Re: counter module

[Alexander M. Pravking]

On Fri, Jul 25, 2003 at 10:20:13PM -0700, Alex Chen wrote:
 The counter module as a configuration element
 'check-name'.  In the example shown in radiusd.conf
 it is set to Max-Daily-Session.  The comment indicates
 that this 'Max-Daily-Session' can be specified in
 DEFAULT stanza.
 
 I am pretty sure when I tried to set
 DEFAULT   Max-Daily-Session := 20
 in 'users', the radiusd complained that it
 could not find such attribute and bailed out. 

Did you see something like 'rlm_files: matched DEFAULT at NNN' in debug
output? If not, your DEFAULT entry did not match.

 That's the reason I tried to use 'Session-Timeout'.
 But when I tested it again with freeradius 0.9, the server too it.
 I do not know if it was my typo previously or something changed
 in the server.

What version was it? The 0.9 release of FreeRADIUS has a lot of bug
fixes from 0.8.1.

 Anyway, I cannot find an attribute name called 'Max-Daily-Session'
 in the dictionary.  How does the server know this?
 I thought only an attribute can be specified in the 'users' file,
 or can we just use anything we want?
 
 Other than 'Max-Daily-Session' what else can be used?

This attribute is not in dictionary, it's dynamic. You can use whatever
you want attribute name in check-name, the counter module will register
this attribute during initialization.


-- 
Fduch M. Pravking

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: counter module

[Alex Chen]

Thanks for the information.  As long as it works, I do not care
whether it is my problem or a bug that was fixed.

 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:[EMAIL PROTECTED] Behalf Of 
 Alexander M. Pravking
 Sent: Friday, July 25, 2003 11:56 PM
 To: [EMAIL PROTECTED]
 Subject: Re: counter module
 
 
 On Fri, Jul 25, 2003 at 10:20:13PM -0700, Alex Chen wrote:
  The counter module as a configuration element
  'check-name'.  In the example shown in radiusd.conf
  it is set to Max-Daily-Session.  The comment indicates
  that this 'Max-Daily-Session' can be specified in
  DEFAULT stanza.
  
  I am pretty sure when I tried to set
  DEFAULT Max-Daily-Session := 20
  in 'users', the radiusd complained that it
  could not find such attribute and bailed out. 
 
 Did you see something like 'rlm_files: matched DEFAULT at 
 NNN' in debug
 output? If not, your DEFAULT entry did not match.
 
  That's the reason I tried to use 'Session-Timeout'.
  But when I tested it again with freeradius 0.9, the server too it.
  I do not know if it was my typo previously or something changed
  in the server.
 
 What version was it? The 0.9 release of FreeRADIUS has a lot of bug
 fixes from 0.8.1.
 
  Anyway, I cannot find an attribute name called 'Max-Daily-Session'
  in the dictionary.  How does the server know this?
  I thought only an attribute can be specified in the 'users' file,
  or can we just use anything we want?
  
  Other than 'Max-Daily-Session' what else can be used?
 
 This attribute is not in dictionary, it's dynamic. You can 
 use whatever
 you want attribute name in check-name, the counter module 
 will register
 this attribute during initialization.
 
 
 -- 
 Fduch M. Pravking
 
 - 
 List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Counter

[Alan DeKok]

Joachim Wickman [EMAIL PROTECTED] wrote:
 I'm testing the pre-paid solution (with lifetime counter) that was
 mentioned here on the list and is now wondering how I can reset one
 counter when a client wants one more hour?

  See the CVS snapshots: src/modules/rlm_counter/rad_counter.pl

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Counter

[Lisa Casey]

Hi Alan,


   See the CVS snapshots: src/modules/rlm_counter/rad_counter.pl

Could you give me a url for finding more info about this? I've looked
through the Free Radius web  site and can't find it.

Lisa Casey



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Counter

[Alan DeKok]

Lisa Casey [EMAIL PROTECTED] wrote:
 Could you give me a url for finding more info about this? I've looked
 through the Free Radius web  site and can't find it.

  Umm... look for the 'CVS snapshot' link on the downloads page?

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: Counter problem

[Keith Ballard]

Ah, didn't know about that one. Found some whitespace, deleted it, and all
up  running now, thanks.

Keith

 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED]]On Behalf Of Alan DeKok
 Sent: 06 February 2003 14:47
 To: [EMAIL PROTECTED]
 Subject: Re: Counter problem


 Keith Ballard [EMAIL PROTECTED] wrote:
  When I try and use it I get the error when it processes the
 'users' file:
 
  Syntax error: Previous line is missing a trailing comma for
 entry DEFAULT.

   If the entry looks OK, try deleting it, and re-typing it.

   Also watch for whitespace in lines that are otherwise blank.

   Alan DeKok.

 -
 List info/subscribe/unsubscribe? See
 http://www.freeradius.org/list/users.html


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Counter problem

[Alan DeKok]

Keith Ballard [EMAIL PROTECTED] wrote:
 When I try and use it I get the error when it processes the 'users' file:
 
 Syntax error: Previous line is missing a trailing comma for entry DEFAULT.

  If the entry looks OK, try deleting it, and re-typing it.

  Also watch for whitespace in lines that are otherwise blank.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: counter reset

[Kostas Kalevras]

On Wed, 18 Dec 2002, Remus Anca wrote:



   Hi,

 i've succesfull use freeradius 0.8 with counter module, and
 reset=never, but after some weeks, my server was restarted, and i've
 see that the counter was reinitiated with 0 for all users.

 Than, i've tested my self, and after i make a freeradius stop and
 start, the counter was reset again.

 is this a bug or a bad configuration?
 if it's bad config, can you advise, please?

It's a bug. Do a cvs update on the rlm_counter module. It should work ok now.

--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED]  National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Counter question

[Kostas Kalevras]

On Mon, 4 Nov 2002, Michael O. Boev wrote:

 Hello, everybody!

 Can I be applying a time restriction (Session-Timeout) differently, based on
 the current time?

 I mean,... If the user dials in ONLY during the daytime (i.e. Wk09-18),
 I want to be sending a Session-Timeout reply (e.g. :=10800).

 But, I've no idea what check-items should I use in the 'users' file.

 I would be thankful to anyone for an idea, or for pointing at a place with
 relevant docs.

 I'm using FreeRadius 0.7.

 Michael Boev.

DEFAULT Current-Time == Wk09-18
Session-Timeout := 10800

i think

--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED]  National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Counter Module ignoring Accounting Packets

[Aaron Webb]

Well Mr. Webb,

If you had any brains you might notice the 'allowed-servicetype = Framed-User' 
line in your conf file and make the association between that and a chunk of 
code that checks to ensure that the service-type of the accounting packet is 
'Framed-User'.  But you don't appear to be the sharpest knife in the drawer 
today.

Yes, I know, I just posted a question and then an answer to that same question 
within seconds.  My apologies, when I receieved my post through the list I 
reviewed it and figured out what I was doing wrong.  Perhaps I'll save 
someone else who is as silly as I from asking the same question.

Aaron


On October 2, 2002 13:25 pm, Aaron Webb wrote:
 FreeRADIUS Version 0.7.1, for host i686-pc-linux-gnu.
 Using MySQL for authentication and accounting.

 I got the counter module set up and the proper entry in the radcheck table
 of the database, and started sending accounting packets to my RADIUS
 server.  I noticed the following message from the log when I ran it with
 the -X option:

 modcall[accounting]: module counter returns noop

 Upon investigation, I determined that the NOOP was being returned from
 rlm_counter.c, lines 406 and 407.  Lines 402-411 are included for context:

 /*
  * Check if we need to watch out for a specific service-type. If yes then
 check it */
 if (data-service_type != NULL) {
if ((proto_vp = pairfind(request-packet-vps, PW_SERVICE_TYPE))
 == NULL) return RLM_MODULE_NOOP;
if (proto_vp-lvalue != data-service_val)
return RLM_MODULE_NOOP;
 }

 The second if (if proto_vp = pairfind ...) was returning true and
 RLM_MODULE_NOOP was being returned by the module.  I printed out the value
 of data-service_type, and it was 'Framed-User'.

 When I commented out all of the above lines, the counter module began
 working and continues to work like a charm.

 My questions:

 1. What does the section that I commented out do?
 2. Will this adversely affect anything?
 3. I assume there should be a better way to make this work - can anyone
 tell me why it wouldn't work before?

 Below are the relevant bits of the conf file and the row from radcheck.

 Thanks!

 Aaron

 Row I added to radcheck in the MySQL database:
 |  7 | awebb| Max-Daily-Session | 110|
 | :=   |

 raduisd.conf important bits (I think this should suffice):

 counter {
 filename = ${raddbdir}/db.counter
 key = User-Name
 count-attribute = Acct-Session-Time
 reset = daily
 counter-name = Daily-Session-Time
 check-name = Max-Daily-Session
 allowed-servicetype = Framed-User
 cache-size = 5000
 }


 authorize {
 suffix
 files
 sql
 counter
 }

 authenticate {}

 accounting {
 detail
 counter
 radutmp
 sql
 }

 session {
 radutmp
 }


 -
 List info/subscribe/unsubscribe? See
 http://www.freeradius.org/list/users.html


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: counter module counting too many times

[Alan DeKok]

Alexandre Strube [EMAIL PROTECTED] wrote:
 Some people had the same trouble some time ago. The only thing
 I could do to stop this was setting the Acct_Unique_Id as unique on
 radacct  table, so mysql server would discard subsequent packets
 with the same id. My box keeps sending duplicated packets for months,
 but with this wacky fix I could solve the problem for me.

  That's really the only fix.

 I'm using 0.5 and just noticed that when the same acct packet arrive
 more than once to the server, the counter module does not control the
 fact that it is repeated -not even if the acct_uniq module is being
 used- and its count-attribute get added several times. Just checked the
 latest cvs version to find that this behavior remains unchanged; it has
 only minor changes.

 I don't see the counter module EVER changing.  It's intent is to be
small and simple.  Adding more smarts means that you might as well
use a real database, like SQL.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: counter module counting too many times

[Kostas Kalevras]

On 25 Jul 2002, [ISO-8859-1] Moisés David [ISO-8859-1] Rincón D'Hoyos wrote:

 I'm using 0.5 and just noticed that when the same acct packet arrive
 more than once to the server, the counter module does not control the
 fact that it is repeated -not even if the acct_uniq module is being
 used- and its count-attribute get added several times. Just checked the
 latest cvs version to find that this behavior remains unchanged; it has
 only minor changes.

 Anyone working on this?

The data stored for each user is just the counter. So the module is not able to
identify if an accounting record is a duplicate one. I plan on adding more info
like the NAS/Port/SessionId of the last accounting stop in the database which
should make the problem disappear. Probably by the end of the next week.

--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED]  National Technical University of Athens, Greece
Work Phone: +30 10 7721861
'Go back to the shadow' Gandalf


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: counter module counting too many times

[Alan DeKok]

[EMAIL PROTECTED] wrote:
 I'm using 0.5 and just noticed that when the same acct packet arrive
 more than once to the server, the counter module does not control the
 fact that it is repeated -not even if the acct_uniq module is being
 used- and its count-attribute get added several times.

  Yes, that's a problem.

  The issue is that the counter module (and much of the server) has no
way of knowing if the accounting packet is a duplicate or not.  So
it's difficult to know when to do something with an accounting packet,
and when to ignore it.


  The SQL module would know it was duplicate, because it has
persistent storage and lookup.  The 'detail' module wouldn't, because
it doesn't do lookups.

 Anyone working on this?

  Nope.  I'm not sure if there's a simple fix right now.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: counter module and mysql

[Alan DeKok]

=?ISO-8859-1?Q?Pasi_K=E4rkk=E4inen?= [EMAIL PROTECTED] wrote:
 I'd like to store all authentication and accounting data in mysql and use
 counter module to calculate some time-stuff..

  I don't think you need any patches to do that.
 
 All examples about usage of counter module are also welcome. There seems
 to be no documentation about counter module with freeradius..

  See 'raddb/radiusd.conf'.  There isn't much there, but it's better
than nothing.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Counter

[Alan DeKok]

Gillou [EMAIL PROTECTED] wrote:
  A option to add to the counter module is to set decrement of an
  accounting attribute instead of an increment.
  So, somebody can offer a prepaid service of 25h/month, and increase the
  customer time if he call one phone number or something similar.(if we
  resolve the db locking problem)
 
 I want to participate to de developpement of this fonctionnality (
 beceause a relyy needs this ;o)

  It shouldn't be too bad.  Go to src/modules/rlm_counter, and poke
around in there.  Then, post the patches to the list.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Counter

[Alan DeKok]

Eduardo Roldan [EMAIL PROTECTED] wrote:
 I want to read/update this database too.
 But the counter module is opening the db.counter file with locking.(the
 default operation of the gdbm library is to open a file locked)

  Yes.  The code SHOULD do a gdbm_open with the NOLOCK option.

  However, that also means that the module MUST do file locking
itself.  That code hasn't been written yet.

  As always, patches are welcome.

 How can we update/read this database when freeradius is running?

  Source code patches to the module.

 A option to add to the counter module is to set decrement of an
 accounting attribute instead of an increment.

  That's a good idea, too.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Counter

[Gillou]

 A option to add to the counter module is to set decrement of an
 accounting attribute instead of an increment.
 So, somebody can offer a prepaid service of 25h/month, and increase the
 customer time if he call one phone number or something similar.(if we
 resolve the db locking problem)

I want to participate to de developpement of this fonctionnality ( beceause a 
relyy needs this ;o)
I'll try to release something ASAP.

Any help would be appreciate :o)

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Counter

[Alan DeKok]

Gillou [EMAIL PROTECTED] wrote:
 If I use reser = never, can I reset the counter manualy with a given value 
 with a small perl script or C prog ?

  There is currently no way to do this.

  It shouldn't be hard to do from a small program.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Counter module doesn't work

[Andrew Kelaidis]

Thanks!!! Now I have only this record in radcheck table:
Username   Attribute Value   op
-
UserName   Max-Daily-Session-Time7200 :=
..
-
but I had to change the Authorization section of the radius.conf to:
authorize {
sql
counter
}

I hope that this will help someone.

From: Kostas Kalevras [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: Counter module doesn't work
Date: Mon, 11 Feb 2002 14:52:42 +0200 (EET)

On Mon, 11 Feb 2002, Andrew Kelaidis wrote:

  I have installed the latest snapshot of freeRadius and I am using mySQL 
for
  AAA. I would also like to limit the online time for all users. Here is a
  part of my radiusd.conf file:
  
  counter {
  filename = ${raddbdir}/db.counter
  key = User-Name
  count-attribute = Acct-Session-Time
  reset = daily
  counter-name = Daily-Session-Time
  check-name = Max-Daily-Session-Time
  allowed-servicetype = Framed-User
  cache-size = 5000
  }
  I have also inserted a counter into Authorization, Accounting parts of 
the
  file. In radius database I have these records for the counter:
  Username   Attribute  Value  op
  
  UserName   Daily-Session-Time120 
  UserName   Auth-Type Reject  =
  
  I start radius with -X and when a user calls in I receive these 
messages
  about counter:
 modcall: entering group authorize
 rlm_counter: Entering module authorize code
 rlm_counter: Could not find Check item value pair
 modcall[authorize]: module counter returns noop
  The Accounting procedure returns ok. I can't understand what I do wrong.
  Please help

You can do one of the following:

1. Remove the counter from the authorize section and leave it in the 
accounting
section. The check for the Daily-Session-Time is based on a compare 
function
registered from the counter module and not on the authorize function 
provided by
the module.

2. Add a Max-Daily-Session-Time check item in the db like this:

UserName  Max-Daily-Session-Time120   = (you could also use the := 
operator)

and leave the counter in the authorize section.

--
Kostas Kalevras  Network Operations Center
[EMAIL PROTECTED] National Technical University of Athens, Greece
Work Phone:  +30 10 7721861
'Go back to the shadow' Gandalf


-
List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html



_
Chat with friends online, try MSN Messenger: http://messenger.msn.com


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: Counter module doesn't work

[Kostas Kalevras]

On Mon, 11 Feb 2002, Peter Santiago wrote:

 Based on what I'm reading below ... to set time limits for my users, I need
 to use a database (MySQL). Do I?  I'm using portslave wih freeradius If
 I just want to use /etc/passwd for authentication... where and how should I
 store the time limits for each users?  Thanks


You need to store either the check for Daily-Session-Time or the
Max-Daily-Session somewhere. That can be a db (sql,ldap) or just the users file.
If you are lazy you could just add a DEFAULT entry in your users file and be
just fine. Something like:

DEFAULT Max-Daily-Session := 14400

--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED]  National Technical University of Athens, Greece
Work Phone: +30 10 7721861
'Go back to the shadow' Gandalf



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Counter module doesn't work

[Kostas Kalevras]

On Mon, 11 Feb 2002, Andrew Kelaidis wrote:

 I have installed the latest snapshot of freeRadius and I am using mySQL for
 AAA. I would also like to limit the online time for all users. Here is a
 part of my radiusd.conf file:
 
 counter {
 filename = ${raddbdir}/db.counter
 key = User-Name
 count-attribute = Acct-Session-Time
 reset = daily
 counter-name = Daily-Session-Time
 check-name = Max-Daily-Session-Time
 allowed-servicetype = Framed-User
 cache-size = 5000
 }
 I have also inserted a counter into Authorization, Accounting parts of the
 file. In radius database I have these records for the counter:
 Username   Attribute  Value  op
 
 UserName   Daily-Session-Time120 
 UserName   Auth-Type Reject  =
 
 I start radius with -X and when a user calls in I receive these messages
 about counter:
modcall: entering group authorize
rlm_counter: Entering module authorize code
rlm_counter: Could not find Check item value pair
modcall[authorize]: module counter returns noop
 The Accounting procedure returns ok. I can't understand what I do wrong.
 Please help

You can do one of the following:

1. Remove the counter from the authorize section and leave it in the accounting
section. The check for the Daily-Session-Time is based on a compare function
registered from the counter module and not on the authorize function provided by
the module.

2. Add a Max-Daily-Session-Time check item in the db like this:

UserName  Max-Daily-Session-Time120   = (you could also use the := operator)

and leave the counter in the authorize section.

--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED]  National Technical University of Athens, Greece
Work Phone: +30 10 7721861
'Go back to the shadow' Gandalf


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html