FreeRadius: Something reduces the value in octet file (used)
-
Hi all,
I am running a captive portal on pfSense 2.6.0 that uses freeradius to control the limits for consumed data volume for the users.
Once or twice every day/night something is randomly reducing the value in the octet file that holds the used/consumed info. I can't find out what is doing this. This is a user with monthly period.
How can I figure out what is doing this? I have tried to find some commands that monitor changes to the octet file, but in pfSense the packages for this aren't available (so I can't see at which time the file was changed and by which process).
-
And you are using the captive portal ?
With the now extinct 'ipfw' firewall that had initially the "only TCP" - so no UDP, so no DNS, so no portal access at all .... That one ?Be ware : only the forum knows the answer to your questions, as they are already asked, so written down here, and answered.
For myself, I've been using 3 or 4 more recent version afterwards, and don't recall any 2.6.0 specifics anymore.So, start searching ?
Added to that : the people that are still using this software don't read on this forum ... they probably even don't know this forum exists. Or they didn't saw that a new version was avaible.
But these are the ones who could help you ...What I mean to say : you do you, it's not me telling you that 2.6.0 is bad, but by not upgrading, you start to become your "own support".
@jarlel said in FreeRadius: Something reduces the value in octet file (used):
How can I figure out what is doing this?
What files ? Where did you find the files ?
You are using vouchers ? -
What files ? Where did you find the files ?
You are using vouchers ?I am using freeradius with users configured - no vouchers.
The files are here:
/var/log/radacct/datacounter/monthly/used-octets-*Hi, it looks like this is related to the max supported size for freeradius. It looks like this might be 4096 MB since the variable that holds it is 32 bit only. For sessions that exceeds 4096 MB data volume that makes summing up the session file(s) etc. fail.
Has anybody seen the same? Is there a workaround? Can 64 bit be supported by doing some modifications?
-
@jarlel said in FreeRadius: Something reduces the value in octet file (used):
it looks like this is related to the max supported size for freeradius. It looks like this might be 4096 MB
The CP data quota has nothing to do with freeRadius Quotas. We routinely exceed 1TB in data quotas per freeRadius account.
You have located the flat database files that freeRadius uses. They are updated at "accounting intervals" by Captive Portal once authorized. There are numerous issues (and associated Redmines) as to how that data is updated. The most common solution is to check off "Reauthenticate connected users every minute". This will update the "used-octets" file. As there is a one second delay built into this authentication, once you have 60 or so clients connected, you may find it misses some accounting updates. Once it exceeds t "max-octets" value, the user will be disconnected. FYI, time attributes do not appear to work properly for multi-user accounts.
As far as your used octets getting reduced, I assume you do not have the reauthenticate every minute checked off. It will then use the accounting interval.
Get off 2.6.0 and use 2.7.2 as there is a serious data flaw that was fixed early Jan 2023 that overflows the CP counter, mostly because the update interval is too long. If you update every minute, it never exceeds 4096 Mb/ update.
-
@jarlel said in FreeRadius: Something reduces the value in octet file (used):
Has anybody seen the same? Is there a workaround? Can 64 bit be supported by doing some modifications?
Also make sure you have Authentication setup correctly. In order to update used-octets, CP must be "re-logged in", i.e. reauthenticated so the data is sent from CP to/from freeRadius.
-
@jarlel said in FreeRadius: Something reduces the value in octet file (used):
Once or twice every day/night something is randomly reducing the value
I thought I would clarify one point even though implementing the reply above should have corrected it. I realized the explanation as to why I believe you see "reduced values" in the used-octets file may not have been clarified.
This reduction is likely occurring because of the overflow of 32 bit value on the captive portal side that necessitates the captive portal limit of 4096 Mb. Overflow produces a negative number. Once you turn on reauthenticate every minute, the accounting interval will be more frequent and that overflow will no longer occur. The default value of accounting interval is 600 seconds, or 10 minutes. If freeRadius receives a negative value, it simply subtracts it from the flat file. If the updates are less frequent, the probability of overflow to an equivalent negative value increases. Stop/Start freeRadius is also involved in "flushing" the CP value into the freeRadius data file. Clumsy but it can work very well if implemented as shown.