Re: counter module
On Fri, Jul 25, 2003 at 10:20:13PM -0700, Alex Chen wrote: The counter module as a configuration element 'check-name'. In the example shown in radiusd.conf it is set to Max-Daily-Session. The comment indicates that this 'Max-Daily-Session' can be specified in DEFAULT stanza. I am pretty sure when I tried to set DEFAULT Max-Daily-Session := 20 in 'users', the radiusd complained that it could not find such attribute and bailed out. Did you see something like 'rlm_files: matched DEFAULT at NNN' in debug output? If not, your DEFAULT entry did not match. That's the reason I tried to use 'Session-Timeout'. But when I tested it again with freeradius 0.9, the server too it. I do not know if it was my typo previously or something changed in the server. What version was it? The 0.9 release of FreeRADIUS has a lot of bug fixes from 0.8.1. Anyway, I cannot find an attribute name called 'Max-Daily-Session' in the dictionary. How does the server know this? I thought only an attribute can be specified in the 'users' file, or can we just use anything we want? Other than 'Max-Daily-Session' what else can be used? This attribute is not in dictionary, it's dynamic. You can use whatever you want attribute name in check-name, the counter module will register this attribute during initialization. -- Fduch M. Pravking - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: counter module
Thanks for the information. As long as it works, I do not care whether it is my problem or a bug that was fixed. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Alexander M. Pravking Sent: Friday, July 25, 2003 11:56 PM To: [EMAIL PROTECTED] Subject: Re: counter module On Fri, Jul 25, 2003 at 10:20:13PM -0700, Alex Chen wrote: The counter module as a configuration element 'check-name'. In the example shown in radiusd.conf it is set to Max-Daily-Session. The comment indicates that this 'Max-Daily-Session' can be specified in DEFAULT stanza. I am pretty sure when I tried to set DEFAULT Max-Daily-Session := 20 in 'users', the radiusd complained that it could not find such attribute and bailed out. Did you see something like 'rlm_files: matched DEFAULT at NNN' in debug output? If not, your DEFAULT entry did not match. That's the reason I tried to use 'Session-Timeout'. But when I tested it again with freeradius 0.9, the server too it. I do not know if it was my typo previously or something changed in the server. What version was it? The 0.9 release of FreeRADIUS has a lot of bug fixes from 0.8.1. Anyway, I cannot find an attribute name called 'Max-Daily-Session' in the dictionary. How does the server know this? I thought only an attribute can be specified in the 'users' file, or can we just use anything we want? Other than 'Max-Daily-Session' what else can be used? This attribute is not in dictionary, it's dynamic. You can use whatever you want attribute name in check-name, the counter module will register this attribute during initialization. -- Fduch M. Pravking - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Counter
Joachim Wickman [EMAIL PROTECTED] wrote: I'm testing the pre-paid solution (with lifetime counter) that was mentioned here on the list and is now wondering how I can reset one counter when a client wants one more hour? See the CVS snapshots: src/modules/rlm_counter/rad_counter.pl Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Counter
Hi Alan, See the CVS snapshots: src/modules/rlm_counter/rad_counter.pl Could you give me a url for finding more info about this? I've looked through the Free Radius web site and can't find it. Lisa Casey - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Counter
Lisa Casey [EMAIL PROTECTED] wrote: Could you give me a url for finding more info about this? I've looked through the Free Radius web site and can't find it. Umm... look for the 'CVS snapshot' link on the downloads page? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Counter problem
Ah, didn't know about that one. Found some whitespace, deleted it, and all up running now, thanks. Keith -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Alan DeKok Sent: 06 February 2003 14:47 To: [EMAIL PROTECTED] Subject: Re: Counter problem Keith Ballard [EMAIL PROTECTED] wrote: When I try and use it I get the error when it processes the 'users' file: Syntax error: Previous line is missing a trailing comma for entry DEFAULT. If the entry looks OK, try deleting it, and re-typing it. Also watch for whitespace in lines that are otherwise blank. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Counter problem
Keith Ballard [EMAIL PROTECTED] wrote: When I try and use it I get the error when it processes the 'users' file: Syntax error: Previous line is missing a trailing comma for entry DEFAULT. If the entry looks OK, try deleting it, and re-typing it. Also watch for whitespace in lines that are otherwise blank. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: counter reset
On Wed, 18 Dec 2002, Remus Anca wrote: Hi, i've succesfull use freeradius 0.8 with counter module, and reset=never, but after some weeks, my server was restarted, and i've see that the counter was reinitiated with 0 for all users. Than, i've tested my self, and after i make a freeradius stop and start, the counter was reset again. is this a bug or a bad configuration? if it's bad config, can you advise, please? It's a bug. Do a cvs update on the rlm_counter module. It should work ok now. -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Counter question
On Mon, 4 Nov 2002, Michael O. Boev wrote: Hello, everybody! Can I be applying a time restriction (Session-Timeout) differently, based on the current time? I mean,... If the user dials in ONLY during the daytime (i.e. Wk09-18), I want to be sending a Session-Timeout reply (e.g. :=10800). But, I've no idea what check-items should I use in the 'users' file. I would be thankful to anyone for an idea, or for pointing at a place with relevant docs. I'm using FreeRadius 0.7. Michael Boev. DEFAULT Current-Time == Wk09-18 Session-Timeout := 10800 i think -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Counter Module ignoring Accounting Packets
Well Mr. Webb, If you had any brains you might notice the 'allowed-servicetype = Framed-User' line in your conf file and make the association between that and a chunk of code that checks to ensure that the service-type of the accounting packet is 'Framed-User'. But you don't appear to be the sharpest knife in the drawer today. Yes, I know, I just posted a question and then an answer to that same question within seconds. My apologies, when I receieved my post through the list I reviewed it and figured out what I was doing wrong. Perhaps I'll save someone else who is as silly as I from asking the same question. Aaron On October 2, 2002 13:25 pm, Aaron Webb wrote: FreeRADIUS Version 0.7.1, for host i686-pc-linux-gnu. Using MySQL for authentication and accounting. I got the counter module set up and the proper entry in the radcheck table of the database, and started sending accounting packets to my RADIUS server. I noticed the following message from the log when I ran it with the -X option: modcall[accounting]: module counter returns noop Upon investigation, I determined that the NOOP was being returned from rlm_counter.c, lines 406 and 407. Lines 402-411 are included for context: /* * Check if we need to watch out for a specific service-type. If yes then check it */ if (data-service_type != NULL) { if ((proto_vp = pairfind(request-packet-vps, PW_SERVICE_TYPE)) == NULL) return RLM_MODULE_NOOP; if (proto_vp-lvalue != data-service_val) return RLM_MODULE_NOOP; } The second if (if proto_vp = pairfind ...) was returning true and RLM_MODULE_NOOP was being returned by the module. I printed out the value of data-service_type, and it was 'Framed-User'. When I commented out all of the above lines, the counter module began working and continues to work like a charm. My questions: 1. What does the section that I commented out do? 2. Will this adversely affect anything? 3. I assume there should be a better way to make this work - can anyone tell me why it wouldn't work before? Below are the relevant bits of the conf file and the row from radcheck. Thanks! Aaron Row I added to radcheck in the MySQL database: | 7 | awebb| Max-Daily-Session | 110| | := | raduisd.conf important bits (I think this should suffice): counter { filename = ${raddbdir}/db.counter key = User-Name count-attribute = Acct-Session-Time reset = daily counter-name = Daily-Session-Time check-name = Max-Daily-Session allowed-servicetype = Framed-User cache-size = 5000 } authorize { suffix files sql counter } authenticate {} accounting { detail counter radutmp sql } session { radutmp } - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: counter module counting too many times
Alexandre Strube [EMAIL PROTECTED] wrote: Some people had the same trouble some time ago. The only thing I could do to stop this was setting the Acct_Unique_Id as unique on radacct table, so mysql server would discard subsequent packets with the same id. My box keeps sending duplicated packets for months, but with this wacky fix I could solve the problem for me. That's really the only fix. I'm using 0.5 and just noticed that when the same acct packet arrive more than once to the server, the counter module does not control the fact that it is repeated -not even if the acct_uniq module is being used- and its count-attribute get added several times. Just checked the latest cvs version to find that this behavior remains unchanged; it has only minor changes. I don't see the counter module EVER changing. It's intent is to be small and simple. Adding more smarts means that you might as well use a real database, like SQL. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: counter module counting too many times
On 25 Jul 2002, [ISO-8859-1] Moisés David [ISO-8859-1] Rincón D'Hoyos wrote: I'm using 0.5 and just noticed that when the same acct packet arrive more than once to the server, the counter module does not control the fact that it is repeated -not even if the acct_uniq module is being used- and its count-attribute get added several times. Just checked the latest cvs version to find that this behavior remains unchanged; it has only minor changes. Anyone working on this? The data stored for each user is just the counter. So the module is not able to identify if an accounting record is a duplicate one. I plan on adding more info like the NAS/Port/SessionId of the last accounting stop in the database which should make the problem disappear. Probably by the end of the next week. -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 10 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: counter module counting too many times
[EMAIL PROTECTED] wrote: I'm using 0.5 and just noticed that when the same acct packet arrive more than once to the server, the counter module does not control the fact that it is repeated -not even if the acct_uniq module is being used- and its count-attribute get added several times. Yes, that's a problem. The issue is that the counter module (and much of the server) has no way of knowing if the accounting packet is a duplicate or not. So it's difficult to know when to do something with an accounting packet, and when to ignore it. The SQL module would know it was duplicate, because it has persistent storage and lookup. The 'detail' module wouldn't, because it doesn't do lookups. Anyone working on this? Nope. I'm not sure if there's a simple fix right now. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: counter module and mysql
=?ISO-8859-1?Q?Pasi_K=E4rkk=E4inen?= [EMAIL PROTECTED] wrote: I'd like to store all authentication and accounting data in mysql and use counter module to calculate some time-stuff.. I don't think you need any patches to do that. All examples about usage of counter module are also welcome. There seems to be no documentation about counter module with freeradius.. See 'raddb/radiusd.conf'. There isn't much there, but it's better than nothing. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Counter
Gillou [EMAIL PROTECTED] wrote: A option to add to the counter module is to set decrement of an accounting attribute instead of an increment. So, somebody can offer a prepaid service of 25h/month, and increase the customer time if he call one phone number or something similar.(if we resolve the db locking problem) I want to participate to de developpement of this fonctionnality ( beceause a relyy needs this ;o) It shouldn't be too bad. Go to src/modules/rlm_counter, and poke around in there. Then, post the patches to the list. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Counter
Eduardo Roldan [EMAIL PROTECTED] wrote: I want to read/update this database too. But the counter module is opening the db.counter file with locking.(the default operation of the gdbm library is to open a file locked) Yes. The code SHOULD do a gdbm_open with the NOLOCK option. However, that also means that the module MUST do file locking itself. That code hasn't been written yet. As always, patches are welcome. How can we update/read this database when freeradius is running? Source code patches to the module. A option to add to the counter module is to set decrement of an accounting attribute instead of an increment. That's a good idea, too. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Counter
A option to add to the counter module is to set decrement of an accounting attribute instead of an increment. So, somebody can offer a prepaid service of 25h/month, and increase the customer time if he call one phone number or something similar.(if we resolve the db locking problem) I want to participate to de developpement of this fonctionnality ( beceause a relyy needs this ;o) I'll try to release something ASAP. Any help would be appreciate :o) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Counter
Gillou [EMAIL PROTECTED] wrote: If I use reser = never, can I reset the counter manualy with a given value with a small perl script or C prog ? There is currently no way to do this. It shouldn't be hard to do from a small program. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Counter module doesn't work
Thanks!!! Now I have only this record in radcheck table: Username Attribute Value op - UserName Max-Daily-Session-Time7200 := .. - but I had to change the Authorization section of the radius.conf to: authorize { sql counter } I hope that this will help someone. From: Kostas Kalevras [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: Counter module doesn't work Date: Mon, 11 Feb 2002 14:52:42 +0200 (EET) On Mon, 11 Feb 2002, Andrew Kelaidis wrote: I have installed the latest snapshot of freeRadius and I am using mySQL for AAA. I would also like to limit the online time for all users. Here is a part of my radiusd.conf file: counter { filename = ${raddbdir}/db.counter key = User-Name count-attribute = Acct-Session-Time reset = daily counter-name = Daily-Session-Time check-name = Max-Daily-Session-Time allowed-servicetype = Framed-User cache-size = 5000 } I have also inserted a counter into Authorization, Accounting parts of the file. In radius database I have these records for the counter: Username Attribute Value op UserName Daily-Session-Time120 UserName Auth-Type Reject = I start radius with -X and when a user calls in I receive these messages about counter: modcall: entering group authorize rlm_counter: Entering module authorize code rlm_counter: Could not find Check item value pair modcall[authorize]: module counter returns noop The Accounting procedure returns ok. I can't understand what I do wrong. Please help You can do one of the following: 1. Remove the counter from the authorize section and leave it in the accounting section. The check for the Daily-Session-Time is based on a compare function registered from the counter module and not on the authorize function provided by the module. 2. Add a Max-Daily-Session-Time check item in the db like this: UserName Max-Daily-Session-Time120 = (you could also use the := operator) and leave the counter in the authorize section. -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 10 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _ Chat with friends online, try MSN Messenger: http://messenger.msn.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Counter module doesn't work
On Mon, 11 Feb 2002, Peter Santiago wrote: Based on what I'm reading below ... to set time limits for my users, I need to use a database (MySQL). Do I? I'm using portslave wih freeradius If I just want to use /etc/passwd for authentication... where and how should I store the time limits for each users? Thanks You need to store either the check for Daily-Session-Time or the Max-Daily-Session somewhere. That can be a db (sql,ldap) or just the users file. If you are lazy you could just add a DEFAULT entry in your users file and be just fine. Something like: DEFAULT Max-Daily-Session := 14400 -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 10 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Counter module doesn't work
On Mon, 11 Feb 2002, Andrew Kelaidis wrote: I have installed the latest snapshot of freeRadius and I am using mySQL for AAA. I would also like to limit the online time for all users. Here is a part of my radiusd.conf file: counter { filename = ${raddbdir}/db.counter key = User-Name count-attribute = Acct-Session-Time reset = daily counter-name = Daily-Session-Time check-name = Max-Daily-Session-Time allowed-servicetype = Framed-User cache-size = 5000 } I have also inserted a counter into Authorization, Accounting parts of the file. In radius database I have these records for the counter: Username Attribute Value op UserName Daily-Session-Time120 UserName Auth-Type Reject = I start radius with -X and when a user calls in I receive these messages about counter: modcall: entering group authorize rlm_counter: Entering module authorize code rlm_counter: Could not find Check item value pair modcall[authorize]: module counter returns noop The Accounting procedure returns ok. I can't understand what I do wrong. Please help You can do one of the following: 1. Remove the counter from the authorize section and leave it in the accounting section. The check for the Daily-Session-Time is based on a compare function registered from the counter module and not on the authorize function provided by the module. 2. Add a Max-Daily-Session-Time check item in the db like this: UserName Max-Daily-Session-Time120 = (you could also use the := operator) and leave the counter in the authorize section. -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 10 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html