FreeRadius + Captive Portal "Amount of Time" Problem
-
Have a nice day;
FreeRadius installed on Pfsense 2.4.4 version. Captive Portal log in with freeradius users logging time. FreeRadius'da Time Configuration under the "Amount of Time" at the end of the period of entry to the Internet is not interrupted. I'm going into the wrong place or I can't figure this out. How can I make a constraint such that a user cannot access the Internet at the end of the period and cannot log in again?
Sorry for the broken English. -
Actually, I've made some progress. The relevant amount time works to see my work. However, when I set freeRadius to read the user from the SQL database, it moves as if some time is not entered. However, when I disable the SQL feature, this feature works exactly as I want. Is there a way to solve this?
-
I have a user with a daily quota.
After 4 hours (240 minutes) this users will get disconnected, and can't login for the rest of the day.
Btw : I'm using a remote SQL server as a database.If you want to see what happens, stop radiusd in the GUI - go to console, option 8 and use
radiusd -XNow you can see what happens. Do check the 300 seconds (default) interrogation.
-
That's my settings. Can you see a mistake?
-
Looks fine to me.
Don't why you show SQL settings - or what you are talking about. -
Sorry about the glitch. I edited the shipment. Unfortunately the problem continues. I don't know where it might be.
-
Hi @gertjan
This is my radius -x output. Does not work with these settings.FreeRADIUS Version 3.0.17 main { security { allow_core_dumps = no } name = "radiusd" prefix = "/usr/local" localstatedir = "/var" logdir = "/var/log" run_dir = "/var/run" } main { name = "radiusd" prefix = "/usr/local" localstatedir = "/var" sbindir = "/usr/local/sbin" logdir = "/var/log" run_dir = "/var/run" libdir = "/usr/local/lib/freeradius-3.0.17" radacctdir = "/var/log/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 pidfile = "/var/run/radiusd.pid" checkrad = "/usr/local/sbin/checkrad" debug_level = 0 proxy_requests = yes log { stripped_names = no auth = yes auth_badpass = no auth_goodpass = no msg_badpass = "" msg_goodpass = "" colourise = yes msg_denied = "You are already logged in - access denied" } resources { } security { max_attributes = 200 reject_delay = 1.000000 status_server = no } } client QHOTSPOT { ipaddr = 192.168.1.1 require_message_authenticator = no secret = <<< secret >>> nas_type = "other" proto = "udp" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } radiusd: #### Instantiating modules #### modules { attr_filter attr_filter.post-proxy { filename = "/usr/local/etc/raddb/mods-config/attr_filter/post-proxy" key = "%{Realm}" relaxed = no } attr_filter attr_filter.pre-proxy { filename = "/usr/local/etc/raddb/mods-config/attr_filter/pre-proxy" key = "%{Realm}" relaxed = no } attr_filter attr_filter.access_reject { filename = "/usr/local/etc/raddb/mods-config/attr_filter/access_reject" key = "%{User-Name}" relaxed = no } attr_filter attr_filter.access_challenge { filename = "/usr/local/etc/raddb/mods-config/attr_filter/access_challeng e" key = "%{User-Name}" relaxed = no } attr_filter attr_filter.accounting_response { filename = "/usr/local/etc/raddb/mods-config/attr_filter/accounting_resp onse" key = "%{User-Name}" relaxed = no } cache cache_eap { driver = "rlm_cache_rbtree" key = "%{%{control:State}:-%{%{reply:State}:-%{State}}}" ttl = 15 max_entries = 0 epoch = 0 add_stats = no } date { format = "%b %e %Y %H:%M:%S %Z" utc = no } filename = "/var/log/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IP v6-Address}}/detail-%Y%m%d" header = "%t" permissions = 384 locking = no escape_filenames = no log_packet_header = no } detail auth_log { filename = "/var/log/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IP v6-Address}}/auth-detail-%Y%m%d" header = "%t" permissions = 384 locking = no escape_filenames = no log_packet_header = no } detail reply_log { filename = "/var/log/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IP v6-Address}}/reply-detail-%Y%m%d" header = "%t" permissions = 384 locking = no escape_filenames = no log_packet_header = no } detail pre_proxy_log { filename = "/var/log/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IP v6-Address}}/pre-proxy-detail-%Y%m%d" header = "%t" permissions = 384 locking = no escape_filenames = no log_packet_header = no } # Loading module "post_proxy_log" from file /usr/local/etc/raddb/mods-enabled/ detail.log detail post_proxy_log { filename = "/var/log/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IP v6-Address}}/post-proxy-detail-%Y%m%d" header = "%t" permissions = 384 locking = no escape_filenames = no log_packet_header = no } eap { default_eap_type = "md5" timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no max_sessions = 4096 } # Loaded module rlm_exec exec echo { wait = yes program = "/bin/echo %{User-Name}" input_pairs = "request" output_pairs = "reply" shell_escape = yes } exec { wait = no input_pairs = "request" shell_escape = yes timeout = 10 } expr { safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ 0123456789.-_: /äéöüàâæçèéêëîïôœùûüaÿÄÉÖÜßÀÂÆÇÈÉÊËÎÏÔŒÙÛÜŸ" } files { filename = "/usr/local/etc/raddb/mods-config/files/authorize" acctusersfile = "/usr/local/etc/raddb/mods-config/files/accounting" preproxy_usersfile = "/usr/local/etc/raddb/mods-config/files/pre-proxy" } linelog { filename = "/var/log/linelog" escape_filenames = no syslog_severity = "info" permissions = 384 format = "This is a log message for %{User-Name}" reference = "messages.%{%{reply:Packet-Type}:-default}" } linelog log_accounting { filename = "/var/log/linelog-accounting" escape_filenames = no syslog_severity = "info" permissions = 384 format = "" reference = "Accounting-Request.%{%{Acct-Status-Type}:-unknown}" } # Loaded module rlm_logintime # Loading module "logintime" from file /usr/local/etc/raddb/mods-enabled/login time logintime { minimum_timeout = 60 } mschap { use_mppe = yes require_encryption = no require_strong = no with_ntdomain_hack = yes passchange { } allow_retry = yes winbind_retry_with_normalised_username = no } realm IPASS { format = "prefix" delimiter = "/" ignore_default = no ignore_null = yes } realm suffix { format = "suffix" delimiter = "@" ignore_default = no ignore_null = yes } realm realmpercent { format = "suffix" delimiter = "%" ignore_default = no ignore_null = yes } realm ntdomain { format = "prefix" delimiter = "\" ignore_default = no ignore_null = yes } pap { normalise = yes } wd passwd etc_passwd { filename = "/etc/passwd" format = "*User-Name:Crypt-Password:" delimiter = ":" ignore_nislike = no ignore_empty = yes allow_multiple_keys = no hash_size = 100 } # Loaded module rlm_preprocess preprocess { huntgroups = "/usr/local/etc/raddb/mods-config/preprocess/huntgroups" hints = "/usr/local/etc/raddb/mods-config/preprocess/hints" with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } radutmp { filename = "/var/log/radutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes permissions = 384 caller_id = yes } soh { dhcp = yes } radutmp sradutmp { filename = "/var/log/sradutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes permissions = 420 caller_id = no } unix { radwtmp = "/var/log/radwtmp" } Creating attribute Unix-Group always reject { rcode = "reject" simulcount = 0 mpp = no } always fail { rcode = "fail" simulcount = 0 mpp = no } always ok { rcode = "ok" simulcount = 0 mpp = no } # Loading module "handled" from file /usr/local/etc/raddb/mods-enabled/always always handled { rcode = "handled" simulcount = 0 mpp = no } # Loading module "invalid" from file /usr/local/etc/raddb/mods-enabled/always always invalid { rcode = "invalid" simulcount = 0 mpp = no } # Loading module "userlock" from file /usr/local/etc/raddb/mods-enabled/always always userlock { rcode = "userlock" simulcount = 0 mpp = no } # Loading module "notfound" from file /usr/local/etc/raddb/mods-enabled/always always notfound { rcode = "notfound" simulcount = 0 mpp = no } # Loading module "noop" from file /usr/local/etc/raddb/mods-enabled/always always noop { rcode = "noop" simulcount = 0 mpp = no } # Loading module "updated" from file /usr/local/etc/raddb/mods-enabled/always always updated { rcode = "updated" simulcount = 0 mpp = no } exec motp { wait = yes program = "/usr/local/bin/bash /usr/local/etc/raddb/scripts/otpverify.sh %{request:User-Name} %{request:User-Password} %{reply:MOTP-Init-Secret} %{reply :MOTP-PIN} %{reply:MOTP-Offset}" shell_escape = yes } # Loading module "googleauth" from file /usr/local/etc/raddb/mods-enabled/goog leauth exec googleauth { wait = yes program = "/usr/local/etc/raddb/scripts/googleauth.py %{request:User-Nam e} %{reply:MOTP-Init-Secret} %{reply:MOTP-PIN} %{request:User-Password}" shell_escape = yes } # Loading module "datacounterdaily" from file /usr/local/etc/raddb/mods-enable d/datacounter_acct exec datacounterdaily { wait = yes program = "/bin/sh /usr/local/etc/raddb/scripts/datacounter_acct.sh %{re quest:User-Name} daily %{request:Acct-Input-Octets} %{request:Acct-Output-Octets } %{request:Acct-Status-Type} %{request:Acct-Session-Id}" shell_escape = yes } # Loading module "datacounterweekly" from file /usr/local/etc/raddb/mods-enabl ed/datacounter_acct exec datacounterweekly { wait = yes program = "/bin/sh /usr/local/etc/raddb/scripts/datacounter_acct.sh %{re quest:User-Name} weekly %{request:Acct-Input-Octets} %{request:Acct-Output-Octet s} %{request:Acct-Status-Type} %{request:Acct-Session-Id}" shell_escape = yes } # Loading module "datacountermonthly" from file /usr/local/etc/raddb/mods-enab led/datacounter_acct exec datacountermonthly { wait = yes program = "/bin/sh /usr/local/etc/raddb/scripts/datacounter_acct.sh %{re quest:User-Name} monthly %{request:Acct-Input-Octets} %{request:Acct-Output-Octe ts} %{request:Acct-Status-Type} %{request:Acct-Session-Id}" shell_escape = yes } # Loading module "datacounterforever" from file /usr/local/etc/raddb/mods-enab led/datacounter_acct exec datacounterforever { wait = yes program = "/bin/sh /usr/local/etc/raddb/scripts/datacounter_acct.sh %{re quest:User-Name} forever %{request:Acct-Input-Octets} %{request:Acct-Output-Octe ts} %{request:Acct-Status-Type} %{request:Acct-Session-Id}" shell_escape = yes } # Loaded module rlm_sql # Loading module "sql1" from file /usr/local/etc/raddb/mods-enabled/sql sql sql1 { driver = "rlm_sql_mysql" server = "localhost" port = 3306 login = "qhotspot" password = <<< secret >>> radius_db = "qhotspot" read_groups = yes read_profiles = yes read_clients = yes delete_stale_sessions = yes sql_user_name = "%{User-Name}" logfile = "/var/log/sqltrace.sql" default_user_profile = "" client_query = "SELECT id, nasname, shortname, type, secret, server FROM nas" authorize_check_query = "SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id" authorize_reply_query = "SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id" authorize_group_check_query = "SELECT id, groupname, attribute, Value, o p FROM radgroupcheck WHERE groupname = '%{sql1-SQL-Group}' ORDER BY id" authorize_group_reply_query = "SELECT id, groupname, attribute, value, o p FROM radgroupreply WHERE groupname = '%{sql1-SQL-Group}' ORDER BY id" group_membership_query = "SELECT groupname FROM radusergroup WHERE usern ame = '%{SQL-User-Name}' ORDER BY priority" simul_count_query = "SELECT COUNT(*) FROM radacct WHERE username = '%{SQ L-User-Name}' AND acctstoptime IS NULL" simul_verify_query = "SELECT radacctid, acctsessionid, username, nasipad dress, nasportid, framedipaddress, callingstationid, framedprotocol FROM radacct WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL" safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ 0123456789.-_: /" accounting { reference = "%{tolower:type.%{Acct-Status-Type}.query}" type { accounting-on { query = "UPDATE radacct SET acctstoptime = FROM_UNIXTIME(%{integer:Event -Timestamp}), acctsessiontime = '%{integer:Event-Timestamp}' - UNIX_TIMESTAMP( acctstarttime), acctterminatecause = '%{%{Acct-Terminate-Cause}:-NAS-Reboot}' WH ERE acctstoptime IS NULL AND nasipaddress = '%{NAS-IP-Address}' AND acctstartt ime <= FROM_UNIXTIME(%{integer:Event-Timestamp})" } accounting-off { query = "UPDATE radacct SET acctstoptime = FROM_UNIXTIME(%{integer:Event -Timestamp}), acctsessiontime = '%{integer:Event-Timestamp}' - UNIX_TIMESTAMP( acctstarttime), acctterminatecause = '%{%{Acct-Terminate-Cause}:-NAS-Reboot}' WH ERE acctstoptime IS NULL AND nasipaddress = '%{NAS-IP-Address}' AND acctstartt ime <= FROM_UNIXTIME(%{integer:Event-Timestamp})" } start { query = "INSERT INTO radacct (acctsessionid, acctuniqueid, u sername, realm, nasipaddress, nasportid, nasporttype,a cctstarttime, acctupdatetime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinpu toctets, acctoutputoctets, calledstationid, callingstationid, acctte rminatecause, servicetype, framedprotocol, framedipaddress) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm }', '%{NAS-IP-Address}', '%{%{NAS-Port-ID}:-%{NAS-Port}}', '%{NAS-Port-Type}', F ROM_UNIXTIME(%{integer:Event-Timestamp}), FROM_UNIXTIME(%{integer:Event-Timestam p}), NULL, '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called- Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol }', '%{Framed-IP-Address}')" } interim-update { query = "UPDATE radacct SET acctupdatetime = (@acctupdatetime_old:=acct updatetime), acctupdatetime = FROM_UNIXTIME(%{integer:Event-Timestamp}), acctin terval = %{integer:Event-Timestamp} - UNIX_TIMESTAMP(@acctupdatetime_old), fr amedipaddress = '%{Framed-IP-Address}', acctsessiontime = %{%{Acct-Session-Time} :-NULL}, acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Inp ut-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{ %{Acct-Output-Octets}:-0}' WHERE AcctUniqueId = '%{Acct-Unique-Session-Id}'" } stop { query = "UPDATE radacct SET acctstoptime = FROM_UNIXTIME(%{intege r:Event-Timestamp}), acctsessiontime = %{%{Acct-Session-Time}:-NULL}, acctinp utoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets }:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Ou tput-Octets}:-0}', acctterminatecause = '%{Acct-Terminate-Cause}', connectinfo_s top = '%{Connect-Info}' WHERE AcctUniqueId = '%{Acct-Unique-Session-Id}'" } } } post-auth { reference = ".query" query = "INSERT INTO radpostauth (username, pass, reply, authdate) VALUE S ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet -Type}', '%S')" } } rlm_sql (sql1): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked Creating attribute sql1-SQL-Group # Loaded module rlm_sqlcounter # Loading module "dailycounter" from file /usr/local/etc/raddb/mods-enabled/sq lcounter sqlcounter dailycounter { sql_module_instance = "sql" key = "User-Name" query = "SELECT SUM(acctsessiontime - GREATEST((%%b - UNIX_TIMESTAMP(acc tstarttime)), 0)) FROM radacct WHERE username = '%{User-Name}' AND UNIX_TIMESTAM P(acctstarttime) + acctsessiontime > '%%b'" reset = "daily" counter_name = "Daily-Session-Time" check_name = "Max-Daily-Session" reply_name = "Session-Timeout" } # Loading module "monthlycounter" from file /usr/local/etc/raddb/mods-enabled/ sqlcounter sqlcounter monthlycounter { sql_module_instance = "sql" key = "User-Name" query = "SELECT SUM(acctsessiontime - GREATEST((%%b - UNIX_TIMESTAMP(acc tstarttime)), 0)) FROM radacct WHERE username='%{User-Name}' AND UNIX_TIMESTAMP( acctstarttime) + acctsessiontime > '%%b'" reset = "monthly" counter_name = "Monthly-Session-Time" check_name = "Max-Monthly-Session" reply_name = "Session-Timeout" } # Loading module "noresetcounter" from file /usr/local/etc/raddb/mods-enabled/ sqlcounter sqlcounter noresetcounter { sql_module_instance = "sql" key = "User-Name" query = "SELECT IFNULL(SUM(AcctSessionTime),0) FROM radacct WHERE UserNa me='%{User-Name}'" reset = "never" counter_name = "Max-All-Session-Time" check_name = "Max-All-Session" reply_name = "Session-Timeout" } # Loading module "expire_on_login" from file /usr/local/etc/raddb/mods-enabled /sqlcounter sqlcounter expire_on_login { sql_module_instance = "sql" key = "User-Name" query = "SELECT IFNULL( MAX(TIME_TO_SEC(TIMEDIFF(NOW(), acctstarttime))) ,0) FROM radacct WHERE UserName='%{User-Name}' ORDER BY acctstarttime LIMIT 1;" reset = "never" counter_name = "Expire-After-Initial-Login" check_name = "Expire-After" reply_name = "Session-Timeout" } instantiate { rlm_sql_mysql: libmysql version: 5.6.43 mysql { tls { } warnings = "auto" } rlm_sql (sql1): Attempting to connect to database "qhotspot" rlm_sql (sql1): Initialising connection pool pool { start = 5 min = 3 max = 5 spare = 10 uses = 0 lifetime = 0 cleanup_interval = 30 idle_timeout = 60 retry_delay = 60 spread = no } WARNING: Ignoring "spare = 10", forcing to "spare = 2" rlm_sql (sql1): Opening additional connection (0), 1 of 5 pending slots used rlm_sql_mysql: Starting connect to MySQL server rlm_sql_mysql: Connected to database 'qhotspot' on Localhost via UNIX socket, se rver version 5.6.43, protocol version 10 rlm_sql (sql1): Opening additional connection (1), 1 of 4 pending slots used rlm_sql_mysql: Starting connect to MySQL server rlm_sql_mysql: Connected to database 'qhotspot' on Localhost via UNIX socket, se rver version 5.6.43, protocol version 10 rlm_sql (sql1): Opening additional connection (2), 1 of 3 pending slots used rlm_sql_mysql: Starting connect to MySQL server rlm_sql_mysql: Connected to database 'qhotspot' on Localhost via UNIX socket, se rver version 5.6.43, protocol version 10 rlm_sql (sql1): Opening additional connection (3), 1 of 2 pending slots used rlm_sql_mysql: Starting connect to MySQL server rlm_sql_mysql: Connected to database 'qhotspot' on Localhost via UNIX socket, se rver version 5.6.43, protocol version 10 rlm_sql (sql1): Opening additional connection (4), 1 of 1 pending slots used rlm_sql_mysql: Starting connect to MySQL server rlm_sql_mysql: Connected to database 'qhotspot' on Localhost via UNIX socket, se rver version 5.6.43, protocol version 10 rlm_sql (sql1): Processing generate_sql_clients rlm_sql (sql1) in generate_sql_clients: query is SELECT id, nasname, shortname, type, secret, server FROM nas rlm_sql (sql1): Reserved connection (0) rlm_sql (sql1): Executing select query: SELECT id, nasname, shortname, type, sec ret, server FROM nas rlm_sql (sql1): Released connection (0) } gtc { challenge = "Password: " auth_type = "PAP" } # Linked to sub-module rlm_eap_tls tls { tls = "tls-common" } tls-config tls-common { verify_depth = 0 ca_path = "/usr/local/etc/raddb/certs" pem_file_type = yes private_key_file = "/usr/local/etc/raddb/certs/server_key.pem" certificate_file = "/usr/local/etc/raddb/certs/server_cert.pem" ca_file = "/usr/local/etc/raddb/certs/ca_cert.pem" dh_file = "/usr/local/etc/raddb/certs/dh" random_file = "/dev/urandom" fragment_size = 1024 include_length = yes auto_chain = yes check_crl = no check_all_crl = no cipher_list = "DEFAULT" cipher_server_preference = no ecdh_curve = "prime256v1" tls_max_version = "" tls_min_version = "1.0" cache { enable = no lifetime = 24 max_entries = 255 } verify { skip_if_ocsp_ok = no } ocsp { enable = no override_cert_url = no url = "http://127.0.0.1/ocsp/" use_nonce = yes timeout = 0 softfail = no } } # Linked to sub-module rlm_eap_ttls ttls { tls = "tls-common" default_eap_type = "md5" copy_request_to_tunnel = no use_tunneled_reply = no virtual_server = "inner-tunnel-ttls" include_length = yes require_client_cert = no } tls: Using cached TLS configuration from previous invocation # Linked to sub-module rlm_eap_peap peap { tls = "tls-common" default_eap_type = "mschapv2" copy_request_to_tunnel = no use_tunneled_reply = no proxy_tunneled_request_as_eap = yes virtual_server = "inner-tunnel-peap" soh = no require_client_cert = no } tls: Using cached TLS configuration from previous invocation # Linked to sub-module rlm_eap_mschapv2 mschapv2 { with_ntdomain_hack = no send_error = no } # Instantiating module "files" from file /usr/local/etc/raddb/mods-enabled/fil es reading pairlist file /usr/local/etc/raddb/mods-config/files/authorize reading pairlist file /usr/local/etc/raddb/mods-config/files/accounting reading pairlist file /usr/local/etc/raddb/mods-config/files/pre-proxy rlm_passwd: nfields: 3 keyfield 0(User-Name) listable: no reading pairlist file /usr/local/etc/raddb/mods-config/preprocess/huntgroups reading pairlist file /usr/local/etc/raddb/mods-config/preprocess/hints rlm_sqlcounter: Current Time: 1550646881 [2019-02-20 10:14:41], Prev reset 15506 10000 [2019-02-20 00:00:00] rlm_sqlcounter: Current Time: 1550646881 [2019-02-20 10:14:41], Prev reset 15489 68400 [2019-02-01 00:00:00] rlm_sqlcounter: Current Time: 1550646881 [2019-02-20 10:14:41], Prev reset 0 [20 19-02-20 10:00:00] rlm_sqlcounter: Current Time: 1550646881 [2019-02-20 10:14:41], Prev reset 0 [20 19-02-20 10:00:00] } # modules radiusd: #### Loading Virtual Servers #### server { # from file /usr/local/etc/raddb/radiusd.conf } # server server default { # from file /usr/local/etc/raddb/sites-enabled/default } # server default server inner-tunnel-ttls { # from file /usr/local/etc/raddb/sites-enabled/inner- tunnel-ttls Ignoring "sql" (see raddb/mods-available/README.rst) Ignoring "ldap" (see raddb/mods-available/README.rst) } # server inner-tunnel-ttls server inner-tunnel-peap { # from file /usr/local/etc/raddb/sites-enabled/inner- tunnel-peap } # server inner-tunnel-peap radiusd: #### Opening IP addresses and Ports #### listen { type = "auth" ipaddr = * port = 1812 Failed binding to auth address * port 1812 bound to server default: Address alre ady in use /usr/local/etc/raddb/sites-enabled/default[2]: Error binding to port for 0.0.0.0 port 1812 -
I solved the problem. The solution for those experiencing the same problem is here.
https://forum.netgate.com/topic/139132/need-help-on-max-daily-session-attributeThank you @Gertjan
-
@pfsense01 said in FreeRadius + Captive Portal "Amount of Time" Problem:
radius -x
Be careful.
I said
radius -Xnot
radius -xI advise you to use
radiusd -hto see all the options.
Btw : If you see
Failed binding to auth address * port 1812 bound to server default: Address already in use /usr/local/etc/raddb/sites-enabled/default[2]: Error binding to port for 0.0.0.0 port 1812you are informed some other instance is already running.
You should stop radiusd first - and check that you stopped it.
This shows the process ID :ps ax | grep 'radius'Than you kill it using
kill abcdewhere abcde is the process ID (pid)
-
Thank you so much. I wrote wrong above. The command I use
radius -X
-
@Gertjan
I have the same problem in radius server,
I stopped radius server and check there are no ports and started it again, but it still not working.
I need a help please.
-
@Gertjan said in FreeRadius + Captive Portal "Amount of Time" Problem:
radius -X
What about reading what is said above ?
It's not just a question of "port checking".
The
radius -Xmode will tell you what is wrong / why it doesn't work.
-
@Gertjan
I have this problem when I run this command (radius -X) and I don't know how to solve it.
-
@Gertjan
Is this result maybe the reason for the problem??
two ipv4 use same port 1812
-
??
The reason for the problem is that your are starting radius, nut there is already one running - in this case process 41473.
The instance you started bails out, explaining you with big red lines why.I stopped radius server and check there are no ports ....
So, radius si telling you why.
You know how to find out why.
But you didn't act ....Run
netstat -anp | grep 'radius'again.
Note the process number and kill that process.
Like this :kill 123456Now, start radius
radius -XAll the other details are already mentioned in this thread.
-
Thank you @Gertjan
I stopped Radius Server then I ran command (radius -X), It worked correctly.
But I have another question now .. when radius is running, the command (radius -X) will not run? -
@mustafa-azzam said in FreeRadius + Captive Portal "Amount of Time" Problem:
But I have another question now .. when radius is running, the command (radius -X) will not run?
Radius is a process you can see as a "server process".
Golden rule : on one and the same system, you can have on ONE server process that listens to a determined port.So, if you launch "FreeRadius" using the pfSense GUI, you have a radius process runnin.
Example, right now, on my pfSense :[2.4.4-RELEASE][admin@pfsense.brit-hotel-fumel.net]/root: ps ax | grep radius 83839 - Is 0:18.74 /usr/local/sbin/radiusd 21455 0 S+ 0:00.00 grep radiusAs you know, it's easy to check what ports it's using.
When I launch another, second radius process, it will bail out.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.