On Thu, Nov 1, 2012 at 6:17 AM, Alberto Moreno <[email protected]> wrote:
> Hi.
> I have been trying to figure out how to setup pfsense 2.0.1 captive
> portal+freeradius2, I want to enable the "Amount of Time" feature.
> I had read the doc about this, but maybe I miss something.
>
> The thing is that if I test in the console I can see FreeRADIUS give to me
> the info right.
>
> What is the problem?
>
>
>From what i see you fail to enable radius session-timeout("Use radius
session timeout attribute") on the CP config page.
> Went I add a user example:
>
> user1 psw1 "Amount of Time"=15
> user2 psw2 "Amount of Time"=3
> user3 psw3 "Amount of Time"=20
>
> CP always close the connection before time, check logs:
>
> 20:14:12 20:19:41 user1 real time: 5 minutes
> 20:30:30 20:33:00 user2 real time: 3 minutes
> 20:35:28 20:42:16 user3 real time: 7 minutes
>
> U can see the problem.
>
> Now, lets see FR2 user settings:
>
> "user1" Cleartext-Password := "psw1", Max-Daily-Session := 900
> "user2" Cleartext-Password := "psw2", Max-Daily-Session := 180
> "user3" Cleartext-Password := "psw3", Max-Daily-Session := 1200
>
> I had test each user with radtest and I see my settings good, check:
>
> radtest user1 user1 172.16.1.1 100 secret
>
> Sending Access-Request of id 48 to 172.16.1.1 port 1812
> User-Name = "user1"
> User-Password = "psw1"
> NAS-IP-Address = 192.168.50.1
> NAS-Port = 100
> Message-Authenticator = 0x00000000000000000000000000000000
> rad_recv: Access-Accept packet from host 172.16.1.1 port 1812, id=48,
> length=26
> Session-Timeout = 900
>
> Looks good, right?
>
> This is my radiusd.conf:
>
> /usr/local/etc/raddb/radiusd.conf
> prefix = /usr/local
> exec_prefix = ${prefix}
> sysconfdir = ${prefix}/etc
> localstatedir = /var
> sbindir = ${exec_prefix}/sbin
> logdir = ${localstatedir}/log
> raddbdir = ${sysconfdir}/raddb
> radacctdir = ${logdir}/radacct
> confdir = ${raddbdir}
> run_dir = ${localstatedir}/run
> libdir = ${exec_prefix}/lib/freeradius-2.1.12
> pidfile = ${run_dir}/radiusd.pid
> db_dir = ${raddbdir}
> name = radiusd
> #chroot = /path/to/chroot/directory
> #user = freeradius
> #group = freeradius
>
>
> ###############################################################################
> ### Is not present in freeradius 2.x radiusd.conf anymore but it was in
> 1.x ###
> ### delete_blocked_requests =
> no ###
> ### usercollide =
> no ###
> ### lower_user =
> no ###
> ### lower_pass =
> no ###
> ### nospace_user =
> no ###
> ### nospace_pass =
> no ###
>
> ###############################################################################
>
> max_request_time = 30
> cleanup_delay = 5
> max_requests = 1024
> hostname_lookups = no
> allow_core_dumps = no
> regular_expressions = yes
> extended_expressions = yes
> listen {
> type = auth
> ipaddr = 172.16.1.1
> port = 1812
> }
> listen {
> type = acct
> ipaddr = 172.16.1.1
> port = 1813
> }
>
> log {
> destination = syslog
> file = ${logdir}/radius.log
> syslog_facility = daemon
> stripped_names = no
> auth = yes
> auth_badpass = yes
> auth_goodpass = yes
> msg_goodpass = ""
> msg_badpass = ""
> }
>
> checkrad = ${sbindir}/checkrad
> security {
> max_attributes = 200
> reject_delay = 1
> status_server = no
> }
>
> ### disbale proxy module. In most environments we do not need to proxy
> requests to another RADIUS PROXY server
> #proxy_requests = yes
> #$INCLUDE proxy.conf
> $INCLUDE clients.conf
> thread pool {
> start_servers = 5
> max_servers = 32
> min_spare_servers = 3
> max_spare_servers = 10
> max_queue_size = 65536
> max_requests_per_server = 0
> }
>
> modules {
> $INCLUDE ${confdir}/modules/
> $INCLUDE eap.conf
> ### Dis-/Enable sql.conf INCLUDE
> #$INCLUDE sql.conf
>
> ### Dis-/Enable sql/mysql/counter.conf INCLUDE
> #$INCLUDE sql/mysql/counter.conf
>
> #$INCLUDE sqlippool.conf
> }
>
> instantiate {
>
> exec
> expr
> daily
> weekly
> monthly
> forever
> expiration
> logintime
> ### Dis-/Enable sql instatiate
> #sql
> }
> $INCLUDE policy.conf
> $INCLUDE sites-enabled/
>
> Clients.conf
>
> /usr/local/etc/raddb/clients.conf
>
> client "cp" {
> ipaddr = 172.16.1.1
> proto = udp
> secret = secret-key
> require_message_authenticator = no
> max_connections = 16
> shortname = cp
> nastype = other
> ### login = !root ###
> ### password = someadminpass ###
>
> U had seen the users config file.
>
> For the GUI I will add the images of the screens, any tip please let me
> know, appreciated your time, thanks!!!
> --
> LIving the dream...
>
> _______________________________________________
> List mailing list
> [email protected]
> http://lists.pfsense.org/mailman/listinfo/list
>
>
--
Ermal
_______________________________________________
List mailing list
[email protected]
http://lists.pfsense.org/mailman/listinfo/list
