pfSense with daloRadius to configure the limitation of quota


  • I have pfsense and daloRadius (running freeRadius inside)
    I can create users from daloRadius and authenticate them from pfSense. But when I add certain attributes for limiting bandwidth or limiting download quotas, authentication fails from pfSense, always access-refuse.

    I added to daloRadius the pfSense radius attribute dictionary that I got from here:

              VENDOR      pfSense             13644
    
              BEGIN-VENDOR    pfSense
    
              ATTRIBUTE   pfSense-Bandwidth-Max-Up        1   integer
              ATTRIBUTE   pfSense-Bandwidth-Max-Down      2   integer
              ATTRIBUTE   pfSense-Max-Total-Octets        3   integer
    
            END-VENDOR pfSense
    

    but every time I create a user and try to use one of these attributes the user is not allowed to log in, getting access-reject no explanation.

    Please give me your opinion!


  • Hi,

    This is the (exactly ?!) same question https://forum.netgate.com/topic/146351/pfsense-config-with-daloradius-freeradius-to-setup-download-quota-limitation and the answer wasn't known back then.
    The same question was asked a couple of days ago, and deleted since.

    I don't know anything about "daloRadius", but maybe you can debug it the same way as the FreeRadius pfSEnse package :
    You'll be needing console or SSH access.
    Stop the Radius.
    Start it with

    radiusd -X
    

    This will spit out all the details out to the console.
    If there are any errors, you will see lines that bring you to the reason.

    Why not use the pfSense FreeRadius package, at least the time to discover how it works ? Be ware that this 'standard' FreeBSD package has been adapted for pfSense.
    As you might have found out, a "radius" server has many setup files, and has huge possibilities.

    Btw : this is the English forum section. There is a French section. Nearly no one 'reads' french is this part of the forum.



  • Can you please specify the location where you added this dictionary attribute. It might be the problem that you are using wrong "check" and "reply" or their combination with different "op"s.


  • @Gertjan Daloradius has interactive interface in which we can find out details of accounting in forms of graph and accounting tables , so it's easy to get the user details rather than pfsense freeradius package.
    Please can you specify any package which can help to view the details of user (accounting, reporting) of pfsense-freeradius package.


  • @arnav said in pfSense avec daloRadius pour configurer la limitation du quota de téléchargement:

    the location where I added the dictionary is :

    /usr/share/freeradius/dictionary.pfsense

    As "op" and "target" i used this :

    81f4d57c-7cd1-4253-9c73-0dd663e8f82b-image.png

    !!!! the authentication of user with this attributes fails from daloradius and pfSense !!!! access-reject.

    I have a another probleme with " Acct-Interim-Interval "

    I think that freeradius not configured to accept accounting data,

    i don't know how enabling this feature?


  • @marwa are you using pppoe server in pfsense ?