dear all,
I have created an account with time quota, the time quota function is
running properly, however, I find out that the account cannot be login for
more than twice.
The attached file is the log file with "radiusd -xx". There are totally
three login after the starting of freeradius. The first two times are
successful, but for the third time, it denied! You can notify it at the
end of the log file:
rlm_counter: Entering module authorize code
the output is stop at the above statement and the client is disconnect
after some time.
I dont know whether can give you all some insight about the problem, I
find that the thread seems getting halt with you login after the second
time (becase I see that the total number of thread is increased by one
when I continue try logging in).
I am using counter module for time quota and the following are part of the
radiusd.conf:
counter {
filename = ${raddbdir}/db.counter
key = User-Name
count-attribute = Acct-Session-Time
reset = never
counter-name = RAD-Session-Time
check-name = RAD-Max-Session-Time
allowed-servicetype = Framed-User
cache-size = 0
}
authorize {
preprocess
# counter
# attr_filter
# eap
suffix
files
# mschap
counter
}
authenticate {
# pam
unix
# ldap
# mschap
# eap
}
preacct {
suffix
files
preprocess
}
accounting {
# acct_unique
detail
counter
unix
radutmp
# sradutmp
}
session {
radutmp
}
the users file:
DEFAULT Simultaneous-Use := 1
Fall-Through = 1
DEFAULT Group == "plan60", RAD-Max-Session-Time := 60
Fall-Through = 1
#DEFAULT Group == "plan60", RAD-Session-Time == 60, Auth-Type :=
Reject
# Reply-Message = "You've used up more than 1 minute!"
#DEFAULT Group == "plan60", Auth-Type := Reject
# Reply-Message = "You've used up more than 1 minute!"
DEFAULT Auth-Type := System
Fall-Through = 1
the /etc/passwd file:
m60:x:511:100::/home/m60:/bin/bash
m60a:x:512:100::/home/m60a:/bin/bash
the /etc/group file:
plan60:x:511:m60,m60a
With the above configuration, the time quota is running properly, but if
you log in for more that twice, it cannot succeed!
Please help. Thank you very much for your help!
Kenneth
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /usr/local/radiusd/etc/raddb/clients.conf
Config: including file: /usr/local/radiusd/etc/raddb/snmp.conf
Config: including file: /usr/local/radiusd/etc/raddb/sql.conf
main: prefix = "/usr/local/radiusd"
main: localstatedir = "/usr/local/radiusd/var"
main: logdir = "/usr/local/radiusd/var/log/radius"
main: libdir = "/usr/local/radiusd/lib"
main: radacctdir = "/usr/local/radiusd/var/log/radius/radacct"
main: hostname_lookups = no
read_config_files: reading dictionary
read_config_files: reading clients
read_config_files: reading realms
read_config_files: reading naslist
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = yes
main: log_auth = yes
main: log_auth_badpass = yes
main: log_auth_goodpass = yes
main: pidfile = "/usr/local/radiusd/var/run/radiusd.pid"
main: user = "root"
main: group = "root"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: proxy_requests = no
security: max_attributes = 200
security: reject_delay = 0
main: debug_level = 0
read_config_files: entering modules setup
Module: Library search path is /usr/local/radiusd/lib
Module: Loaded System
unix: cache = no
unix: passwd = "/etc/passwd"
unix: shadow = "(null)"
unix: group = "/etc/group"
unix: radwtmp = "/usr/local/radiusd/var/log/radius/radwtmp"
unix: usegroup = no
unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded preprocess
preprocess: huntgroups = "/usr/local/radiusd/etc/raddb/huntgroups"
preprocess: hints = "/usr/local/radiusd/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
realm: format = "suffix"
realm: delimiter = "@"
Module: Instantiated realm (suffix)
Module: Loaded files
files: usersfile = "/usr/local/radiusd/etc/raddb/users"
files: acctusersfile = "/usr/local/radiusd/etc/raddb/acct_users"
files: compat = "no"
Module: Instantiated files (files)
Module: Loaded Counter
counter: filename = "/usr/local/radiusd/etc/raddb/db.counter"
counter: key = "User-Name"
counter: reset = "never"
counter: count-attribute = "Acct-Session-Time"
counter: counter-name = "RAD-Session-Time"
counter: check-name = "RAD-Max-Session-Time"
counter: allowed-servicetype = "Framed-User"
counter: cache-size = 0
rlm_counter: Counter attribute RAD-Session-Time is number 89
rlm_counter: Current Time: 1022227738, Next reset 0
Module: Instantiated counter (counter)
Module: Loaded detail
detail: detailfile =
"/usr/local/radiusd/var/log/radius/radacct/%{Client-IP-Address}/detail"
detail: detailperm = 384
detail: dirperm = 493
Module: Instantiated detail (detail)
Module: Loaded radutmp
radutmp: filename = "/usr/local/radiusd/var/log/radius/radutmp"
radutmp: username = "%{User-Name}"
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
main: smux_password = "SdvrmfNdfoVodvp"
main: snmp_write_access = no
SMUX connect try 1
Can't connect to SNMP agent with SMUX: Connection refused
Initializing the thread pool...
thread: start_servers = 5
thread: max_servers = 32
thread: min_spare_servers = 3
thread: max_spare_servers = 10
thread: max_requests_per_server = 0
thread: cleanup_delay = 5
Thread 1 waiting to be assigned a request
Thread spawned new child 1. Total threads in pool: 1
Thread 2 waiting to be assigned a request
Thread spawned new child 2. Total threads in pool: 2
Thread spawned new child 3. Total threads in pool: 3
Thread 3 waiting to be assigned a request
Thread spawned new child 4. Total threads in pool: 4
Thread 4 waiting to be assigned a request
Thread 5 waiting to be assigned a request
Thread spawned new child 5. Total threads in pool: 5
Listening on IP address *, ports 1812/udp and 1813/udp.
Ready to process requests.
rad_recv: Access-Request packet from host 202.14.68.50:1131, id=153, length=96
Thread 1 assigned request 0
SMUX connect try 2
Thread 1 handling request 0, (1 handled so far)
User-Name = "m60"
User-Password = "\356\\\263\324"
NAS-IP-Address = 202.14.68.50
Can't connect to SNMP agent with SMUX: Connection refused
--- Walking the entire request list ---
Threads: total/active/spare threads = 5/1/4
Nothing to do. Sleeping until we see a request.
NAS-Port = 20106
NAS-Port-Type = Async
Service-Type = Framed-User
Framed-Protocol = PPP
State = 0x
Calling-Station-Id = "21587600"
Called-Station-Id = "34234416"
Acct-Session-Id = "377173661"
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
modcall[authorize]: module "suffix" returns ok
users: Matched DEFAULT at 1
users: Matched DEFAULT at 4
users: Matched DEFAULT at 13
modcall[authorize]: module "files" returns ok
rlm_counter: Entering module authorize code
rlm_counter: (Check item - counter) is greater than zero
rlm_counter: Authorized user m60, check_item=60, counter=0
rlm_counter: Sent Reply-Item for user m60, Type=Session-Timeout, value=60
modcall[authorize]: module "counter" returns ok
modcall: group authorize returns ok
rad_check_password: Found Auth-Type System
auth: type "System"
modcall: entering group authenticate
modcall[authenticate]: module "unix" returns ok
modcall: group authenticate returns ok
modcall: entering group session
modcall[session]: module "radutmp" returns ok
modcall: group session returns ok
Login OK: [m60/m60] (from nas UNKNOWN-NAS port 20106 cli 21587600)
Sending Access-Accept of id 153 to 202.14.68.50:1131
Session-Timeout = 60
Finished request 0
Going to the next request
Thread 1 waiting to be assigned a request
rad_recv: Accounting-Request packet from host 202.14.68.50:1153, id=101, length=118
Thread 2 assigned request 1
SMUX connect try 3
Thread 2 handling request 1, (1 handled so far)
User-Name = "m60"
NAS-IP-Address = 202.14.68.50
NAS-Port = 20106
NAS-Port-Type = Async
Acct-Status-Type = Start
Can't connect to SNMP agent with SMUX: Connection refused
--- Walking the entire request list ---
Waking up in 2 seconds...
Acct-Delay-Time = 0
Acct-Session-Id = "377173661"
Acct-Authentic = RADIUS
X-Ascend-Modem-PortNo = 6
X-Ascend-Modem-SlotNo = 3
Calling-Station-Id = "21587600"
Called-Station-Id = "34234416"
Framed-Protocol = PPP
Framed-IP-Address = 202.64.29.162
modcall: entering group preacct
modcall[preacct]: module "suffix" returns ok
modcall[preacct]: module "files" returns noop
modcall[preacct]: module "preprocess" returns noop
modcall: group preacct returns ok
modcall: entering group accounting
radius_xlat: '/usr/local/radiusd/var/log/radius/radacct/202.14.68.50/detail'
rlm_detail: /usr/local/radiusd/var/log/radius/radacct/%{Client-IP-Address}/detail
expands to /usr/local/radiusd/var/log/radius/radacct/202.14.68.50/detail
modcall[accounting]: module "detail" returns ok
modcall[accounting]: module "counter" returns noop
modcall[accounting]: module "unix" returns ok
radius_xlat: 'm60'
modcall[accounting]: module "radutmp" returns ok
modcall: group accounting returns ok
Sending Accounting-Response of id 101 to 202.14.68.50:1153
Finished request 1
Going to the next request
Thread 2 waiting to be assigned a request
--- Walking the entire request list ---
Threads: total/active/spare threads = 5/0/5
Cleaning up request 1 ID 101 with timestamp 3cedf553
Cleaning up request 0 ID 153 with timestamp 3cedf54f
Nothing to do. Sleeping until we see a request.
rad_recv: Accounting-Request packet from host 202.14.68.50:1153, id=102, length=208
Thread 3 assigned request 2
--- Walking the entire request list ---
Threads: total/active/spare threads = 5/1/4
Nothing to do. Sleeping until we see a request.
Thread 3 handling request 2, (1 handled so far)
User-Name = "m60"
NAS-IP-Address = 202.14.68.50
NAS-Port = 20106
NAS-Port-Type = Async
Acct-Status-Type = Stop
Acct-Delay-Time = 0
Acct-Session-Id = "377173661"
Acct-Authentic = RADIUS
Acct-Session-Time = 14
Acct-Input-Octets = 1740
Acct-Output-Octets = 922
Acct-Input-Packets = 22
Acct-Output-Packets = 24
X-Ascend-Disconnect-Cause = 45
X-Ascend-Connect-Progress = 60
X-Ascend-Xmit-Rate = 28800
X-Ascend-Data-Rate = 28800
X-Ascend-PreSession-Time = 34
X-Ascend-Pre-Input-Octets = 383
X-Ascend-Pre-Output-Octets = 230
X-Ascend-Pre-Input-Packets = 8
X-Ascend-Pre-Output-Packets = 11
X-Ascend-First-Dest = 224.0.0.2
X-Ascend-Modem-PortNo = 6
X-Ascend-Modem-SlotNo = 3
Calling-Station-Id = "21587600"
Called-Station-Id = "34234416"
Framed-Protocol = PPP
Framed-IP-Address = 202.64.29.162
modcall: entering group preacct
modcall[preacct]: module "suffix" returns ok
modcall[preacct]: module "files" returns noop
modcall[preacct]: module "preprocess" returns noop
modcall: group preacct returns ok
modcall: entering group accounting
radius_xlat: '/usr/local/radiusd/var/log/radius/radacct/202.14.68.50/detail'
rlm_detail: /usr/local/radiusd/var/log/radius/radacct/%{Client-IP-Address}/detail
expands to /usr/local/radiusd/var/log/radius/radacct/202.14.68.50/detail
modcall[accounting]: module "detail" returns ok
modcall[accounting]: module "counter" returns ok
modcall[accounting]: module "unix" returns ok
radius_xlat: 'm60'
modcall[accounting]: module "radutmp" returns ok
modcall: group accounting returns ok
Sending Accounting-Response of id 102 to 202.14.68.50:1153
Finished request 2
Going to the next request
Thread 3 waiting to be assigned a request
rad_recv: Access-Request packet from host 202.14.68.50:1131, id=154, length=96
Thread 4 assigned request 3
--- Walking the entire request list ---
Cleaning up request 2 ID 102 with timestamp 3cedf561
Nothing to do. Sleeping until we see a request.
Thread 4 handling request 3, (1 handled so far)
User-Name = "m60"
User-Password = "K\234W\342"
NAS-IP-Address = 202.14.68.50
NAS-Port = 20107
NAS-Port-Type = Async
Service-Type = Framed-User
Framed-Protocol = PPP
State = 0x
Calling-Station-Id = "21587600"
Called-Station-Id = "34234416"
Acct-Session-Id = "377173662"
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
modcall[authorize]: module "suffix" returns ok
users: Matched DEFAULT at 1
users: Matched DEFAULT at 4
users: Matched DEFAULT at 13
modcall[authorize]: module "files" returns ok
rlm_counter: Entering module authorize code
rlm_counter: (Check item - counter) is greater than zero
rlm_counter: Authorized user m60, check_item=60, counter=14
rlm_counter: Sent Reply-Item for user m60, Type=Session-Timeout, value=46
modcall[authorize]: module "counter" returns ok
modcall: group authorize returns ok
rad_check_password: Found Auth-Type System
auth: type "System"
modcall: entering group authenticate
modcall[authenticate]: module "unix" returns ok
modcall: group authenticate returns ok
modcall: entering group session
radius_xlat: 'm60'
modcall[session]: module "radutmp" returns ok
modcall: group session returns ok
Login OK: [m60/m60] (from nas UNKNOWN-NAS port 20107 cli 21587600)
Sending Access-Accept of id 154 to 202.14.68.50:1131
Session-Timeout = 46
Finished request 3
Going to the next request
Thread 4 waiting to be assigned a request
rad_recv: Accounting-Request packet from host 202.14.68.50:1153, id=103, length=118
Thread 5 assigned request 4
--- Walking the entire request list ---
Waking up in 3 seconds...
Thread 5 handling request 4, (1 handled so far)
User-Name = "m60"
NAS-IP-Address = 202.14.68.50
NAS-Port = 20107
NAS-Port-Type = Async
Acct-Status-Type = Start
Acct-Delay-Time = 0
Acct-Session-Id = "377173662"
Acct-Authentic = RADIUS
X-Ascend-Modem-PortNo = 3
X-Ascend-Modem-SlotNo = 7
Calling-Station-Id = "21587600"
Called-Station-Id = "34234416"
Framed-Protocol = PPP
Framed-IP-Address = 202.64.29.163
modcall: entering group preacct
modcall[preacct]: module "suffix" returns ok
modcall[preacct]: module "files" returns noop
modcall[preacct]: module "preprocess" returns noop
modcall: group preacct returns ok
modcall: entering group accounting
radius_xlat: '/usr/local/radiusd/var/log/radius/radacct/202.14.68.50/detail'
rlm_detail: /usr/local/radiusd/var/log/radius/radacct/%{Client-IP-Address}/detail
expands to /usr/local/radiusd/var/log/radius/radacct/202.14.68.50/detail
modcall[accounting]: module "detail" returns ok
modcall[accounting]: module "counter" returns noop
modcall[accounting]: module "unix" returns ok
radius_xlat: 'm60'
modcall[accounting]: module "radutmp" returns ok
modcall: group accounting returns ok
Sending Accounting-Response of id 103 to 202.14.68.50:1153
Finished request 4
Going to the next request
Thread 5 waiting to be assigned a request
--- Walking the entire request list ---
Threads: total/active/spare threads = 5/0/5
Cleaning up request 4 ID 103 with timestamp 3cedf590
Cleaning up request 3 ID 154 with timestamp 3cedf58d
Nothing to do. Sleeping until we see a request.
rad_recv: Accounting-Request packet from host 202.14.68.50:1153, id=104, length=208
Thread 1 assigned request 5
--- Walking the entire request list ---
Threads: total/active/spare threads = 5/1/4
Nothing to do. Sleeping until we see a request.
Thread 1 handling request 5, (2 handled so far)
User-Name = "m60"
NAS-IP-Address = 202.14.68.50
NAS-Port = 20107
NAS-Port-Type = Async
Acct-Status-Type = Stop
Acct-Delay-Time = 0
Acct-Session-Id = "377173662"
Acct-Authentic = RADIUS
Acct-Session-Time = 4
Acct-Input-Octets = 1052
Acct-Output-Octets = 238
Acct-Input-Packets = 16
Acct-Output-Packets = 12
X-Ascend-Disconnect-Cause = 45
X-Ascend-Connect-Progress = 60
X-Ascend-Xmit-Rate = 28800
X-Ascend-Data-Rate = 28800
X-Ascend-PreSession-Time = 33
X-Ascend-Pre-Input-Octets = 382
X-Ascend-Pre-Output-Octets = 230
X-Ascend-Pre-Input-Packets = 9
X-Ascend-Pre-Output-Packets = 11
X-Ascend-First-Dest = 224.0.0.2
X-Ascend-Modem-PortNo = 3
X-Ascend-Modem-SlotNo = 7
Calling-Station-Id = "21587600"
Called-Station-Id = "34234416"
Framed-Protocol = PPP
Framed-IP-Address = 202.64.29.163
modcall: entering group preacct
modcall[preacct]: module "suffix" returns ok
modcall[preacct]: module "files" returns noop
modcall[preacct]: module "preprocess" returns noop
modcall: group preacct returns ok
modcall: entering group accounting
radius_xlat: '/usr/local/radiusd/var/log/radius/radacct/202.14.68.50/detail'
rlm_detail: /usr/local/radiusd/var/log/radius/radacct/%{Client-IP-Address}/detail
expands to /usr/local/radiusd/var/log/radius/radacct/202.14.68.50/detail
modcall[accounting]: module "detail" returns ok
modcall[accounting]: module "counter" returns ok
modcall[accounting]: module "unix" returns ok
radius_xlat: 'm60'
modcall[accounting]: module "radutmp" returns ok
modcall: group accounting returns ok
Sending Accounting-Response of id 104 to 202.14.68.50:1153
Finished request 5
Going to the next request
Thread 1 waiting to be assigned a request
rad_recv: Access-Request packet from host 202.14.68.50:1131, id=155, length=96
Thread 2 assigned request 6
--- Walking the entire request list ---
Thread 2 handling request 6, (2 handled so far)
Cleaning up request 5 ID 104 with timestamp 3cedf594
Nothing to do. Sleeping until we see a request.
User-Name = "m60"
User-Password = "e)"\346"
NAS-IP-Address = 202.14.68.50
NAS-Port = 20108
NAS-Port-Type = Async
Service-Type = Framed-User
Framed-Protocol = PPP
State = 0x
Calling-Station-Id = "21587600"
Called-Station-Id = "34234416"
Acct-Session-Id = "377173663"
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
modcall[authorize]: module "suffix" returns ok
users: Matched DEFAULT at 1
users: Matched DEFAULT at 4
users: Matched DEFAULT at 13
modcall[authorize]: module "files" returns ok
rlm_counter: Entering module authorize code
rad_recv: Access-Request packet from host 202.14.68.50:1131, id=155, length=96
Dropping duplicate authentication packet from client max10:1131 - ID: 155
--- Walking the entire request list ---
Nothing to do. Sleeping until we see a request.
