Re[3]: about limit
Hello, sorry, i still confuse with user max-daily-session, how can radius reject the user if user have over quota ? maybe anybody knows how to make a simple script like : "if sum_sess_time > than radgroupcheck.value than reject" ugh, i have follow the rlm_sqlcounter manual, also follow radkill instruction but the exceed user time still can use my internet access :(( is there something wrong with my config i've paste before ? mysql> select * from radgroupcheck; ++---+-++---+ | id | GroupName | Attribute | op | Value | ++---+-++---+ | 1 | c | Max-All-Session | := | 360 | | 2 | d | Max-All-Session | := | 360 | ++---+-++---+ 2 rows in set (0.00 sec) mysql> select * from radcheck; ++--+---++---+ | id | UserName | Attribute | op | Value | ++--+---++---+ | 1 | aw | Password | == | aw| | 2 | avudz| Password | == | avudz | | 3 | ampun| User-Password | := | ampun | | 4 | joko | User-Password | := | joko | | 5 | gede | User-Password | := | gede | | 6 | a| User-Password | := | a | | 8 | b| User-Password | := | b | | 9 | c| User-Password | := | c | | 11 | d| User-Password | := | d | ++--+---++---+ 9 rows in set (0.00 sec) here is user 'd' information from dialup_admin Connections 9 Online time 54 minutes, 25 seconds Failed Logins 0 Upload 83.40 KBs Download 39.32 KBs Average Time 6 minutes, 2 seconds Average Upload 9.27 KBs Average Download 4.37 KBs the user can still online ever i have limit it to 360 second and this also from radkill log : [EMAIL PROTECTED] radkill]# radwho Login Name What TTY When From Location d d shell S0 Sat 14:52 20x.x8.x9 10.11.12.12 [EMAIL PROTECTED] radkill]# ./radkill [EMAIL PROTECTED] radkill]# more /usr/local/dialupadmin/htdocs/radkill.txt Sat Apr 23 14:47:02 WIT 2005 Online : 0 Preferred: 1Absolute: 1 Next to Die: Last Kill: ###NONE### Guar UsedRem Max Min PortUserLocation --- --- --- # more radkill.conf ### # Config file for radkill by Jason Straight # ### # USERLIMIT where nn is a maximum # of users allowed online before # radkill starts terminating connections. # # format is: username:timelimit:minimum # timelimit is the max time username can stay on for one session # minimum is the minimum amount of time a user can be online before being kicked # when USERLIMIT is met. # # Setting a users limits to over and minimum to over makes that user a # priority user that will NEVER get kicked # # username @ is default user, any usernames not specified in this file will # acquire user @'s setting values. NasName:netnet NasType:net AdminUser:avudz AdminPass:avudz # RadiusUsersFile:/usr/local/etc/raddb/users PrefMax:1 AbsMax:1 OutFile:/usr/local/dialupadmin/htdocs/radkill.txt MailDomain:net.net ### users and settings ### ### username:timelimit:minimum:getmailtime:mailafter:maxlogins:lockoutduration ### d:360:360 @:360:N # ps ax | grep radkill 26983 pts/0S 0:00 tclsh ./radkill *confuse* the most important i hope from radius is access limiting :-) pls advice. -- Best regards, avudz - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re[2]: about limit
Hello Kostas, Friday, April 22, 2005, 6:17:33 PM, you wrote: KK> Run the server in debug mode to see if it is rejecting the user and if things KK> work as expected. honestly i don't see any rejecting user message, what should i need to paste here ? here is radiusd -X result : # /usr/local/sbin/radiusd -X Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /usr/local/etc/raddb/proxy.conf Config: including file: /usr/local/etc/raddb/clients.conf Config: including file: /usr/local/etc/raddb/snmp.conf Config: including file: /usr/local/etc/raddb/sql.conf Config: including file: /usr/local/etc/raddb/sqlcounter.conf main: prefix = "/usr/local" main: localstatedir = "/usr/local/var" main: logdir = "/usr/local/var/log/radius" main: libdir = "/usr/local/lib" main: radacctdir = "/usr/local/var/log/radius/radacct" main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = "/usr/local/var/log/radius/radius.log" main: log_auth = yes main: log_auth_badpass = yes main: log_auth_goodpass = yes main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid" main: user = "radiusd" main: group = "radiusd" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/usr/local/sbin/checkrad" main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = yes proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/local/lib Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = "crypt" Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: with_ntdomain_hack = no mschap: passwd = "(null)" mschap: authtype = "MS-CHAP" mschap: ntlm_auth = "(null)" Module: Instantiated mschap (mschap) Module: Loaded System unix: cache = no unix: passwd = "(null)" unix: shadow = "/etc/shadow" unix: group = "(null)" unix: radwtmp = "/usr/local/var/log/radius/radwtmp" unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded eap eap: default_eap_type = "md5" eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups" preprocess: hints = "/usr/local/etc/raddb/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = "suffix" realm: delimiter = "@" realm: ignore_default = no realm: ignore_null = no Module: Instantiated realm (suffix) Module: Loaded SQL sql: driver = "rlm_sql_mysql" sql: server = "localhost" sql: port = "" sql: login = "" sql: password = "" sql: radius_db = "radius" sql: acct_table = "radacct" sql: acct_table2 = "radacct" sql: authcheck_table = "radcheck" sql: authreply_table = "radreply" sql: groupcheck_table = "radgroupcheck" sql: groupreply_table = "radgroupreply" sql: usergroup_table = "usergroup" sql: nas_table = "nas" sql: dict_table = "dictionary" sql: sqltrace = no sql: sqltracefile = "/usr/local/var/log/radius/sqltrace.sql" sql: readclients = no sql: deletestalesessions = yes sql: num_sql_socks = 5 sql: sql_user_name = "%{User-Name}" sql: default_user_profile = "" sql: query_on_not_found = no sql: authorize_check_query = "SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER B Y id" sql: authorize_reply_query = "SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = '%{SQL-User-Name}' ORDER B Y id" sql: authorize_group_check_query = "SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Val ue,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = '%{SQL-User-Name}' AND usergroup.GroupName = radg roupcheck.GroupName ORDER BY radgroupcheck.id" sql: authorize_group_repl
Re: about limit
On Fri, 22 Apr 2005, avudz wrote: Hello, sorry for this fool question, perhaps this have been discuss before. i user freeradius-1.0.2 and dialup admin, the problem is, the clients still can connect through radius server even the daily limit is over. i've implement http://www.lh.freeradius.org/radiusd/doc/rlm_sqlcounter howto, and put field like this : INSERT into radcheck VALUES ('','b','Max-All-Session','400',':='); but user b still can login after 6 minutes ? so how can i limit the max-daily-session ? here is the log from dialup admin : User is not online now - Last Connection Time 2005-04-22 11:03:03 Online Time 33 minutes, 10 seconds Server 202.78.193.83 (202.78.193.83) Server Port 0 Workstation 00:E0:4C:13:8B:1B Upload 152.89 KBs Download 7.41 KBs Allowed Session user can login for 0 seconds (Out of daily quota) <--- over quota ? Usefull User Description - Run the server in debug mode to see if it is rejecting the user and if things work as expected. -- Best regards, ./avd - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
about limit
Hello, sorry for this fool question, perhaps this have been discuss before. i user freeradius-1.0.2 and dialup admin, the problem is, the clients still can connect through radius server even the daily limit is over. i've implement http://www.lh.freeradius.org/radiusd/doc/rlm_sqlcounter howto, and put field like this : INSERT into radcheck VALUES ('','b','Max-All-Session','400',':='); but user b still can login after 6 minutes ? so how can i limit the max-daily-session ? here is the log from dialup admin : User is not online now - Last Connection Time 2005-04-22 11:03:03 Online Time 33 minutes, 10 seconds Server 202.78.193.83 (202.78.193.83) Server Port 0 Workstation 00:E0:4C:13:8B:1B Upload 152.89 KBs Download 7.41 KBs Allowed Session user can login for 0 seconds (Out of daily quota) <--- over quota ? Usefull User Description - -- Best regards, ./avd - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html