PPPoE Radius "RADIUS Accounting Update" not working



  • Hi,

    I have installed fresh pfsense 2.4.5 x64 for PPPoE server. i did successfully configured with free-radius and authenticating without and problem. but the accounting update is not working and when user quota exceeded in free-radius, user still connected and will not disconnect till disconnect the pppoe manually.

    it seems "RADIUS Accounting Update" does not do anything.

    what should i do to fix this?


  • Netgate Administrator

    Check the logs. Turn up the logging level in Radius so you can see the accounting information (or lack of it).

    Are they able to log in again after the quota is exceeded?

    Steve



  • Hi Steve,

    Thank you for your reply.

    The problem was miss-configuration in mpd5. i enabled internal radius server of mpd5.
    now i can send the POD to connect client with freeradius.
    in pfsense GUI, there is no option to configure this feature.

    more info: http://mpd.sourceforge.net/doc5/mpd30.html
    and : http://mpd.sourceforge.net/doc5/mpd32.html



  • hi,

    I've been having a similar situation, for limiting bandwidth for PPPoe connected users. Have not had a response from the forum.

    Am I to understand that you first were trying on an external Freeradius server? If yes, did you go back to try on the external server?



  • @cenriq said in PPPoE Radius "RADIUS Accounting Update" not working:

    es, did you go back to try on the ext

    hi,

    if you wanna limit the bandwidth, you have to config freeradius with MYSQL and add proper attributes of MPD to your radius sever.

    after that, for example: you can simply "reply", "mpd-limit += "out#1=all shape 1024000" or "in#1=all shape 1024000" to specific users or groups in radius database.



  • I was able to get PfSense to do the bandwidth limiting I needed. My problem continues to be that accounting updates does seem to be working. Did a packet capture on the relevant interface and saw no data in/out for accounting.

    I'm using an external Freeradius server. It is configured with the PfSense and MPD dictionaries. I have set Accounting updates to 330 second in the PPPoE config to be above the minimum requirement of 5 minutes as per the RFC. Anywhere else I need to set anything to get the accounting to work?

    I had also input the PfSense and MPD dictionaries in PfSense also.



  • For some reason, "Accounting updates" is not working in PPPoE config page.
    you should do it manually.

    There are two options. the first i prefer, use "Acct-Interim-Interval" reply attribute in your external radius to update user accounting in specific interval.

    second option, add "set auth acct-update 330" to your pfsense configuration of PPPoE section in "/etc/inc/interfaces.inc" and "save" PPPoE in GUI.
    this line will force MPD to update accounting data every 330 seconds.

    be careful when you edit this file. it may breaks your pfsense functionality.



  • @nimamhd
    For your first option. Is there a "global" setting or I need to do for each user?

    Thanks for the response.



  • @nimamhd said in PPPoE Radius "RADIUS Accounting Update" not working:

    For some reason, "Accounting updates" is not working in PPPoE config page.
    you should do it manually.

    There are two options. the first i prefer, use "Acct-Interim-Interval" reply attribute in your external radius to update user accounting in specific interval.

    second option, add "set auth acct-update 330" to your pfsense configuration of PPPoE section in "/etc/inc/interfaces.inc" and "save" PPPoE in GUI.
    this line will force MPD to update accounting data every 330 seconds.

    be careful when you edit this file. it may breaks your pfsense functionality.

    Redmine issue created: https://redmine.pfsense.org/issues/10869



  • @viktor_g
    Thank you very much



  • @cenriq
    You have external RADIUS server and you did`t say what it is. btw, in FreeRADIUS i use "radgroupreply" group to reply "Acct-Interim-Interval" attribute.

    all users that members of your group, will receive Interim-Interval.



  • @nimamhd

    Thanks again for your response. Yes it is an external Freeradius server I have running in the cloud with Daloradius and other stuff.

    Will try your suggestions shortly. Will keep you posted. Thanks.



  • @nimamhd
    You suggestion to use "Acct-Interim-Interval" in radgroupreply worked. I am using Daloradius for management, so I had created Groups/profiles for users. I just had to put this attribute in the profiles.

    If I can ask what exactly did you do to be able to disconnect a user?



  • @cenriq
    Disconnect a user is more complicated. combination of rlm_counter, unlang and policy needed to decide which user should disconnect from NAS.

    example in pseudo code:

    if ( user bandwidth usage > daily usage)
    update reply {
    disconnect User-Name
    }



  • @nimamhd

    Thanks again for your response. I'm a newbie to this Freeradius stuff, so I'm not familiar with unlang. In Daloradius there is a "Disconnect User" button. I just thought that there was something simple one can do with it to get it to work.


Log in to reply