Captive portal+freeradius+user can have different amount of time?



  • Hi, I have been working with pfsense 2.0.1, captive portal+freeradius following the great doc:

    http://doc.pfsense.org/index.php/FreeRADIUS_2.x_package

    I want to add users and that each users have different amount of time, I setup this in freeradius users, latter I went to CP and setup to connect to freeradius following the manual.

    But doesn't matter if I setup in FR2 each user with different "amount of time", CP is using the lowest value for all users:

    users1 3 minutes
    users2 5 minutes
    users3 10 minutes

    After 3 minutes the uses is kickoff.

    How can I fix this?

    Thanks!!!



  • This is what you should look about:
    http://doc.pfsense.org/index.php/FreeRADIUS_2.x_package#Amount_of_Time

    The three usernames you posted are all the same. This will not work. The username must be different.
    Another problem could be if you set the time perio to "daily" and you create a user with username "test1" then this user will be saved in the database and fill first be resetted at 00:00 o'clock.
    So if you delete this user and re-create a new user with the same username this will probably not overwrite the values in the database. Not sure about that.

    So please set the settings like in the link above
    Create three users with different usernames and you didn't use today.
    Select timeperiod "daily".

    Try again.



  • Hi.

    I already fix my post was wrong, I have different users in my test system.

    Thanks for your input.



  • I had check my users settings and have this:

    "user1" Cleartext-Password := "psw1", Max-Daily-Session := 180
            WISPr-Redirection-URL := http://www.freebsd.org/
    "user2" Cleartext-Password := "psw2", Max-Daily-Session := 300
            WISPr-Redirection-URL := http://www.netbsd.org/

    But FR2 is still using the lowest value for both users…?

    Thanks!!!



  • Did you disable "Acct_Unique" ? Try to disable that or if you did so - enable it.
    stop/start accounting is selected on CP ?



  • I will re-install pfsense, this is my lab, I still have issues with my cp+fr2, I will let u know my results, thanks!!!



  • 1 simple question about this, how can I delete the db?
    just stop the service, rm -rf file.db?
    Thanks!!!



  • @periko:

    1 simple question about this, how can I delete the db?
    just stop the service, rm -rf file.db?
    Thanks!!!

    Yes.



  • I had check and the issue continue, check this:

    Went I add a user example:

    user1 psw1 "Amount of Time"=15
    user2 psw2 "Amount of Time"=3
    user3 psw3 "Amount of Time"=20
    [\quote]

    FR2 always close the connection before time, check logs:

    20:14:12    20:19:41 user1 real time: 5 minutes
    20:30:30    20:33:00 user2 real time: 3 minutes
    20:35:28    20:42:16 user3 real time: 7 minutes
    [\quote]

    I had test each user with radtest and I see my settings good, check:

    radtest user1 psw1 172.16.1.1 100 secret
    Sending Access-Request of id 48 to 172.16.1.1 port 1812
            User-Name = "user1"
            User-Password = "psw1"
            NAS-IP-Address = 192.168.50.1
            NAS-Port = 100
            Message-Authenticator = 0x00000000000000000000000000000000
    rad_recv: Access-Accept packet from host 172.16.1.1 port 1812, id=48, length=26
            Session-Timeout = 900
    [\quote]

    I still don't know what is causing this, I will add the screen of my settings and see if someone could see If i miss something, thanks!!!

    NOTE: I will add different post because some images are bigger.






  • Settings seems to be correct.

    Enable: Session-Timeout

    
    Use RADIUS Session-Timeout attributes
    When this is enabled, clients will be disconnected after the amount of time retrieved from the RADIUS Session-Timeout attribute.
    
    


  • I had read a lot of docs but, is working, but is not counting the time right.

    Someone here has this setting working?

    Thanks!!!



  • @periko:

    I had read a lot of docs but, is working, but is not counting the time right.

    Someone here has this setting working?

    Thanks!!!

    You could try running freeradius in debug mode from console with "radiusd -X" and then pay attention on the accounting packets.
    The CP must send the time attribute to the RADIUS server and it must be sent for the correct user.

    CP is sending accounting packets every minute so the time must only increase by 60 seconds.

    Perhaps you can try with pfsense 2.1 an compare if CP is working better with the newer code.


Log in to reply