Captive portal disconnect user before he reach the actual time limit



  • I created timeuser03 as 60 Minutes Daily. But Radius Accounting is counting much 5 times or something.
    Captive portal always disconnect users before he reached the actual limited login time.
    Here are my onfiguration and logs.

    In captive portal 2.0.1-RELEASE
    Enabled-Reauthenticate connected users every minute
    Accounting updates =  stop/start accounting
    Enabled -Use RADIUS Session-Timeout attributes

    In Freeradius2 ver 2.1.12 pkg v1.6.6_1

    Disable Acct_Unique is Checked.

    Captive portal log.

    Apr 13 12:32:06 logportalauth[44661]: RADIUS_DISCONNECT: timeuser03, f0:a2:25:34:e3:31, 172.18.10.30, Your maximum daily usage time has been reached
    Apr 13 12:20:37 logportalauth[51830]: USER LOGIN: timeuser03, f0:a2:25:34:e3:31, 172.18.10.30

    In Radius Radacct log,it seems accounting is doing well, but it stop the user before he reach the actual time limit.
    It happens to all the time limited users. Check this out. I am so confused with this.

    Fri Apr 13 12:20:37 2012
    NAS-IP-Address = 172.18.30.2
    NAS-Identifier = "portal.pandora.local"
    User-Name = "timeuser03"
    Acct-Status-Type = Start
    Acct-Authentic = RADIUS
    Service-Type = Login-User
    NAS-Port-Type = Ethernet
    NAS-Port = 120
    Acct-Session-Id = "32dc61b5d6309908"
    Framed-IP-Address = 172.18.10.30
    Called-Station-Id = "172.18.30.2"
    Calling-Station-Id = "f0:a2:25:34:e3:31"
    FreeRADIUS-Acct-Session-Start-Time = "Apr 13 2012 12:20:37 MMT"
    Timestamp = 1334296237
    Fri Apr 13 12:21:10 2012
    NAS-IP-Address = 172.18.30.2
    NAS-Identifier = "portal.pandora.local"
    User-Name = "timeuser03"
    Acct-Status-Type = Stop
    Acct-Session-Time = 33
    Acct-Authentic = RADIUS
    Service-Type = Login-User
    NAS-Port-Type = Ethernet
    NAS-Port = 120
    Acct-Session-Id = "32dc61b5d6309908"
    Framed-IP-Address = 172.18.10.30
    Called-Station-Id = "172.18.30.2"
    Calling-Station-Id = "f0:a2:25:34:e3:31"
    Acct-Input-Packets = 217
    Acct-Input-Octets = 44224
    Acct-Input-Gigawords = 0
    Acct-Output-Packets = 177
    Acct-Output-Octets = 216344
    Acct-Output-Gigawords = 0
    Acct-Session-Time = 33
    Acct-Terminate-Cause = NAS-Request
    FreeRADIUS-Acct-Session-Start-Time = "Apr 13 2012 12:20:37 MMT"
    Timestamp = 1334296270

    Fri Apr 13 12:21:10 2012
    NAS-IP-Address = 172.18.30.2
    NAS-Identifier = "portal.pandora.local"
    User-Name = "timeuser03"
    Acct-Status-Type = Start
    Acct-Authentic = RADIUS
    Service-Type = Login-User
    NAS-Port-Type = Ethernet
    NAS-Port = 120
    Acct-Session-Id = "32dc61b5d6309908"
    Framed-IP-Address = 172.18.10.30
    Called-Station-Id = "172.18.30.2"
    Calling-Station-Id = "f0:a2:25:34:e3:31"
    FreeRADIUS-Acct-Session-Start-Time = "Apr 13 2012 12:21:10 MMT"
    Timestamp = 1334296270

    ….......

    Fri Apr 13 12:32:02 2012
    NAS-IP-Address = 172.18.30.2
    NAS-Identifier = "portal.pandora.local"
    User-Name = "timeuser03"
    Acct-Status-Type = Stop
    Acct-Session-Time = 685
    Acct-Authentic = RADIUS
    Service-Type = Login-User
    NAS-Port-Type = Ethernet
    NAS-Port = 120
    Acct-Session-Id = "32dc61b5d6309908"
    Framed-IP-Address = 172.18.10.30
    Called-Station-Id = "172.18.30.2"
    Calling-Station-Id = "f0:a2:25:34:e3:31"
    Acct-Input-Packets = 3237
    Acct-Input-Octets = 447463
    Acct-Input-Gigawords = 0
    Acct-Output-Packets = 1173
    Acct-Output-Octets = 1565057
    Acct-Output-Gigawords = 0
    Acct-Session-Time = 685
    Acct-Terminate-Cause = NAS-Request
    FreeRADIUS-Acct-Session-Start-Time = "Apr 13 2012 12:20:37 MMT"
    Timestamp = 1334296922

    Fri Apr 13 12:32:03 2012
    NAS-IP-Address = 172.18.30.2
    NAS-Identifier = "portal.pandora.local"
    User-Name = "timeuser03"
    Acct-Status-Type = Start
    Acct-Authentic = RADIUS
    Service-Type = Login-User
    NAS-Port-Type = Ethernet
    NAS-Port = 120
    Acct-Session-Id = "32dc61b5d6309908"
    Framed-IP-Address = 172.18.10.30
    Called-Station-Id = "172.18.30.2"
    Calling-Station-Id = "f0:a2:25:34:e3:31"
    FreeRADIUS-Acct-Session-Start-Time = "Apr 13 2012 12:32:03 MMT"
    Timestamp = 1334296923

    ...then no record for "timeuser03" only 685 sec (Actual time limit for user is 60 minutes though)
    ???





  • @Nachtfalke:

    http://redmine.pfsense.org/issues/2164

    I already tried this patch. Before I try this, Captive portal stop users when they reach the time limit, however if they try to log in again, portal allow the session. After I patch cp.diff, there are some error output I can't remember. This time Portal don't allow the users to connect again. Only accounting the time much more. Maybe I am so dumb with FreeBSD commands. ;D I am used to Windows only.  Do I need to try the patch again anyway? How can I make my captive portal and radius settings to default? But I want to keep my radius users. Please help me?



  • Not sure about how to apply that patch but probably it is well implemented in 2.1

    Reverting this changes/patch is - as far as I know - only possible with a new installation of pfsense.
    radius users (do you use any freeradius package ?) will be saved in your pfsense config.xml file.

    So just reinstall pfsense, restore the config and all should be work as before. (I hope you did a backup before applying the patch !?



  • I'm testing this in 2.1 and it does the same thing for me with usage limits.  When a user hits the limit he's kicked but allowed back in a while later with a daily limit.

    I also set up a speed limit in freeradius2 witch is from what I read suppose to over ride the limit set in CP.
    It does not. The user will get the CP set limit for speed every time.

    I've gone over it several times either I'm missing something or it's not working properly.



  • @Alan87i:

    I'm testing this in 2.1 and it does the same thing for me with usage limits.  When a user hits the limit he's kicked but allowed back in a while later with a daily limit.

    I also set up a speed limit in freeradius2 witch is from what I read suppose to over ride the limit set in CP.
    It does not. The user will get the CP set limit for speed every time.

    I've gone over it several times either I'm missing something or it's not working properly.

    http://doc.pfsense.org/index.php/FreeRADIUS_2.x_package#Amount_of_Bandwidth
    and
    doc.pfsense.org/index.php/FreeRADIUS_2.x_package#Amount_of_Bandwidth

    How did you get freeradius2 package working on pfsense 2.1 ? As far as I know there aren't any .pbi packages for freeradius2 built at the moment. So on 2.1 the freeradius2 GUI gets installed but nothing in the background. Or are you using freeradius2 on a different pfsense ?



  • Sorry 2.0.1

    2.0.1-RELEASE (i386)
    built on Mon Dec 12 17:53:52 EST 2011
    FreeBSD 8.1-RELEASE-p6

    I tried a full upgrade too the latest snapshot and freeradius2 was busted.

    I followed that exact page you linked and that was the result I got. Reloaded from scratch going to try again.



  • I unchecked "Reauthenticate connected users every minute" option in Captive Portal and now the time counter is worked well as I desire.
    :) Thanks @Nachtfalke for your help.


Log in to reply