daily query = "SELECT SUM(AcctSessionTime - GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'" } sqlcounter monthlycounter { counter-name = Monthly-Session-Time check-name = Max-Monthly-Session sqlmod-inst = sql key = User-Name reset = monthly query = "SELECT SUM(AcctSessionTime - GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'" } Carlos Martínez-Troncoso Cera Coordinador de Servicios Internet/Intranet Universidad del Norte Barranquilla, Colombia Tel: 57 5 3509367 Roberto Gonzalez Azevedo wrote: Show us your sqlcounter.conf ... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html |
|
Threaded
Open this post in threaded view
|
♦
♦
Re: rlm_sqlcounter problem
|
|
In reply to this post by Roberto Gonzalez Azevedo
ok Roberto:
sqlcounter noresetcounter { counter-name = Max-All-Session-Time check-name = Max-All-Session sqlmod-inst = sql key = User-Name reset = never query = "SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='%{%k}'" } sqlcounter dailycounter { driver = "rlm_sqlcounter" counter-name = Daily-Session-Time check-name = Max-Daily-Session sqlmod-inst = sql key = User-Name reset = daily query = "SELECT SUM(AcctSessionTime - GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'" } sqlcounter monthlycounter { counter-name = Monthly-Session-Time check-name = Max-Monthly-Session sqlmod-inst = sql key = User-Name reset = monthly query = "SELECT SUM(AcctSessionTime - GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'" } Carlos Martínez-Troncoso Cera Coordinador de Servicios Internet/Intranet Universidad del Norte Barranquilla, Colombia Tel: 57 5 3509367 Roberto Gonzalez Azevedo wrote: > Show us your sqlcounter.conf ... > > You should define 'check-item' in sqlcounter.conf ... > > ------------------------- > Roberto Gonzalez Azevedo > Carlos Martínez-Troncoso Cera wrote: > >> Hello. >> >> I have freradius-1.0.2 with autorizathion and authentication in LDAP >> and accounting in MySQL. I configured to use rlm_sqlcounter to >> control time connections, testing with NTRadping work well but >> testing with my Cisco NAS it doesn´t work >> >> With my cisco NAS this is the message: >> >> rlm_sqlcounter: Entering module authorize code >> rlm_sqlcounter: Could not find Check item value pair >> modcall[authorize]: module "noresetcounter" returns noop for request 3 >> rlm_sqlcounter: Entering module authorize code >> rlm_sqlcounter: Could not find Check item value pair >> modcall[authorize]: module "monthlycounter" returns noop for request 3 >> >> >> With NTRadPing the message is: >> >> rlm_sqlcounter: (Check item - counter) is greater than zero >> rlm_sqlcounter: Authorized user cmartinez, check_item=108000, >> counter=106750 >> rlm_sqlcounter: Sent Reply-Item for user cmartinez, >> Type=Session-Timeout, value=1250 >> modcall[authorize]: module "monthlycounter" returns ok for request 8 >> >> >> My relevant conf files: >> ------------------------------------ >> clients.conf >> >> #PC with NTRadping >> client 172.16.31.43/32 { >> secret = xxxxx >> shortname = Carlos >> type = other >> } >> #Cisco NAS >> client 200.106.138.14/32 { >> secret = xxxxxx >> shortname = cisco >> type = cisco >> } >> ------------------------------------ >> radiusd.conf >> >> prefix = /usr >> exec_prefix = /usr >> sysconfdir = /etc >> localstatedir = /var >> sbindir = /usr/sbin >> logdir = ${localstatedir}/log/radius >> raddbdir = ${sysconfdir}/raddb >> radacctdir = ${logdir}/radacct >> confdir = ${raddbdir} >> run_dir = ${localstatedir}/run/radiusd >> log_file = ${logdir}/radius.log >> libdir = /usr/local/lib >> pidfile = ${run_dir}/radiusd.pid >> user = radiusd >> group = radiusd >> max_request_time = 30 >> delete_blocked_requests = no >> cleanup_delay = 5 >> max_requests = 1024 >> bind_address = * >> port = 1812 >> hostname_lookups = no >> allow_core_dumps = no >> regular_expressions = yes >> extended_expressions = yes >> log_stripped_names = yes >> log_auth = yes >> log_auth_badpass = no >> log_auth_goodpass = no >> usercollide = no >> lower_user = no >> lower_pass = no >> nospace_user = no >> nospace_pass = no >> checkrad = ${sbindir}/checkrad >> >> security { >> max_attributes = 200 >> reject_delay = 1 >> status_server = no >> } >> >> proxy_requests = no >> $INCLUDE ${confdir}/clients.conf >> snmp = no >> $INCLUDE ${confdir}/snmp.conf >> >> thread pool { >> start_servers = 5 >> max_servers = 32 >> min_spare_servers = 3 >> max_spare_servers = 10 >> max_requests_per_server = 0 >> } >> >> modules { >> >> pap { >> encryption_scheme = crypt >> } >> >> chap { >> authtype = CHAP >> } >> >> pam { >> pam_auth = radiusd >> } >> >> $INCLUDE ${confdir}/sql.conf >> $INCLUDE ${confdir}/sqlcounter.conf >> mschap { >> authtype = MS-CHAP >> } >> >> ldap { >> server = "200.xx.xx.xx" >> port = "390" >> identity = "cn=Directory Manager" >> password = xxxxxxxxxx >> basedn = "o=yy,o=yy" >> password_attribute = "userPassword" >> filter = "(uid=%{Stripped-User-Name:-%{User-Name}})" >> start_tls = no >> access_attr = "dialupAccess" >> dictionary_mapping = ${raddbdir}/ldap.attrmap >> ldap_connections_number = 5 >> timeout = 4 >> timelimit = 3 >> net_timeout = 1 >> } >> >> checkval { >> item-name = Max-Monthly-Session >> check-name = Max-Monthly-Session >> data-type = string >> } >> preprocess { >> huntgroups = ${confdir}/huntgroups >> hints = ${confdir}/hints >> with_ascend_hack = no >> ascend_channels_per_line = 23 >> with_ntdomain_hack = no >> with_specialix_jetstream_hack = no >> with_cisco_vsa_hack = no >> } >> >> files { >> usersfile = ${confdir}/users >> acctusersfile = ${confdir}/acct_users >> compat = no >> } >> >> detail { >> detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d >> detailperm = 0600 >> } >> >> detail auth_log { >> detailfile = >> ${radacctdir}/%{Client-IP-Address}/auth-detail-%Y%m%d >> detailperm = 0600 >> } >> >> detailfile = ${radacctdir}/%{Client-IP-Address}/reply-detail-%Y%m%d >> detailperm = 0600 >> >> acct_unique { >> key = "User-Name, Acct-Session-Id, NAS-IP-Address, >> Client-IP-Address, NAS-Port" >> } >> >> radutmp { >> filename = ${logdir}/radutmp >> username = %{User-Name} >> case_sensitive = yes >> check_with_nas = yes perm = 0600 >> callerid = "yes" >> } >> >> radutmp sradutmp { >> filename = ${logdir}/sradutmp >> perm = 0644 >> callerid = "no" >> } >> >> attr_filter { >> attrsfile = ${confdir}/attrs >> } >> >> always fail { >> rcode = fail >> } >> always reject { >> rcode = reject >> } >> always ok { >> rcode = ok >> simulcount = 0 >> mpp = no >> } >> >> expr { >> } >> >> digest { >> } >> >> exec { >> wait = yes >> input_pairs = request >> } >> >> exec echo { >> wait = yes >> program = "/bin/echo %{User-Name}" >> input_pairs = request >> output_pairs = reply >> } >> >> ippool main_pool { >> range-start = 192.168.1.1 >> range-stop = 192.168.3.254 >> netmask = 255.255.255.0 >> cache-size = 800 >> session-db = ${raddbdir}/db.ippool >> ip-index = ${raddbdir}/db.ipindex >> override = no >> maximum-timeout = 0 >> } >> } >> >> instantiate { >> exec >> expr >> monthlycounter >> } >> >> authorize { >> preprocess >> auth_log >> chap >> mschap >> files >> ldap >> noresetcounter >> monthlycounter >> } >> >> authenticate { >> Auth-Type PAP { >> pap >> } >> Auth-Type CHAP { >> chap >> } >> Auth-Type MS-CHAP { >> mschap >> } >> Auth-Type LDAP { >> ldap >> } >> } >> >> preacct { >> preprocess >> acct_unique >> } >> >> accounting { >> detail >> radutmp >> sradutmp >> sql >> } >> >> session { >> radutmp >> sql >> } >> >> post-auth { >> } >> >> pre-proxy { >> } >> >> post-proxy { >> } >> >> ------------------------------------- >> users >> >> DEFAULT Auth-Type = ldap >> Fall-Through = 1 >> >> DEFAULT Simultaneous-Use := 1 >> Fall-Through = 1 >> >> DEFAULT Framed-Protocol == PPP >> Framed-Protocol = PPP, >> Framed-Compression = Van-Jacobson-TCP-IP >> >> testuser Max-Monthly-Session := 108000, Auth-Type := ldap >> Service-Type = Framed-User, >> Framed-Protocol = PPP >> >> >> Any help will be appreciated. >> >> Thanks a lot >> >> -- >> Carlos Martínez-Troncoso Cera >> Coordinador de Servicios Internet/Intranet >> Universidad del Norte >> Barranquilla, Colombia >> >> >> >> ------------------------------------------------------------------------ >> >> - List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html > > > > - List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html |
|
Threaded
Open this post in threaded view
|
♦
♦
Re: rlm_sqlcounter problem
|
|
sqlcounter noresetcounter {
## Look here driver = "rlm_sqlcounter" counter-name = Max-All-Session-Time check-name = Max-All-Session ## Look here check-item = Max-All-Session sqlmod-inst = sql key = User-Name reset = never query = "SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='%{%k}'" } sqlcounter dailycounter { driver = "rlm_sqlcounter" counter-name = Daily-Session-Time check-name = Max-Daily-Session ## Look here check-item = Max-Daily-Session sqlmod-inst = sql key = User-Name reset = daily query = "SELECT SUM(AcctSessionTime - GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'" } sqlcounter monthlycounter { ## Look here driver = "rlm_sqlcounter" counter-name = Monthly-Session-Time check-name = Max-Monthly-Session ## Look here check-item = Max-Monthly-Session sqlmod-inst = sql key = User-Name reset = monthly query = "SELECT SUM(AcctSessionTime - GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'" } thanks ... ------------------------- Roberto Gonzalez Azevedo Carlos Martínez-Troncoso Cera wrote: > ok Roberto: > sqlcounter noresetcounter { > counter-name = Max-All-Session-Time > check-name = Max-All-Session > sqlmod-inst = sql > key = User-Name > reset = never > query = "SELECT SUM(AcctSessionTime) FROM radacct WHERE > UserName='%{%k}'" > } > > sqlcounter dailycounter { > driver = "rlm_sqlcounter" > counter-name = Daily-Session-Time > check-name = Max-Daily-Session > sqlmod-inst = sql > key = User-Name > reset = daily > query = "SELECT SUM(AcctSessionTime - GREATEST((%b - > UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{%k}' > AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'" > } > > sqlcounter monthlycounter { > counter-name = Monthly-Session-Time > check-name = Max-Monthly-Session > sqlmod-inst = sql > key = User-Name > reset = monthly > query = "SELECT SUM(AcctSessionTime - GREATEST((%b - > UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{%k}' > AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'" > } > > > > Carlos Martínez-Troncoso Cera > Coordinador de Servicios Internet/Intranet > Universidad del Norte > Barranquilla, Colombia > Tel: 57 5 3509367 > > > > Roberto Gonzalez Azevedo wrote: > >> Show us your sqlcounter.conf ... >> >> You should define 'check-item' in sqlcounter.conf ... >> >> ------------------------- >> Roberto Gonzalez Azevedo >> Carlos Martínez-Troncoso Cera wrote: >> >>> Hello. >>> >>> I have freradius-1.0.2 with autorizathion and authentication in LDAP >>> and accounting in MySQL. I configured to use rlm_sqlcounter to >>> control time connections, testing with NTRadping work well but >>> testing with my Cisco NAS it doesn´t work >>> >>> With my cisco NAS this is the message: >>> >>> rlm_sqlcounter: Entering module authorize code >>> rlm_sqlcounter: Could not find Check item value pair >>> modcall[authorize]: module "noresetcounter" returns noop for request 3 >>> rlm_sqlcounter: Entering module authorize code >>> rlm_sqlcounter: Could not find Check item value pair >>> modcall[authorize]: module "monthlycounter" returns noop for request 3 >>> >>> >>> With NTRadPing the message is: >>> >>> rlm_sqlcounter: (Check item - counter) is greater than zero >>> rlm_sqlcounter: Authorized user cmartinez, check_item=108000, >>> counter=106750 >>> rlm_sqlcounter: Sent Reply-Item for user cmartinez, >>> Type=Session-Timeout, value=1250 >>> modcall[authorize]: module "monthlycounter" returns ok for request 8 >>> >>> >>> My relevant conf files: >>> ------------------------------------ >>> clients.conf >>> >>> #PC with NTRadping >>> client 172.16.31.43/32 { >>> secret = xxxxx >>> shortname = Carlos >>> type = other >>> } >>> #Cisco NAS >>> client 200.106.138.14/32 { >>> secret = xxxxxx >>> shortname = cisco >>> type = cisco >>> } >>> ------------------------------------ >>> radiusd.conf >>> >>> prefix = /usr >>> exec_prefix = /usr >>> sysconfdir = /etc >>> localstatedir = /var >>> sbindir = /usr/sbin >>> logdir = ${localstatedir}/log/radius >>> raddbdir = ${sysconfdir}/raddb >>> radacctdir = ${logdir}/radacct >>> confdir = ${raddbdir} >>> run_dir = ${localstatedir}/run/radiusd >>> log_file = ${logdir}/radius.log >>> libdir = /usr/local/lib >>> pidfile = ${run_dir}/radiusd.pid >>> user = radiusd >>> group = radiusd >>> max_request_time = 30 >>> delete_blocked_requests = no >>> cleanup_delay = 5 >>> max_requests = 1024 >>> bind_address = * >>> port = 1812 >>> hostname_lookups = no >>> allow_core_dumps = no >>> regular_expressions = yes >>> extended_expressions = yes >>> log_stripped_names = yes >>> log_auth = yes >>> log_auth_badpass = no >>> log_auth_goodpass = no >>> usercollide = no >>> lower_user = no >>> lower_pass = no >>> nospace_user = no >>> nospace_pass = no >>> checkrad = ${sbindir}/checkrad >>> >>> security { >>> max_attributes = 200 >>> reject_delay = 1 >>> status_server = no >>> } >>> >>> proxy_requests = no >>> $INCLUDE ${confdir}/clients.conf >>> snmp = no >>> $INCLUDE ${confdir}/snmp.conf >>> >>> thread pool { >>> start_servers = 5 >>> max_servers = 32 >>> min_spare_servers = 3 >>> max_spare_servers = 10 >>> max_requests_per_server = 0 >>> } >>> >>> modules { >>> >>> pap { >>> encryption_scheme = crypt >>> } >>> >>> chap { >>> authtype = CHAP >>> } >>> >>> pam { >>> pam_auth = radiusd >>> } >>> >>> $INCLUDE ${confdir}/sql.conf >>> $INCLUDE ${confdir}/sqlcounter.conf mschap { >>> authtype = MS-CHAP >>> } >>> >>> ldap { >>> server = "200.xx.xx.xx" >>> port = "390" >>> identity = "cn=Directory Manager" >>> password = xxxxxxxxxx >>> basedn = "o=yy,o=yy" >>> password_attribute = "userPassword" >>> filter = "(uid=%{Stripped-User-Name:-%{User-Name}})" >>> start_tls = no >>> access_attr = "dialupAccess" >>> dictionary_mapping = ${raddbdir}/ldap.attrmap >>> ldap_connections_number = 5 >>> timeout = 4 >>> timelimit = 3 >>> net_timeout = 1 >>> } >>> >>> checkval { >>> item-name = Max-Monthly-Session >>> check-name = Max-Monthly-Session >>> data-type = string >>> } >>> preprocess { >>> huntgroups = ${confdir}/huntgroups >>> hints = ${confdir}/hints >>> with_ascend_hack = no >>> ascend_channels_per_line = 23 >>> with_ntdomain_hack = no >>> with_specialix_jetstream_hack = no >>> with_cisco_vsa_hack = no >>> } >>> >>> files { >>> usersfile = ${confdir}/users >>> acctusersfile = ${confdir}/acct_users >>> compat = no >>> } >>> >>> detail { >>> detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d >>> detailperm = 0600 >>> } >>> >>> detail auth_log { >>> detailfile = >>> ${radacctdir}/%{Client-IP-Address}/auth-detail-%Y%m%d >>> detailperm = 0600 >>> } >>> >>> detailfile = ${radacctdir}/%{Client-IP-Address}/reply-detail-%Y%m%d >>> detailperm = 0600 >>> >>> acct_unique { >>> key = "User-Name, Acct-Session-Id, NAS-IP-Address, >>> Client-IP-Address, NAS-Port" >>> } >>> >>> radutmp { >>> filename = ${logdir}/radutmp >>> username = %{User-Name} >>> case_sensitive = yes >>> check_with_nas = yes perm = 0600 >>> callerid = "yes" >>> } >>> >>> radutmp sradutmp { >>> filename = ${logdir}/sradutmp >>> perm = 0644 >>> callerid = "no" >>> } >>> >>> attr_filter { >>> attrsfile = ${confdir}/attrs >>> } >>> >>> always fail { >>> rcode = fail >>> } >>> always reject { >>> rcode = reject >>> } >>> always ok { >>> rcode = ok >>> simulcount = 0 >>> mpp = no >>> } >>> >>> expr { >>> } >>> >>> digest { >>> } >>> >>> exec { >>> wait = yes >>> input_pairs = request >>> } >>> >>> exec echo { >>> wait = yes >>> program = "/bin/echo %{User-Name}" >>> input_pairs = request >>> output_pairs = reply >>> } >>> >>> ippool main_pool { >>> range-start = 192.168.1.1 >>> range-stop = 192.168.3.254 >>> netmask = 255.255.255.0 >>> cache-size = 800 >>> session-db = ${raddbdir}/db.ippool >>> ip-index = ${raddbdir}/db.ipindex >>> override = no >>> maximum-timeout = 0 >>> } >>> } >>> >>> instantiate { >>> exec >>> expr >>> monthlycounter >>> } >>> >>> authorize { >>> preprocess >>> auth_log >>> chap >>> mschap >>> files >>> ldap >>> noresetcounter >>> monthlycounter >>> } >>> >>> authenticate { >>> Auth-Type PAP { >>> pap >>> } >>> Auth-Type CHAP { >>> chap >>> } >>> Auth-Type MS-CHAP { >>> mschap >>> } >>> Auth-Type LDAP { >>> ldap >>> } >>> } >>> >>> preacct { >>> preprocess >>> acct_unique >>> } >>> >>> accounting { >>> detail >>> radutmp >>> sradutmp >>> sql >>> } >>> >>> session { >>> radutmp >>> sql >>> } >>> >>> post-auth { >>> } >>> >>> pre-proxy { >>> } >>> >>> post-proxy { >>> } >>> >>> ------------------------------------- >>> users >>> >>> DEFAULT Auth-Type = ldap >>> Fall-Through = 1 >>> >>> DEFAULT Simultaneous-Use := 1 >>> Fall-Through = 1 >>> >>> DEFAULT Framed-Protocol == PPP >>> Framed-Protocol = PPP, >>> Framed-Compression = Van-Jacobson-TCP-IP >>> >>> testuser Max-Monthly-Session := 108000, Auth-Type := ldap >>> Service-Type = Framed-User, >>> Framed-Protocol = PPP >>> >>> >>> Any help will be appreciated. >>> >>> Thanks a lot >>> >>> -- >>> Carlos Martínez-Troncoso Cera >>> Coordinador de Servicios Internet/Intranet >>> Universidad del Norte >>> Barranquilla, Colombia >>> >>> >>> >>> ------------------------------------------------------------------------ >>> >>> - List info/subscribe/unsubscribe? See >>> http://www.freeradius.org/list/users.html >> >> >> >> >> - List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> > - List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html |
|
Threaded
Open this post in threaded view
|
♦
♦
Re: rlm_sqlcounter problem
|
|
What can I do? Do you know how can I debug this module? This is the message with radiusd -X -A (with Cisco): rlm_ldap: user cmartinez authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 5 rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair modcall[authorize]: module "monthlycounter" returns noop for request 5 modcall: group authorize returns ok for request 5 rad_check_password: Found Auth-Type ldap auth: type "LDAP" Processing the authenticate section of radiusd.conf ------------------------------------------------------------------------- with NTRadping: rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 0 rlm_sqlcounter: Entering module authorize code sqlcounter_expand: 'SELECT SUM(AcctSessionTime - GREATEST((1117602000 - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{User-Name}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '1117602000'' radius_xlat: 'SELECT SUM(AcctSessionTime - GREATEST((1117602000 - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='cmartinez' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '1117602000'' sqlcounter_expand: '%{sql:SELECT SUM(AcctSessionTime - GREATEST((1117602000 - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='cmartinez' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '1117602000'}' radius_xlat: Running registered xlat function of module sql for string 'SELECT SUM(AcctSessionTime - GREATEST((1117602000 - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='cmartinez' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '1117602000'' rlm_sql (sql): - sql_xlat radius_xlat: 'cmartinez' rlm_sql (sql): sql_set_user escaped user --> 'cmartinez' radius_xlat: 'SELECT SUM(AcctSessionTime - GREATEST((1117602000 - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='cmartinez' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '1117602000'' rlm_sql (sql): Reserving sql socket id: 4 rlm_sql (sql): - sql_xlat finished rlm_sql (sql): Released sql socket id: 4 radius_xlat: '107853' rlm_sqlcounter: (Check item - counter) is less than zero rlm_sqlcounter: Rejected user cmartinez, check_item=100000, counter=107853 Thanks for your help! Carlos Martínez-Troncoso Cera Coordinador de Servicios Internet/Intranet Universidad del Norte Barranquilla, Colombia Tel: 57 5 3509367 Roberto Gonzalez Azevedo wrote: sqlcounter noresetcounter { - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html |
|
Threaded
Open this post in threaded view
|
♦
♦
Re: rlm_sqlcounter problem
|
|
I modified the users file and now it works, user is now like:
DEFAULT Simultaneous-Use := 1 Fall-Through = 1 cmartinez Max-Monthly-Session := 108000, Auth-Type := ldap Service-Type = Framed-User, Framed -Protocol = PPP -------------------------- Thanks a lot to Roberto and Alan for their time and help. Carlos Martínez-Troncoso Cera Coordinador de Servicios Internet/Intranet Universidad del Norte Barranquilla, Colombia Tel: 57 5 3509367 Carlos Martínez-Troncoso Cera wrote: > Thanks Roberto for your answer but I did the changes in > sqlcounter.conf and with my cisco, sqlcounter doesn´t work, with > NTRadping it works very well. I looked into the source code in > freeradius 1.0.4 but this module is the same for 1.0.2 version (I have > working 1.0.2) > What can I do? > Do you know how can I debug this module? > > This is the message with radiusd -X -A (with Cisco): > > rlm_ldap: user cmartinez authorized to use remote access > rlm_ldap: ldap_release_conn: Release Id: 0 > modcall[authorize]: module "ldap" returns ok for request 5 > rlm_sqlcounter: Entering module authorize code > rlm_sqlcounter: Could not find Check item value pair > modcall[authorize]: module "monthlycounter" returns noop for request 5 > modcall: group authorize returns ok for request 5 > rad_check_password: Found Auth-Type ldap > auth: type "LDAP" > Processing the authenticate section of radiusd.conf > > ------------------------------------------------------------------------- > > with NTRadping: > > rlm_ldap: ldap_release_conn: Release Id: 0 > modcall[authorize]: module "ldap" returns ok for request 0 > rlm_sqlcounter: Entering module authorize code > sqlcounter_expand: 'SELECT SUM(AcctSessionTime - GREATEST((1117602000 > - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE > UserName='%{User-Name}' AND UNIX_TIMESTAMP(AcctStartTime) + > AcctSessionTime > '1117602000'' > radius_xlat: 'SELECT SUM(AcctSessionTime - GREATEST((1117602000 - > UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE > UserName='cmartinez' AND UNIX_TIMESTAMP(AcctStartTime) + > AcctSessionTime > '1117602000'' > sqlcounter_expand: '%{sql:SELECT SUM(AcctSessionTime - > GREATEST((1117602000 - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM > radacct WHERE UserName='cmartinez' AND UNIX_TIMESTAMP(AcctStartTime) + > AcctSessionTime > '1117602000'}' > radius_xlat: Running registered xlat function of module sql for string > 'SELECT SUM(AcctSessionTime - GREATEST((1117602000 - > UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE > UserName='cmartinez' AND UNIX_TIMESTAMP(AcctStartTime) + > AcctSessionTime > '1117602000'' > rlm_sql (sql): - sql_xlat > radius_xlat: 'cmartinez' > rlm_sql (sql): sql_set_user escaped user --> 'cmartinez' > radius_xlat: 'SELECT SUM(AcctSessionTime - GREATEST((1117602000 - > UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE > UserName='cmartinez' AND UNIX_TIMESTAMP(AcctStartTime) + > AcctSessionTime > '1117602000'' > rlm_sql (sql): Reserving sql socket id: 4 > rlm_sql (sql): - sql_xlat finished > rlm_sql (sql): Released sql socket id: 4 > radius_xlat: '107853' > rlm_sqlcounter: (Check item - counter) is less than zero > rlm_sqlcounter: Rejected user cmartinez, check_item=100000, counter=107853 > > > Thanks for your help! > >Carlos Martínez-Troncoso Cera >Coordinador de Servicios Internet/Intranet >Universidad del Norte >Barranquilla, Colombia >Tel: 57 5 3509367 > > > > Roberto Gonzalez Azevedo wrote: > >> sqlcounter noresetcounter { >> ## Look here >> driver = "rlm_sqlcounter" >> counter-name = Max-All-Session-Time >> check-name = Max-All-Session >> ## Look here >> check-item = Max-All-Session >> sqlmod-inst = sql >> key = User-Name >> reset = never >> query = "SELECT SUM(AcctSessionTime) FROM radacct >> WHERE UserName='%{%k}'" >> } >> >> sqlcounter dailycounter { >> driver = "rlm_sqlcounter" >> counter-name = Daily-Session-Time >> check-name = Max-Daily-Session >> ## Look here >> check-item = Max-Daily-Session >> sqlmod-inst = sql >> key = User-Name >> reset = daily >> query = "SELECT SUM(AcctSessionTime - GREATEST((%b - >> UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE >> UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime >> > '%b'" >> } >> >> sqlcounter monthlycounter { >> ## Look here >> driver = "rlm_sqlcounter" >> counter-name = Monthly-Session-Time >> check-name = Max-Monthly-Session >> ## Look here >> check-item = Max-Monthly-Session >> sqlmod-inst = sql >> key = User-Name >> reset = monthly >> query = "SELECT SUM(AcctSessionTime - GREATEST((%b - >> UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE >> UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime >> > '%b'" >> } >> >> thanks ... >> ------------------------- >> Roberto Gonzalez Azevedo >> >> Carlos Martínez-Troncoso Cera wrote: >> >>> ok Roberto: >>> sqlcounter noresetcounter { >>> counter-name = Max-All-Session-Time >>> check-name = Max-All-Session >>> sqlmod-inst = sql >>> key = User-Name >>> reset = never >>> query = "SELECT SUM(AcctSessionTime) FROM radacct >>> WHERE UserName='%{%k}'" >>> } >>> >>> sqlcounter dailycounter { >>> driver = "rlm_sqlcounter" >>> counter-name = Daily-Session-Time >>> check-name = Max-Daily-Session >>> sqlmod-inst = sql >>> key = User-Name >>> reset = daily >>> query = "SELECT SUM(AcctSessionTime - GREATEST((%b - >>> UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE >>> UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime >>> > '%b'" >>> } >>> >>> sqlcounter monthlycounter { >>> counter-name = Monthly-Session-Time >>> check-name = Max-Monthly-Session >>> sqlmod-inst = sql >>> key = User-Name >>> reset = monthly >>> query = "SELECT SUM(AcctSessionTime - GREATEST((%b - >>> UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE >>> UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime >>> > '%b'" >>> } >>> >>> >>> >>> Carlos Martínez-Troncoso Cera >>> Coordinador de Servicios Internet/Intranet >>> Universidad del Norte >>> Barranquilla, Colombia >>> Tel: 57 5 3509367 >>> >>> >>> >>> Roberto Gonzalez Azevedo wrote: >>> >>>> Show us your sqlcounter.conf ... >>>> >>>> You should define 'check-item' in sqlcounter.conf ... >>>> >>>> ------------------------- >>>> Roberto Gonzalez Azevedo >>>> Carlos Martínez-Troncoso Cera wrote: >>>> >>>>> Hello. >>>>> >>>>> I have freradius-1.0.2 with autorizathion and authentication in >>>>> LDAP and accounting in MySQL. I configured to use rlm_sqlcounter >>>>> to control time connections, testing with NTRadping work well but >>>>> testing with my Cisco NAS it doesn´t work >>>>> >>>>> With my cisco NAS this is the message: >>>>> >>>>> rlm_sqlcounter: Entering module authorize code >>>>> rlm_sqlcounter: Could not find Check item value pair >>>>> modcall[authorize]: module "noresetcounter" returns noop for >>>>> request 3 >>>>> rlm_sqlcounter: Entering module authorize code >>>>> rlm_sqlcounter: Could not find Check item value pair >>>>> modcall[authorize]: module "monthlycounter" returns noop for >>>>> request 3 >>>>> >>>>> >>>>> With NTRadPing the message is: >>>>> >>>>> rlm_sqlcounter: (Check item - counter) is greater than zero >>>>> rlm_sqlcounter: Authorized user cmartinez, check_item=108000, >>>>> counter=106750 >>>>> rlm_sqlcounter: Sent Reply-Item for user cmartinez, >>>>> Type=Session-Timeout, value=1250 >>>>> modcall[authorize]: module "monthlycounter" returns ok for >>>>> request 8 >>>>> >>>>> >>>>> My relevant conf files: >>>>> ------------------------------------ >>>>> clients.conf >>>>> >>>>> #PC with NTRadping >>>>> client 172.16.31.43/32 { >>>>> secret = xxxxx >>>>> shortname = Carlos >>>>> type = other >>>>> } >>>>> #Cisco NAS >>>>> client 200.106.138.14/32 { >>>>> secret = xxxxxx >>>>> shortname = cisco >>>>> type = cisco >>>>> } >>>>> ------------------------------------ >>>>> radiusd.conf >>>>> >>>>> prefix = /usr >>>>> exec_prefix = /usr >>>>> sysconfdir = /etc >>>>> localstatedir = /var >>>>> sbindir = /usr/sbin >>>>> logdir = ${localstatedir}/log/radius >>>>> raddbdir = ${sysconfdir}/raddb >>>>> radacctdir = ${logdir}/radacct >>>>> confdir = ${raddbdir} >>>>> run_dir = ${localstatedir}/run/radiusd >>>>> log_file = ${logdir}/radius.log >>>>> libdir = /usr/local/lib >>>>> pidfile = ${run_dir}/radiusd.pid >>>>> user = radiusd >>>>> group = radiusd >>>>> max_request_time = 30 >>>>> delete_blocked_requests = no >>>>> cleanup_delay = 5 >>>>> max_requests = 1024 >>>>> bind_address = * >>>>> port = 1812 >>>>> hostname_lookups = no >>>>> allow_core_dumps = no >>>>> regular_expressions = yes >>>>> extended_expressions = yes >>>>> log_stripped_names = yes >>>>> log_auth = yes >>>>> log_auth_badpass = no >>>>> log_auth_goodpass = no >>>>> usercollide = no >>>>> lower_user = no >>>>> lower_pass = no >>>>> nospace_user = no >>>>> nospace_pass = no >>>>> checkrad = ${sbindir}/checkrad >>>>> >>>>> security { >>>>> max_attributes = 200 >>>>> reject_delay = 1 >>>>> status_server = no >>>>> } >>>>> >>>>> proxy_requests = no >>>>> $INCLUDE ${confdir}/clients.conf >>>>> snmp = no >>>>> $INCLUDE ${confdir}/snmp.conf >>>>> >>>>> thread pool { >>>>> start_servers = 5 >>>>> max_servers = 32 >>>>> min_spare_servers = 3 >>>>> max_spare_servers = 10 >>>>> max_requests_per_server = 0 >>>>> } >>>>> >>>>> modules { >>>>> >>>>> pap { >>>>> encryption_scheme = crypt >>>>> } >>>>> >>>>> chap { >>>>> authtype = CHAP >>>>> } >>>>> >>>>> pam { >>>>> pam_auth = radiusd >>>>> } >>>>> >>>>> $INCLUDE ${confdir}/sql.conf >>>>> $INCLUDE ${confdir}/sqlcounter.conf mschap { >>>>> authtype = MS-CHAP >>>>> } >>>>> >>>>> ldap { >>>>> server = "200.xx.xx.xx" >>>>> port = "390" >>>>> identity = "cn=Directory Manager" >>>>> password = xxxxxxxxxx >>>>> basedn = "o=yy,o=yy" >>>>> password_attribute = "userPassword" >>>>> filter = "(uid=%{Stripped-User-Name:-%{User-Name}})" >>>>> start_tls = no >>>>> access_attr = "dialupAccess" >>>>> dictionary_mapping = ${raddbdir}/ldap.attrmap >>>>> ldap_connections_number = 5 >>>>> timeout = 4 >>>>> timelimit = 3 >>>>> net_timeout = 1 >>>>> } >>>>> >>>>> checkval { >>>>> item-name = Max-Monthly-Session >>>>> check-name = Max-Monthly-Session >>>>> data-type = string >>>>> } >>>>> preprocess { >>>>> huntgroups = ${confdir}/huntgroups >>>>> hints = ${confdir}/hints >>>>> with_ascend_hack = no >>>>> ascend_channels_per_line = 23 >>>>> with_ntdomain_hack = no >>>>> with_specialix_jetstream_hack = no >>>>> with_cisco_vsa_hack = no >>>>> } >>>>> >>>>> files { >>>>> usersfile = ${confdir}/users >>>>> acctusersfile = ${confdir}/acct_users >>>>> compat = no >>>>> } >>>>> >>>>> detail { >>>>> detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d >>>>> detailperm = 0600 >>>>> } >>>>> >>>>> detail auth_log { >>>>> detailfile = >>>>> ${radacctdir}/%{Client-IP-Address}/auth-detail-%Y%m%d >>>>> detailperm = 0600 >>>>> } >>>>> >>>>> detailfile = >>>>> ${radacctdir}/%{Client-IP-Address}/reply-detail-%Y%m%d >>>>> detailperm = 0600 >>>>> >>>>> acct_unique { >>>>> key = "User-Name, Acct-Session-Id, NAS-IP-Address, >>>>> Client-IP-Address, NAS-Port" >>>>> } >>>>> >>>>> radutmp { >>>>> filename = ${logdir}/radutmp >>>>> username = %{User-Name} >>>>> case_sensitive = yes >>>>> check_with_nas = yes perm = 0600 >>>>> callerid = "yes" >>>>> } >>>>> >>>>> radutmp sradutmp { >>>>> filename = ${logdir}/sradutmp >>>>> perm = 0644 >>>>> callerid = "no" >>>>> } >>>>> >>>>> attr_filter { >>>>> attrsfile = ${confdir}/attrs >>>>> } >>>>> >>>>> always fail { >>>>> rcode = fail >>>>> } >>>>> always reject { >>>>> rcode = reject >>>>> } >>>>> always ok { >>>>> rcode = ok >>>>> simulcount = 0 >>>>> mpp = no >>>>> } >>>>> >>>>> expr { >>>>> } >>>>> >>>>> digest { >>>>> } >>>>> >>>>> exec { >>>>> wait = yes >>>>> input_pairs = request >>>>> } >>>>> >>>>> exec echo { >>>>> wait = yes >>>>> program = "/bin/echo %{User-Name}" >>>>> input_pairs = request >>>>> output_pairs = reply >>>>> } >>>>> >>>>> ippool main_pool { >>>>> range-start = 192.168.1.1 >>>>> range-stop = 192.168.3.254 >>>>> netmask = 255.255.255.0 >>>>> cache-size = 800 >>>>> session-db = ${raddbdir}/db.ippool >>>>> ip-index = ${raddbdir}/db.ipindex >>>>> override = no >>>>> maximum-timeout = 0 >>>>> } >>>>> } >>>>> >>>>> instantiate { >>>>> exec >>>>> expr >>>>> monthlycounter >>>>> } >>>>> >>>>> authorize { >>>>> preprocess >>>>> auth_log >>>>> chap >>>>> mschap >>>>> files >>>>> ldap >>>>> noresetcounter >>>>> monthlycounter >>>>> } >>>>> >>>>> authenticate { >>>>> Auth-Type PAP { >>>>> pap >>>>> } >>>>> Auth-Type CHAP { >>>>> chap >>>>> } >>>>> Auth-Type MS-CHAP { >>>>> mschap >>>>> } >>>>> Auth-Type LDAP { >>>>> ldap >>>>> } >>>>> } >>>>> >>>>> preacct { >>>>> preprocess >>>>> acct_unique >>>>> } >>>>> >>>>> accounting { >>>>> detail >>>>> radutmp >>>>> sradutmp >>>>> sql >>>>> } >>>>> >>>>> session { >>>>> radutmp >>>>> sql >>>>> } >>>>> >>>>> post-auth { >>>>> } >>>>> >>>>> pre-proxy { >>>>> } >>>>> >>>>> post-proxy { >>>>> } >>>>> >>>>> ------------------------------------- >>>>> users >>>>> >>>>> DEFAULT Auth-Type = ldap >>>>> Fall-Through = 1 >>>>> >>>>> DEFAULT Simultaneous-Use := 1 >>>>> Fall-Through = 1 >>>>> >>>>> DEFAULT Framed-Protocol == PPP >>>>> Framed-Protocol = PPP, >>>>> Framed-Compression = Van-Jacobson-TCP-IP >>>>> >>>>> testuser Max-Monthly-Session := 108000, Auth-Type := ldap >>>>> Service-Type = Framed-User, >>>>> Framed-Protocol = PPP >>>>> >>>>> >>>>> Any help will be appreciated. >>>>> >>>>> Thanks a lot >>>>> >>>>> -- >>>>> Carlos Martínez-Troncoso Cera >>>>> Coordinador de Servicios Internet/Intranet >>>>> Universidad del Norte >>>>> Barranquilla, Colombia >>>>> >>>>> >>>>> >>>>> ------------------------------------------------------------------------ >>>>> >>>>> >>>>> - List info/subscribe/unsubscribe? See >>>>> http://www.freeradius.org/list/users.html >>>> >>>> >>>> >>>> >>>> >>>> - List info/subscribe/unsubscribe? See >>>> http://www.freeradius.org/list/users.html >>>> >>> - List info/subscribe/unsubscribe? See >>> http://www.freeradius.org/list/users.html >> >> >> >> - List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> >------------------------------------------------------------------------ > >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html |
«
Return to Users
|
1 view|%1 views
| Free forum by Nabble | Edit this page |