Hi again,
I got the rlm_counter module working (I think). Chris was right, it was not
compiled. I had to install some lib files before it would compile, but once
I located them and installed those rlm_counter compiled without complaint
and radiusd starts up without complaint.
The way I have things set up though, free radius is rejecting every
authentication attempt unless I comment out the Monthly-Session-Limit
default in my users file.
I ran radiusd in debug mode (radiusd -x) with the Monthly-Session-Limit in,
and got this:
Listening on IP address *, ports 1645/udp and 1646/udp, with proxy on
1647/udp.
Ready to process requests.
rad_recv: Access-Request packet from host 67.130.252.2:1812, id=65,
length=104
NAS-IP-Address = 67.130.252.5
NAS-Port = 41
NAS-Port-Type = Async
User-Name = "pica"
Called-Station-Id = "4237843526"
Calling-Station-Id = "4237842001"
User-Password = "guinea"
Service-Type = Framed-User
Framed-Protocol = PPP
Proxy-State = 0x30303431
Login incorrect: [pica/guinea] (from client netlink port 41 cli 4237842001)
Login incorrect: [pica/guinea] (from client netlink port 41 cli 4237842001)
Sending Access-Reject of id 65 to 67.130.252.2:1812
Reply-Message = "You've used up your allocated monthly time."
Proxy-State = 0x30303431
rad_recv: Access-Request packet from host 67.130.252.2:1812, id=65,
length=104
Re-sending Access-Reject of id 65 to 67.130.252.2:1812
Reply-Message = "You've used up your allocated monthly time."
Proxy-State = 0x30303431
After commenting out the Monthly-Session-Limit default entry in the users
file, I get this:
Listening on IP address *, ports 1645/udp and 1646/udp, with proxy on
1647/udp.
Ready to process requests.
rad_recv: Access-Request packet from host 67.130.252.2:1812, id=68,
length=104
NAS-IP-Address = 67.130.252.5
NAS-Port = 46
NAS-Port-Type = Async
User-Name = "pica"
Called-Station-Id = "4237843526"
Calling-Station-Id = "4237842001"
User-Password = "guinea"
Service-Type = Framed-User
Framed-Protocol = PPP
Proxy-State = 0x30303434
Login OK: [pica] (from client netlink port 46 cli 4237842001)
Sending Access-Accept of id 68 to 67.130.252.2:1812
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Address = 255.255.255.254
Framed-IP-Netmask = 255.255.255.255
Framed-Routing = None
Framed-Compression = None
Framed-MTU = 1500
Proxy-State = 0x30303434
rad_recv: Accounting-Request packet from host 67.130.252.2:1813, id=114,
length=114
NAS-IP-Address = 67.130.252.5
NAS-Port = 46
NAS-Port-Type = Async
User-Name = "pica"
Called-Station-Id = "4237843526"
Calling-Station-Id = "4237842001"
Acct-Status-Type = Start
Acct-Authentic = RADIUS
Service-Type = Framed-User
Acct-Session-Id = "000011CF"
Framed-Protocol = PPP
Acct-Delay-Time = 0
Proxy-State = 0x30303732
rlm_counter: We only run on Accounting-Stop packets.
Sending Accounting-Response of id 114 to 67.130.252.2:1813
Proxy-State = 0x30303732
Here's my setup. In radiusd.conf:
counter monthly {
filename = ${raddbdir}/db.monthly
key = User-Name
count-attribute = Acct-Session-Time
reset = monthly
counter-name = Monthly-Session-Time
check-name = Max-Monthly-Session
allowed-servicetype = Framed-User
cache-size = 5000
}
In Instantiation I have:
instantiate {
expr
monthly
}
In authorize I have:
authorize {
preprocess
# eap
suffix
files
mschap
monthly
}
In accounting I have:
accounting {
acct_unique
detail
monthly
unix # wtmp file
radutmp
}
In my users file I have each user listed as a separate entry. Example:
pica Auth-Type == Local, Password == xxxxxx
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 255.255.255.254,
Framed-IP-Netmask = 255.255.255.255,
Framed-Routing = None,
Framed-Compression = None,
Framed-MTU = 1500
And at the top of the users file I have this:
DEFAULT Monthly-Session-Time > 720000, Auth-Type := Reject
Reply-Message = "You've used up your allocated monthly time.",
Fall-Through = No
Can someone help me figure out why this won't work with the
Monthly-Session-Limit default uncommented in my users file?
Thanks,
Lisa Casey
Netlink 2000, Inc.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
