WIFI EAP - freeradius2 - accounting problem



  • Hi,

    i am running pfSense 2.1.3-RELEASE on an ALIX 2D13 Board.

    The Wifi Network is configured to provide WPA EAP Authentication,
    therefore I configured:

    WIFI:

    • Enable IEEE 802.1X Authentication
    • 802.1X Authentication Server: 127.0.0.1
    • 802.1X Authentication Server Shared Secret: [geheim]

    FreeRadius/Settings:

    • Disable Acct_Unique [X]
    • Log good authentication attempts: log
    • Additional information for good attempts
        Host IP-Address: %{Framed-IP-Address} accepted
        using Auth-Type: %{control:Auth-Type}
        Remaining volume down/up: %{reply:Acct-Output-Octets}/%{reply:Acct-Input-Octets}
        Remaining online-time: %{reply:Session-Timeout}
        Maximum simultaneous connections: %{check:Simultaneous-Use}
        Bandwidth down/up: %{reply:WISPr-Bandwidth-Max-Down}/%{reply:WISPr-Bandwidth-Max-Up}

    FreeRadius/Interfaces:

    • 127.0.0.1:1812 auth ipaddr

    FreeRadius/User:

    • usr1 with password and limit to 1500MB Traffic

    Now I can login using my iPad using login and password and I will get
    a connection to the Network. But accounting seems not to work.

    The following observations I made:

    • System Log shows three entries:
        - radiusd[48959]: Login OK: [usr1/<via auth-type="EAP">]
            (from client localhost port 0 via TLS tunnel)
            Host IP-Address: accepted using Auth-Type: EAP Remaining volume down/up: /
            Remaining online-time: Maximum simultaneous connections: 1 Bandwidth down/up: /
        - root: FreeRADIUS: Used amount of daily traffic by dario is 0 MB of 1500 MB! The user was accepted!!!
        - radiusd[48959]: Login OK: [dario/<via auth-type="EAP">]
          (from client localhost port 0 cli 24-A2-E1-XX-XX-XX)
          Host IP-Address: accepted using Auth-Type: EAP Remaining volume down/up: /
          Remaining online-time: Maximum simultaneous connections: Bandwidth down/up: /

    • pfsense has created two files in /var/log/radacct/datacounter/daily/
        used-octets-usr1 which contents "0"
        and
        max-octets-usr1 which contents "1572864000"

    After downloading 50MB and disconnecting and reconnecting the iPad,
    nothing changes, I get exectly the same Log-Entries and the value in
    used-octets-usr1 does not change.

    I tried to add two FreeRadius/Interfaces:

    • 127.0.0.1:1813 acct ipaddr
    • 127.0.0.1:1816 status ipaddr

    But the traffic remains uncounted.

    No additional Hardware or servers are used, I installed freeradius2
    package.

    **Where is my fault?

    What else can I do?**

    I want to use EAP and not a Captive Portal.

    Greeings from Bochum, Germany,

    Dario

    [1] http://www.pcengines.ch/alix2d13.htm</via></via>



  • I'm having same problems with latest pfSense, everything configured + latest files from github release 2_2 used.

    Authentication is working on mac-addresses sofar, working but accounting is not working. i'm using mysql Db on my server in local network also there is nothing recorded in the corresponding fields …

    We're missing something?

    Thanks for some help

    Yusuf



  • Do you use SQL?

    Stop de FreeRADIUS service from the GUI and start it in debugging mode trough ssh with:

    radiusd -x



  • Yes I'm using mysql on our internal server. will try radiusd -x, what should i see there?



  • Now i have more in syslog:

    Mar 28 19:58:59 radiusd[46960]: [pap] User authenticated successfully
    Mar 28 19:58:59 radiusd[46960]: [pap] Using clear text password "xxxx"
    Mar 28 19:58:59 radiusd[46960]: [pap] login attempt with password "xxxx"
    Mar 28 19:58:59 radiusd[46960]: # Executing group from file /usr/local/etc/raddb/sites-enabled/default
    Mar 28 19:58:59 radiusd[46960]: # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
    Mar 28 19:58:59 radiusd[46960]: # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default
    Mar 28 19:58:59 radiusd[46960]: # Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default

    Mar 28 19:58:59 radiusd[46960]: rlm_radutmp: Logout for NAS myrouter port 2112, but no Login record
    Mar 28 19:58:59 radiusd[46960]: [datacounterforever] Exec: program returned: 0
    Mar 28 19:58:59 radiusd[46960]: [datacountermonthly] Exec: program returned: 0
    Mar 28 19:58:59 radiusd[46960]: [datacounterweekly] Exec: program returned: 0
    Mar 28 19:58:59 radiusd[46960]: [datacounterdaily] Exec: program returned: 0
    Mar 28 19:58:59 radiusd[46960]: # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default
    Mar 28 19:58:59 radiusd[46960]: # Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default
    Mar 28 19:58:59 radiusd[46960]: [exec] Exec: program returned: 0
    Mar 28 19:58:59 root: FreeRADIUS: Used amount of daily traffic by ec-f4-bb-xx-xx-xx is 0 MB of 15 MB! The user was accepted!!!
    Mar 28 19:58:59 radiusd[46960]: # Executing section post-auth from file /usr/local/etc/raddb/sites-enabled/default
    Mar 28 19:58:59 radiusd[46960]: Login OK: [ec-f4-bb-xx-xx-xx] (from client myrouter port 2110 cli ec-f4-bb-xx-xx-xx) Host IP-Address: 192.168.0.66 accepted, using Auth-Type: PAP, down/up: /, online-time: , Bandwidth down/up: /
    Mar 28 19:58:59 radiusd[46960]: [pap] User authenticated successfully
    Mar 28 19:58:59 radiusd[46960]: [pap] Using clear text password "xxxx"
    Mar 28 19:58:59 radiusd[46960]: [pap] login attempt with password "xxxx"
    Mar 28 19:58:59 radiusd[46960]: # Executing group from file /usr/local/etc/raddb/sites-enabled/default
    Mar 28 19:58:59 radiusd[46960]: # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
    Mar 28 19:58:59 radiusd[46960]: # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default
    Mar 28 19:58:59 radiusd[46960]: # Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default
    Mar 28 19:58:56 radiusd[46960]: Ready to process requests.

    Whats next?



  • Did this work before and stopped working after an upgrade or it never worked?



  • It has never worked … the accounting. Yesterday I have installed latest version again ... also no accounting info



  • I have testet 2.1.5 and there the accounting is working but seems to count the transfer to fast, in 2.2.1 it count's nothing!
    Is there any news about an update for this?


Log in to reply