Hi. Is enable!!!
On Fri, Nov 2, 2012 at 6:53 AM, Ermal Luçi <[email protected]> wrote: > > > > On Thu, Nov 1, 2012 at 6:17 AM, Alberto Moreno <[email protected]> wrote: > >> Hi. >> I have been trying to figure out how to setup pfsense 2.0.1 captive >> portal+freeradius2, I want to enable the "Amount of Time" feature. >> I had read the doc about this, but maybe I miss something. >> >> The thing is that if I test in the console I can see FreeRADIUS give to >> me the info right. >> >> What is the problem? >> >> > From what i see you fail to enable radius session-timeout("Use radius > session timeout attribute") on the CP config page. > > >> Went I add a user example: >> >> user1 psw1 "Amount of Time"=15 >> user2 psw2 "Amount of Time"=3 >> user3 psw3 "Amount of Time"=20 >> >> CP always close the connection before time, check logs: >> >> 20:14:12 20:19:41 user1 real time: 5 minutes >> 20:30:30 20:33:00 user2 real time: 3 minutes >> 20:35:28 20:42:16 user3 real time: 7 minutes >> >> U can see the problem. >> >> Now, lets see FR2 user settings: >> >> "user1" Cleartext-Password := "psw1", Max-Daily-Session := 900 >> "user2" Cleartext-Password := "psw2", Max-Daily-Session := 180 >> "user3" Cleartext-Password := "psw3", Max-Daily-Session := 1200 >> >> I had test each user with radtest and I see my settings good, check: >> >> radtest user1 user1 172.16.1.1 100 secret >> >> Sending Access-Request of id 48 to 172.16.1.1 port 1812 >> User-Name = "user1" >> User-Password = "psw1" >> NAS-IP-Address = 192.168.50.1 >> NAS-Port = 100 >> Message-Authenticator = 0x00000000000000000000000000000000 >> rad_recv: Access-Accept packet from host 172.16.1.1 port 1812, id=48, >> length=26 >> Session-Timeout = 900 >> >> Looks good, right? >> >> This is my radiusd.conf: >> >> /usr/local/etc/raddb/radiusd.conf >> prefix = /usr/local >> exec_prefix = ${prefix} >> sysconfdir = ${prefix}/etc >> localstatedir = /var >> sbindir = ${exec_prefix}/sbin >> logdir = ${localstatedir}/log >> raddbdir = ${sysconfdir}/raddb >> radacctdir = ${logdir}/radacct >> confdir = ${raddbdir} >> run_dir = ${localstatedir}/run >> libdir = ${exec_prefix}/lib/freeradius-2.1.12 >> pidfile = ${run_dir}/radiusd.pid >> db_dir = ${raddbdir} >> name = radiusd >> #chroot = /path/to/chroot/directory >> #user = freeradius >> #group = freeradius >> >> >> ############################################################################### >> ### Is not present in freeradius 2.x radiusd.conf anymore but it was in >> 1.x ### >> ### delete_blocked_requests = >> no ### >> ### usercollide = >> no ### >> ### lower_user = >> no ### >> ### lower_pass = >> no ### >> ### nospace_user = >> no ### >> ### nospace_pass = >> no ### >> >> ############################################################################### >> >> max_request_time = 30 >> cleanup_delay = 5 >> max_requests = 1024 >> hostname_lookups = no >> allow_core_dumps = no >> regular_expressions = yes >> extended_expressions = yes >> listen { >> type = auth >> ipaddr = 172.16.1.1 >> port = 1812 >> } >> listen { >> type = acct >> ipaddr = 172.16.1.1 >> port = 1813 >> } >> >> log { >> destination = syslog >> file = ${logdir}/radius.log >> syslog_facility = daemon >> stripped_names = no >> auth = yes >> auth_badpass = yes >> auth_goodpass = yes >> msg_goodpass = "" >> msg_badpass = "" >> } >> >> checkrad = ${sbindir}/checkrad >> security { >> max_attributes = 200 >> reject_delay = 1 >> status_server = no >> } >> >> ### disbale proxy module. In most environments we do not need to proxy >> requests to another RADIUS PROXY server >> #proxy_requests = yes >> #$INCLUDE proxy.conf >> $INCLUDE clients.conf >> thread pool { >> start_servers = 5 >> max_servers = 32 >> min_spare_servers = 3 >> max_spare_servers = 10 >> max_queue_size = 65536 >> max_requests_per_server = 0 >> } >> >> modules { >> $INCLUDE ${confdir}/modules/ >> $INCLUDE eap.conf >> ### Dis-/Enable sql.conf INCLUDE >> #$INCLUDE sql.conf >> >> ### Dis-/Enable sql/mysql/counter.conf INCLUDE >> #$INCLUDE sql/mysql/counter.conf >> >> #$INCLUDE sqlippool.conf >> } >> >> instantiate { >> >> exec >> expr >> daily >> weekly >> monthly >> forever >> expiration >> logintime >> ### Dis-/Enable sql instatiate >> #sql >> } >> $INCLUDE policy.conf >> $INCLUDE sites-enabled/ >> >> Clients.conf >> >> /usr/local/etc/raddb/clients.conf >> >> client "cp" { >> ipaddr = 172.16.1.1 >> proto = udp >> secret = secret-key >> require_message_authenticator = no >> max_connections = 16 >> shortname = cp >> nastype = other >> ### login = !root ### >> ### password = someadminpass ### >> >> U had seen the users config file. >> >> For the GUI I will add the images of the screens, any tip please let me >> know, appreciated your time, thanks!!! >> -- >> LIving the dream... >> >> _______________________________________________ >> List mailing list >> [email protected] >> http://lists.pfsense.org/mailman/listinfo/list >> >> > > > -- > Ermal > > _______________________________________________ > List mailing list > [email protected] > http://lists.pfsense.org/mailman/listinfo/list > > -- LIving the dream...
_______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
