pfSense-Bandwidth-Max-Down not working on radius server



  • i am using radius server as back-end external MySQL radius server for user authentication when i add attribute for limit download speed with pfSense-Bandwidth-Max-Down user get discounted from captive portal and can't login until i remove pfSense-Bandwidth-Max-Down attribute from MySQL.

    and even per-user-bandwidth also not working in captive portal

    any solution?


  • Rebel Alliance

    @maherg try to click on "disconnect all" then try to login again, with the attribute enabled. does it works ?

    if no, what are the logs on the radius server ? what happens when you start freeradius in debug mode on your linux server ( "freeradius -X" )



  • @free4 log i didn't check and when attribute enabled i can't login wrong credentials error shows when i try to login



  • As @free4 said : stop FreeRadius in the GUI.
    Enter console or ssh, choose option 8.
    Type

    radiusd -X
    

    Now, login into the captive portal and enjoy all the log details .....

    @maherg said in pfSense-Bandwidth-Max-Down not working on radius server:

    log i didn't check ....

    But that's the place with the answers.


  • Rebel Alliance

    @maherg that's because your freeradius configuration has error

    please check the logs of your freeradius server.



  • Wait ...

    @maherg said in pfSense-Bandwidth-Max-Down not working on radius server:

    radius server as back-end external MySQL radius server

    You're not using the FreeRadius package but an (some brand) Radius server running on some device on your LAN? or else where ... right ?
    And that radius server is using some MySQL database as a storage back-end.
    That's actually the classic setup.

    In that case, your "pfSense-Bandwidth-Max-Down" - and "*-Up", etc, have to be implemented by you.
    Up to you to test and debug.
    Remember : a radius server is like a mail, web or domain server : never ever a GUI can be used. It's all about config files, testing - more testing, documentation and debugging.
    And more debugging.
    And when done, you have to check good functionality regularly.

    That's why .... pfSense has package called "FreeRadius" that is somewhat made aware of certain 'pfSense' extension like bandwidth control :

    af96bc70-92a0-47ff-918d-c07336cd703e-image.png

    Btw : when using the FreeRadius pfSense package, I really advise that you use an external MySQL database (also). This gives you better insight, although there is not much to see.
    User accounts and per user settings are now controlled from the pfSense GUI - among others.

    edit : still : Its all about logs - as always.



  • pfsense log showing this

    DISCONNECT - REAUTHENTICATION FAILED: unauthenticated,
    

  • Rebel Alliance

    oh

    then check your HTML page...it seems that you are not using the right name for the user input



  • @free4 : I have seen the same logs - actually, when I run radius by hand, using the -X mode.
    For me, this is where error log comes from

    5ac5bf95-8116-4025-a65c-cbf9c66b29fa-image.png

    It's not the authentication, which probably just fine, but the REAUTHENTICATION which happens every minute. It's this one that checks upload/download bits, time etc.

    @maherg : what pfSense logs is useless info - it's far to minial - although it show (me) "where" the problem is.
    We told you now 3 times where to look for the what really happens.
    Just do what admins (have to) do.


Log in to reply