Oliver Zimmermann wrote:
Hi, I tested this setup now with a Max-Daily-Session = 3, to provocate a reject - but I still get Login OK.I have the problem understanding how the counter module works. Lets say I want to provide a Maximum Daily Session linit of 3600 seconds for a user on freeradius-0.7. Is the following scenario right? (sorry I can't test it for the moment):users file: ---------- DEFAULT Max-Daily-Session = 3600 Fall-Through = 1 John_D Password = "FZ768wRll", NAS-IP-Address = "214.32.39.2", Simultaneous-Use = 1 Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Address = 255.255.255.254, Framed-MTU = 1500, Idle-Timeout = 3600, Port-Limit = 1 ...
In the logs I saw "rlm_counter: Could not find Check item value pair" and "modcall[accounting]: module "counter" returns noop" which I cannot interprete. Irritating for me is the line "rlm_counter: Counter attribute Daily-Session-Time is number 1063" because it has this value in every session. Please take a look on the session log, thanks in advance:
starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /usr/local/etc/raddb/proxy.conf
Config: including file: /usr/local/etc/raddb/clients.conf
Config: including file: /usr/local/etc/raddb/snmp.conf
Config: including file: /usr/local/etc/raddb/sql.conf
main: prefix = "/usr/local"
main: localstatedir = "/usr/local/var"
main: logdir = "/usr/local/var/log/radius"
main: libdir = "/usr/local/lib"
main: radacctdir = "/usr/local/var/log/radius/radacct"
main: hostname_lookups = no
read_config_files: reading dictionary
read_config_files: reading clients
read_config_files: reading realms
read_config_files: reading naslist
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_auth = yes
main: log_auth_badpass = yes
main: log_auth_goodpass = no
main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
main: user = "root"
main: group = "root"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: proxy_requests = no
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
security: max_attributes = 200
security: reject_delay = 1
main: debug_level = 0
read_config_files: entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded System
unix: cache = no
unix: passwd = "/etc/passwd"
unix: shadow = "/etc/shadow"
unix: group = "/etc/group"
unix: radwtmp = "/usr/local/var/log/radius/radwtmp"
unix: usegroup = no
unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded Counter
counter: filename = "/usr/local/etc/raddb/db.counter"
counter: key = "User-Name"
counter: reset = "daily"
counter: count-attribute = "Acct-Session-Time"
counter: counter-name = "Daily-Session-Time"
counter: check-name = "Max-Daily-Session"
counter: allowed-servicetype = "Framed-User"
counter: cache-size = 5000
rlm_counter: Counter attribute Daily-Session-Time is number 1063
rlm_counter: Current Time: 1039422801, Next reset 1039474800
Module: Instantiated counter (counter)
Module: Loaded realm
realm: format = "suffix"
realm: delimiter = "@"
Module: Instantiated realm (suffix)
Module: Loaded files
files: usersfile = "/usr/local/etc/raddb/users"
files: acctusersfile = "/usr/local/etc/raddb/acct_users"
files: compat = "cistron"
auth_type_fixup: Auth-Type [1000]
auth_type_fixup: Password [2]
auth_type_fixup: NAS-IP-Address [4]
auth_type_fixup: Simultaneous-Use [1034]
auth_type_fixup: Auth-Type [1000]
auth_type_fixup: Password [2]
auth_type_fixup: Simultaneous-Use [1034]
auth_type_fixup: Auth-Type [1000]
auth_type_fixup: Password [2]
auth_type_fixup: NAS-IP-Address [4]
auth_type_fixup: Simultaneous-Use [1034]
[/usr/local/etc/raddb/users]:4 Cistron compatibility checks for entry DEFAULT ...
?Changing 'Max-Daily-Session =' to 'Max-Daily-Session +='
[/usr/local/etc/raddb/users]:7 Cistron compatibility checks for entry U.Abdinghoff ...
?Changing 'Password =' to 'Password =='
?Changing 'NAS-IP-Address =' to 'NAS-IP-Address =='
?Changing 'Simultaneous-Use =' to 'Simultaneous-Use +='
[/usr/local/etc/raddb/users]:15 Cistron compatibility checks for entry helinet010 ...
?Changing 'Password =' to 'Password =='
?Changing 'Simultaneous-Use =' to 'Simultaneous-Use +='
[/usr/local/etc/raddb/users]:23 Cistron compatibility checks for entry schmidt.online ...
?Changing 'Password =' to 'Password =='
?Changing 'NAS-IP-Address =' to 'NAS-IP-Address =='
?Changing 'Simultaneous-Use =' to 'Simultaneous-Use +='
Module: Instantiated files (files)
Module: Loaded preprocess
preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups"
preprocess: hints = "/usr/local/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded detail
detail: detailfile = "/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
radutmp: filename = "/usr/local/var/log/radius/radutmp"
radutmp: username = "%{User-Name}"
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
main: smux_password = ""
main: snmp_write_access = no
SMUX connect try 1
SMUX open oid: 1.3.6.1.4.1.3317.1.3.1
SMUX open progname: radiusd
SMUX open password:
SMUX register oid: 1.3.6.1.2.1.67.1.1.1.1
SMUX register priority: -1
SMUX register operation: 1
SMUX register oid: 1.3.6.1.2.1.67.2.1.1.1
SMUX register priority: -1
SMUX register operation: 1
SMUX register message send failed: Broken pipe
Listening on IP address *, ports 1812/udp and 1813/udp.
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.111.29:8001, id=53, length=111
User-Name = "helinet010"
User-Password = "\372(L\324\261\240\n\212\003\230\325\237\321\265"\302"
NAS-Port = 5
NAS-Port-Type = ISDN
Acc-Request-Type = User-Authentification
Service-Type = Framed-User
Framed-Protocol = PPP
Called-Station-Id = "90124"
Calling-Station-Id = "2381378998"
NAS-IP-Address = 192.168.111.29
modcall: entering group authorize
rlm_counter: Entering module authorize code
rlm_counter: Could not find Check item value pair
modcall[authorize]: module "counter" returns noop
rlm_realm: Looking up realm NULL for User-Name = "helinet010"
rlm_realm: No such realm NULL
modcall[authorize]: module "suffix" returns noop
users: Matched DEFAULT at 4
users: Matched helinet010 at 15
modcall[authorize]: module "files" returns ok
modcall: group authorize returns ok
rad_check_password: Found Auth-Type Local
auth: type Local
auth: user supplied User-Password matches local User-Password
modcall: entering group session
radius_xlat: 'helinet010'
modcall[session]: module "radutmp" returns ok
modcall: group session returns ok
Login OK: [helinet010] (from client dr5 port 5 cli 2381378998)
Sending Access-Accept of id 53 to 192.168.111.29:8001
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Address = 255.255.255.254
Framed-MTU = 1500
Idle-Timeout = 3600
Port-Limit = 2
Finished request 0
Going to the next request
SMUX connect try 1
SMUX open oid: 1.3.6.1.4.1.3317.1.3.1
SMUX open progname: radiusd
SMUX open password:
SMUX register oid: 1.3.6.1.2.1.67.1.1.1.1
SMUX register priority: -1
SMUX register operation: 1
SMUX register oid: 1.3.6.1.2.1.67.2.1.1.1
SMUX register priority: -1
SMUX register operation: 1
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Accounting-Request packet from host 192.168.111.29:8002, id=48, length=216
User-Name = "helinet010"
NAS-Port = 5
NAS-Port-Type = ISDN
Acc-Request-Type = 5
Service-Type = Framed-User
Framed-Protocol = PPP
Called-Station-Id = "90124"
Calling-Station-Id = "2381378998"
NAS-IP-Address = 192.168.111.29
Acct-Status-Type = Start
Acct-Delay-Time = 0
Acct-Session-Id = "021209.093426.000054"
Acc-Dial-Port-Index = 201
Connect-Info = "64000 "
Acc-Connect-Tx-Speed = 64000
Acc-Connect-Rx-Speed = 64000
Acct-Authentic = RADIUS
Acc-Service-Profile = "FACTORY"
Framed-IP-Address = 212.37.47.148
Idle-Timeout = 3600
Framed-MTU = 1500
Port-Limit = 1
modcall: entering group preacct
rlm_realm: Looking up realm NULL for User-Name = "helinet010"
rlm_realm: No such realm NULL
modcall[preacct]: module "suffix" returns noop
modcall[preacct]: module "files" returns noop
modcall[preacct]: module "preprocess" returns noop
modcall: group preacct returns noop
modcall: entering group accounting
radius_xlat: '/usr/local/var/log/radius/radacct/192.168.111.29/detail'
rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail expands to /usr/local/var/log/radius/radacct/192.168.111.29/detail
modcall[accounting]: module "detail" returns ok
modcall[accounting]: module "counter" returns noop
modcall[accounting]: module "unix" returns ok
radius_xlat: 'helinet010'
modcall[accounting]: module "radutmp" returns ok
modcall: group accounting returns ok
Sending Accounting-Response of id 48 to 192.168.111.29:8002
Finished request 1
Going to the next request
Cleaning up request 1 ID 48 with timestamp 3df4559a
rl_next: returning NULL
Waking up in 6 seconds...
SMUX read start
SMUX read len: 3
SMUX message received type: 65 rest len: 1
SMUX_CLOSE
SMUX_CLOSE with reason: 5
SMUX connect try 1
SMUX open oid: 1.3.6.1.4.1.3317.1.3.1
SMUX open progname: radiusd
SMUX open password:
SMUX register oid: 1.3.6.1.2.1.67.1.1.1.1
SMUX register priority: -1
SMUX register operation: 1
SMUX register oid: 1.3.6.1.2.1.67.2.1.1.1
SMUX register priority: -1
SMUX register operation: 1
rl_next: returning NULL
Waking up in 6 seconds...
SMUX read start
SMUX read len: 3
SMUX message received type: 65 rest len: 1
SMUX_CLOSE
SMUX_CLOSE with reason: 5
SMUX connect try 1
SMUX open oid: 1.3.6.1.4.1.3317.1.3.1
SMUX open progname: radiusd
SMUX open password:
SMUX register oid: 1.3.6.1.2.1.67.1.1.1.1
SMUX register priority: -1
SMUX register operation: 1
SMUX register oid: 1.3.6.1.2.1.67.2.1.1.1
SMUX register priority: -1
SMUX register operation: 1
rl_next: returning NULL
Waking up in 6 seconds...
SMUX read start
SMUX read len: 3
SMUX message received type: 65 rest len: 1
SMUX_CLOSE
SMUX_CLOSE with reason: 5
SMUX connect try 1
SMUX open oid: 1.3.6.1.4.1.3317.1.3.1
SMUX open progname: radiusd
SMUX open password:
SMUX register oid: 1.3.6.1.2.1.67.1.1.1.1
SMUX register priority: -1
SMUX register operation: 1
SMUX register oid: 1.3.6.1.2.1.67.2.1.1.1
SMUX register priority: -1
SMUX register operation: 1
rl_next: returning NULL
Waking up in 6 seconds...
SMUX read start
SMUX read len: 3
SMUX message received type: 65 rest len: 1
SMUX_CLOSE
SMUX_CLOSE with reason: 5
SMUX connect try 1
SMUX open oid: 1.3.6.1.4.1.3317.1.3.1
SMUX open progname: radiusd
SMUX open password:
SMUX register oid: 1.3.6.1.2.1.67.1.1.1.1
SMUX register priority: -1
SMUX register operation: 1
SMUX register oid: 1.3.6.1.2.1.67.2.1.1.1
SMUX register priority: -1
SMUX register operation: 1
rl_next: returning NULL
Waking up in 6 seconds...
SMUX read start
SMUX read len: 3
SMUX message received type: 65 rest len: 1
SMUX_CLOSE
SMUX_CLOSE with reason: 5
SMUX connect try 1
SMUX open oid: 1.3.6.1.4.1.3317.1.3.1
SMUX open progname: radiusd
SMUX open password:
SMUX register oid: 1.3.6.1.2.1.67.1.1.1.1
SMUX register priority: -1
SMUX register operation: 1
SMUX register oid: 1.3.6.1.2.1.67.2.1.1.1
SMUX register priority: -1
SMUX register operation: 1
rl_next: returning NULL
Waking up in 6 seconds...
SMUX read start
SMUX read len: 3
SMUX message received type: 65 rest len: 1
SMUX_CLOSE
SMUX_CLOSE with reason: 5
SMUX connect try 1
SMUX open oid: 1.3.6.1.4.1.3317.1.3.1
SMUX open progname: radiusd
SMUX open password:
SMUX register oid: 1.3.6.1.2.1.67.1.1.1.1
SMUX register priority: -1
SMUX register operation: 1
SMUX register oid: 1.3.6.1.2.1.67.2.1.1.1
SMUX register priority: -1
SMUX register operation: 1
rl_next: returning NULL
Waking up in 6 seconds...
SMUX read start
SMUX read len: 3
SMUX message received type: 65 rest len: 1
SMUX_CLOSE
SMUX_CLOSE with reason: 5
SMUX connect try 1
SMUX open oid: 1.3.6.1.4.1.3317.1.3.1
SMUX open progname: radiusd
SMUX open password:
SMUX register oid: 1.3.6.1.2.1.67.1.1.1.1
SMUX register priority: -1
SMUX register operation: 1
SMUX register oid: 1.3.6.1.2.1.67.2.1.1.1
SMUX register priority: -1
SMUX register operation: 1
rl_next: returning NULL
Waking up in 6 seconds...
SMUX read start
SMUX read len: 3
SMUX message received type: 65 rest len: 1
SMUX_CLOSE
SMUX_CLOSE with reason: 5
SMUX connect try 1
SMUX open oid: 1.3.6.1.4.1.3317.1.3.1
SMUX open progname: radiusd
SMUX open password:
SMUX register oid: 1.3.6.1.2.1.67.1.1.1.1
SMUX register priority: -1
SMUX register operation: 1
SMUX register oid: 1.3.6.1.2.1.67.2.1.1.1
SMUX register priority: -1
SMUX register operation: 1
rl_next: returning NULL
Waking up in 6 seconds...
SMUX read start
SMUX read len: 3
SMUX message received type: 65 rest len: 1
SMUX_CLOSE
SMUX_CLOSE with reason: 5
SMUX connect try 1
SMUX open oid: 1.3.6.1.4.1.3317.1.3.1
SMUX open progname: radiusd
SMUX open password:
SMUX register oid: 1.3.6.1.2.1.67.1.1.1.1
SMUX register priority: -1
SMUX register operation: 1
SMUX register oid: 1.3.6.1.2.1.67.2.1.1.1
SMUX register priority: -1
SMUX register operation: 1
rl_next: returning NULL
Waking up in 6 seconds...
SMUX read start
SMUX read len: 3
SMUX message received type: 65 rest len: 1
SMUX_CLOSE
SMUX_CLOSE with reason: 5
SMUX connect try 1
SMUX open oid: 1.3.6.1.4.1.3317.1.3.1
SMUX open progname: radiusd
SMUX open password:
SMUX register oid: 1.3.6.1.2.1.67.1.1.1.1
SMUX register priority: -1
SMUX register operation: 1
SMUX register oid: 1.3.6.1.2.1.67.2.1.1.1
SMUX register priority: -1
SMUX register operation: 1
rl_next: returning NULL
Waking up in 6 seconds...
SMUX read start
SMUX read len: 3
SMUX message received type: 65 rest len: 1
SMUX_CLOSE
SMUX_CLOSE with reason: 5
SMUX connect try 1
SMUX open oid: 1.3.6.1.4.1.3317.1.3.1
SMUX open progname: radiusd
SMUX open password:
SMUX register oid: 1.3.6.1.2.1.67.1.1.1.1
SMUX register priority: -1
SMUX register operation: 1
SMUX register oid: 1.3.6.1.2.1.67.2.1.1.1
SMUX register priority: -1
SMUX register operation: 1
rl_next: returning NULL
Waking up in 6 seconds...
SMUX read start
SMUX read len: 3
SMUX message received type: 65 rest len: 1
SMUX_CLOSE
SMUX_CLOSE with reason: 5
SMUX connect try 1
SMUX open oid: 1.3.6.1.4.1.3317.1.3.1
SMUX open progname: radiusd
SMUX open password:
SMUX register oid: 1.3.6.1.2.1.67.1.1.1.1
SMUX register priority: -1
SMUX register operation: 1
SMUX register oid: 1.3.6.1.2.1.67.2.1.1.1
SMUX register priority: -1
SMUX register operation: 1
rl_next: returning NULL
Waking up in 6 seconds...
SMUX read start
SMUX read len: 3
SMUX message received type: 65 rest len: 1
SMUX_CLOSE
SMUX_CLOSE with reason: 5
SMUX connect try 1
SMUX open oid: 1.3.6.1.4.1.3317.1.3.1
SMUX open progname: radiusd
SMUX open password:
SMUX register oid: 1.3.6.1.2.1.67.1.1.1.1
SMUX register priority: -1
SMUX register operation: 1
SMUX register oid: 1.3.6.1.2.1.67.2.1.1.1
SMUX register priority: -1
SMUX register operation: 1
rl_next: returning NULL
Waking up in 6 seconds...
SMUX read start
SMUX read len: 3
SMUX message received type: 65 rest len: 1
SMUX_CLOSE
SMUX_CLOSE with reason: 5
SMUX connect try 1
SMUX open oid: 1.3.6.1.4.1.3317.1.3.1
SMUX open progname: radiusd
SMUX open password:
SMUX register oid: 1.3.6.1.2.1.67.1.1.1.1
SMUX register priority: -1
SMUX register operation: 1
SMUX register oid: 1.3.6.1.2.1.67.2.1.1.1
SMUX register priority: -1
SMUX register operation: 1
rl_next: returning NULL
Waking up in 6 seconds...
SMUX read start
SMUX read len: 3
SMUX message received type: 65 rest len: 1
SMUX_CLOSE
SMUX_CLOSE with reason: 5
SMUX connect try 1
SMUX open oid: 1.3.6.1.4.1.3317.1.3.1
SMUX open progname: radiusd
SMUX open password:
SMUX register oid: 1.3.6.1.2.1.67.1.1.1.1
SMUX register priority: -1
SMUX register operation: 1
SMUX register oid: 1.3.6.1.2.1.67.2.1.1.1
SMUX register priority: -1
SMUX register operation: 1
SMUX register message send failed: Broken pipe
rl_next: returning NULL
Waking up in 6 seconds...
SMUX connect try 1
SMUX open oid: 1.3.6.1.4.1.3317.1.3.1
SMUX open progname: radiusd
SMUX open password:
SMUX register oid: 1.3.6.1.2.1.67.1.1.1.1
SMUX register priority: -1
SMUX register operation: 1
SMUX register oid: 1.3.6.1.2.1.67.2.1.1.1
SMUX register priority: -1
SMUX register operation: 1
SMUX register message send failed: Broken pipe
--- Walking the entire request list ---
Cleaning up request 0 ID 53 with timestamp 3df4559a
Nothing to do. Sleeping until we see a request.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
