3. FreeRADIUS - quota exceeded CP wrong message

FreeRADIUS - quota exceeded CP wrong message

  • E

    hi everyone, I set the traffic & bandwidth to 5Mb (in test), time period DAILY, interim interval 61sec.
    when the quota is reached, the radius disconnects the user, and the syslog reports correctly

    Jun 6 16:59:56 logportalauth 95137 Zone: wifi_koysha - QUOTA EXCEEDED: test, c8:bc:c8:a2:55:78, 192.168.201.202

    Jun 6 16:57:51 logportalauth 339 Zone: wifi_koysha - ACCEPT: test, c8:bc:c8:a2:55:78, 192.168.201.202

    but at the next login of the user TEST, the captive portal responds "invalid credential", instead of answering something like "your maximum daily usage has been reached".

    pfs 2.4.4 R p3
    freeradius 0.15.7_7

    has anyone found and solved this problem?

    0 1 Reply

  • @emiliano_tomei said in FreeRADIUS - quota exceeded CP wrong message:

    "invalid credential"

    That message doesn't exists.
    This one does : https://github.com/pfsense/pfsense/blob/85cbd521b3ea6ffa0da8d8d5f36aadbfbb7cbd71/src/etc/inc/captiveportal.inc#L1578

    This text is a general placeholder.
    The error text, if it exists, is parsed out, and reported back.

    Does FreeRadius returns more useful info ?

    Technically, the message ins't incorrect : credentials are not 'useful' or 'correct' when the quota is consumed.
    Easy solution : tell users that they have a quota and over-quota will stop the access for the rest of the day, week or month.

    0
  • E

    hi Gertjan, freeradius does not report further messages except for disconnection due to quota or time range reached.
    the error message creates confusion in the user, and having about 300 the thing is a little annoying, but the operation reaches the goal, having a satellite connection with just 12Mbps.
    thank you

    0

  • I just ran into another FreeRadius question, an found this :

    clog /var/log/system.log | grep "FreeRADIUS: User"

    Run it yourself on your system.
    Console access or SSH, option 8.

    Now, when user logs in, you have it's user name, right ?!
    Let say, the user is called "107"

    What about this :

    clog /var/log/system.log | grep "FreeRADIUS: User 107"

    Now, take the last line :
    clog /var/log/system.log | grep "FreeRADIUS: User 107"

    clog /var/log/system.log | grep "FreeRADIUS: User" | tail -1

    My idea is : when you make your own portal login page
    and
    portal error page (the page where the red error shows teh somewhat misleading : ""invalid credential"")

    Edit this error page, and add some PHP code that executes these shell commands - and if there is some result (read : useful messages).
    Show the result on the error page !

    Something like :

    User x has reached the daily amount of upload and download traffic (124 MB of 8 MB). The login request was denied.

    Now, all you need to do is scripting this together using some PHP and the commands you found above, and put it into the captive portal error page.

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy