1
Mon serveur Freeradius est supposé refuser l'accès aux utilisateurs qui ont dépassé leur limite d'utilisation, mais le serveur les accepte, alors que le message de retour indiquant que les utilisateurs ont dépassé leur limite est défini.Le serveur Freeradius ne rejette pas l'utilisateur
journal de débogage:
rad_recv: Access-Request packet from host 1.2.3.4 port 46010, id=13, length=197
NAS-Port-Type = Wireless-802.11
Calling-Station-Id = "80:ED:2C:E5:EB:C6"
Called-Station-Id = "hotspot1"
NAS-Port-Id = "bridge"
User-Name = "USERNAME"
NAS-Port = 2151677955
Acct-Session-Id = "80400003"
Framed-IP-Address = 192.168.8.251
Mikrotik-Host-IP = 192.168.8.251
CHAP-Challenge = 0xa484e5a94500de0751545d5a69777d03
CHAP-Password = 0xb99d22e3c7c8cef532b70f9f514eef029c
Service-Type = Login-User
WISPr-Logoff-URL = "http://192.168.8.1/logout"
NAS-Identifier = "ROUTER"
NAS-IP-Address = 10.0.0.114
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+group authorize {
++[preprocess] = ok
[chap] Setting 'Auth-Type := CHAP'
++[chap] = ok
++[mschap] = noop
++[digest] = noop
[suffix] No '@' in User-Name = "USERNAME", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
[eap] No EAP-Message, not doing EAP
++[eap] = noop
++[files] = noop
[sql] expand: %{User-Name} -> USERNAME
[sql] sql_set_user escaped user --> 'USERNAME'
rlm_sql (sql): Reserving sql socket id: 31
[sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'USERNAME' ORDER BY id
rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'USERNAME' ORDER BY id
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'USERNAME' ORDER BY id
rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM radreply WHERE username = 'USERNAME' ORDER BY id
[sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'USERNAME' ORDER BY priority
rlm_sql_mysql: query: SELECT groupname FROM radusergroup WHERE username = 'USERNAME' ORDER BY priority
rlm_sql (sql): Released sql socket id: 31
++[sql] = ok
++[expiration] = noop
++[logintime] = noop
[pap] WARNING: Auth-Type already set. Not setting to PAP
++[pap] = noop
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
++[dailycounter] = noop
++? if (reject)
? Evaluating (reject) -> FALSE
++? if (reject) -> FALSE
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
++[weeklycounter] = noop
++? if (reject)
? Evaluating (reject) -> FALSE
++? if (reject) -> FALSE
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
++[monthlycounter] = noop
++? if (reject)
? Evaluating (reject) -> FALSE
++? if (reject) -> FALSE
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
++[noresetcounter] = noop
++? if (reject)
? Evaluating (reject) -> FALSE
++? if (reject) -> FALSE
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
++[dailyBytecounter] = noop
++? if (reject)
? Evaluating (reject) -> FALSE
++? if (reject) -> FALSE
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
++[weeklyBytecounter] = noop
++? if (reject)
? Evaluating (reject) -> FALSE
++? if (reject) -> FALSE
rlm_sqlcounter: Entering module authorize code
sqlcounter_expand: 'SELECT (IFNULL(SUM(AcctInputOctets), 0) + IFNULL(SUM(AcctOutputOctets), 0)) as used_data FROM (SELECT * FROM radacct b WHERE username = '%{User-Name}' AND dateformat_ym(acctstarttime) = dateformat_ym(CURDATE()) GROUP BY acctuniqueid) a'
[monthlyBytecounter] expand: SELECT (IFNULL(SUM(AcctInputOctets), 0) + IFNULL(SUM(AcctOutputOctets), 0)) as used_data FROM (SELECT * FROM radacct b WHERE username = '%{User-Name}' AND dateformat_ym(acctstarttime) = dateformat_ym(CURDATE()) GROUP BY acctuniqueid) a -> SELECT (IFNULL(SUM(AcctInputOctets), 0) + IFNULL(SUM(AcctOutputOctets), 0)) as used_data FROM (SELECT * FROM radacct b WHERE username = 'USERNAME' AND dateformat_ym(acctstarttime) = dateformat_ym(CURDATE()) GROUP BY acctuniqueid) a
WARNING: Please replace '%S' with '${sqlmod-inst}'
sqlcounter_expand: '%{sql:SELECT (IFNULL(SUM(AcctInputOctets), 0) + IFNULL(SUM(AcctOutputOctets), 0)) as used_data FROM (SELECT * FROM radacct b WHERE username = 'USERNAME' AND dateformat_ym(acctstarttime) = dateformat_ym(CURDATE()) GROUP BY acctuniqueid) a}'
[monthlyBytecounter] sql_xlat
[monthlyBytecounter] expand: %{User-Name} -> USERNAME
[monthlyBytecounter] sql_set_user escaped user --> 'USERNAME'
[monthlyBytecounter] expand: SELECT (IFNULL(SUM(AcctInputOctets), 0) + IFNULL(SUM(AcctOutputOctets), 0)) as used_data FROM (SELECT * FROM radacct b WHERE username = 'USERNAME' AND dateformat_ym(acctstarttime) = dateformat_ym(CURDATE()) GROUP BY acctuniqueid) a -> SELECT (IFNULL(SUM(AcctInputOctets), 0) + IFNULL(SUM(AcctOutputOctets), 0)) as used_data FROM (SELECT * FROM radacct b WHERE username = 'USERNAME' AND dateformat_ym(acctstarttime) = dateformat_ym(CURDATE()) GROUP BY acctuniqueid) a
[monthlyBytecounter] expand: /var/log/freeradius/sqltrace.sql -> /var/log/freeradius/sqltrace.sql
rlm_sql (sql): Reserving sql socket id: 30
rlm_sql_mysql: query: SELECT (IFNULL(SUM(AcctInputOctets), 0) + IFNULL(SUM(AcctOutputOctets), 0)) as used_data FROM (SELECT * FROM radacct b WHERE username = 'USERNAME' AND dateformat_ym(acctstarttime) = dateformat_ym(CURDATE()) GROUP BY acctuniqueid) a
[monthlyBytecounter] sql_xlat finished
rlm_sql (sql): Released sql socket id: 30
[monthlyBytecounter] expand: %{sql:SELECT (IFNULL(SUM(AcctInputOctets), 0) + IFNULL(SUM(AcctOutputOctets), 0)) as used_data FROM (SELECT * FROM radacct b WHERE username = 'USERNAME' AND dateformat_ym(acctstarttime) = dateformat_ym(CURDATE()) GROUP BY acctuniqueid) a} -> 3111228361
rlm_sqlcounter: (Check item - counter) is less than zero
rlm_sqlcounter: Rejected user USERNAME, check_item=1048576000, counter=3111228361
++[monthlyBytecounter] = reject
++? if (reject)
? Evaluating (reject) -> TRUE
++? if (reject) -> TRUE
++if (reject) {
+++update reply {
+++} # update reply = noop
++} # if (reject) = noop
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
++[noresetBytecounter] = noop
++? if (reject)
? Evaluating (reject) -> FALSE
++? if (reject) -> FALSE
+} # group authorize = ok
Found Auth-Type = CHAP
# Executing group from file /etc/freeradius/sites-enabled/default
+group CHAP {
[chap] login attempt by "USERNAME" with CHAP password
[chap] Using clear text password "PASSWORD" for user USERNAME authentication.
[chap] chap user USERNAME authenticated succesfully
++[chap] = ok
+} # group CHAP = ok
# Executing section post-auth from file /etc/freeradius/sites-enabled/default
+group post-auth {
[sql] expand: %{User-Name} -> USERNAME
[sql] sql_set_user escaped user --> 'USERNAME'
[sql] expand: %{User-Password} ->
[sql] ... expanding second conditional
[sql] expand: %{Chap-Password} -> 0xb99d22e3c7c8cef532b70f9f514eef029c
[sql] expand: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'USERNAME', '0xb99d22e3c7c8cef532b70f9f514eef029c', 'Access-Accept', '2017-08-31 10:59:03')
[sql] expand: /var/log/freeradius/sqltrace.sql -> /var/log/freeradius/sqltrace.sql
rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'USERNAME', '0xb99d22e3c7c8cef532b70f9f514eef029c', 'Access-Accept', '2017-08-31 10:59:03')
rlm_sql (sql): Reserving sql socket id: 29
rlm_sql_mysql: query: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'USERNAME', '0xb99d22e3c7c8cef532b70f9f514eef029c', 'Access-Accept', '2017-08-31 10:59:03')
rlm_sql (sql): Released sql socket id: 29
++[sql] = ok
++[exec] = noop
+} # group post-auth = ok
Sending Access-Accept of id 13 to 1.2.3.4 port 46010
Mikrotik-Total-Limit = 1048576000
Reply-Message = "You have exceeded your usage limit this month."
Il semble que la limite d'utilisation est en cours de vérification correctement, mais en quelque sorte le retour est configuré pour accepter?
Sending Access-Accept of id 13 to 1.2.3.4 port 46010
Mikrotik-Total-Limit = 1048576000
Reply-Message = "You have exceeded your usage limit this month."
La configuration de la partie spécifique dans les sites activés/par défaut est la suivante:
monthlyBytecounter {
reject = 1
}
if (reject) {
update reply {
Reply-Message := "You have exceeded your usage limit this month."
}
reject
}
Je suis en freeradius: FreeRADIUS version 2.2.8 sur Ubuntu 16.04 LTS
Toutes les idées qu'est-ce qui peut causer le problème?