pfSense-Bandwidth-Max-Down not working on radius server

maherg

i am using radius server as back-end external MySQL radius server for user authentication when i add attribute for limit download speed with pfSense-Bandwidth-Max-Down user get discounted from captive portal and can't login until i remove pfSense-Bandwidth-Max-Down attribute from MySQL.

and even per-user-bandwidth also not working in captive portal

any solution?

free4

@maherg try to click on "disconnect all" then try to login again, with the attribute enabled. does it works ?

if no, what are the logs on the radius server ? what happens when you start freeradius in debug mode on your linux server ( "freeradius -X" )

maherg

@free4 log i didn't check and when attribute enabled i can't login wrong credentials error shows when i try to login

Gertjan

As @free4 said : stop FreeRadius in the GUI.
Enter console or ssh, choose option 8.
Type

radiusd -X

Now, login into the captive portal and enjoy all the log details .....

@maherg said in pfSense-Bandwidth-Max-Down not working on radius server:

log i didn't check ....

But that's the place with the answers.

free4

@maherg that's because your freeradius configuration has error

please check the logs of your freeradius server.

Gertjan

Wait ...

@maherg said in pfSense-Bandwidth-Max-Down not working on radius server:

radius server as back-end external MySQL radius server

You're not using the FreeRadius package but an (some brand) Radius server running on some device on your LAN? or else where ... right ?
And that radius server is using some MySQL database as a storage back-end.
That's actually the classic setup.

In that case, your "pfSense-Bandwidth-Max-Down" - and "*-Up", etc, have to be implemented by you.
Up to you to test and debug.
Remember : a radius server is like a mail, web or domain server : never ever a GUI can be used. It's all about config files, testing - more testing, documentation and debugging.
And more debugging.
And when done, you have to check good functionality regularly.

That's why .... pfSense has package called "FreeRadius" that is somewhat made aware of certain 'pfSense' extension like bandwidth control :

Btw : when using the FreeRadius pfSense package, I really advise that you use an external MySQL database (also). This gives you better insight, although there is not much to see.
User accounts and per user settings are now controlled from the pfSense GUI - among others.

edit : still : Its all about logs - as always.

maherg

pfsense log showing this

DISCONNECT - REAUTHENTICATION FAILED: unauthenticated,

free4

oh

then check your HTML page...it seems that you are not using the right name for the user input

Gertjan

@free4 : I have seen the same logs - actually, when I run radius by hand, using the -X mode.
For me, this is where error log comes from

It's not the authentication, which probably just fine, but the REAUTHENTICATION which happens every minute. It's this one that checks upload/download bits, time etc.

@maherg : what pfSense logs is useless info - it's far to minial - although it show (me) "where" the problem is.
We told you now 3 times where to look for the what really happens.
Just do what admins (have to) do.