WIFI EAP - freeradius2 - accounting problem

darioc

Hi,

i am running pfSense 2.1.3-RELEASE on an ALIX 2D13 Board.

The Wifi Network is configured to provide WPA EAP Authentication,
therefore I configured:

WIFI:

Enable IEEE 802.1X Authentication
802.1X Authentication Server: 127.0.0.1
802.1X Authentication Server Shared Secret: [geheim]

FreeRadius/Settings:

Disable Acct_Unique [X]
Log good authentication attempts: log
Additional information for good attempts
Host IP-Address: %{Framed-IP-Address} accepted
using Auth-Type: %{control:Auth-Type}
Remaining volume down/up: %{reply:Acct-Output-Octets}/%{reply:Acct-Input-Octets}
Remaining online-time: %{reply:Session-Timeout}
Maximum simultaneous connections: %{check:Simultaneous-Use}
Bandwidth down/up: %{reply:WISPr-Bandwidth-Max-Down}/%{reply:WISPr-Bandwidth-Max-Up}

FreeRadius/Interfaces:

127.0.0.1:1812 auth ipaddr

FreeRadius/User:

usr1 with password and limit to 1500MB Traffic

Now I can login using my iPad using login and password and I will get
a connection to the Network. But accounting seems not to work.

The following observations I made:

System Log shows three entries:
- radiusd[48959]: Login OK: [usr1/<via auth-type="EAP">]
(from client localhost port 0 via TLS tunnel)
Host IP-Address: accepted using Auth-Type: EAP Remaining volume down/up: /
Remaining online-time: Maximum simultaneous connections: 1 Bandwidth down/up: /
- root: FreeRADIUS: Used amount of daily traffic by dario is 0 MB of 1500 MB! The user was accepted!!!
- radiusd[48959]: Login OK: [dario/<via auth-type="EAP">]
(from client localhost port 0 cli 24-A2-E1-XX-XX-XX)
Host IP-Address: accepted using Auth-Type: EAP Remaining volume down/up: /
Remaining online-time: Maximum simultaneous connections: Bandwidth down/up: /
pfsense has created two files in /var/log/radacct/datacounter/daily/
used-octets-usr1 which contents "0"
and
max-octets-usr1 which contents "1572864000"

After downloading 50MB and disconnecting and reconnecting the iPad,
nothing changes, I get exectly the same Log-Entries and the value in
used-octets-usr1 does not change.

I tried to add two FreeRadius/Interfaces:

127.0.0.1:1813 acct ipaddr
127.0.0.1:1816 status ipaddr

But the traffic remains uncounted.

No additional Hardware or servers are used, I installed freeradius2
package.

**Where is my fault?

What else can I do?**

I want to use EAP and not a Captive Portal.

Greeings from Bochum, Germany,

Dario

[1] http://www.pcengines.ch/alix2d13.htm</via></via>

microtronx

I'm having same problems with latest pfSense, everything configured + latest files from github release 2_2 used.

Authentication is working on mac-addresses sofar, working but accounting is not working. i'm using mysql Db on my server in local network also there is nothing recorded in the corresponding fields …

We're missing something?

Thanks for some help

Yusuf

EMWEE

Do you use SQL?

Stop de FreeRADIUS service from the GUI and start it in debugging mode trough ssh with:

radiusd -x

microtronx

Yes I'm using mysql on our internal server. will try radiusd -x, what should i see there?

microtronx

Now i have more in syslog:

Mar 28 19:58:59 radiusd[46960]: [pap] User authenticated successfully
Mar 28 19:58:59 radiusd[46960]: [pap] Using clear text password "xxxx"
Mar 28 19:58:59 radiusd[46960]: [pap] login attempt with password "xxxx"
Mar 28 19:58:59 radiusd[46960]: # Executing group from file /usr/local/etc/raddb/sites-enabled/default
Mar 28 19:58:59 radiusd[46960]: # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
Mar 28 19:58:59 radiusd[46960]: # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default
Mar 28 19:58:59 radiusd[46960]: # Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default

Mar 28 19:58:59 radiusd[46960]: rlm_radutmp: Logout for NAS myrouter port 2112, but no Login record
Mar 28 19:58:59 radiusd[46960]: [datacounterforever] Exec: program returned: 0
Mar 28 19:58:59 radiusd[46960]: [datacountermonthly] Exec: program returned: 0
Mar 28 19:58:59 radiusd[46960]: [datacounterweekly] Exec: program returned: 0
Mar 28 19:58:59 radiusd[46960]: [datacounterdaily] Exec: program returned: 0
Mar 28 19:58:59 radiusd[46960]: # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default
Mar 28 19:58:59 radiusd[46960]: # Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default
Mar 28 19:58:59 radiusd[46960]: [exec] Exec: program returned: 0
Mar 28 19:58:59 root: FreeRADIUS: Used amount of daily traffic by ec-f4-bb-xx-xx-xx is 0 MB of 15 MB! The user was accepted!!!
Mar 28 19:58:59 radiusd[46960]: # Executing section post-auth from file /usr/local/etc/raddb/sites-enabled/default
Mar 28 19:58:59 radiusd[46960]: Login OK: [ec-f4-bb-xx-xx-xx] (from client myrouter port 2110 cli ec-f4-bb-xx-xx-xx) Host IP-Address: 192.168.0.66 accepted, using Auth-Type: PAP, down/up: /, online-time: , Bandwidth down/up: /
Mar 28 19:58:59 radiusd[46960]: [pap] User authenticated successfully
Mar 28 19:58:59 radiusd[46960]: [pap] Using clear text password "xxxx"
Mar 28 19:58:59 radiusd[46960]: [pap] login attempt with password "xxxx"
Mar 28 19:58:59 radiusd[46960]: # Executing group from file /usr/local/etc/raddb/sites-enabled/default
Mar 28 19:58:59 radiusd[46960]: # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
Mar 28 19:58:59 radiusd[46960]: # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default
Mar 28 19:58:59 radiusd[46960]: # Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default
Mar 28 19:58:56 radiusd[46960]: Ready to process requests.

Whats next?

azzido

Did this work before and stopped working after an upgrade or it never worked?

microtronx

It has never worked … the accounting. Yesterday I have installed latest version again ... also no accounting info

microtronx

I have testet 2.1.5 and there the accounting is working but seems to count the transfer to fast, in 2.2.1 it count's nothing!
Is there any news about an update for this?