PFsense 2.4.4 FreeRadius Mac Address Authentication Qouta

stephenkwabena

The problem is about the FreeRadius MAC Address authentication. The FreeRadius MAC Address quota is not working. I assigned 100MB and the user of that MAC address used more the the 100MB without him being disconnected from the system but with the pfsense 2.4.3 and the earlier ones works fine . So I think that one should be fix because we use it as WISP.
thanks

stephenkwabena

Please I think the developers should look at the pfsense Captive Portal and FreeRadius Authentication very well. Apart from the MAC Address Authentication quota not working this evening I updated the pfsense 2.4.4-RC and the Username and Password quota too is not working with the FreeRadius authentication.
I assigned 1024MB to a User in the FreeRadius and the User used more the 1024MB assigned to him. I checked the system log->freeradius, this is what I saw
"Sep 21 19:43:13 root FreeRADIUS: User stephen has used 0 MB of 1024 MB Daily allotted traffic. The login request was accepted."
Also another User when I checked system log-> freeradius, this is what I saw
"No logs to display."
I think it should be looked at it.
Thanks

Grimson

Report it here: https://redmine.pfsense.org with as much details as you can.

Gertjan

Hi,

I'm not using the "Mac Address Authentication" but qoutas seem to work for e :

Sep 21 21:50:49 	root 		FreeRADIUS: User 111 has used 398 MB of 2048 MB daily allotted traffic. The login request was accepted.

a minute later :

Sep 21 21:51:51 	root 		FreeRADIUS: User 111 has used 404 MB of 2048 MB daily allotted traffic. The login request was accepted.

Thus: quotas are working their way up.
Didn't see what happened when they reach the end, that didn't arrived yet.

What do you mean with :
@stephenkwabena said in PFsense 2.4.4 FreeRadius Mac Address Authentication Qouta:

"No logs to display."

You flushed the logs ?

Running the RC :
2.4.4-RC (amd64)
built on Tue Sep 18 17:52:29 EDT 2018
FreeBSD 11.2-RELEASE-p3

stephenkwabena

@gertjan

Yes

stephenkwabena

@grimson
Ok I will do that. Thanks

stephenkwabena

@gertjan
Please can show me your configuration?

Gertjan

Check here https://www.youtube.com/watch?v=nJ3NzU_7xd0 : 38 min 0 sec.

free4

Quotas in FreeRadius pfSense package are working for me, both using MAC Address authentication and username/password authentication.

@stephenkwabena said

I assigned 1024MB to a User in the FreeRadius and the User used more the 1024MB assigned to him.

I may know the reason why this is happening : is "Reauthenticate users" disabled in your captive portal configuration ?

In order to use quota within the pfSense package,

• "Reauthenticate users" must be enabled on the captive portal
• Radius accounting must be enabled (using "stop/start (Freeradius)" ) on the captive portal
• Radius accounting must be also enabled on the FreeRadius package (in the "Interface" tab)
• A cron must be set up using the cron package to reset the daily counters

Gertjan

I hadd some details and examples :

@free4 said in PFsense 2.4.4 FreeRadius Mac Address Authentication Qouta:

• "Reauthenticate users" must be enabled on the captive portal

Normal. A the doc states - or the video.

• Radius accounting must be enabled (using "stop/start (Freeradius)" ) on the captive portal

Or "Interim", which I use, and work s fine.

• Radius accounting must be also enabled on the FreeRadius package (in the "Interface" tab)

Yep. I've these (maybe over complete, but it works so good this way) :

• A cron must be set up using the cron package to reset the daily counters

Correct.
Here it is :

The first 3 lines : the daily/weekly/monthly/ reset. Choose your hour of reset.
Line 4 : private mixture, (192.168.2.1 is my NAS) to delete the overwhelming logs of FreeRadius - if you forget this one, and ask FreeRdius to log, and forget about it, then your pfSense will explode ... Btw : test this line by hand before you unleash a wild "rm" on your system.

Have a look at /var/log/radacct/datacounter/daily/ - see the files yourself. That makes undderstanding things much faster.
Use the FreeRadius config files, these scripts here : /usr/local/etc/raddb/scripts ... and then you know how the guy works, which is great if you want to debug something (add some log lines).

stephenkwabena

@gertjan Please can you send me the commands here and more directive

Gertjan

@stephenkwabena

No actual commands.
I was using a mouse.

If you don't know how to look at a file :

@gertjan said in PFsense 2.4.4 FreeRadius Mac Address Authentication Qouta:

Have a look at /var/log/radacct/datacounter/daily/ - see the files yourself. That makes under stand things much faster.

or what it means, then IMHO : it's not worth looking.

You could use the pfSense GUI, or, go for a free program like WinSCP.