Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Captive portal disconnect user before he reach the actual time limit

    Scheduled Pinned Locked Moved Captive Portal
    8 Posts 3 Posters 7.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tzlwin
      last edited by

      I created timeuser03 as 60 Minutes Daily. But Radius Accounting is counting much 5 times or something.
      Captive portal always disconnect users before he reached the actual limited login time.
      Here are my onfiguration and logs.

      In captive portal 2.0.1-RELEASE
      Enabled-Reauthenticate connected users every minute
      Accounting updates =  stop/start accounting
      Enabled -Use RADIUS Session-Timeout attributes

      In Freeradius2 ver 2.1.12 pkg v1.6.6_1

      Disable Acct_Unique is Checked.

      Captive portal log.

      Apr 13 12:32:06 logportalauth[44661]: RADIUS_DISCONNECT: timeuser03, f0:a2:25:34:e3:31, 172.18.10.30, Your maximum daily usage time has been reached
      Apr 13 12:20:37 logportalauth[51830]: USER LOGIN: timeuser03, f0:a2:25:34:e3:31, 172.18.10.30

      In Radius Radacct log,it seems accounting is doing well, but it stop the user before he reach the actual time limit.
      It happens to all the time limited users. Check this out. I am so confused with this.

      Fri Apr 13 12:20:37 2012
      NAS-IP-Address = 172.18.30.2
      NAS-Identifier = "portal.pandora.local"
      User-Name = "timeuser03"
      Acct-Status-Type = Start
      Acct-Authentic = RADIUS
      Service-Type = Login-User
      NAS-Port-Type = Ethernet
      NAS-Port = 120
      Acct-Session-Id = "32dc61b5d6309908"
      Framed-IP-Address = 172.18.10.30
      Called-Station-Id = "172.18.30.2"
      Calling-Station-Id = "f0:a2:25:34:e3:31"
      FreeRADIUS-Acct-Session-Start-Time = "Apr 13 2012 12:20:37 MMT"
      Timestamp = 1334296237
      Fri Apr 13 12:21:10 2012
      NAS-IP-Address = 172.18.30.2
      NAS-Identifier = "portal.pandora.local"
      User-Name = "timeuser03"
      Acct-Status-Type = Stop
      Acct-Session-Time = 33
      Acct-Authentic = RADIUS
      Service-Type = Login-User
      NAS-Port-Type = Ethernet
      NAS-Port = 120
      Acct-Session-Id = "32dc61b5d6309908"
      Framed-IP-Address = 172.18.10.30
      Called-Station-Id = "172.18.30.2"
      Calling-Station-Id = "f0:a2:25:34:e3:31"
      Acct-Input-Packets = 217
      Acct-Input-Octets = 44224
      Acct-Input-Gigawords = 0
      Acct-Output-Packets = 177
      Acct-Output-Octets = 216344
      Acct-Output-Gigawords = 0
      Acct-Session-Time = 33
      Acct-Terminate-Cause = NAS-Request
      FreeRADIUS-Acct-Session-Start-Time = "Apr 13 2012 12:20:37 MMT"
      Timestamp = 1334296270

      Fri Apr 13 12:21:10 2012
      NAS-IP-Address = 172.18.30.2
      NAS-Identifier = "portal.pandora.local"
      User-Name = "timeuser03"
      Acct-Status-Type = Start
      Acct-Authentic = RADIUS
      Service-Type = Login-User
      NAS-Port-Type = Ethernet
      NAS-Port = 120
      Acct-Session-Id = "32dc61b5d6309908"
      Framed-IP-Address = 172.18.10.30
      Called-Station-Id = "172.18.30.2"
      Calling-Station-Id = "f0:a2:25:34:e3:31"
      FreeRADIUS-Acct-Session-Start-Time = "Apr 13 2012 12:21:10 MMT"
      Timestamp = 1334296270

      ….......

      Fri Apr 13 12:32:02 2012
      NAS-IP-Address = 172.18.30.2
      NAS-Identifier = "portal.pandora.local"
      User-Name = "timeuser03"
      Acct-Status-Type = Stop
      Acct-Session-Time = 685
      Acct-Authentic = RADIUS
      Service-Type = Login-User
      NAS-Port-Type = Ethernet
      NAS-Port = 120
      Acct-Session-Id = "32dc61b5d6309908"
      Framed-IP-Address = 172.18.10.30
      Called-Station-Id = "172.18.30.2"
      Calling-Station-Id = "f0:a2:25:34:e3:31"
      Acct-Input-Packets = 3237
      Acct-Input-Octets = 447463
      Acct-Input-Gigawords = 0
      Acct-Output-Packets = 1173
      Acct-Output-Octets = 1565057
      Acct-Output-Gigawords = 0
      Acct-Session-Time = 685
      Acct-Terminate-Cause = NAS-Request
      FreeRADIUS-Acct-Session-Start-Time = "Apr 13 2012 12:20:37 MMT"
      Timestamp = 1334296922

      Fri Apr 13 12:32:03 2012
      NAS-IP-Address = 172.18.30.2
      NAS-Identifier = "portal.pandora.local"
      User-Name = "timeuser03"
      Acct-Status-Type = Start
      Acct-Authentic = RADIUS
      Service-Type = Login-User
      NAS-Port-Type = Ethernet
      NAS-Port = 120
      Acct-Session-Id = "32dc61b5d6309908"
      Framed-IP-Address = 172.18.10.30
      Called-Station-Id = "172.18.30.2"
      Calling-Station-Id = "f0:a2:25:34:e3:31"
      FreeRADIUS-Acct-Session-Start-Time = "Apr 13 2012 12:32:03 MMT"
      Timestamp = 1334296923

      ...then no record for "timeuser03" only 685 sec (Actual time limit for user is 60 minutes though)
      ???

      1 Reply Last reply Reply Quote 0
      • N
        Nachtfalke
        last edited by

        http://redmine.pfsense.org/issues/2164

        1 Reply Last reply Reply Quote 0
        • T
          tzlwin
          last edited by

          @Nachtfalke:

          http://redmine.pfsense.org/issues/2164

          I already tried this patch. Before I try this, Captive portal stop users when they reach the time limit, however if they try to log in again, portal allow the session. After I patch cp.diff, there are some error output I can't remember. This time Portal don't allow the users to connect again. Only accounting the time much more. Maybe I am so dumb with FreeBSD commands. ;D I am used to Windows only.  Do I need to try the patch again anyway? How can I make my captive portal and radius settings to default? But I want to keep my radius users. Please help me?

          1 Reply Last reply Reply Quote 0
          • N
            Nachtfalke
            last edited by

            Not sure about how to apply that patch but probably it is well implemented in 2.1

            Reverting this changes/patch is - as far as I know - only possible with a new installation of pfsense.
            radius users (do you use any freeradius package ?) will be saved in your pfsense config.xml file.

            So just reinstall pfsense, restore the config and all should be work as before. (I hope you did a backup before applying the patch !?

            1 Reply Last reply Reply Quote 0
            • A
              Alan87i
              last edited by

              I'm testing this in 2.1 and it does the same thing for me with usage limits.  When a user hits the limit he's kicked but allowed back in a while later with a daily limit.

              I also set up a speed limit in freeradius2 witch is from what I read suppose to over ride the limit set in CP.
              It does not. The user will get the CP set limit for speed every time.

              I've gone over it several times either I'm missing something or it's not working properly.

              1 Reply Last reply Reply Quote 0
              • N
                Nachtfalke
                last edited by

                @Alan87i:

                I'm testing this in 2.1 and it does the same thing for me with usage limits.  When a user hits the limit he's kicked but allowed back in a while later with a daily limit.

                I also set up a speed limit in freeradius2 witch is from what I read suppose to over ride the limit set in CP.
                It does not. The user will get the CP set limit for speed every time.

                I've gone over it several times either I'm missing something or it's not working properly.

                http://doc.pfsense.org/index.php/FreeRADIUS_2.x_package#Amount_of_Bandwidth
                and
                doc.pfsense.org/index.php/FreeRADIUS_2.x_package#Amount_of_Bandwidth

                How did you get freeradius2 package working on pfsense 2.1 ? As far as I know there aren't any .pbi packages for freeradius2 built at the moment. So on 2.1 the freeradius2 GUI gets installed but nothing in the background. Or are you using freeradius2 on a different pfsense ?

                1 Reply Last reply Reply Quote 0
                • A
                  Alan87i
                  last edited by

                  Sorry 2.0.1

                  2.0.1-RELEASE (i386)
                  built on Mon Dec 12 17:53:52 EST 2011
                  FreeBSD 8.1-RELEASE-p6

                  I tried a full upgrade too the latest snapshot and freeradius2 was busted.

                  I followed that exact page you linked and that was the result I got. Reloaded from scratch going to try again.

                  1 Reply Last reply Reply Quote 0
                  • T
                    tzlwin
                    last edited by

                    I unchecked "Reauthenticate connected users every minute" option in Captive Portal and now the time counter is worked well as I desire.
                    :) Thanks @Nachtfalke for your help.

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.