|
Hello. I have freradius-1.0.2 with autorizathion and authentication in LDAP and accounting in MySQL. I configured to use rlm_sqlcounter to control time connections, testing with NTRadping work well but testing with my Cisco NAS it doesn´t work With my cisco NAS this is the message: rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair modcall[authorize]: module "noresetcounter" returns noop for request 3 rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair modcall[authorize]: module "monthlycounter" returns noop for request 3 With NTRadPing the message is: rlm_sqlcounter: (Check item - counter) is greater than zero rlm_sqlcounter: Authorized user cmartinez, check_item=108000, counter=106750 rlm_sqlcounter: Sent Reply-Item for user cmartinez, Type=Session-Timeout, value=1250 modcall[authorize]: module "monthlycounter" returns ok for request 8 My relevant conf files: ------------------------------------ clients.conf #PC with NTRadping client 172.16.31.43/32 { secret = xxxxx shortname = Carlos type = other } #Cisco NAS client 200.106.138.14/32 { secret = xxxxxx shortname = cisco type = cisco } ------------------------------------ radiusd.conf prefix = /usr exec_prefix = /usr sysconfdir = /etc localstatedir = /var sbindir = /usr/sbin logdir = ${localstatedir}/log/radius raddbdir = ${sysconfdir}/raddb radacctdir = ${logdir}/radacct confdir = ${raddbdir} run_dir = ${localstatedir}/run/radiusd log_file = ${logdir}/radius.log libdir = /usr/local/lib pidfile = ${run_dir}/radiusd.pid user = radiusd group = radiusd max_request_time = 30 delete_blocked_requests = no cleanup_delay = 5 max_requests = 1024 bind_address = * port = 1812 hostname_lookups = no allow_core_dumps = no regular_expressions = yes extended_expressions = yes log_stripped_names = yes log_auth = yes log_auth_badpass = no log_auth_goodpass = no usercollide = no lower_user = no lower_pass = no nospace_user = no nospace_pass = no checkrad = ${sbindir}/checkrad security { max_attributes = 200 reject_delay = 1 status_server = no } proxy_requests = no $INCLUDE ${confdir}/clients.conf snmp = no $INCLUDE ${confdir}/snmp.conf thread pool { start_servers = 5 max_servers = 32 min_spare_servers = 3 max_spare_servers = 10 max_requests_per_server = 0 } modules { pap { encryption_scheme = crypt } chap { authtype = CHAP } pam { pam_auth = radiusd } $INCLUDE ${confdir}/sql.conf $INCLUDE ${confdir}/sqlcounter.conf mschap { authtype = MS-CHAP } ldap { server = "200.xx.xx.xx" port = "390" identity = "cn=Directory Manager" password = xxxxxxxxxx basedn = "o=yy,o=yy" password_attribute = "userPassword" filter = "(uid=%{Stripped-User-Name:-%{User-Name}})" start_tls = no access_attr = "dialupAccess" dictionary_mapping = ${raddbdir}/ldap.attrmap ldap_connections_number = 5 timeout = 4 timelimit = 3 net_timeout = 1 } checkval { item-name = Max-Monthly-Session check-name = Max-Monthly-Session data-type = string } preprocess { huntgroups = ${confdir}/huntgroups hints = ${confdir}/hints with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no } files { usersfile = ${confdir}/users acctusersfile = ${confdir}/acct_users compat = no } detail { detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d detailperm = 0600 } detail auth_log { detailfile = ${radacctdir}/%{Client-IP-Address}/auth-detail-%Y%m%d detailperm = 0600 } detailfile = ${radacctdir}/%{Client-IP-Address}/reply-detail-%Y%m%d detailperm = 0600 acct_unique { key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" } radutmp { filename = ${logdir}/radutmp username = %{User-Name} case_sensitive = yes check_with_nas = yes perm = 0600 callerid = "yes" } radutmp sradutmp { filename = ${logdir}/sradutmp perm = 0644 callerid = "no" } attr_filter { attrsfile = ${confdir}/attrs } always fail { rcode = fail } always reject { rcode = reject } always ok { rcode = ok simulcount = 0 mpp = no } expr { } digest { } exec { wait = yes input_pairs = request } exec echo { wait = yes program = "/bin/echo %{User-Name}" input_pairs = request output_pairs = reply } ippool main_pool { range-start = 192.168.1.1 range-stop = 192.168.3.254 netmask = 255.255.255.0 cache-size = 800 session-db = ${raddbdir}/db.ippool ip-index = ${raddbdir}/db.ipindex override = no maximum-timeout = 0 } } instantiate { exec expr monthlycounter } authorize { preprocess auth_log chap mschap files ldap noresetcounter monthlycounter } authenticate { Auth-Type PAP { pap } Auth-Type CHAP { chap } Auth-Type MS-CHAP { mschap } Auth-Type LDAP { ldap } } preacct { preprocess acct_unique } accounting { detail radutmp sradutmp sql } session { radutmp sql } post-auth { } pre-proxy { } post-proxy { } ------------------------------------- users DEFAULT Auth-Type = ldap Fall-Through = 1 DEFAULT Simultaneous-Use := 1 Fall-Through = 1 DEFAULT Framed-Protocol == PPP Framed-Protocol = PPP, Framed-Compression = Van-Jacobson-TCP-IP testuser Max-Monthly-Session := 108000, Auth-Type := ldap Service-Type = Framed-User, Framed-Protocol = PPP Any help will be appreciated. Thanks a lot -- Carlos Martínez-Troncoso Cera Coordinador de Servicios Internet/Intranet Universidad del Norte Barranquilla, Colombia |
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
