FreeRadius + Captive Portal "Amount of Time" Problem



  • Have a nice day;
    FreeRadius installed on Pfsense 2.4.4 version. Captive Portal log in with freeradius users logging time. FreeRadius'da Time Configuration under the "Amount of Time" at the end of the period of entry to the Internet is not interrupted. I'm going into the wrong place or I can't figure this out. How can I make a constraint such that a user cannot access the Internet at the end of the period and cannot log in again?
    Sorry for the broken English.



  • Actually, I've made some progress. The relevant amount time works to see my work. However, when I set freeRadius to read the user from the SQL database, it moves as if some time is not entered. However, when I disable the SQL feature, this feature works exactly as I want. Is there a way to solve this?



  • I have a user with a daily quota.

    0_1550484145138_e675cc2b-c826-4831-ac8b-8995ea484623-image.png

    After 4 hours (240 minutes) this users will get disconnected, and can't login for the rest of the day.
    Btw : I'm using a remote SQL server as a database.

    If you want to see what happens, stop radiusd in the GUI - go to console, option 8 and use

    radiusd -X
    

    Now you can see what happens. Do check the 300 seconds (default) interrogation.



  • That's my settings. Can you see a mistake?

    0_1550560758466_1550498545105-resim1.jpg
    0_1550560761834_1550498544819-resim2.jpg 0_1550560768653_1550498544961-resim3.jpg 0_1550560772079_1550498545257-resim4.jpg



  • Looks fine to me.
    Don't why you show SQL settings - or what you are talking about.



  • Sorry about the glitch. I edited the shipment. Unfortunately the problem continues. I don't know where it might be. ☹



  • Hi @gertjan
    This is my radius -x output. Does not work with these settings.

    FreeRADIUS Version 3.0.17
    
    main {
     security {
            allow_core_dumps = no
     }
            name = "radiusd"
            prefix = "/usr/local"
            localstatedir = "/var"
            logdir = "/var/log"
            run_dir = "/var/run"
    }
    main {
            name = "radiusd"
            prefix = "/usr/local"
            localstatedir = "/var"
            sbindir = "/usr/local/sbin"
            logdir = "/var/log"
            run_dir = "/var/run"
            libdir = "/usr/local/lib/freeradius-3.0.17"
            radacctdir = "/var/log/radacct"
            hostname_lookups = no
            max_request_time = 30
            cleanup_delay = 5
            max_requests = 1024
            pidfile = "/var/run/radiusd.pid"
            checkrad = "/usr/local/sbin/checkrad"
            debug_level = 0
            proxy_requests = yes
     log {
            stripped_names = no
            auth = yes
            auth_badpass = no
            auth_goodpass = no
            msg_badpass = ""
            msg_goodpass = ""
            colourise = yes
            msg_denied = "You are already logged in - access denied"
     }
     resources {
     }
     security {
            max_attributes = 200
            reject_delay = 1.000000
            status_server = no
     }
    }
    client QHOTSPOT {
            ipaddr = 192.168.1.1
            require_message_authenticator = no
            secret = <<< secret >>>
            nas_type = "other"
            proto = "udp"
      limit {
            max_connections = 16
            lifetime = 0
            idle_timeout = 30
      }
     }
    radiusd: #### Instantiating modules ####
     modules {
      attr_filter attr_filter.post-proxy {
            filename = "/usr/local/etc/raddb/mods-config/attr_filter/post-proxy"
            key = "%{Realm}"
            relaxed = no
      }
      attr_filter attr_filter.pre-proxy {
            filename = "/usr/local/etc/raddb/mods-config/attr_filter/pre-proxy"
            key = "%{Realm}"
            relaxed = no
      }
      attr_filter attr_filter.access_reject {
            filename = "/usr/local/etc/raddb/mods-config/attr_filter/access_reject"
            key = "%{User-Name}"
            relaxed = no
      }
      attr_filter attr_filter.access_challenge {
            filename = "/usr/local/etc/raddb/mods-config/attr_filter/access_challeng                                                                                        e"
            key = "%{User-Name}"
            relaxed = no
      }
      attr_filter attr_filter.accounting_response {
            filename = "/usr/local/etc/raddb/mods-config/attr_filter/accounting_resp                                                                                        onse"
            key = "%{User-Name}"
            relaxed = no
      }
      cache cache_eap {
            driver = "rlm_cache_rbtree"
            key = "%{%{control:State}:-%{%{reply:State}:-%{State}}}"
            ttl = 15
            max_entries = 0
            epoch = 0
            add_stats = no
      }
      date {
            format = "%b %e %Y %H:%M:%S %Z"
            utc = no
      }
            filename = "/var/log/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IP                                                                                        v6-Address}}/detail-%Y%m%d"
            header = "%t"
            permissions = 384
            locking = no
            escape_filenames = no
            log_packet_header = no
      }
      detail auth_log {
            filename = "/var/log/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IP                                                                                        v6-Address}}/auth-detail-%Y%m%d"
            header = "%t"
            permissions = 384
            locking = no
            escape_filenames = no
            log_packet_header = no
      }
      detail reply_log {
            filename = "/var/log/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IP                                                                                        v6-Address}}/reply-detail-%Y%m%d"
            header = "%t"
            permissions = 384
            locking = no
            escape_filenames = no
            log_packet_header = no
      }
      detail pre_proxy_log {
            filename = "/var/log/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IP                                                                                        v6-Address}}/pre-proxy-detail-%Y%m%d"
            header = "%t"
            permissions = 384
            locking = no
            escape_filenames = no
            log_packet_header = no
      }
      # Loading module "post_proxy_log" from file /usr/local/etc/raddb/mods-enabled/                                                                                        detail.log
      detail post_proxy_log {
            filename = "/var/log/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IP                                                                                        v6-Address}}/post-proxy-detail-%Y%m%d"
            header = "%t"
            permissions = 384
            locking = no
            escape_filenames = no
            log_packet_header = no
      }
      eap {
            default_eap_type = "md5"
            timer_expire = 60
            ignore_unknown_eap_types = no
            cisco_accounting_username_bug = no
            max_sessions = 4096
      }
      # Loaded module rlm_exec
        exec echo {
            wait = yes
            program = "/bin/echo %{User-Name}"
            input_pairs = "request"
            output_pairs = "reply"
            shell_escape = yes
      }
      exec {
            wait = no
            input_pairs = "request"
            shell_escape = yes
            timeout = 10
      }
      expr {
            safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ                                                                                        0123456789.-_: /äéöüàâæçèéêëîïôœùûüaÿÄÉÖÜßÀÂÆÇÈÉÊËÎÏÔŒÙÛÜŸ"
      }
      files {
            filename = "/usr/local/etc/raddb/mods-config/files/authorize"
            acctusersfile = "/usr/local/etc/raddb/mods-config/files/accounting"
            preproxy_usersfile = "/usr/local/etc/raddb/mods-config/files/pre-proxy"
      }
      linelog {
            filename = "/var/log/linelog"
            escape_filenames = no
            syslog_severity = "info"
            permissions = 384
            format = "This is a log message for %{User-Name}"
            reference = "messages.%{%{reply:Packet-Type}:-default}"
      }
      linelog log_accounting {
            filename = "/var/log/linelog-accounting"
            escape_filenames = no
            syslog_severity = "info"
            permissions = 384
            format = ""
            reference = "Accounting-Request.%{%{Acct-Status-Type}:-unknown}"
      }
      # Loaded module rlm_logintime
      # Loading module "logintime" from file /usr/local/etc/raddb/mods-enabled/login                                                                                        time
      logintime {
            minimum_timeout = 60
      }
      mschap {
            use_mppe = yes
            require_encryption = no
            require_strong = no
            with_ntdomain_hack = yes
       passchange {
       }
            allow_retry = yes
            winbind_retry_with_normalised_username = no
      }
      realm IPASS {
            format = "prefix"
            delimiter = "/"
            ignore_default = no
            ignore_null = yes
      }
      realm suffix {
            format = "suffix"
            delimiter = "@"
            ignore_default = no
            ignore_null = yes
      }
      realm realmpercent {
            format = "suffix"
            delimiter = "%"
            ignore_default = no
            ignore_null = yes
      }
      realm ntdomain {
            format = "prefix"
            delimiter = "\"
            ignore_default = no
            ignore_null = yes
      }
      pap {
            normalise = yes
      }
    wd
      passwd etc_passwd {
            filename = "/etc/passwd"
            format = "*User-Name:Crypt-Password:"
            delimiter = ":"
            ignore_nislike = no
            ignore_empty = yes
            allow_multiple_keys = no
            hash_size = 100
      }
      # Loaded module rlm_preprocess
      preprocess {
            huntgroups = "/usr/local/etc/raddb/mods-config/preprocess/huntgroups"
            hints = "/usr/local/etc/raddb/mods-config/preprocess/hints"
            with_ascend_hack = no
            ascend_channels_per_line = 23
            with_ntdomain_hack = no
            with_specialix_jetstream_hack = no
            with_cisco_vsa_hack = no
            with_alvarion_vsa_hack = no
      }
      radutmp {
            filename = "/var/log/radutmp"
            username = "%{User-Name}"
            case_sensitive = yes
            check_with_nas = yes
            permissions = 384
            caller_id = yes
      }
      soh {
            dhcp = yes
      }
      radutmp sradutmp {
            filename = "/var/log/sradutmp"
            username = "%{User-Name}"
            case_sensitive = yes
            check_with_nas = yes
            permissions = 420
            caller_id = no
      }
      unix {
            radwtmp = "/var/log/radwtmp"
      }
    Creating attribute Unix-Group
      always reject {
            rcode = "reject"
            simulcount = 0
            mpp = no
      }
      always fail {
            rcode = "fail"
            simulcount = 0
            mpp = no
      }
      always ok {
            rcode = "ok"
            simulcount = 0
            mpp = no
      }
      # Loading module "handled" from file /usr/local/etc/raddb/mods-enabled/always
      always handled {
            rcode = "handled"
            simulcount = 0
            mpp = no
      }
      # Loading module "invalid" from file /usr/local/etc/raddb/mods-enabled/always
      always invalid {
            rcode = "invalid"
            simulcount = 0
            mpp = no
      }
      # Loading module "userlock" from file /usr/local/etc/raddb/mods-enabled/always
      always userlock {
            rcode = "userlock"
            simulcount = 0
            mpp = no
      }
      # Loading module "notfound" from file /usr/local/etc/raddb/mods-enabled/always
      always notfound {
            rcode = "notfound"
            simulcount = 0
            mpp = no
      }
      # Loading module "noop" from file /usr/local/etc/raddb/mods-enabled/always
      always noop {
            rcode = "noop"
            simulcount = 0
            mpp = no
      }
      # Loading module "updated" from file /usr/local/etc/raddb/mods-enabled/always
      always updated {
            rcode = "updated"
            simulcount = 0
            mpp = no
      }
      exec motp {
            wait = yes
            program = "/usr/local/bin/bash /usr/local/etc/raddb/scripts/otpverify.sh                                                                                         %{request:User-Name} %{request:User-Password} %{reply:MOTP-Init-Secret} %{reply                                                                                        :MOTP-PIN} %{reply:MOTP-Offset}"
            shell_escape = yes
      }
      # Loading module "googleauth" from file /usr/local/etc/raddb/mods-enabled/goog                                                                                        leauth
      exec googleauth {
            wait = yes
            program = "/usr/local/etc/raddb/scripts/googleauth.py %{request:User-Nam                                                                                        e} %{reply:MOTP-Init-Secret} %{reply:MOTP-PIN} %{request:User-Password}"
            shell_escape = yes
      }
      # Loading module "datacounterdaily" from file /usr/local/etc/raddb/mods-enable                                                                                        d/datacounter_acct
      exec datacounterdaily {
            wait = yes
            program = "/bin/sh /usr/local/etc/raddb/scripts/datacounter_acct.sh %{re                                                                                        quest:User-Name} daily %{request:Acct-Input-Octets} %{request:Acct-Output-Octets                                                                                        } %{request:Acct-Status-Type} %{request:Acct-Session-Id}"
            shell_escape = yes
      }
      # Loading module "datacounterweekly" from file /usr/local/etc/raddb/mods-enabl                                                                                        ed/datacounter_acct
      exec datacounterweekly {
            wait = yes
            program = "/bin/sh /usr/local/etc/raddb/scripts/datacounter_acct.sh %{re                                                                                        quest:User-Name} weekly %{request:Acct-Input-Octets} %{request:Acct-Output-Octet                                                                                        s} %{request:Acct-Status-Type} %{request:Acct-Session-Id}"
            shell_escape = yes
      }
      # Loading module "datacountermonthly" from file /usr/local/etc/raddb/mods-enab                                                                                        led/datacounter_acct
      exec datacountermonthly {
            wait = yes
            program = "/bin/sh /usr/local/etc/raddb/scripts/datacounter_acct.sh %{re                                                                                        quest:User-Name} monthly %{request:Acct-Input-Octets} %{request:Acct-Output-Octe                                                                                        ts} %{request:Acct-Status-Type} %{request:Acct-Session-Id}"
            shell_escape = yes
      }
      # Loading module "datacounterforever" from file /usr/local/etc/raddb/mods-enab                                                                                        led/datacounter_acct
      exec datacounterforever {
            wait = yes
            program = "/bin/sh /usr/local/etc/raddb/scripts/datacounter_acct.sh %{re                                                                                        quest:User-Name} forever %{request:Acct-Input-Octets} %{request:Acct-Output-Octe                                                                                        ts} %{request:Acct-Status-Type} %{request:Acct-Session-Id}"
            shell_escape = yes
      }
      # Loaded module rlm_sql
      # Loading module "sql1" from file /usr/local/etc/raddb/mods-enabled/sql
      sql sql1 {
            driver = "rlm_sql_mysql"
            server = "localhost"
            port = 3306
            login = "qhotspot"
            password = <<< secret >>>
            radius_db = "qhotspot"
            read_groups = yes
            read_profiles = yes
            read_clients = yes
            delete_stale_sessions = yes
            sql_user_name = "%{User-Name}"
            logfile = "/var/log/sqltrace.sql"
            default_user_profile = ""
            client_query = "SELECT id, nasname, shortname, type, secret, server FROM                                                                                         nas"
            authorize_check_query = "SELECT id, username, attribute, value, op FROM                                                                                         radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id"
            authorize_reply_query = "SELECT id, username, attribute, value, op FROM                                                                                         radreply WHERE username = '%{SQL-User-Name}' ORDER BY id"
            authorize_group_check_query = "SELECT id, groupname, attribute, Value, o                                                                                        p FROM radgroupcheck WHERE groupname = '%{sql1-SQL-Group}' ORDER BY id"
            authorize_group_reply_query = "SELECT id, groupname, attribute, value, o                                                                                        p FROM radgroupreply WHERE groupname = '%{sql1-SQL-Group}' ORDER BY id"
            group_membership_query = "SELECT groupname FROM radusergroup WHERE usern                                                                                        ame = '%{SQL-User-Name}' ORDER BY priority"
            simul_count_query = "SELECT COUNT(*) FROM radacct WHERE username = '%{SQ                                                                                        L-User-Name}' AND acctstoptime IS NULL"
            simul_verify_query = "SELECT radacctid, acctsessionid, username, nasipad                                                                                        dress, nasportid, framedipaddress, callingstationid, framedprotocol FROM radacct                                                                                         WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL"
            safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ                                                                                        0123456789.-_: /"
       accounting {
            reference = "%{tolower:type.%{Acct-Status-Type}.query}"
        type {
         accounting-on {
            query = "UPDATE radacct SET acctstoptime = FROM_UNIXTIME(%{integer:Event                                                                                        -Timestamp}), acctsessiontime   = '%{integer:Event-Timestamp}' - UNIX_TIMESTAMP(                                                                                        acctstarttime), acctterminatecause = '%{%{Acct-Terminate-Cause}:-NAS-Reboot}' WH                                                                                        ERE acctstoptime IS NULL AND nasipaddress   = '%{NAS-IP-Address}' AND acctstartt                                                                                        ime <= FROM_UNIXTIME(%{integer:Event-Timestamp})"
         }
         accounting-off {
            query = "UPDATE radacct SET acctstoptime = FROM_UNIXTIME(%{integer:Event                                                                                        -Timestamp}), acctsessiontime   = '%{integer:Event-Timestamp}' - UNIX_TIMESTAMP(                                                                                        acctstarttime), acctterminatecause = '%{%{Acct-Terminate-Cause}:-NAS-Reboot}' WH                                                                                        ERE acctstoptime IS NULL AND nasipaddress   = '%{NAS-IP-Address}' AND acctstartt                                                                                        ime <= FROM_UNIXTIME(%{integer:Event-Timestamp})"
         }
         start {
            query = "INSERT INTO radacct (acctsessionid,            acctuniqueid,  u                                                                                        sername, realm,                 nasipaddress,           nasportid, nasporttype,a                                                                                        cctstarttime,           acctupdatetime, acctstoptime,           acctsessiontime,                                                                                                acctauthentic, connectinfo_start,       connectinfo_stop,       acctinpu                                                                                        toctets, acctoutputoctets,      calledstationid,        callingstationid, acctte                                                                                        rminatecause,   servicetype,            framedprotocol, framedipaddress) VALUES                                                                                         ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm                                                                                        }', '%{NAS-IP-Address}', '%{%{NAS-Port-ID}:-%{NAS-Port}}', '%{NAS-Port-Type}', F                                                                                        ROM_UNIXTIME(%{integer:Event-Timestamp}), FROM_UNIXTIME(%{integer:Event-Timestam                                                                                        p}), NULL, '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-                                                                                        Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol                                                                                        }', '%{Framed-IP-Address}')"
         }
         interim-update {
            query = "UPDATE radacct SET acctupdatetime  = (@acctupdatetime_old:=acct                                                                                        updatetime), acctupdatetime  = FROM_UNIXTIME(%{integer:Event-Timestamp}), acctin                                                                                        terval    = %{integer:Event-Timestamp} - UNIX_TIMESTAMP(@acctupdatetime_old), fr                                                                                        amedipaddress = '%{Framed-IP-Address}', acctsessiontime = %{%{Acct-Session-Time}                                                                                        :-NULL}, acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Inp                                                                                        ut-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{                                                                                        %{Acct-Output-Octets}:-0}' WHERE AcctUniqueId = '%{Acct-Unique-Session-Id}'"
         }
         stop {
            query = "UPDATE radacct SET acctstoptime        = FROM_UNIXTIME(%{intege                                                                                        r:Event-Timestamp}), acctsessiontime    = %{%{Acct-Session-Time}:-NULL}, acctinp                                                                                        utoctets        = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets                                                                                        }:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Ou                                                                                        tput-Octets}:-0}', acctterminatecause = '%{Acct-Terminate-Cause}', connectinfo_s                                                                                        top = '%{Connect-Info}' WHERE AcctUniqueId = '%{Acct-Unique-Session-Id}'"
         }
        }
       }
       post-auth {
            reference = ".query"
            query = "INSERT INTO radpostauth (username, pass, reply, authdate) VALUE                                                                                        S ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet                                                                                        -Type}', '%S')"
       }
      }
    rlm_sql (sql1): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
    Creating attribute sql1-SQL-Group
      # Loaded module rlm_sqlcounter
      # Loading module "dailycounter" from file /usr/local/etc/raddb/mods-enabled/sq                                                                                        lcounter
      sqlcounter dailycounter {
            sql_module_instance = "sql"
            key = "User-Name"
            query = "SELECT SUM(acctsessiontime - GREATEST((%%b - UNIX_TIMESTAMP(acc                                                                                        tstarttime)), 0)) FROM radacct WHERE username = '%{User-Name}' AND UNIX_TIMESTAM                                                                                        P(acctstarttime) + acctsessiontime > '%%b'"
            reset = "daily"
            counter_name = "Daily-Session-Time"
            check_name = "Max-Daily-Session"
            reply_name = "Session-Timeout"
      }
      # Loading module "monthlycounter" from file /usr/local/etc/raddb/mods-enabled/                                                                                        sqlcounter
      sqlcounter monthlycounter {
            sql_module_instance = "sql"
            key = "User-Name"
            query = "SELECT SUM(acctsessiontime - GREATEST((%%b - UNIX_TIMESTAMP(acc                                                                                        tstarttime)), 0)) FROM radacct WHERE username='%{User-Name}' AND UNIX_TIMESTAMP(                                                                                        acctstarttime) + acctsessiontime > '%%b'"
            reset = "monthly"
            counter_name = "Monthly-Session-Time"
            check_name = "Max-Monthly-Session"
            reply_name = "Session-Timeout"
      }
      # Loading module "noresetcounter" from file /usr/local/etc/raddb/mods-enabled/                                                                                        sqlcounter
      sqlcounter noresetcounter {
            sql_module_instance = "sql"
            key = "User-Name"
            query = "SELECT IFNULL(SUM(AcctSessionTime),0) FROM radacct WHERE UserNa                                                                                        me='%{User-Name}'"
            reset = "never"
            counter_name = "Max-All-Session-Time"
            check_name = "Max-All-Session"
            reply_name = "Session-Timeout"
      }
      # Loading module "expire_on_login" from file /usr/local/etc/raddb/mods-enabled                                                                                        /sqlcounter
      sqlcounter expire_on_login {
            sql_module_instance = "sql"
            key = "User-Name"
            query = "SELECT IFNULL( MAX(TIME_TO_SEC(TIMEDIFF(NOW(), acctstarttime)))                                                                                        ,0) FROM radacct WHERE UserName='%{User-Name}' ORDER BY acctstarttime LIMIT 1;"
            reset = "never"
            counter_name = "Expire-After-Initial-Login"
            check_name = "Expire-After"
            reply_name = "Session-Timeout"
      }
      instantiate {
    rlm_sql_mysql: libmysql version: 5.6.43
       mysql {
        tls {
        }
            warnings = "auto"
       }
    rlm_sql (sql1): Attempting to connect to database "qhotspot"
    rlm_sql (sql1): Initialising connection pool
       pool {
            start = 5
            min = 3
            max = 5
            spare = 10
            uses = 0
            lifetime = 0
            cleanup_interval = 30
            idle_timeout = 60
            retry_delay = 60
            spread = no
       }
    WARNING: Ignoring "spare = 10", forcing to "spare = 2"
    rlm_sql (sql1): Opening additional connection (0), 1 of 5 pending slots used
    rlm_sql_mysql: Starting connect to MySQL server
    rlm_sql_mysql: Connected to database 'qhotspot' on Localhost via UNIX socket, se                                                                                        rver version 5.6.43, protocol version 10
    rlm_sql (sql1): Opening additional connection (1), 1 of 4 pending slots used
    rlm_sql_mysql: Starting connect to MySQL server
    rlm_sql_mysql: Connected to database 'qhotspot' on Localhost via UNIX socket, se                                                                                        rver version 5.6.43, protocol version 10
    rlm_sql (sql1): Opening additional connection (2), 1 of 3 pending slots used
    rlm_sql_mysql: Starting connect to MySQL server
    rlm_sql_mysql: Connected to database 'qhotspot' on Localhost via UNIX socket, se                                                                                        rver version 5.6.43, protocol version 10
    rlm_sql (sql1): Opening additional connection (3), 1 of 2 pending slots used
    rlm_sql_mysql: Starting connect to MySQL server
    rlm_sql_mysql: Connected to database 'qhotspot' on Localhost via UNIX socket, se                                                                                        rver version 5.6.43, protocol version 10
    rlm_sql (sql1): Opening additional connection (4), 1 of 1 pending slots used
    rlm_sql_mysql: Starting connect to MySQL server
    rlm_sql_mysql: Connected to database 'qhotspot' on Localhost via UNIX socket, se                                                                                        rver version 5.6.43, protocol version 10
    rlm_sql (sql1): Processing generate_sql_clients
    rlm_sql (sql1) in generate_sql_clients: query is SELECT id, nasname, shortname,                                                                                         type, secret, server FROM nas
    rlm_sql (sql1): Reserved connection (0)
    rlm_sql (sql1): Executing select query: SELECT id, nasname, shortname, type, sec                                                                                        ret, server FROM nas
    rlm_sql (sql1): Released connection (0)
      }
       gtc {
            challenge = "Password: "
            auth_type = "PAP"
       }
       # Linked to sub-module rlm_eap_tls
       tls {
            tls = "tls-common"
       }
       tls-config tls-common {
            verify_depth = 0
            ca_path = "/usr/local/etc/raddb/certs"
            pem_file_type = yes
            private_key_file = "/usr/local/etc/raddb/certs/server_key.pem"
            certificate_file = "/usr/local/etc/raddb/certs/server_cert.pem"
            ca_file = "/usr/local/etc/raddb/certs/ca_cert.pem"
            dh_file = "/usr/local/etc/raddb/certs/dh"
            random_file = "/dev/urandom"
            fragment_size = 1024
            include_length = yes
            auto_chain = yes
            check_crl = no
            check_all_crl = no
            cipher_list = "DEFAULT"
            cipher_server_preference = no
            ecdh_curve = "prime256v1"
            tls_max_version = ""
            tls_min_version = "1.0"
        cache {
            enable = no
            lifetime = 24
            max_entries = 255
        }
        verify {
            skip_if_ocsp_ok = no
        }
        ocsp {
            enable = no
            override_cert_url = no
            url = "http://127.0.0.1/ocsp/"
            use_nonce = yes
            timeout = 0
            softfail = no
        }
       }
       # Linked to sub-module rlm_eap_ttls
       ttls {
            tls = "tls-common"
            default_eap_type = "md5"
            copy_request_to_tunnel = no
            use_tunneled_reply = no
            virtual_server = "inner-tunnel-ttls"
            include_length = yes
            require_client_cert = no
       }
    tls: Using cached TLS configuration from previous invocation
       # Linked to sub-module rlm_eap_peap
       peap {
            tls = "tls-common"
            default_eap_type = "mschapv2"
            copy_request_to_tunnel = no
            use_tunneled_reply = no
            proxy_tunneled_request_as_eap = yes
            virtual_server = "inner-tunnel-peap"
            soh = no
            require_client_cert = no
       }
    tls: Using cached TLS configuration from previous invocation
       # Linked to sub-module rlm_eap_mschapv2
       mschapv2 {
            with_ntdomain_hack = no
            send_error = no
       }
      # Instantiating module "files" from file /usr/local/etc/raddb/mods-enabled/fil                                                                                        es
    reading pairlist file /usr/local/etc/raddb/mods-config/files/authorize
    reading pairlist file /usr/local/etc/raddb/mods-config/files/accounting
    reading pairlist file /usr/local/etc/raddb/mods-config/files/pre-proxy
    rlm_passwd: nfields: 3 keyfield 0(User-Name) listable: no
    reading pairlist file /usr/local/etc/raddb/mods-config/preprocess/huntgroups
    reading pairlist file /usr/local/etc/raddb/mods-config/preprocess/hints
    rlm_sqlcounter: Current Time: 1550646881 [2019-02-20 10:14:41], Prev reset 15506                                                                                        10000 [2019-02-20 00:00:00]
    rlm_sqlcounter: Current Time: 1550646881 [2019-02-20 10:14:41], Prev reset 15489                                                                                        68400 [2019-02-01 00:00:00]
    rlm_sqlcounter: Current Time: 1550646881 [2019-02-20 10:14:41], Prev reset 0 [20                                                                                        19-02-20 10:00:00]
    rlm_sqlcounter: Current Time: 1550646881 [2019-02-20 10:14:41], Prev reset 0 [20                                                                                        19-02-20 10:00:00]
     } # modules
    radiusd: #### Loading Virtual Servers ####
    server { # from file /usr/local/etc/raddb/radiusd.conf
    } # server
    server default { # from file /usr/local/etc/raddb/sites-enabled/default
    } # server default
    server inner-tunnel-ttls { # from file /usr/local/etc/raddb/sites-enabled/inner-                                                                                        tunnel-ttls
    Ignoring "sql" (see raddb/mods-available/README.rst)
    Ignoring "ldap" (see raddb/mods-available/README.rst)
    } # server inner-tunnel-ttls
    server inner-tunnel-peap { # from file /usr/local/etc/raddb/sites-enabled/inner-                                                                                        tunnel-peap
    
    
    } # server inner-tunnel-peap
    radiusd: #### Opening IP addresses and Ports ####
    listen {
            type = "auth"
            ipaddr = *
            port = 1812
    Failed binding to auth address * port 1812 bound to server default: Address alre                                                                                        ady in use
    /usr/local/etc/raddb/sites-enabled/default[2]: Error binding to port for 0.0.0.0                                                                                         port 1812
    


  • I solved the problem. The solution for those experiencing the same problem is here.
    https://forum.netgate.com/topic/139132/need-help-on-max-daily-session-attribute

    Thank you @Gertjan 👏 👏 👏



  • @pfsense01 said in FreeRadius + Captive Portal "Amount of Time" Problem:

    radius -x

    Be careful.

    I said

    radius -X
    

    not

    radius -x
    

    I advise you to use

    radiusd -h
    

    to see all the options.

    Btw : If you see

    Failed binding to auth address * port 1812 bound to server default: Address already in use
    /usr/local/etc/raddb/sites-enabled/default[2]: Error binding to port for 0.0.0.0    port 1812
    

    you are informed some other instance is already running.
    You should stop radiusd first - and check that you stopped it.
    This shows the process ID :

    ps ax | grep 'radius'
    

    Than you kill it using

    kill abcde
    

    where abcde is the process ID (pid)



  • Thank you so much. I wrote wrong above. The command I use

    radius -X
    

    👍 👍



  • @Gertjan
    I have the same problem in radius server,
    I stopped radius server and check there are no ports and started it again, but it still not working.
    I need a help please. 😩



  • @Gertjan said in FreeRadius + Captive Portal "Amount of Time" Problem:

    radius -X

    What about reading what is said above ?

    It's not just a question of "port checking".

    The

    radius -X
    

    mode will tell you what is wrong / why it doesn't work.



  • @Gertjan
    I have this problem when I run this command (radius -X) and I don't know how to solve it.

    rad.PNG



  • @Gertjan
    Is this result maybe the reason for the problem??
    two ipv4 use same port 1812

    udp.PNG



  • ??

    The reason for the problem is that your are starting radius, nut there is already one running - in this case process 41473.
    The instance you started bails out, explaining you with big red lines why.

    I stopped radius server and check there are no ports ....
    So, radius si telling you why.
    You know how to find out why.
    But you didn't act ....

    Run

    netstat -anp | grep 'radius'
    

    again.
    Note the process number and kill that process.
    Like this :

    kill 123456
    

    Now, start radius

    radius -X
    

    All the other details are already mentioned in this thread.



  • Thank you @Gertjan
    I stopped Radius Server then I ran command (radius -X), It worked correctly.
    But I have another question now .. when radius is running, the command (radius -X) will not run?



  • @mustafa-azzam said in FreeRadius + Captive Portal "Amount of Time" Problem:

    But I have another question now .. when radius is running, the command (radius -X) will not run?

    Radius is a process you can see as a "server process".
    Golden rule : on one and the same system, you can have on ONE server process that listens to a determined port.

    So, if you launch "FreeRadius" using the pfSense GUI, you have a radius process runnin.
    Example, right now, on my pfSense :

    [2.4.4-RELEASE][admin@pfsense.brit-hotel-fumel.net]/root: ps ax | grep radius
    83839  -  Is       0:18.74 /usr/local/sbin/radiusd
    21455  0  S+       0:00.00 grep radius
    

    As you know, it's easy to check what ports it's using.
    When I launch another, second radius process, it will bail out.


Log in to reply