PFsense 2.4.4 FreeRadius Mac Address Authentication Qouta



  • The problem is about the FreeRadius MAC Address authentication. The FreeRadius MAC Address quota is not working. I assigned 100MB and the user of that MAC address used more the the 100MB without him being disconnected from the system but with the pfsense 2.4.3 and the earlier ones works fine . So I think that one should be fix because we use it as WISP.
    thanks



  • Please I think the developers should look at the pfsense Captive Portal and FreeRadius Authentication very well. Apart from the MAC Address Authentication quota not working this evening I updated the pfsense 2.4.4-RC and the Username and Password quota too is not working with the FreeRadius authentication.
    I assigned 1024MB to a User in the FreeRadius and the User used more the 1024MB assigned to him. I checked the system log->freeradius, this is what I saw
    "Sep 21 19:43:13 root FreeRADIUS: User stephen has used 0 MB of 1024 MB Daily allotted traffic. The login request was accepted."
    Also another User when I checked system log-> freeradius, this is what I saw
    "No logs to display."
    I think it should be looked at it.
    Thanks



  • Report it here: https://redmine.pfsense.org with as much details as you can.



  • Hi,

    I'm not using the "Mac Address Authentication" but qoutas seem to work for e :

    Sep 21 21:50:49 	root 		FreeRADIUS: User 111 has used 398 MB of 2048 MB daily allotted traffic. The login request was accepted.
    

    a minute later :

    Sep 21 21:51:51 	root 		FreeRADIUS: User 111 has used 404 MB of 2048 MB daily allotted traffic. The login request was accepted.
    

    Thus: quotas are working their way up.
    Didn't see what happened when they reach the end, that didn't arrived yet.

    What do you mean with :
    @stephenkwabena said in PFsense 2.4.4 FreeRadius Mac Address Authentication Qouta:

    "No logs to display."

    You flushed the logs ?

    Running the RC :
    2.4.4-RC (amd64)
    built on Tue Sep 18 17:52:29 EDT 2018
    FreeBSD 11.2-RELEASE-p3



  • @gertjan

    Yes



  • @grimson
    Ok I will do that. Thanks



  • @gertjan
    Please can show me your configuration?



  • Check here https://www.youtube.com/watch?v=nJ3NzU_7xd0 : 38 min 0 sec.



  • Quotas in FreeRadius pfSense package are working for me, both using MAC Address authentication and username/password authentication.

    @stephenkwabena said

    I assigned 1024MB to a User in the FreeRadius and the User used more the 1024MB assigned to him.

    I may know the reason why this is happening : is "Reauthenticate users" disabled in your captive portal configuration ?

    In order to use quota within the pfSense package,

    • "Reauthenticate users" must be enabled on the captive portal
    • Radius accounting must be enabled (using "stop/start (Freeradius)" ) on the captive portal
    • Radius accounting must be also enabled on the FreeRadius package (in the "Interface" tab)
    • A cron must be set up using the cron package to reset the daily counters


  • I hadd some details and examples :

    @free4 said in PFsense 2.4.4 FreeRadius Mac Address Authentication Qouta:

    • "Reauthenticate users" must be enabled on the captive portal

    Normal. A the doc states - or the video.

    • Radius accounting must be enabled (using "stop/start (Freeradius)" ) on the captive portal

    Or "Interim", which I use, and work s fine.

    • Radius accounting must be also enabled on the FreeRadius package (in the "Interface" tab)

    Yep. I've these (maybe over complete, but it works so good this way) :
    0_1538406452924_40e49891-ee11-429a-8b2a-ae67b055d7c0-image.png

    • A cron must be set up using the cron package to reset the daily counters

    Correct.
    Here it is :
    0_1538406600411_a1c7021a-7d31-46f3-be72-c3392c56c9c9-image.png

    The first 3 lines : the daily/weekly/monthly/ reset. Choose your hour of reset.
    Line 4 : private mixture, (192.168.2.1 is my NAS) to delete the overwhelming logs of FreeRadius - if you forget this one, and ask FreeRdius to log, and forget about it, then your pfSense will explode ... Btw : test this line by hand before you unleash a wild "rm" on your system.

    Have a look at /var/log/radacct/datacounter/daily/ - see the files yourself. That makes undderstanding things much faster.
    Use the FreeRadius config files, these scripts here : /usr/local/etc/raddb/scripts ... and then you know how the guy works, which is great if you want to debug something (add some log lines).