Freeradius3 authorization and accounting



  • Hi guys,

    I'm new here, so could you please help with this issue:
    I've installed freeradius3 package on pfsense 2.4.3 configure it to work with MySQL server, created all necessary tables in database, enabled Captive Portal configured with PAP Radius Authentication, Interim accounting updates. Then I've created a user in Radius menu (Cleartext Password option). Test was successful, so I entered login and password on captive portal and got connection to internet, then I've added in user menu Amount of traffic (100MB and Daily), disconnected user from Status->Captive Portal, restarted services Captive Portal and freeradius. So then when I am tried to login in captive portal it show error. In pfsense shell I entered "service radiusd onedebug" and then "radtest username pass 192.168.45.1 1812 secret" after big message I got Expected Access-Accept got Access-Reject. Then I deleted accounting data from user and was able to login without errors.
    Could you please tell me what can cause this accounting error?

     sql1: 1 record(s) updated
    rlm_sql (sql1): Released connection (2)
    (0)       [sql1] = ok
    (0)     } # redundant sql = ok
    (0) exec: Executing: /bin/sh /usr/local/etc/raddb/scripts/datacounter_auth.sh jb@gmail.com daily:
    cat: /var/log/radacct/datacounter/daily/max-octets-jbXgmail.com: No such file or directory
    /usr/local/etc/raddb/scripts/datacounter_auth.sh: arithmetic expression: expecting primary: "/1024/1024"
    (0) exec: ERROR: Program returned code (2) and output ''
    (0)     [exec] = fail
    (0)   } # post-auth = fail
    (0) Rejected in post-auth: [jb@gmail.com] (from client tester port 1812)
    (0) Login incorrect (Failed retrieving values required to evaluate condition): [jb@gmail.com] (from client tester port 1812)
    (0) Delaying response for 1.000000 seconds
    Waking up in 0.2 seconds.
    Waking up in 0.7 seconds.
    (0) Sending delayed response
    (0) Sent Access-Reject Id 203 from 192.168.45.1:1812 to 192.168.45.1:47458 length 49
    

    Thanks in advance



  • Hi,
    @Javid_B:

    
    (0) exec: Executing: /bin/sh /usr/local/etc/raddb/scripts/datacounter_auth.sh jb@gmail.com daily:
    cat: /var/log/radacct/datacounter/daily/max-octets-jbXgmail.com: No such file or directory
    /usr/local/etc/raddb/scripts/datacounter_auth.sh: arithmetic expression: expecting primary: "/1024/1024"
    
    

    For every user that has a quota in a time span, a file is created here /var/log/radacct/datacounter/daily/ - the file starts with "max-octets-" in your case, it's max-octets-jbXgmail.com
    In this case your time duration for the quota "daily".
    Does this file exist ? The error message says : no ! So login won't work. All is normal  ;)

    I advise you to experiment with a non-email login like login like "test".
    Check if the file  /var/log/radacct/datacounter/daily/max-used-test is created - in the file you will find the quota size in bytes.

    When the login works, another file will be created :  /var/log/radacct/datacounter/daily/used-test and probably  /var/log/radacct/datacounter/daily/used-test-xxxxxxxxxx (xxxxxx is the session ID). Check this.