Re[3]: about limit
Hello,
sorry, i still confuse with user max-daily-session, how can radius
reject the user if user have over quota ?
maybe anybody knows how to make a simple script like :
"if sum_sess_time > than radgroupcheck.value than reject"
ugh, i have follow the rlm_sqlcounter manual, also follow radkill
instruction but the exceed user time still can use my internet access
:(( is there something wrong with my config i've paste before ?
mysql> select * from radgroupcheck;
++---+-++---+
| id | GroupName | Attribute | op | Value |
++---+-++---+
| 1 | c | Max-All-Session | := | 360 |
| 2 | d | Max-All-Session | := | 360 |
++---+-++---+
2 rows in set (0.00 sec)
mysql> select * from radcheck;
++--+---++---+
| id | UserName | Attribute | op | Value |
++--+---++---+
| 1 | aw | Password | == | aw|
| 2 | avudz| Password | == | avudz |
| 3 | ampun| User-Password | := | ampun |
| 4 | joko | User-Password | := | joko |
| 5 | gede | User-Password | := | gede |
| 6 | a| User-Password | := | a |
| 8 | b| User-Password | := | b |
| 9 | c| User-Password | := | c |
| 11 | d| User-Password | := | d |
++--+---++---+
9 rows in set (0.00 sec)
here is user 'd' information from dialup_admin
Connections 9
Online time 54 minutes, 25 seconds
Failed Logins 0
Upload 83.40 KBs
Download 39.32 KBs
Average Time 6 minutes, 2 seconds
Average Upload 9.27 KBs
Average Download 4.37 KBs
the user can still online ever i have limit it to 360 second
and this also from radkill log :
[EMAIL PROTECTED] radkill]# radwho
Login Name What TTY When From Location
d d shell S0 Sat 14:52 20x.x8.x9 10.11.12.12
[EMAIL PROTECTED] radkill]# ./radkill
[EMAIL PROTECTED] radkill]# more /usr/local/dialupadmin/htdocs/radkill.txt
Sat Apr 23 14:47:02 WIT 2005
Online : 0 Preferred: 1Absolute: 1
Next to Die: Last Kill: ###NONE###
Guar UsedRem Max Min PortUserLocation
--- --- ---
# more radkill.conf
###
# Config file for radkill by Jason Straight #
###
# USERLIMIT where nn is a maximum # of users allowed online before
# radkill starts terminating connections.
#
# format is: username:timelimit:minimum
# timelimit is the max time username can stay on for one session
# minimum is the minimum amount of time a user can be online before being kicked
# when USERLIMIT is met.
#
# Setting a users limits to over and minimum to over makes that user a
# priority user that will NEVER get kicked
#
# username @ is default user, any usernames not specified in this file will
# acquire user @'s setting values.
NasName:netnet
NasType:net
AdminUser:avudz
AdminPass:avudz
# RadiusUsersFile:/usr/local/etc/raddb/users
PrefMax:1
AbsMax:1
OutFile:/usr/local/dialupadmin/htdocs/radkill.txt
MailDomain:net.net
### users and settings ###
### username:timelimit:minimum:getmailtime:mailafter:maxlogins:lockoutduration
###
d:360:360
@:360:N
# ps ax | grep radkill
26983 pts/0S 0:00 tclsh ./radkill
*confuse* the most important i hope from radius is access limiting :-)
pls advice.
--
Best regards,
avudz
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re[2]: about limit
Hello Kostas,
Friday, April 22, 2005, 6:17:33 PM, you wrote:
KK> Run the server in debug mode to see if it is rejecting the user and if
things
KK> work as expected.
honestly i don't see any rejecting user message, what should i need to
paste here ? here is radiusd -X result :
# /usr/local/sbin/radiusd -X
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /usr/local/etc/raddb/proxy.conf
Config: including file: /usr/local/etc/raddb/clients.conf
Config: including file: /usr/local/etc/raddb/snmp.conf
Config: including file: /usr/local/etc/raddb/sql.conf
Config: including file: /usr/local/etc/raddb/sqlcounter.conf
main: prefix = "/usr/local"
main: localstatedir = "/usr/local/var"
main: logdir = "/usr/local/var/log/radius"
main: libdir = "/usr/local/lib"
main: radacctdir = "/usr/local/var/log/radius/radacct"
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = "/usr/local/var/log/radius/radius.log"
main: log_auth = yes
main: log_auth_badpass = yes
main: log_auth_goodpass = yes
main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
main: user = "radiusd"
main: group = "radiusd"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/local/sbin/checkrad"
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = yes
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
pap: encryption_scheme = "crypt"
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = no
mschap: require_strong = no
mschap: with_ntdomain_hack = no
mschap: passwd = "(null)"
mschap: authtype = "MS-CHAP"
mschap: ntlm_auth = "(null)"
Module: Instantiated mschap (mschap)
Module: Loaded System
unix: cache = no
unix: passwd = "(null)"
unix: shadow = "/etc/shadow"
unix: group = "(null)"
unix: radwtmp = "/usr/local/var/log/radius/radwtmp"
unix: usegroup = no
unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded eap
eap: default_eap_type = "md5"
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
Module: Instantiated eap (eap)
Module: Loaded preprocess
preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups"
preprocess: hints = "/usr/local/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
realm: format = "suffix"
realm: delimiter = "@"
realm: ignore_default = no
realm: ignore_null = no
Module: Instantiated realm (suffix)
Module: Loaded SQL
sql: driver = "rlm_sql_mysql"
sql: server = "localhost"
sql: port = ""
sql: login = ""
sql: password = ""
sql: radius_db = "radius"
sql: acct_table = "radacct"
sql: acct_table2 = "radacct"
sql: authcheck_table = "radcheck"
sql: authreply_table = "radreply"
sql: groupcheck_table = "radgroupcheck"
sql: groupreply_table = "radgroupreply"
sql: usergroup_table = "usergroup"
sql: nas_table = "nas"
sql: dict_table = "dictionary"
sql: sqltrace = no
sql: sqltracefile = "/usr/local/var/log/radius/sqltrace.sql"
sql: readclients = no
sql: deletestalesessions = yes
sql: num_sql_socks = 5
sql: sql_user_name = "%{User-Name}"
sql: default_user_profile = ""
sql: query_on_not_found = no
sql: authorize_check_query = "SELECT id,UserName,Attribute,Value,op FROM
radcheck WHERE Username = '%{SQL-User-Name}'
ORDER B
Y id"
sql: authorize_reply_query = "SELECT id,UserName,Attribute,Value,op FROM
radreply WHERE Username = '%{SQL-User-Name}'
ORDER B
Y id"
sql: authorize_group_check_query = "SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Val
ue,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username =
'%{SQL-User-Name}' AND usergroup.GroupName =
radg
roupcheck.GroupName ORDER BY radgroupcheck.id"
sql: authorize_group_repl
Re: about limit
On Fri, 22 Apr 2005, avudz wrote:
Hello,
sorry for this fool question, perhaps this have been discuss before.
i user freeradius-1.0.2 and dialup admin, the problem is, the
clients still can connect through radius server even the daily limit
is over.
i've implement
http://www.lh.freeradius.org/radiusd/doc/rlm_sqlcounter howto, and
put field like this :
INSERT into radcheck VALUES ('','b','Max-All-Session','400',':=');
but user b still can login after 6 minutes ? so how can i limit the
max-daily-session ?
here is the log from dialup admin :
User is not online now
-
Last Connection Time 2005-04-22 11:03:03
Online Time 33 minutes, 10 seconds
Server 202.78.193.83 (202.78.193.83)
Server Port 0
Workstation 00:E0:4C:13:8B:1B
Upload 152.89 KBs
Download 7.41 KBs
Allowed Session user can login for 0 seconds (Out of daily quota)
<--- over quota ?
Usefull User Description -
Run the server in debug mode to see if it is rejecting the user and if things
work as expected.
--
Best regards,
./avd
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED] National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
about limit
Hello,
sorry for this fool question, perhaps this have been discuss before.
i user freeradius-1.0.2 and dialup admin, the problem is, the
clients still can connect through radius server even the daily limit
is over.
i've implement
http://www.lh.freeradius.org/radiusd/doc/rlm_sqlcounter howto, and
put field like this :
INSERT into radcheck VALUES ('','b','Max-All-Session','400',':=');
but user b still can login after 6 minutes ? so how can i limit the
max-daily-session ?
here is the log from dialup admin :
User is not online now
-
Last Connection Time 2005-04-22 11:03:03
Online Time 33 minutes, 10 seconds
Server 202.78.193.83 (202.78.193.83)
Server Port 0
Workstation 00:E0:4C:13:8B:1B
Upload 152.89 KBs
Download 7.41 KBs
Allowed Session user can login for 0 seconds (Out of daily quota)
<--- over quota ?
Usefull User Description -
--
Best regards,
./avd
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
