Re: sqlcounters for traffic
Good it's sent in the reply to the nas! Thx
But the sqlcounter i setup was supposed to reset every hours , but
apparently doesn't...
Where can i take a look to find out why?
Is it supposed to update the database to reset counters (which seems a
bad solution to me) or does freeradius maintain separate counters
elsewhere, using accounting database to feed them?
Alan DeKok a écrit :
Alexandre Chapellon wrote:
Here is the full debug outputed during the auth query/reply
...
rlm_sqlcounter: Sent Reply-Item for user scott,
Type=Session-Traffic-Limit, value=12694
...
Sending Access-Accept of id 201 to 127.0.0.1 port 37792
Session-Traffic-Limit =
That's the problem. Looking at dictionary.redback,
Session-Traffic-Limit is a string. It's not an integer counter.
If you do really want to use Session-Traffic-Limit, you will have to
change sqlcounter to use a *different* attribute in the reply, such as
Tmp-Integer-0, which is a server-side attribute. Then use unlang in
post-auth to copy it to Session-Traffic-Limit:
update reply {
Session-Traffic-Limit = %{reply:Tmp-Integer-0}
}
That should work.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sqlcounters for traffic
Good it's sent in the reply to the nas! Thx But the sqlcounter i setup was supposed to reset every hours , but apparently doesn't... Where can i take a look to find out why? Check the sql query definition and value of reset in counter.conf. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sqlcounters for traffic
here is the counter definition:
sqlcounter bytesQuota {
counter-name = traffic_quota
check-name = Max-Traffic
reply-name = Tmp-Integer-0
sqlmod-inst = mysqldb
key = User-Name
reset = hourly
query = SELECT SUM(acctinputoctets + acctoutputoctets) FROM
radacct WHERE UserName='%{%k}'
}
sounds good to me... what could be the reasn for noreset?
query = SELECT SUM(acctinputoctets + acctoutputoctets) FROM
radacct WHERE UserName='%{%k}'
You need to add to WHERE one of the statements using %b.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sqlcounters for traffic
[EMAIL PROTECTED] a écrit :
here is the counter definition:
sqlcounter bytesQuota {
counter-name = traffic_quota
check-name = Max-Traffic
reply-name = Tmp-Integer-0
sqlmod-inst = mysqldb
key = User-Name
reset = hourly
query = SELECT SUM(acctinputoctets + acctoutputoctets) FROM
radacct WHERE UserName='%{%k}'
}
sounds good to me... what could be the reasn for noreset?
query = SELECT SUM(acctinputoctets + acctoutputoctets) FROM
radacct WHERE UserName='%{%k}'
You need to add to WHERE one of the statements using %b.
Ouch i didn't saw that in the example queries... spank my ...!
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sqlcounters for traffic
so what's the use of the reset parameter if th sql query is managing it
all by its own?
Alexandre Chapellon a écrit :
[EMAIL PROTECTED] a écrit :
here is the counter definition:
sqlcounter bytesQuota {
counter-name = traffic_quota
check-name = Max-Traffic
reply-name = Tmp-Integer-0
sqlmod-inst = mysqldb
key = User-Name
reset = hourly
query = SELECT SUM(acctinputoctets + acctoutputoctets) FROM
radacct WHERE UserName='%{%k}'
}
sounds good to me... what could be the reasn for noreset?
query = SELECT SUM(acctinputoctets + acctoutputoctets) FROM
radacct WHERE UserName='%{%k}'
You need to add to WHERE one of the statements using %b.
Ouch i didn't saw that in the example queries... spank my ...!
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sqlcounters for traffic
reset parameter controls value of %b.
Ivan Kalik
Kalik Informatika ISP
Dana 9/9/2008, Alexandre Chapellon [EMAIL PROTECTED] piše:
so what's the use of the reset parameter if th sql query is managing it
all by its own?
Alexandre Chapellon a écrit :
[EMAIL PROTECTED] a écrit :
here is the counter definition:
sqlcounter bytesQuota {
counter-name = traffic_quota
check-name = Max-Traffic
reply-name = Tmp-Integer-0
sqlmod-inst = mysqldb
key = User-Name
reset = hourly
query = SELECT SUM(acctinputoctets + acctoutputoctets) FROM
radacct WHERE UserName='%{%k}'
}
sounds good to me... what could be the reasn for noreset?
query = SELECT SUM(acctinputoctets + acctoutputoctets) FROM
radacct WHERE UserName='%{%k}'
You need to add to WHERE one of the statements using %b.
Ouch i didn't saw that in the example queries... spank my ...!
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/usershtml
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sqlcounters for traffic
Looking at the source of rlm_sqlcounter i saw that when a users tries to
conect at a time close to the next reset time, the value of the
check-item for the next cycle is added to the reply item.
I'd like to avoid this behaviour for **some** of my users. Indeed I want
to use counters to count traffic and **not** time while rlm_sqlcounter
decide it's closed to reset time when check-item - counter (in my case:
bytes) is less than the number of second untill reset time.
Can i disable this behaviour? how?
[EMAIL PROTECTED] a écrit :
reset parameter controls value of %b.
Ivan Kalik
Kalik Informatika ISP
Dana 9/9/2008, Alexandre Chapellon [EMAIL PROTECTED] piše:
so what's the use of the reset parameter if th sql query is managing it
all by its own?
Alexandre Chapellon a écrit :
[EMAIL PROTECTED] a écrit :
here is the counter definition:
sqlcounter bytesQuota {
counter-name = traffic_quota
check-name = Max-Traffic
reply-name = Tmp-Integer-0
sqlmod-inst = mysqldb
key = User-Name
reset = hourly
query = SELECT SUM(acctinputoctets + acctoutputoctets) FROM
radacct WHERE UserName='%{%k}'
}
sounds good to me... what could be the reasn for noreset?
query = SELECT SUM(acctinputoctets + acctoutputoctets) FROM
radacct WHERE UserName='%{%k}'
You need to add to WHERE one of the statements using %b.
Ouch i didn't saw that in the example queries... spank my ...!
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/usershtml
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sqlcounters for traffic
Alexandre Chapellon wrote:
Here is the full debug outputed during the auth query/reply
...
rlm_sqlcounter: Sent Reply-Item for user scott,
Type=Session-Traffic-Limit, value=12694
...
Sending Access-Accept of id 201 to 127.0.0.1 port 37792
Session-Traffic-Limit =
That's the problem. Looking at dictionary.redback,
Session-Traffic-Limit is a string. It's not an integer counter.
If you do really want to use Session-Traffic-Limit, you will have to
change sqlcounter to use a *different* attribute in the reply, such as
Tmp-Integer-0, which is a server-side attribute. Then use unlang in
post-auth to copy it to Session-Traffic-Limit:
update reply {
Session-Traffic-Limit = %{reply:Tmp-Integer-0}
}
That should work.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: sqlcounters for traffic
rlm_sqlcounter: Sent Reply-Item for user scott, Type=Session-Traffic-Limit,
value=12792
Which part dont you understand? Sqlcounter returned it. How does the log
part of the RADIUS Packet looks like? It should contain the
Session-Traffic-Limit if it can be found in the dictionary, right?
E:S
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
g] On Behalf Of Alexandre Chapellon
Sent: Samstag, 06. September 2008 01:53
To: FreeRadius users mailing list
Subject: sqlcounters for traffic
I want to se sqlcounters to count bytes transferred from clients so that i
manage quota.
Aiming this i configured the following counter:
sqlcounter bytesQuota {
counter-name = traffic_quota
check-name = Max-Traffic
reply-name = Session-Traffic-Limit
sqlmod-inst = mysqldb
key = User-Name
reset = hourly
query = SELECT SUM(acctinputoctets + acctoutputoctets) FROM radacct
WHERE UserName='%{%k}'
}
My first problem is that the Session-Traffic-Limit (from the redback
dictionnary) is not returned. I can't see it neither in the output of
radtest nor with radsniff.
Yet, looking at the output of radiusd -X i can see it's correctly understood
by freeradius:
rlm_sqlcounter: Check item is greater than query result
rlm_sqlcounter: Authorized user scott, check_item=12000, counter=10891
rlm_sqlcounter: Sent Reply-Item for user scott, Type=Session-Traffic-Limit,
value=12792
++[bytesQuota] returns ok
Does anyone has a clue?
Alexandre Chapellon a écrit :
You're right, adding the name of my sqlcounter in the instantiate section
lake it works.
thx :)
Alan DeKok a écrit :
Alexandre Chapellon wrote:
whenever i launch freeradius -X I get the folloawing error:
/etc/freeradius/users[205]: Parse error (check) for entry scott: Invalid
octet string 101 for attribute name Max-Traffic
The modules are initialized in *order*. The sqlcounter module creates
the attributes on the fly. But... it can't do this if it hasn't been
run yet.
Line 205 is the line where user scott is defined in users files.
I have tryed setting up my own dictionnary (which i think shouldn't be
needed) with the Max-Traffic attribute defined as interger
VENDOR ME
ATTRIBUTE Max-Traffic 1 integer
That isn't the correct dictionary file format, but it's not relevant,
either.
But that doesn't help. I have read all over the web that sqlcounter with
mysql are considered as stable enough for production , so am quite
surprised of this issue...
Any idea?
List sqlcounter in the instantiate section. It will be
initialized before the users file is read.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
_
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sqlcounters for traffic
My first problem is that the Session-Traffic-Limit (from the redback dictionnary) is not returned. I can't see it neither in the output of radtest nor with radsniff. Yet, looking at the output of radiusd -X i can see it's correctly understood by freeradius: rlm_sqlcounter: Check item is greater than query result rlm_sqlcounter: Authorized user scott, check_item=12000, counter=10891 rlm_sqlcounter: Sent Reply-Item for user scott, Type=Session-Traffic-Limit, value=12792 ++[bytesQuota] returns ok It looks like it made it to the reply list. Does anyone has a clue? Not without the rest of the debug. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sqlcounters for traffic
Edvin Seferovic a écrit :
rlm_sqlcounter: Sent Reply-Item for user scott,
Type=Session-Traffic-Limit, value=12792
Which part don’t you understand? Sqlcounter returned it. How does the
log part of the RADIUS Packet looks like? It should contain the
“Session-Traffic-Limit” if it can be found in the dictionary, right?
What i don't understand is that i cannot find this in the sent reply,
whereas it seems to be processed correctly by the module.
E:S
*From:*
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
*On Behalf Of *Alexandre Chapellon
*Sent:* Samstag, 06. September 2008 01:53
*To:* FreeRadius users mailing list
*Subject:* sqlcounters for traffic
I want to se sqlcounters to count bytes transferred from clients so
that i manage quota.
Aiming this i configured the following counter:
sqlcounter bytesQuota {
counter-name = traffic_quota
check-name = Max-Traffic
reply-name = Session-Traffic-Limit
sqlmod-inst = mysqldb
key = User-Name
reset = hourly
query = SELECT SUM(acctinputoctets + acctoutputoctets) FROM
radacct WHERE UserName='%{%k}'
}
My first problem is that the Session-Traffic-Limit (from the redback
dictionnary) is not returned. I can't see it neither in the output of
radtest nor with radsniff.
Yet, looking at the output of radiusd -X i can see it's correctly
understood by freeradius:
rlm_sqlcounter: Check item is greater than query result
rlm_sqlcounter: Authorized user scott, check_item=12000, counter=10891
rlm_sqlcounter: Sent Reply-Item for user scott,
Type=Session-Traffic-Limit, value=12792
++[bytesQuota] returns ok
Does anyone has a clue?
Alexandre Chapellon a écrit :
You're right, adding the name of my sqlcounter in the instantiate
section lake it works.
thx :)
Alan DeKok a écrit :
Alexandre Chapellon wrote:
whenever i launch freeradius -X I get the folloawing error:
/etc/freeradius/users[205]: Parse error (check) for entry scott: Invalid
octet string 101 for attribute name Max-Traffic
The modules are initialized in *order*. The sqlcounter module creates
the attributes on the fly. But... it can't do this if it hasn't been
run yet.
Line 205 is the line where user scott is defined in users files.
I have tryed setting up my own dictionnary (which i think shouldn't be
needed) with the Max-Traffic attribute defined as interger
VENDOR ME
ATTRIBUTE Max-Traffic 1 integer
That isn't the correct dictionary file format, but it's not relevant,
either.
But that doesn't help. I have read all over the web that sqlcounter with
mysql are considered as stable enough for production , so am quite
surprised of this issue...
Any idea?
List sqlcounter in the instantiate section. It will be
initialized before the users file is read.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sqlcounters for traffic
[EMAIL PROTECTED] a écrit :
My first problem is that the Session-Traffic-Limit (from the redback
dictionnary) is not returned. I can't see it neither in the output of
radtest nor with radsniff.
Yet, looking at the output of radiusd -X i can see it's correctly
understood by freeradius:
rlm_sqlcounter: Check item is greater than query result
rlm_sqlcounter: Authorized user scott, check_item=12000, counter=10891
rlm_sqlcounter: Sent Reply-Item for user scott,
Type=Session-Traffic-Limit, value=12792
++[bytesQuota] returns ok
It looks like it made it to the reply list.
Yep, but when sniffing network, it appears it's not.
Does anyone has a clue?
Not without the rest of the debug.
Here is the full debug outputed during the auth query/reply
rad_recv: Access-Request packet from host 127.0.0.1 port 37792, id=201,
length=57
User-Name = scott
User-Password = tiger
NAS-IP-Address = 192.168.20.145
NAS-Port = 451
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = scott, looking up realm NULL
rlm_realm: No such realm NULL
++[suffix] returns noop
rlm_eap: No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
users: Matched entry scott at line 205
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
rlm_sqlcounter: Entering module authorize code
sqlcounter_expand: 'SELECT SUM(acctinputoctets + acctoutputoctets) FROM
radacct WHERE UserName='%{User-Name}''
expand: SELECT SUM(acctinputoctets + acctoutputoctets) FROM radacct
WHERE UserName='%{User-Name}' - SELECT SUM(acctinputoctets +
acctoutputoctets) FROM radacct WHERE UserName='scott'
sqlcounter_expand: '%{mysqldb:SELECT SUM(acctinputoctets +
acctoutputoctets) FROM radacct WHERE UserName='scott'}'
rlm_sql (mysqldb): - sql_xlat
expand: %{User-Name} - scott
rlm_sql (mysqldb): sql_set_user escaped user -- 'scott'
expand: SELECT SUM(acctinputoctets + acctoutputoctets) FROM radacct
WHERE UserName='scott' - SELECT SUM(acctinputoctets + acctoutputoctets)
FROM radacct WHERE UserName='scott'
expand: /var/log/freeradius/sqltrace.sql -
/var/log/freeradius/sqltrace.sql
rlm_sql (mysqldb): Reserving sql socket id: 4
rlm_sql_mysql: query: SELECT SUM(acctinputoctets + acctoutputoctets)
FROM radacct WHERE UserName='scott'
rlm_sql (mysqldb): - sql_xlat finished
rlm_sql (mysqldb): Released sql socket id: 4
expand: %{mysqldb:SELECT SUM(acctinputoctets + acctoutputoctets)
FROM radacct WHERE UserName='scott'} - 10891
rlm_sqlcounter: Check item is greater than query result
rlm_sqlcounter: Authorized user scott, check_item=12000, counter=10891
rlm_sqlcounter: Sent Reply-Item for user scott,
Type=Session-Traffic-Limit, value=12694
++[bytesQuota] returns ok
rad_check_password: Found Auth-Type
auth: type PAP
+- entering group PAP
rlm_pap: login attempt with password tiger
rlm_pap: Using clear text password tiger
rlm_pap: User authenticated successfully
++[pap] returns ok
+- entering group session
expand: %{User-Name} - scott
rlm_sql (mysqldb): sql_set_user escaped user -- 'scott'
expand: SELECT COUNT(*) FROM
radacct WHERE username =
'%{SQL-User-Name}' AND acctstoptime IS NULL
- SELECT COUNT(*) FROM
radacct WHERE username =
'scott' AND acctstoptime IS NULL
rlm_sql (mysqldb): Reserving sql socket id: 3
rlm_sql_mysql: query: SELECT COUNT(*) FROM
radacct WHERE username =
'scott' AND acctstoptime IS NULL
rlm_sql (mysqldb): Released sql socket id: 3
++[mysqldb] returns ok
+- entering group post-auth
expand: %{NAS-IP-Address} %{NAS-Port} - 192.168.20.145 451
rlm_ippool: MD5 on 'key' directive maps to: 20879599c5e6463384e80698249eaa87
rlm_ippool: Searching for an entry for key:
'20879599c5e6463384e80698249eaa87'
rlm_ippool: Found a stale entry for ip: 10.0.116.61
rlm_ippool: num: 0
rlm_ippool: Allocating ip to key: '20879599c5e6463384e80698249eaa87'
rlm_ippool: num: 1
rlm_ippool: Allocated ip 10.0.129.45 to client key:
20879599c5e6463384e80698249eaa87
++[test_pool] returns ok
rlm_sql (mysqldb): Processing sql_postauth
expand: %{User-Name} - scott
rlm_sql (mysqldb): sql_set_user escaped user -- 'scott'
expand: %{User-Password} - tiger
expand: INSERT INTO radpostauth (username,
pass, reply, authdate) VALUES
( '%{User-Name}',
'%{%{User-Password}:-%{Chap-Password}}',
'%{reply:Packet-Type}', '%S') - INSERT INTO
radpostauth (username, pass, reply,
authdate) VALUES (
'scott',
