I setup a centos box running 5.x with freeradius, I setup freeradius for user time stuff, I setup pfsense->CP and point to this machine, I start my test and... failed. The same issue, the counter is not doing they job. Now this could be related to pfsense->cp module or freeradius?
On Sat, Nov 3, 2012 at 10:36 AM, Alberto Moreno <[email protected]> wrote: > Hi. > > Is enable!!! > > > On Fri, Nov 2, 2012 at 6:53 AM, Ermal Luçi <[email protected]> wrote: > >> >> >> >> On Thu, Nov 1, 2012 at 6:17 AM, Alberto Moreno <[email protected]>wrote: >> >>> Hi. >>> I have been trying to figure out how to setup pfsense 2.0.1 captive >>> portal+freeradius2, I want to enable the "Amount of Time" feature. >>> I had read the doc about this, but maybe I miss something. >>> >>> The thing is that if I test in the console I can see FreeRADIUS give to >>> me the info right. >>> >>> What is the problem? >>> >>> >> From what i see you fail to enable radius session-timeout("Use radius >> session timeout attribute") on the CP config page. >> >> >>> Went I add a user example: >>> >>> user1 psw1 "Amount of Time"=15 >>> user2 psw2 "Amount of Time"=3 >>> user3 psw3 "Amount of Time"=20 >>> >>> CP always close the connection before time, check logs: >>> >>> 20:14:12 20:19:41 user1 real time: 5 minutes >>> 20:30:30 20:33:00 user2 real time: 3 minutes >>> 20:35:28 20:42:16 user3 real time: 7 minutes >>> >>> U can see the problem. >>> >>> Now, lets see FR2 user settings: >>> >>> "user1" Cleartext-Password := "psw1", Max-Daily-Session := 900 >>> "user2" Cleartext-Password := "psw2", Max-Daily-Session := 180 >>> "user3" Cleartext-Password := "psw3", Max-Daily-Session := 1200 >>> >>> I had test each user with radtest and I see my settings good, check: >>> >>> radtest user1 user1 172.16.1.1 100 secret >>> >>> Sending Access-Request of id 48 to 172.16.1.1 port 1812 >>> User-Name = "user1" >>> User-Password = "psw1" >>> NAS-IP-Address = 192.168.50.1 >>> NAS-Port = 100 >>> Message-Authenticator = 0x00000000000000000000000000000000 >>> rad_recv: Access-Accept packet from host 172.16.1.1 port 1812, id=48, >>> length=26 >>> Session-Timeout = 900 >>> >>> Looks good, right? >>> >>> This is my radiusd.conf: >>> >>> /usr/local/etc/raddb/radiusd.conf >>> prefix = /usr/local >>> exec_prefix = ${prefix} >>> sysconfdir = ${prefix}/etc >>> localstatedir = /var >>> sbindir = ${exec_prefix}/sbin >>> logdir = ${localstatedir}/log >>> raddbdir = ${sysconfdir}/raddb >>> radacctdir = ${logdir}/radacct >>> confdir = ${raddbdir} >>> run_dir = ${localstatedir}/run >>> libdir = ${exec_prefix}/lib/freeradius-2.1.12 >>> pidfile = ${run_dir}/radiusd.pid >>> db_dir = ${raddbdir} >>> name = radiusd >>> #chroot = /path/to/chroot/directory >>> #user = freeradius >>> #group = freeradius >>> >>> >>> ############################################################################### >>> ### Is not present in freeradius 2.x radiusd.conf anymore but it was in >>> 1.x ### >>> ### delete_blocked_requests = >>> no ### >>> ### usercollide = >>> no ### >>> ### lower_user = >>> no ### >>> ### lower_pass = >>> no ### >>> ### nospace_user = >>> no ### >>> ### nospace_pass = >>> no ### >>> >>> ############################################################################### >>> >>> max_request_time = 30 >>> cleanup_delay = 5 >>> max_requests = 1024 >>> hostname_lookups = no >>> allow_core_dumps = no >>> regular_expressions = yes >>> extended_expressions = yes >>> listen { >>> type = auth >>> ipaddr = 172.16.1.1 >>> port = 1812 >>> } >>> listen { >>> type = acct >>> ipaddr = 172.16.1.1 >>> port = 1813 >>> } >>> >>> log { >>> destination = syslog >>> file = ${logdir}/radius.log >>> syslog_facility = daemon >>> stripped_names = no >>> auth = yes >>> auth_badpass = yes >>> auth_goodpass = yes >>> msg_goodpass = "" >>> msg_badpass = "" >>> } >>> >>> checkrad = ${sbindir}/checkrad >>> security { >>> max_attributes = 200 >>> reject_delay = 1 >>> status_server = no >>> } >>> >>> ### disbale proxy module. In most environments we do not need to proxy >>> requests to another RADIUS PROXY server >>> #proxy_requests = yes >>> #$INCLUDE proxy.conf >>> $INCLUDE clients.conf >>> thread pool { >>> start_servers = 5 >>> max_servers = 32 >>> min_spare_servers = 3 >>> max_spare_servers = 10 >>> max_queue_size = 65536 >>> max_requests_per_server = 0 >>> } >>> >>> modules { >>> $INCLUDE ${confdir}/modules/ >>> $INCLUDE eap.conf >>> ### Dis-/Enable sql.conf INCLUDE >>> #$INCLUDE sql.conf >>> >>> ### Dis-/Enable sql/mysql/counter.conf INCLUDE >>> #$INCLUDE sql/mysql/counter.conf >>> >>> #$INCLUDE sqlippool.conf >>> } >>> >>> instantiate { >>> >>> exec >>> expr >>> daily >>> weekly >>> monthly >>> forever >>> expiration >>> logintime >>> ### Dis-/Enable sql instatiate >>> #sql >>> } >>> $INCLUDE policy.conf >>> $INCLUDE sites-enabled/ >>> >>> Clients.conf >>> >>> /usr/local/etc/raddb/clients.conf >>> >>> client "cp" { >>> ipaddr = 172.16.1.1 >>> proto = udp >>> secret = secret-key >>> require_message_authenticator = no >>> max_connections = 16 >>> shortname = cp >>> nastype = other >>> ### login = !root ### >>> ### password = someadminpass ### >>> >>> U had seen the users config file. >>> >>> For the GUI I will add the images of the screens, any tip please let me >>> know, appreciated your time, thanks!!! >>> -- >>> LIving the dream... >>> >>> _______________________________________________ >>> List mailing list >>> [email protected] >>> http://lists.pfsense.org/mailman/listinfo/list >>> >>> >> >> >> -- >> Ermal >> >> _______________________________________________ >> List mailing list >> [email protected] >> http://lists.pfsense.org/mailman/listinfo/list >> >> > > > -- > LIving the dream... > -- LIving the dream...
_______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
