Freeradius3 accounting bugs
-
Those are placeholders from when the old forum transitioned to the new one. Images from old posts were lost.
-
@jaspras
Can you help me with the settings for accounting with MySQL database? -
@mke or should we insert this parameter john | Simultaneous-use | := | 1 please ?
-
@Gertjan can you explain to me how you make it work please?
-
For the Radius user that you want to limit to "5" max, add :
but don't take my words for it.
Fact check this, as its easy to test : get 6 phones, login with all o them. The 6 phone/login should be refused (or way more funnier : it will be allowed, and the first one will be thrown of, the portal ^^).For myself, I actually don't use it anymore.
Keep us posted.edit : I've read the thread again.
My proposal - today, above, is : adding some stuff in the GUI.If you use MySQL (MariaDB) as a Radius "storage", and you know how to add / edit the SQL tables, you can also add the "Simultaneous-Use" criteria into of one the tables. For the format and how to, check with world's most notorious software manual : the one of freeradius.
Take note that by default the freeradius users are not been taken from the SQL tables, but from a flat ASCI file : this one :
and you can see your
DEFAULT Simultaneous-Use := 5 Fall-Through = Yes -
This post is deleted! -
@Gertjan I tried but it doesn't work... maybe I have a misconfiguration of the portal captive elsewhere?
-
Gime 30 minutes and I'll post a step by step "what to do".
I created a user, just a use name "cuisine" and a password :
and I added :
DEFAULT Simultaneous-Use := 1 | Fall-Through = Yesand Save.
Check that FreeRadius successfully restarted. You can do this on the dashboard.
I presume you've set up the portal use the freeradius auth back-end, not the pfSense user database.
You can test drive the authentification here : Diagnostics -> Authentication
You have to select the Freeradius backend, not the "Local Database".Now : connect one user to the portal using this user name and check he was logged in correctly (dash board and portal auth log).
A second user using the same user name should get the "portal error login page", this page is the same as the portal login page, but shows one thing more : an error message :
I made this error message stand out in red :You are already logged in - access denied
And this was also logged :
Status > System Logs > Authentication > Captive Portal Auth
-
@Gertjan Thank you very much
-
@Gertjan Hello, I did exactly what you said but it doesn't work... Users can log in.
-
-
-
These are suggestions :
Don't use this one.
See for your self : how can this be a "Pre-authentication" while it also says "Visitors will be redirected to this URL after authentication".
My advise : leave it empty.
Leave blank, or set it to the value needed by FreeRadius : Captiveportal-captiveportal, as suggested.
Set to Interim if you want "bytes to be counted."
I'm not sure about this one.
It has been years now that 'http' pages are being deprecated.
I use https. This means I (have to !) 'rent' a domain name, and I use that domain exclusively for my pfSense portal domain name. With the acme pfSense package I obtain a certificate.
Isn't that a 'voucher' setting ?
Disable the logout page.
I do not like browser popup pages.
You do not popup pages
Your portal users don't like popup pages.
And we all have popup page disabled in our browser these days.
So, useless to try to make one pop up - this is something of the old 'http' past.
Does that http google page still exists ?
-
This post is deleted! -
@Gertjan Thanks for your advice, but the certificate is free? I tried but I never managed to make the https work... but which parameter blocks the restriction of number of users?
-
Another one :
For accounting (bandwith, traffic), the interim method must be set.
And this field has to be set also :
for example : "600".
-
@Pepito-Payet said in Freeradius3 accounting bugs:
but which parameter blocks the restriction of number of users?
The pfSense FreeRadius package isn't FreeRadius made for pfSense.
Freeradius by itself is massive, hundreds if not thousands of options and settings. pfSense surfaces just a couple of them in the GUI.
I can't tell you why it doesn't work for you.
Your captive portal is already not identical to mine.
I use pfSense FreeRadius with the SQL option (I use a SQL database).Normally, when I want to see what(s going on, I stop Freeradius on the dashboard GUI, and then, on the SSH (console) I use
radiusd -Xwhich starts freeradius in debug mode with 'all the details' right in front of you.
What you see then, is freeradius in all it's beauty ^^
I wasn't able to spot the place where the "Simultaneous-Use" criteria was enforced .... and can't test everything right now as my portal is actively used by my hotel clients right now. -
@Gertjan ah you use SQL on pfsense itself or a separate server? that's why simultaneous client restriction works
-
@Pepito-Payet said in Freeradius3 accounting bugs:
ah you use SQL on pfsense itself or a separate server?
Noop. A database server like MariadDB doesn't belong on a firewall. pfSEnse doesn't have a Database server package anyway. And installing the FreeBSD MariadDB package will probably break the system.
( one might say that even FreeRadius doesn't belong on a firewall neither ).
I have a database engine (MariaDB) running on a NAS, and use that one for freeradius pfSense. -
@Gertjan ah so that's why mine won't work... I haven't found any solution yet... whereas with the old versions it worked...
