Captive portal disconnect user before he reach the actual time limit
-
I created timeuser03 as 60 Minutes Daily. But Radius Accounting is counting much 5 times or something.
Captive portal always disconnect users before he reached the actual limited login time.
Here are my onfiguration and logs.In captive portal 2.0.1-RELEASE
Enabled-Reauthenticate connected users every minute
Accounting updates = stop/start accounting
Enabled -Use RADIUS Session-Timeout attributesIn Freeradius2 ver 2.1.12 pkg v1.6.6_1
Disable Acct_Unique is Checked.
Captive portal log.
Apr 13 12:32:06 logportalauth[44661]: RADIUS_DISCONNECT: timeuser03, f0:a2:25:34:e3:31, 172.18.10.30, Your maximum daily usage time has been reached
Apr 13 12:20:37 logportalauth[51830]: USER LOGIN: timeuser03, f0:a2:25:34:e3:31, 172.18.10.30In Radius Radacct log,it seems accounting is doing well, but it stop the user before he reach the actual time limit.
It happens to all the time limited users. Check this out. I am so confused with this.Fri Apr 13 12:20:37 2012
NAS-IP-Address = 172.18.30.2
NAS-Identifier = "portal.pandora.local"
User-Name = "timeuser03"
Acct-Status-Type = Start
Acct-Authentic = RADIUS
Service-Type = Login-User
NAS-Port-Type = Ethernet
NAS-Port = 120
Acct-Session-Id = "32dc61b5d6309908"
Framed-IP-Address = 172.18.10.30
Called-Station-Id = "172.18.30.2"
Calling-Station-Id = "f0:a2:25:34:e3:31"
FreeRADIUS-Acct-Session-Start-Time = "Apr 13 2012 12:20:37 MMT"
Timestamp = 1334296237
Fri Apr 13 12:21:10 2012
NAS-IP-Address = 172.18.30.2
NAS-Identifier = "portal.pandora.local"
User-Name = "timeuser03"
Acct-Status-Type = Stop
Acct-Session-Time = 33
Acct-Authentic = RADIUS
Service-Type = Login-User
NAS-Port-Type = Ethernet
NAS-Port = 120
Acct-Session-Id = "32dc61b5d6309908"
Framed-IP-Address = 172.18.10.30
Called-Station-Id = "172.18.30.2"
Calling-Station-Id = "f0:a2:25:34:e3:31"
Acct-Input-Packets = 217
Acct-Input-Octets = 44224
Acct-Input-Gigawords = 0
Acct-Output-Packets = 177
Acct-Output-Octets = 216344
Acct-Output-Gigawords = 0
Acct-Session-Time = 33
Acct-Terminate-Cause = NAS-Request
FreeRADIUS-Acct-Session-Start-Time = "Apr 13 2012 12:20:37 MMT"
Timestamp = 1334296270Fri Apr 13 12:21:10 2012
NAS-IP-Address = 172.18.30.2
NAS-Identifier = "portal.pandora.local"
User-Name = "timeuser03"
Acct-Status-Type = Start
Acct-Authentic = RADIUS
Service-Type = Login-User
NAS-Port-Type = Ethernet
NAS-Port = 120
Acct-Session-Id = "32dc61b5d6309908"
Framed-IP-Address = 172.18.10.30
Called-Station-Id = "172.18.30.2"
Calling-Station-Id = "f0:a2:25:34:e3:31"
FreeRADIUS-Acct-Session-Start-Time = "Apr 13 2012 12:21:10 MMT"
Timestamp = 1334296270….......
Fri Apr 13 12:32:02 2012
NAS-IP-Address = 172.18.30.2
NAS-Identifier = "portal.pandora.local"
User-Name = "timeuser03"
Acct-Status-Type = Stop
Acct-Session-Time = 685
Acct-Authentic = RADIUS
Service-Type = Login-User
NAS-Port-Type = Ethernet
NAS-Port = 120
Acct-Session-Id = "32dc61b5d6309908"
Framed-IP-Address = 172.18.10.30
Called-Station-Id = "172.18.30.2"
Calling-Station-Id = "f0:a2:25:34:e3:31"
Acct-Input-Packets = 3237
Acct-Input-Octets = 447463
Acct-Input-Gigawords = 0
Acct-Output-Packets = 1173
Acct-Output-Octets = 1565057
Acct-Output-Gigawords = 0
Acct-Session-Time = 685
Acct-Terminate-Cause = NAS-Request
FreeRADIUS-Acct-Session-Start-Time = "Apr 13 2012 12:20:37 MMT"
Timestamp = 1334296922Fri Apr 13 12:32:03 2012
NAS-IP-Address = 172.18.30.2
NAS-Identifier = "portal.pandora.local"
User-Name = "timeuser03"
Acct-Status-Type = Start
Acct-Authentic = RADIUS
Service-Type = Login-User
NAS-Port-Type = Ethernet
NAS-Port = 120
Acct-Session-Id = "32dc61b5d6309908"
Framed-IP-Address = 172.18.10.30
Called-Station-Id = "172.18.30.2"
Calling-Station-Id = "f0:a2:25:34:e3:31"
FreeRADIUS-Acct-Session-Start-Time = "Apr 13 2012 12:32:03 MMT"
Timestamp = 1334296923...then no record for "timeuser03" only 685 sec (Actual time limit for user is 60 minutes though)
??? -
http://redmine.pfsense.org/issues/2164
-
http://redmine.pfsense.org/issues/2164
I already tried this patch. Before I try this, Captive portal stop users when they reach the time limit, however if they try to log in again, portal allow the session. After I patch cp.diff, there are some error output I can't remember. This time Portal don't allow the users to connect again. Only accounting the time much more. Maybe I am so dumb with FreeBSD commands. ;D I am used to Windows only. Do I need to try the patch again anyway? How can I make my captive portal and radius settings to default? But I want to keep my radius users. Please help me?
-
Not sure about how to apply that patch but probably it is well implemented in 2.1
Reverting this changes/patch is - as far as I know - only possible with a new installation of pfsense.
radius users (do you use any freeradius package ?) will be saved in your pfsense config.xml file.So just reinstall pfsense, restore the config and all should be work as before. (I hope you did a backup before applying the patch !?
-
I'm testing this in 2.1 and it does the same thing for me with usage limits. When a user hits the limit he's kicked but allowed back in a while later with a daily limit.
I also set up a speed limit in freeradius2 witch is from what I read suppose to over ride the limit set in CP.
It does not. The user will get the CP set limit for speed every time.I've gone over it several times either I'm missing something or it's not working properly.
-
I'm testing this in 2.1 and it does the same thing for me with usage limits. When a user hits the limit he's kicked but allowed back in a while later with a daily limit.
I also set up a speed limit in freeradius2 witch is from what I read suppose to over ride the limit set in CP.
It does not. The user will get the CP set limit for speed every time.I've gone over it several times either I'm missing something or it's not working properly.
http://doc.pfsense.org/index.php/FreeRADIUS_2.x_package#Amount_of_Bandwidth
and
doc.pfsense.org/index.php/FreeRADIUS_2.x_package#Amount_of_BandwidthHow did you get freeradius2 package working on pfsense 2.1 ? As far as I know there aren't any .pbi packages for freeradius2 built at the moment. So on 2.1 the freeradius2 GUI gets installed but nothing in the background. Or are you using freeradius2 on a different pfsense ?
-
Sorry 2.0.1
2.0.1-RELEASE (i386)
built on Mon Dec 12 17:53:52 EST 2011
FreeBSD 8.1-RELEASE-p6I tried a full upgrade too the latest snapshot and freeradius2 was busted.
I followed that exact page you linked and that was the result I got. Reloaded from scratch going to try again.
-
I unchecked "Reauthenticate connected users every minute" option in Captive Portal and now the time counter is worked well as I desire.
:) Thanks @Nachtfalke for your help.