PFsense 2.4.4 FreeRadius Mac Address Authentication Qouta
-
Please I think the developers should look at the pfsense Captive Portal and FreeRadius Authentication very well. Apart from the MAC Address Authentication quota not working this evening I updated the pfsense 2.4.4-RC and the Username and Password quota too is not working with the FreeRadius authentication.
I assigned 1024MB to a User in the FreeRadius and the User used more the 1024MB assigned to him. I checked the system log->freeradius, this is what I saw
"Sep 21 19:43:13 root FreeRADIUS: User stephen has used 0 MB of 1024 MB Daily allotted traffic. The login request was accepted."
Also another User when I checked system log-> freeradius, this is what I saw
"No logs to display."
I think it should be looked at it.
Thanks -
Report it here: https://redmine.pfsense.org with as much details as you can.
-
Hi,
I'm not using the "Mac Address Authentication" but qoutas seem to work for e :
Sep 21 21:50:49 root FreeRADIUS: User 111 has used 398 MB of 2048 MB daily allotted traffic. The login request was accepted.
a minute later :
Sep 21 21:51:51 root FreeRADIUS: User 111 has used 404 MB of 2048 MB daily allotted traffic. The login request was accepted.
Thus: quotas are working their way up.
Didn't see what happened when they reach the end, that didn't arrived yet.What do you mean with :
@stephenkwabena said in PFsense 2.4.4 FreeRadius Mac Address Authentication Qouta:"No logs to display."
You flushed the logs ?
Running the RC :
2.4.4-RC (amd64)
built on Tue Sep 18 17:52:29 EDT 2018
FreeBSD 11.2-RELEASE-p3 -
Yes
-
@grimson
Ok I will do that. Thanks -
@gertjan
Please can show me your configuration? -
Check here https://www.youtube.com/watch?v=nJ3NzU_7xd0 : 38 min 0 sec.
-
Quotas in FreeRadius pfSense package are working for me, both using MAC Address authentication and username/password authentication.
@stephenkwabena said
I assigned 1024MB to a User in the FreeRadius and the User used more the 1024MB assigned to him.
I may know the reason why this is happening : is "Reauthenticate users" disabled in your captive portal configuration ?
In order to use quota within the pfSense package,
- "Reauthenticate users" must be enabled on the captive portal
- Radius accounting must be enabled (using "stop/start (Freeradius)" ) on the captive portal
- Radius accounting must be also enabled on the FreeRadius package (in the "Interface" tab)
- A cron must be set up using the cron package to reset the daily counters
-
I hadd some details and examples :
@free4 said in PFsense 2.4.4 FreeRadius Mac Address Authentication Qouta:
- "Reauthenticate users" must be enabled on the captive portal
Normal. A the doc states - or the video.
- Radius accounting must be enabled (using "stop/start (Freeradius)" ) on the captive portal
Or "Interim", which I use, and work s fine.
- Radius accounting must be also enabled on the FreeRadius package (in the "Interface" tab)
Yep. I've these (maybe over complete, but it works so good this way) :
- A cron must be set up using the cron package to reset the daily counters
Correct.
Here it is :
The first 3 lines : the daily/weekly/monthly/ reset. Choose your hour of reset.
Line 4 : private mixture, (192.168.2.1 is my NAS) to delete the overwhelming logs of FreeRadius - if you forget this one, and ask FreeRdius to log, and forget about it, then your pfSense will explode ... Btw : test this line by hand before you unleash a wild "rm" on your system.Have a look at /var/log/radacct/datacounter/daily/ - see the files yourself. That makes undderstanding things much faster.
Use the FreeRadius config files, these scripts here : /usr/local/etc/raddb/scripts ... and then you know how the guy works, which is great if you want to debug something (add some log lines). -
@gertjan Please can you send me the commands here and more directive
-
No actual commands.
I was using a mouse.If you don't know how to look at a file :
@gertjan said in PFsense 2.4.4 FreeRadius Mac Address Authentication Qouta:
Have a look at /var/log/radacct/datacounter/daily/ - see the files yourself. That makes under stand things much faster.
or what it means, then IMHO : it's not worth looking.
You could use the pfSense GUI, or, go for a free program like WinSCP.