Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    FreeRadius + Captive Portal "Amount of Time" Problem

    Scheduled Pinned Locked Moved pfSense Packages
    17 Posts 3 Posters 2.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pfsense01
      last edited by

      Have a nice day;
      FreeRadius installed on Pfsense 2.4.4 version. Captive Portal log in with freeradius users logging time. FreeRadius'da Time Configuration under the "Amount of Time" at the end of the period of entry to the Internet is not interrupted. I'm going into the wrong place or I can't figure this out. How can I make a constraint such that a user cannot access the Internet at the end of the period and cannot log in again?
      Sorry for the broken English.

      1 Reply Last reply Reply Quote 0
      • P
        pfsense01
        last edited by

        Actually, I've made some progress. The relevant amount time works to see my work. However, when I set freeRadius to read the user from the SQL database, it moves as if some time is not entered. However, when I disable the SQL feature, this feature works exactly as I want. Is there a way to solve this?

        1 Reply Last reply Reply Quote 0
        • GertjanG
          Gertjan
          last edited by

          I have a user with a daily quota.

          0_1550484145138_e675cc2b-c826-4831-ac8b-8995ea484623-image.png

          After 4 hours (240 minutes) this users will get disconnected, and can't login for the rest of the day.
          Btw : I'm using a remote SQL server as a database.

          If you want to see what happens, stop radiusd in the GUI - go to console, option 8 and use

          radiusd -X
          

          Now you can see what happens. Do check the 300 seconds (default) interrogation.

          No "help me" PM's please. Use the forum, the community will thank you.
          Edit : and where are the logs ??

          P 1 Reply Last reply Reply Quote 0
          • P
            pfsense01
            last edited by pfsense01

            That's my settings. Can you see a mistake?

            0_1550560758466_1550498545105-resim1.jpg
            0_1550560761834_1550498544819-resim2.jpg 0_1550560768653_1550498544961-resim3.jpg 0_1550560772079_1550498545257-resim4.jpg

            1 Reply Last reply Reply Quote 0
            • GertjanG
              Gertjan
              last edited by

              Looks fine to me.
              Don't why you show SQL settings - or what you are talking about.

              No "help me" PM's please. Use the forum, the community will thank you.
              Edit : and where are the logs ??

              1 Reply Last reply Reply Quote 0
              • P
                pfsense01
                last edited by

                Sorry about the glitch. I edited the shipment. Unfortunately the problem continues. I don't know where it might be. ☹

                1 Reply Last reply Reply Quote 0
                • P
                  pfsense01 @Gertjan
                  last edited by

                  Hi @gertjan
                  This is my radius -x output. Does not work with these settings.

                  FreeRADIUS Version 3.0.17
                  
                  main {
                   security {
                          allow_core_dumps = no
                   }
                          name = "radiusd"
                          prefix = "/usr/local"
                          localstatedir = "/var"
                          logdir = "/var/log"
                          run_dir = "/var/run"
                  }
                  main {
                          name = "radiusd"
                          prefix = "/usr/local"
                          localstatedir = "/var"
                          sbindir = "/usr/local/sbin"
                          logdir = "/var/log"
                          run_dir = "/var/run"
                          libdir = "/usr/local/lib/freeradius-3.0.17"
                          radacctdir = "/var/log/radacct"
                          hostname_lookups = no
                          max_request_time = 30
                          cleanup_delay = 5
                          max_requests = 1024
                          pidfile = "/var/run/radiusd.pid"
                          checkrad = "/usr/local/sbin/checkrad"
                          debug_level = 0
                          proxy_requests = yes
                   log {
                          stripped_names = no
                          auth = yes
                          auth_badpass = no
                          auth_goodpass = no
                          msg_badpass = ""
                          msg_goodpass = ""
                          colourise = yes
                          msg_denied = "You are already logged in - access denied"
                   }
                   resources {
                   }
                   security {
                          max_attributes = 200
                          reject_delay = 1.000000
                          status_server = no
                   }
                  }
                  client QHOTSPOT {
                          ipaddr = 192.168.1.1
                          require_message_authenticator = no
                          secret = <<< secret >>>
                          nas_type = "other"
                          proto = "udp"
                    limit {
                          max_connections = 16
                          lifetime = 0
                          idle_timeout = 30
                    }
                   }
                  radiusd: #### Instantiating modules ####
                   modules {
                    attr_filter attr_filter.post-proxy {
                          filename = "/usr/local/etc/raddb/mods-config/attr_filter/post-proxy"
                          key = "%{Realm}"
                          relaxed = no
                    }
                    attr_filter attr_filter.pre-proxy {
                          filename = "/usr/local/etc/raddb/mods-config/attr_filter/pre-proxy"
                          key = "%{Realm}"
                          relaxed = no
                    }
                    attr_filter attr_filter.access_reject {
                          filename = "/usr/local/etc/raddb/mods-config/attr_filter/access_reject"
                          key = "%{User-Name}"
                          relaxed = no
                    }
                    attr_filter attr_filter.access_challenge {
                          filename = "/usr/local/etc/raddb/mods-config/attr_filter/access_challeng                                                                                        e"
                          key = "%{User-Name}"
                          relaxed = no
                    }
                    attr_filter attr_filter.accounting_response {
                          filename = "/usr/local/etc/raddb/mods-config/attr_filter/accounting_resp                                                                                        onse"
                          key = "%{User-Name}"
                          relaxed = no
                    }
                    cache cache_eap {
                          driver = "rlm_cache_rbtree"
                          key = "%{%{control:State}:-%{%{reply:State}:-%{State}}}"
                          ttl = 15
                          max_entries = 0
                          epoch = 0
                          add_stats = no
                    }
                    date {
                          format = "%b %e %Y %H:%M:%S %Z"
                          utc = no
                    }
                          filename = "/var/log/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IP                                                                                        v6-Address}}/detail-%Y%m%d"
                          header = "%t"
                          permissions = 384
                          locking = no
                          escape_filenames = no
                          log_packet_header = no
                    }
                    detail auth_log {
                          filename = "/var/log/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IP                                                                                        v6-Address}}/auth-detail-%Y%m%d"
                          header = "%t"
                          permissions = 384
                          locking = no
                          escape_filenames = no
                          log_packet_header = no
                    }
                    detail reply_log {
                          filename = "/var/log/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IP                                                                                        v6-Address}}/reply-detail-%Y%m%d"
                          header = "%t"
                          permissions = 384
                          locking = no
                          escape_filenames = no
                          log_packet_header = no
                    }
                    detail pre_proxy_log {
                          filename = "/var/log/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IP                                                                                        v6-Address}}/pre-proxy-detail-%Y%m%d"
                          header = "%t"
                          permissions = 384
                          locking = no
                          escape_filenames = no
                          log_packet_header = no
                    }
                    # Loading module "post_proxy_log" from file /usr/local/etc/raddb/mods-enabled/                                                                                        detail.log
                    detail post_proxy_log {
                          filename = "/var/log/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IP                                                                                        v6-Address}}/post-proxy-detail-%Y%m%d"
                          header = "%t"
                          permissions = 384
                          locking = no
                          escape_filenames = no
                          log_packet_header = no
                    }
                    eap {
                          default_eap_type = "md5"
                          timer_expire = 60
                          ignore_unknown_eap_types = no
                          cisco_accounting_username_bug = no
                          max_sessions = 4096
                    }
                    # Loaded module rlm_exec
                      exec echo {
                          wait = yes
                          program = "/bin/echo %{User-Name}"
                          input_pairs = "request"
                          output_pairs = "reply"
                          shell_escape = yes
                    }
                    exec {
                          wait = no
                          input_pairs = "request"
                          shell_escape = yes
                          timeout = 10
                    }
                    expr {
                          safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ                                                                                        0123456789.-_: /äéöüàâæçèéêëîïôœùûüaÿÄÉÖÜßÀÂÆÇÈÉÊËÎÏÔŒÙÛÜŸ"
                    }
                    files {
                          filename = "/usr/local/etc/raddb/mods-config/files/authorize"
                          acctusersfile = "/usr/local/etc/raddb/mods-config/files/accounting"
                          preproxy_usersfile = "/usr/local/etc/raddb/mods-config/files/pre-proxy"
                    }
                    linelog {
                          filename = "/var/log/linelog"
                          escape_filenames = no
                          syslog_severity = "info"
                          permissions = 384
                          format = "This is a log message for %{User-Name}"
                          reference = "messages.%{%{reply:Packet-Type}:-default}"
                    }
                    linelog log_accounting {
                          filename = "/var/log/linelog-accounting"
                          escape_filenames = no
                          syslog_severity = "info"
                          permissions = 384
                          format = ""
                          reference = "Accounting-Request.%{%{Acct-Status-Type}:-unknown}"
                    }
                    # Loaded module rlm_logintime
                    # Loading module "logintime" from file /usr/local/etc/raddb/mods-enabled/login                                                                                        time
                    logintime {
                          minimum_timeout = 60
                    }
                    mschap {
                          use_mppe = yes
                          require_encryption = no
                          require_strong = no
                          with_ntdomain_hack = yes
                     passchange {
                     }
                          allow_retry = yes
                          winbind_retry_with_normalised_username = no
                    }
                    realm IPASS {
                          format = "prefix"
                          delimiter = "/"
                          ignore_default = no
                          ignore_null = yes
                    }
                    realm suffix {
                          format = "suffix"
                          delimiter = "@"
                          ignore_default = no
                          ignore_null = yes
                    }
                    realm realmpercent {
                          format = "suffix"
                          delimiter = "%"
                          ignore_default = no
                          ignore_null = yes
                    }
                    realm ntdomain {
                          format = "prefix"
                          delimiter = "\"
                          ignore_default = no
                          ignore_null = yes
                    }
                    pap {
                          normalise = yes
                    }
                  wd
                    passwd etc_passwd {
                          filename = "/etc/passwd"
                          format = "*User-Name:Crypt-Password:"
                          delimiter = ":"
                          ignore_nislike = no
                          ignore_empty = yes
                          allow_multiple_keys = no
                          hash_size = 100
                    }
                    # Loaded module rlm_preprocess
                    preprocess {
                          huntgroups = "/usr/local/etc/raddb/mods-config/preprocess/huntgroups"
                          hints = "/usr/local/etc/raddb/mods-config/preprocess/hints"
                          with_ascend_hack = no
                          ascend_channels_per_line = 23
                          with_ntdomain_hack = no
                          with_specialix_jetstream_hack = no
                          with_cisco_vsa_hack = no
                          with_alvarion_vsa_hack = no
                    }
                    radutmp {
                          filename = "/var/log/radutmp"
                          username = "%{User-Name}"
                          case_sensitive = yes
                          check_with_nas = yes
                          permissions = 384
                          caller_id = yes
                    }
                    soh {
                          dhcp = yes
                    }
                    radutmp sradutmp {
                          filename = "/var/log/sradutmp"
                          username = "%{User-Name}"
                          case_sensitive = yes
                          check_with_nas = yes
                          permissions = 420
                          caller_id = no
                    }
                    unix {
                          radwtmp = "/var/log/radwtmp"
                    }
                  Creating attribute Unix-Group
                    always reject {
                          rcode = "reject"
                          simulcount = 0
                          mpp = no
                    }
                    always fail {
                          rcode = "fail"
                          simulcount = 0
                          mpp = no
                    }
                    always ok {
                          rcode = "ok"
                          simulcount = 0
                          mpp = no
                    }
                    # Loading module "handled" from file /usr/local/etc/raddb/mods-enabled/always
                    always handled {
                          rcode = "handled"
                          simulcount = 0
                          mpp = no
                    }
                    # Loading module "invalid" from file /usr/local/etc/raddb/mods-enabled/always
                    always invalid {
                          rcode = "invalid"
                          simulcount = 0
                          mpp = no
                    }
                    # Loading module "userlock" from file /usr/local/etc/raddb/mods-enabled/always
                    always userlock {
                          rcode = "userlock"
                          simulcount = 0
                          mpp = no
                    }
                    # Loading module "notfound" from file /usr/local/etc/raddb/mods-enabled/always
                    always notfound {
                          rcode = "notfound"
                          simulcount = 0
                          mpp = no
                    }
                    # Loading module "noop" from file /usr/local/etc/raddb/mods-enabled/always
                    always noop {
                          rcode = "noop"
                          simulcount = 0
                          mpp = no
                    }
                    # Loading module "updated" from file /usr/local/etc/raddb/mods-enabled/always
                    always updated {
                          rcode = "updated"
                          simulcount = 0
                          mpp = no
                    }
                    exec motp {
                          wait = yes
                          program = "/usr/local/bin/bash /usr/local/etc/raddb/scripts/otpverify.sh                                                                                         %{request:User-Name} %{request:User-Password} %{reply:MOTP-Init-Secret} %{reply                                                                                        :MOTP-PIN} %{reply:MOTP-Offset}"
                          shell_escape = yes
                    }
                    # Loading module "googleauth" from file /usr/local/etc/raddb/mods-enabled/goog                                                                                        leauth
                    exec googleauth {
                          wait = yes
                          program = "/usr/local/etc/raddb/scripts/googleauth.py %{request:User-Nam                                                                                        e} %{reply:MOTP-Init-Secret} %{reply:MOTP-PIN} %{request:User-Password}"
                          shell_escape = yes
                    }
                    # Loading module "datacounterdaily" from file /usr/local/etc/raddb/mods-enable                                                                                        d/datacounter_acct
                    exec datacounterdaily {
                          wait = yes
                          program = "/bin/sh /usr/local/etc/raddb/scripts/datacounter_acct.sh %{re                                                                                        quest:User-Name} daily %{request:Acct-Input-Octets} %{request:Acct-Output-Octets                                                                                        } %{request:Acct-Status-Type} %{request:Acct-Session-Id}"
                          shell_escape = yes
                    }
                    # Loading module "datacounterweekly" from file /usr/local/etc/raddb/mods-enabl                                                                                        ed/datacounter_acct
                    exec datacounterweekly {
                          wait = yes
                          program = "/bin/sh /usr/local/etc/raddb/scripts/datacounter_acct.sh %{re                                                                                        quest:User-Name} weekly %{request:Acct-Input-Octets} %{request:Acct-Output-Octet                                                                                        s} %{request:Acct-Status-Type} %{request:Acct-Session-Id}"
                          shell_escape = yes
                    }
                    # Loading module "datacountermonthly" from file /usr/local/etc/raddb/mods-enab                                                                                        led/datacounter_acct
                    exec datacountermonthly {
                          wait = yes
                          program = "/bin/sh /usr/local/etc/raddb/scripts/datacounter_acct.sh %{re                                                                                        quest:User-Name} monthly %{request:Acct-Input-Octets} %{request:Acct-Output-Octe                                                                                        ts} %{request:Acct-Status-Type} %{request:Acct-Session-Id}"
                          shell_escape = yes
                    }
                    # Loading module "datacounterforever" from file /usr/local/etc/raddb/mods-enab                                                                                        led/datacounter_acct
                    exec datacounterforever {
                          wait = yes
                          program = "/bin/sh /usr/local/etc/raddb/scripts/datacounter_acct.sh %{re                                                                                        quest:User-Name} forever %{request:Acct-Input-Octets} %{request:Acct-Output-Octe                                                                                        ts} %{request:Acct-Status-Type} %{request:Acct-Session-Id}"
                          shell_escape = yes
                    }
                    # Loaded module rlm_sql
                    # Loading module "sql1" from file /usr/local/etc/raddb/mods-enabled/sql
                    sql sql1 {
                          driver = "rlm_sql_mysql"
                          server = "localhost"
                          port = 3306
                          login = "qhotspot"
                          password = <<< secret >>>
                          radius_db = "qhotspot"
                          read_groups = yes
                          read_profiles = yes
                          read_clients = yes
                          delete_stale_sessions = yes
                          sql_user_name = "%{User-Name}"
                          logfile = "/var/log/sqltrace.sql"
                          default_user_profile = ""
                          client_query = "SELECT id, nasname, shortname, type, secret, server FROM                                                                                         nas"
                          authorize_check_query = "SELECT id, username, attribute, value, op FROM                                                                                         radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id"
                          authorize_reply_query = "SELECT id, username, attribute, value, op FROM                                                                                         radreply WHERE username = '%{SQL-User-Name}' ORDER BY id"
                          authorize_group_check_query = "SELECT id, groupname, attribute, Value, o                                                                                        p FROM radgroupcheck WHERE groupname = '%{sql1-SQL-Group}' ORDER BY id"
                          authorize_group_reply_query = "SELECT id, groupname, attribute, value, o                                                                                        p FROM radgroupreply WHERE groupname = '%{sql1-SQL-Group}' ORDER BY id"
                          group_membership_query = "SELECT groupname FROM radusergroup WHERE usern                                                                                        ame = '%{SQL-User-Name}' ORDER BY priority"
                          simul_count_query = "SELECT COUNT(*) FROM radacct WHERE username = '%{SQ                                                                                        L-User-Name}' AND acctstoptime IS NULL"
                          simul_verify_query = "SELECT radacctid, acctsessionid, username, nasipad                                                                                        dress, nasportid, framedipaddress, callingstationid, framedprotocol FROM radacct                                                                                         WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL"
                          safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ                                                                                        0123456789.-_: /"
                     accounting {
                          reference = "%{tolower:type.%{Acct-Status-Type}.query}"
                      type {
                       accounting-on {
                          query = "UPDATE radacct SET acctstoptime = FROM_UNIXTIME(%{integer:Event                                                                                        -Timestamp}), acctsessiontime   = '%{integer:Event-Timestamp}' - UNIX_TIMESTAMP(                                                                                        acctstarttime), acctterminatecause = '%{%{Acct-Terminate-Cause}:-NAS-Reboot}' WH                                                                                        ERE acctstoptime IS NULL AND nasipaddress   = '%{NAS-IP-Address}' AND acctstartt                                                                                        ime <= FROM_UNIXTIME(%{integer:Event-Timestamp})"
                       }
                       accounting-off {
                          query = "UPDATE radacct SET acctstoptime = FROM_UNIXTIME(%{integer:Event                                                                                        -Timestamp}), acctsessiontime   = '%{integer:Event-Timestamp}' - UNIX_TIMESTAMP(                                                                                        acctstarttime), acctterminatecause = '%{%{Acct-Terminate-Cause}:-NAS-Reboot}' WH                                                                                        ERE acctstoptime IS NULL AND nasipaddress   = '%{NAS-IP-Address}' AND acctstartt                                                                                        ime <= FROM_UNIXTIME(%{integer:Event-Timestamp})"
                       }
                       start {
                          query = "INSERT INTO radacct (acctsessionid,            acctuniqueid,  u                                                                                        sername, realm,                 nasipaddress,           nasportid, nasporttype,a                                                                                        cctstarttime,           acctupdatetime, acctstoptime,           acctsessiontime,                                                                                                acctauthentic, connectinfo_start,       connectinfo_stop,       acctinpu                                                                                        toctets, acctoutputoctets,      calledstationid,        callingstationid, acctte                                                                                        rminatecause,   servicetype,            framedprotocol, framedipaddress) VALUES                                                                                         ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm                                                                                        }', '%{NAS-IP-Address}', '%{%{NAS-Port-ID}:-%{NAS-Port}}', '%{NAS-Port-Type}', F                                                                                        ROM_UNIXTIME(%{integer:Event-Timestamp}), FROM_UNIXTIME(%{integer:Event-Timestam                                                                                        p}), NULL, '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-                                                                                        Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol                                                                                        }', '%{Framed-IP-Address}')"
                       }
                       interim-update {
                          query = "UPDATE radacct SET acctupdatetime  = (@acctupdatetime_old:=acct                                                                                        updatetime), acctupdatetime  = FROM_UNIXTIME(%{integer:Event-Timestamp}), acctin                                                                                        terval    = %{integer:Event-Timestamp} - UNIX_TIMESTAMP(@acctupdatetime_old), fr                                                                                        amedipaddress = '%{Framed-IP-Address}', acctsessiontime = %{%{Acct-Session-Time}                                                                                        :-NULL}, acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Inp                                                                                        ut-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{                                                                                        %{Acct-Output-Octets}:-0}' WHERE AcctUniqueId = '%{Acct-Unique-Session-Id}'"
                       }
                       stop {
                          query = "UPDATE radacct SET acctstoptime        = FROM_UNIXTIME(%{intege                                                                                        r:Event-Timestamp}), acctsessiontime    = %{%{Acct-Session-Time}:-NULL}, acctinp                                                                                        utoctets        = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets                                                                                        }:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Ou                                                                                        tput-Octets}:-0}', acctterminatecause = '%{Acct-Terminate-Cause}', connectinfo_s                                                                                        top = '%{Connect-Info}' WHERE AcctUniqueId = '%{Acct-Unique-Session-Id}'"
                       }
                      }
                     }
                     post-auth {
                          reference = ".query"
                          query = "INSERT INTO radpostauth (username, pass, reply, authdate) VALUE                                                                                        S ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet                                                                                        -Type}', '%S')"
                     }
                    }
                  rlm_sql (sql1): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
                  Creating attribute sql1-SQL-Group
                    # Loaded module rlm_sqlcounter
                    # Loading module "dailycounter" from file /usr/local/etc/raddb/mods-enabled/sq                                                                                        lcounter
                    sqlcounter dailycounter {
                          sql_module_instance = "sql"
                          key = "User-Name"
                          query = "SELECT SUM(acctsessiontime - GREATEST((%%b - UNIX_TIMESTAMP(acc                                                                                        tstarttime)), 0)) FROM radacct WHERE username = '%{User-Name}' AND UNIX_TIMESTAM                                                                                        P(acctstarttime) + acctsessiontime > '%%b'"
                          reset = "daily"
                          counter_name = "Daily-Session-Time"
                          check_name = "Max-Daily-Session"
                          reply_name = "Session-Timeout"
                    }
                    # Loading module "monthlycounter" from file /usr/local/etc/raddb/mods-enabled/                                                                                        sqlcounter
                    sqlcounter monthlycounter {
                          sql_module_instance = "sql"
                          key = "User-Name"
                          query = "SELECT SUM(acctsessiontime - GREATEST((%%b - UNIX_TIMESTAMP(acc                                                                                        tstarttime)), 0)) FROM radacct WHERE username='%{User-Name}' AND UNIX_TIMESTAMP(                                                                                        acctstarttime) + acctsessiontime > '%%b'"
                          reset = "monthly"
                          counter_name = "Monthly-Session-Time"
                          check_name = "Max-Monthly-Session"
                          reply_name = "Session-Timeout"
                    }
                    # Loading module "noresetcounter" from file /usr/local/etc/raddb/mods-enabled/                                                                                        sqlcounter
                    sqlcounter noresetcounter {
                          sql_module_instance = "sql"
                          key = "User-Name"
                          query = "SELECT IFNULL(SUM(AcctSessionTime),0) FROM radacct WHERE UserNa                                                                                        me='%{User-Name}'"
                          reset = "never"
                          counter_name = "Max-All-Session-Time"
                          check_name = "Max-All-Session"
                          reply_name = "Session-Timeout"
                    }
                    # Loading module "expire_on_login" from file /usr/local/etc/raddb/mods-enabled                                                                                        /sqlcounter
                    sqlcounter expire_on_login {
                          sql_module_instance = "sql"
                          key = "User-Name"
                          query = "SELECT IFNULL( MAX(TIME_TO_SEC(TIMEDIFF(NOW(), acctstarttime)))                                                                                        ,0) FROM radacct WHERE UserName='%{User-Name}' ORDER BY acctstarttime LIMIT 1;"
                          reset = "never"
                          counter_name = "Expire-After-Initial-Login"
                          check_name = "Expire-After"
                          reply_name = "Session-Timeout"
                    }
                    instantiate {
                  rlm_sql_mysql: libmysql version: 5.6.43
                     mysql {
                      tls {
                      }
                          warnings = "auto"
                     }
                  rlm_sql (sql1): Attempting to connect to database "qhotspot"
                  rlm_sql (sql1): Initialising connection pool
                     pool {
                          start = 5
                          min = 3
                          max = 5
                          spare = 10
                          uses = 0
                          lifetime = 0
                          cleanup_interval = 30
                          idle_timeout = 60
                          retry_delay = 60
                          spread = no
                     }
                  WARNING: Ignoring "spare = 10", forcing to "spare = 2"
                  rlm_sql (sql1): Opening additional connection (0), 1 of 5 pending slots used
                  rlm_sql_mysql: Starting connect to MySQL server
                  rlm_sql_mysql: Connected to database 'qhotspot' on Localhost via UNIX socket, se                                                                                        rver version 5.6.43, protocol version 10
                  rlm_sql (sql1): Opening additional connection (1), 1 of 4 pending slots used
                  rlm_sql_mysql: Starting connect to MySQL server
                  rlm_sql_mysql: Connected to database 'qhotspot' on Localhost via UNIX socket, se                                                                                        rver version 5.6.43, protocol version 10
                  rlm_sql (sql1): Opening additional connection (2), 1 of 3 pending slots used
                  rlm_sql_mysql: Starting connect to MySQL server
                  rlm_sql_mysql: Connected to database 'qhotspot' on Localhost via UNIX socket, se                                                                                        rver version 5.6.43, protocol version 10
                  rlm_sql (sql1): Opening additional connection (3), 1 of 2 pending slots used
                  rlm_sql_mysql: Starting connect to MySQL server
                  rlm_sql_mysql: Connected to database 'qhotspot' on Localhost via UNIX socket, se                                                                                        rver version 5.6.43, protocol version 10
                  rlm_sql (sql1): Opening additional connection (4), 1 of 1 pending slots used
                  rlm_sql_mysql: Starting connect to MySQL server
                  rlm_sql_mysql: Connected to database 'qhotspot' on Localhost via UNIX socket, se                                                                                        rver version 5.6.43, protocol version 10
                  rlm_sql (sql1): Processing generate_sql_clients
                  rlm_sql (sql1) in generate_sql_clients: query is SELECT id, nasname, shortname,                                                                                         type, secret, server FROM nas
                  rlm_sql (sql1): Reserved connection (0)
                  rlm_sql (sql1): Executing select query: SELECT id, nasname, shortname, type, sec                                                                                        ret, server FROM nas
                  rlm_sql (sql1): Released connection (0)
                    }
                     gtc {
                          challenge = "Password: "
                          auth_type = "PAP"
                     }
                     # Linked to sub-module rlm_eap_tls
                     tls {
                          tls = "tls-common"
                     }
                     tls-config tls-common {
                          verify_depth = 0
                          ca_path = "/usr/local/etc/raddb/certs"
                          pem_file_type = yes
                          private_key_file = "/usr/local/etc/raddb/certs/server_key.pem"
                          certificate_file = "/usr/local/etc/raddb/certs/server_cert.pem"
                          ca_file = "/usr/local/etc/raddb/certs/ca_cert.pem"
                          dh_file = "/usr/local/etc/raddb/certs/dh"
                          random_file = "/dev/urandom"
                          fragment_size = 1024
                          include_length = yes
                          auto_chain = yes
                          check_crl = no
                          check_all_crl = no
                          cipher_list = "DEFAULT"
                          cipher_server_preference = no
                          ecdh_curve = "prime256v1"
                          tls_max_version = ""
                          tls_min_version = "1.0"
                      cache {
                          enable = no
                          lifetime = 24
                          max_entries = 255
                      }
                      verify {
                          skip_if_ocsp_ok = no
                      }
                      ocsp {
                          enable = no
                          override_cert_url = no
                          url = "http://127.0.0.1/ocsp/"
                          use_nonce = yes
                          timeout = 0
                          softfail = no
                      }
                     }
                     # Linked to sub-module rlm_eap_ttls
                     ttls {
                          tls = "tls-common"
                          default_eap_type = "md5"
                          copy_request_to_tunnel = no
                          use_tunneled_reply = no
                          virtual_server = "inner-tunnel-ttls"
                          include_length = yes
                          require_client_cert = no
                     }
                  tls: Using cached TLS configuration from previous invocation
                     # Linked to sub-module rlm_eap_peap
                     peap {
                          tls = "tls-common"
                          default_eap_type = "mschapv2"
                          copy_request_to_tunnel = no
                          use_tunneled_reply = no
                          proxy_tunneled_request_as_eap = yes
                          virtual_server = "inner-tunnel-peap"
                          soh = no
                          require_client_cert = no
                     }
                  tls: Using cached TLS configuration from previous invocation
                     # Linked to sub-module rlm_eap_mschapv2
                     mschapv2 {
                          with_ntdomain_hack = no
                          send_error = no
                     }
                    # Instantiating module "files" from file /usr/local/etc/raddb/mods-enabled/fil                                                                                        es
                  reading pairlist file /usr/local/etc/raddb/mods-config/files/authorize
                  reading pairlist file /usr/local/etc/raddb/mods-config/files/accounting
                  reading pairlist file /usr/local/etc/raddb/mods-config/files/pre-proxy
                  rlm_passwd: nfields: 3 keyfield 0(User-Name) listable: no
                  reading pairlist file /usr/local/etc/raddb/mods-config/preprocess/huntgroups
                  reading pairlist file /usr/local/etc/raddb/mods-config/preprocess/hints
                  rlm_sqlcounter: Current Time: 1550646881 [2019-02-20 10:14:41], Prev reset 15506                                                                                        10000 [2019-02-20 00:00:00]
                  rlm_sqlcounter: Current Time: 1550646881 [2019-02-20 10:14:41], Prev reset 15489                                                                                        68400 [2019-02-01 00:00:00]
                  rlm_sqlcounter: Current Time: 1550646881 [2019-02-20 10:14:41], Prev reset 0 [20                                                                                        19-02-20 10:00:00]
                  rlm_sqlcounter: Current Time: 1550646881 [2019-02-20 10:14:41], Prev reset 0 [20                                                                                        19-02-20 10:00:00]
                   } # modules
                  radiusd: #### Loading Virtual Servers ####
                  server { # from file /usr/local/etc/raddb/radiusd.conf
                  } # server
                  server default { # from file /usr/local/etc/raddb/sites-enabled/default
                  } # server default
                  server inner-tunnel-ttls { # from file /usr/local/etc/raddb/sites-enabled/inner-                                                                                        tunnel-ttls
                  Ignoring "sql" (see raddb/mods-available/README.rst)
                  Ignoring "ldap" (see raddb/mods-available/README.rst)
                  } # server inner-tunnel-ttls
                  server inner-tunnel-peap { # from file /usr/local/etc/raddb/sites-enabled/inner-                                                                                        tunnel-peap
                  
                  
                  } # server inner-tunnel-peap
                  radiusd: #### Opening IP addresses and Ports ####
                  listen {
                          type = "auth"
                          ipaddr = *
                          port = 1812
                  Failed binding to auth address * port 1812 bound to server default: Address alre                                                                                        ady in use
                  /usr/local/etc/raddb/sites-enabled/default[2]: Error binding to port for 0.0.0.0                                                                                         port 1812
                  
                  GertjanG 1 Reply Last reply Reply Quote 0
                  • P
                    pfsense01
                    last edited by

                    I solved the problem. The solution for those experiencing the same problem is here.
                    https://forum.netgate.com/topic/139132/need-help-on-max-daily-session-attribute

                    Thank you @Gertjan 👏 👏 👏

                    1 Reply Last reply Reply Quote 0
                    • GertjanG
                      Gertjan @pfsense01
                      last edited by Gertjan

                      @pfsense01 said in FreeRadius + Captive Portal "Amount of Time" Problem:

                      radius -x

                      Be careful.

                      I said

                      radius -X
                      

                      not

                      radius -x
                      

                      I advise you to use

                      radiusd -h
                      

                      to see all the options.

                      Btw : If you see

                      Failed binding to auth address * port 1812 bound to server default: Address already in use
                      /usr/local/etc/raddb/sites-enabled/default[2]: Error binding to port for 0.0.0.0    port 1812
                      

                      you are informed some other instance is already running.
                      You should stop radiusd first - and check that you stopped it.
                      This shows the process ID :

                      ps ax | grep 'radius'
                      

                      Than you kill it using

                      kill abcde
                      

                      where abcde is the process ID (pid)

                      No "help me" PM's please. Use the forum, the community will thank you.
                      Edit : and where are the logs ??

                      M 1 Reply Last reply Reply Quote 0
                      • P
                        pfsense01
                        last edited by

                        Thank you so much. I wrote wrong above. The command I use

                        radius -X
                        

                        👍 👍

                        1 Reply Last reply Reply Quote 0
                        • M
                          mustafa.azzam @Gertjan
                          last edited by

                          @Gertjan
                          I have the same problem in radius server,
                          I stopped radius server and check there are no ports and started it again, but it still not working.
                          I need a help please. 😩

                          1 Reply Last reply Reply Quote 0
                          • GertjanG
                            Gertjan
                            last edited by

                            @Gertjan said in FreeRadius + Captive Portal "Amount of Time" Problem:

                            radius -X

                            What about reading what is said above ?

                            It's not just a question of "port checking".

                            The

                            radius -X
                            

                            mode will tell you what is wrong / why it doesn't work.

                            No "help me" PM's please. Use the forum, the community will thank you.
                            Edit : and where are the logs ??

                            M 2 Replies Last reply Reply Quote 0
                            • M
                              mustafa.azzam @Gertjan
                              last edited by

                              @Gertjan
                              I have this problem when I run this command (radius -X) and I don't know how to solve it.

                              rad.PNG

                              1 Reply Last reply Reply Quote 0
                              • M
                                mustafa.azzam @Gertjan
                                last edited by

                                @Gertjan
                                Is this result maybe the reason for the problem??
                                two ipv4 use same port 1812

                                udp.PNG

                                1 Reply Last reply Reply Quote 0
                                • GertjanG
                                  Gertjan
                                  last edited by Gertjan

                                  ??

                                  The reason for the problem is that your are starting radius, nut there is already one running - in this case process 41473.
                                  The instance you started bails out, explaining you with big red lines why.

                                  I stopped radius server and check there are no ports ....
                                  So, radius si telling you why.
                                  You know how to find out why.
                                  But you didn't act ....

                                  Run

                                  netstat -anp | grep 'radius'
                                  

                                  again.
                                  Note the process number and kill that process.
                                  Like this :

                                  kill 123456
                                  

                                  Now, start radius

                                  radius -X
                                  

                                  All the other details are already mentioned in this thread.

                                  No "help me" PM's please. Use the forum, the community will thank you.
                                  Edit : and where are the logs ??

                                  M 1 Reply Last reply Reply Quote 0
                                  • M
                                    mustafa.azzam @Gertjan
                                    last edited by

                                    Thank you @Gertjan
                                    I stopped Radius Server then I ran command (radius -X), It worked correctly.
                                    But I have another question now .. when radius is running, the command (radius -X) will not run?

                                    GertjanG 1 Reply Last reply Reply Quote 0
                                    • GertjanG
                                      Gertjan @mustafa.azzam
                                      last edited by

                                      @mustafa-azzam said in FreeRadius + Captive Portal "Amount of Time" Problem:

                                      But I have another question now .. when radius is running, the command (radius -X) will not run?

                                      Radius is a process you can see as a "server process".
                                      Golden rule : on one and the same system, you can have on ONE server process that listens to a determined port.

                                      So, if you launch "FreeRadius" using the pfSense GUI, you have a radius process runnin.
                                      Example, right now, on my pfSense :

                                      [2.4.4-RELEASE][admin@pfsense.brit-hotel-fumel.net]/root: ps ax | grep radius
                                      83839  -  Is       0:18.74 /usr/local/sbin/radiusd
                                      21455  0  S+       0:00.00 grep radius
                                      

                                      As you know, it's easy to check what ports it's using.
                                      When I launch another, second radius process, it will bail out.

                                      No "help me" PM's please. Use the forum, the community will thank you.
                                      Edit : and where are the logs ??

                                      1 Reply Last reply Reply Quote 0
                                      • First post
                                        Last post
                                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.