FreeRADIUS - quota exceeded CP wrong message

emiliano_tomei

hi everyone, I set the traffic & bandwidth to 5Mb (in test), time period DAILY, interim interval 61sec.
when the quota is reached, the radius disconnects the user, and the syslog reports correctly

Jun 6 16:59:56 logportalauth 95137 Zone: wifi_koysha - QUOTA EXCEEDED: test, c8:bc:c8:a2:55:78, 192.168.201.202

Jun 6 16:57:51 logportalauth 339 Zone: wifi_koysha - ACCEPT: test, c8:bc:c8:a2:55:78, 192.168.201.202

but at the next login of the user TEST, the captive portal responds "invalid credential", instead of answering something like "your maximum daily usage has been reached".

pfs 2.4.4 R p3
freeradius 0.15.7_7

has anyone found and solved this problem?

Gertjan

@emiliano_tomei said in FreeRADIUS - quota exceeded CP wrong message:

"invalid credential"

That message doesn't exists.
This one does : https://github.com/pfsense/pfsense/blob/85cbd521b3ea6ffa0da8d8d5f36aadbfbb7cbd71/src/etc/inc/captiveportal.inc#L1578

This text is a general placeholder.
The error text, if it exists, is parsed out, and reported back.

Does FreeRadius returns more useful info ?

Technically, the message ins't incorrect : credentials are not 'useful' or 'correct' when the quota is consumed.
Easy solution : tell users that they have a quota and over-quota will stop the access for the rest of the day, week or month.

emiliano_tomei

hi Gertjan, freeradius does not report further messages except for disconnection due to quota or time range reached.
the error message creates confusion in the user, and having about 300 the thing is a little annoying, but the operation reaches the goal, having a satellite connection with just 12Mbps.
thank you

Gertjan

I just ran into another FreeRadius question, an found this :

clog /var/log/system.log | grep "FreeRADIUS: User"

Run it yourself on your system.
Console access or SSH, option 8.

Now, when user logs in, you have it's user name, right ?!
Let say, the user is called "107"

What about this :

clog /var/log/system.log | grep "FreeRADIUS: User 107"

Now, take the last line :
clog /var/log/system.log | grep "FreeRADIUS: User 107"

clog /var/log/system.log | grep "FreeRADIUS: User" | tail -1

My idea is : when you make your own portal login page
and
portal error page (the page where the red error shows teh somewhat misleading : ""invalid credential"")

Edit this error page, and add some PHP code that executes these shell commands - and if there is some result (read : useful messages).
Show the result on the error page !

Something like :

User x has reached the daily amount of upload and download traffic (124 MB of 8 MB). The login request was denied.

Now, all you need to do is scripting this together using some PHP and the commands you found above, and put it into the captive portal error page.