Freeradius3 accounting bugs
-
There seem to be several issues on 2.4 with CP and freeradius3, and I don't seem to be the only one havign them:
https://forum.pfsense.org/index.php?topic=133698.0
https://forum.pfsense.org/index.php?topic=126311.0The wiki page is still for the freeradius2 package and hasn't been updated in a year https://doc.pfsense.org/index.php/FreeRADIUS_2.x_package
My problems are:
-
With Start/Stop (freeradius) accounting mode, Last Activity equals login time and thus users always get disconnected after soft timeout (Interim seems to work, but I didn't test it thoroughly yet)
-
As the thread I linked above, limiting concurrent connections with freeradius3 doesn't work at all. Users can connect any amount of devices.
Both of these issues used to work fine with 2.3 and freeradius2
Since the update, both don't work anymore.The field "Number of Simultaneous Connections" says "If using FreeRADIUS with Captive Portal you should leave this empty. Read the documentation!"
Can someone tell me where this documentation is supposed to be?
https://doc.pfsense.org/index.php/FreeRADIUS_2.x_package <- This wiki page contains exactly 1 line, and it doesn't say anything about conjunction with CP.
https://doc.pfsense.org/index.php/Captive_Portal <- This page doesn't say anything about freeradius at all.
https://doc.pfsense.org/index.php/Using_Captive_Portal_with_FreeRADIUS <- I did everything as it is stated here. I'm authenticating users every minute, and the log has the entries. However even with simultanous use set to 1 or 0 even, users can still connect an arbitrary amount.I don't need time/traffic accounting. I'm only interested in limiting simultaneous connections. The "disable concurrent connections" in the CP config limits it to 1, which is bad.
I want to allow 2 or 3 devices per user.I'm really out of luck and time here. I'm getting no response on my redmine tickets and neither on the IRC channel.
The only option I see now is to downgrade to pfsense 2.3 or switch to OPNSense, but I would like to not waste my time with this.
I can provide any information you ask. Can someone please address this obvious issue?
If it is broken and will not be fixed, please also do tell, so I can give up trying to get this working. -
-
Same problem on my end. I need user limit feature badly. Why it stopped working in ver 3?
-
Yea. Still having this problem.
I fixed soft-timeout by changing to interim accounting.
Device limit is still not working though.
Any help guys? -
Bump
-
Simultaneous-Use := 2 in radcheck table
works for me…
-
Can you tell me what other captive portal settings you did like accounting? Option with radcheck does not work for me unless I do sth wrong. I put that in “check item”
-
I have it set up as interim accounting and
Reauthenticate every minute
From the cp sidefrom radius I had to
Enable sql noresetcounterI will post more info tomorrow
-
Also would you mind to tell where I can find in the radius "noresetcounter"?
-
@mke:
Also would you mind to tell where I can find in the radius "noresetcounter"?
So I did all you said except noresetcounter which I am not sure where it is. It does not seem to work.
-
-
Hi, thanks for the replies.
I will test Start/Stop radius accounting again, but as I said before, this makes users timeout since Last Activity is broken.@jaspras If you say it works for you, the only possibility I can think about is a regression in the update from freeradius2 package to 3.
Then my only option seems to be a clean reinstall. -
When I paste that exactly as below, freeradius stops working some this must be syntax
john | Simultaneous-use | := | 1
-
@mke:
When I paste that exactly as below, freeradius stops working some this must be syntax
john | Simultaneous-use | := | 1
Pasting where ? ;D
I strongly advise you to use phpmyadmin.
Or you could use the mysql command line to INSERT, the web is filled up with zillion examples how to do that. -
here
 -
This is my source : https://www.google.com/search?client=firefox-b&ei=rCDoWsrZPMamsAGTxL64Bg&q=FreeRadius++Simultaneous-Use&oq=FreeRadius++Simultaneous-Use&gs_l=psy-ab.3..0i7i30i19k1l4j0i7i10i30i19k1j0i7i30i19k1j0i19k1l3j0i30i19k1.7776.7776.0.8408.1.1.0.0.0.0.122.122.0j1.1.0….0...1.1.64.psy-ab..0.1.120....0.LJD31UiPcwU (sorry, you have to read a little bit, many people are posting about how not to do it …)
So, after some reading, you'll discover that you should add at the top of the "users file" this :
DEFAULT Simultaneous-Use := 1 Fall-Through = YesThis can be done using the FreeRadius package like this (edit the first user !) and then add this : see image.
Over there is also explained why and how to use the command separator, the "|".
Btw : another solution would be using a sql table, and setting for each user the "Simultaneous-Use := 1" or assign user to a group and make that group using "Simultaneous-Use := 1". This all works.
-
The option you did on the screenshot also does not work
-
If you edited the first user on the Radius list, you should have this when you inspect the "users" file :
see image.I limit users to 2.
edit : I also limit every user to 200 Mbytes a day.
-
Yep, it does not work
Moreover what I want to accomplish is different limit per user.
Also I do have checked "Send RADIUS accounting packets to the primary RADIUS server." and start/stop freeradius
 -
I think you are must studying how to upload picture on forum negate.
-
When you enjoy digging up burried threads a bit too much
