+ Responder ao Tópico



  1. #1

    Padrão Servidor freeradius para controle de conexões simultaneas

    Olá Lista ,

    Estou tentando configurar um servidor freeradius+mysql ( freeradius-1.1.7_3 ) , para controle
    de conexões simultaneas de um servidor pppoe no FreeBSD.

    em anexo tem um arquivo com todo o processamento do radiusd -X

    Obrigado se alguem puder ajudar !

    Basicamente o que acontece e que quando um outro usuário usa um login que já está conectado ele fecha a sessão no mysql , permite o segundo usuário conectar e abre uma nova sessão.

    Todas as outras funções estão funcionando :
    Controle de Banda , Ip fixo , Log de Acesso

    Fiz varios testes mas não obtive sucesso ainda só com a conexões simultanea.
    Para cadastrar os clientes uso essa sequência :

    INSERT INTO `radcheck` VALUES (1,'saqua','Password','==','saqua');

    INSERT INTO `radgroupcheck` VALUES (1,'128burst','Simultaneous-Use',':=','1');

    INSERT INTO `radgroupreply` VALUES (1,'128burst','Mikrotik-Rate-Limit',':=','128k/128k 256k/256k 200k/200k 180/180',0);

    INSERT INTO `radgroupreply` VALUES (2,'128burst','Framed-Pool',':=','liberado',0);

    INSERT INTO `usergroup` VALUES (1,'saqua','128burst');

    Olhando o log do radiusd -X achei esses detalhes :

    checkrad: Net::Telnet 3.00+ CPAN module not installed
    rlm_acct_unique: WARNING: Attribute Client-IP-Address was not found in request, unique ID MAY be inconsistent
    rlm_acct_unique: Hashing 'NAS-Port = 101,,NAS-IP-Address = 10.0.0.4,Acct-Session-Id = "81500060",User-Name = "saqua"'

    O modulo eu instalei usando :
    perl -MCPAN -e 'install Net::Telnet'

    Alguem sabe o que seria esse outro erro ?

    radius# mysql -u root -p radius -e "SELECT * FROM radacct\G"
    *************************** 1. row ***************************
    RadAcctId: 1
    AcctSessionId: 81700000
    AcctUniqueId: 1b8a095848f7b9d1
    UserName: saqua
    Realm:
    NASIPAddress: 10.0.0.4
    NASPortId: 114
    NASPortType: Ethernet
    AcctStartTime: 2009-05-22 09:51:44
    AcctStopTime: 2009-05-22 09:53:33
    AcctSessionTime: 300
    AcctAuthentic: RADIUS
    ConnectInfo_start:
    ConnectInfo_stop:
    AcctInputOctets: 64
    AcctOutputOctets: 52
    CalledStationId: mar
    CallingStationId: 00:E0:4C:08:533
    AcctTerminateCause:
    ServiceType: Framed-User
    FramedProtocol: PPP
    FramedIPAddress: 10.0.0.100
    AcctStartDelay: 0
    AcctStopDelay: 0
    XAscendSessionSvrKey:
    *************************** 2. row ***************************
    RadAcctId: 2
    AcctSessionId: 81700001
    AcctUniqueId: 1b8a095848f7b9d1
    UserName: saqua
    Realm:
    NASIPAddress: 10.0.0.4
    NASPortId: 115
    NASPortType: Ethernet
    AcctStartTime: 2009-05-22 09:53:33
    AcctStopTime: 0000-00-00 00:00:00
    AcctSessionTime: 301
    AcctAuthentic: RADIUS
    ConnectInfo_start:
    ConnectInfo_stop:
    AcctInputOctets: 71345
    AcctOutputOctets: 24367
    CalledStationId: mar
    CallingStationId: 00:15:AF:A1:AB:32
    AcctTerminateCause:
    ServiceType: Framed-User
    FramedProtocol: PPP
    FramedIPAddress: 10.0.0.101
    AcctStartDelay: 0
    AcctStopDelay: 0
    XAscendSessionSvrKey:

    ----------------------------------------------------------

    radius# /usr/local/sbin/radiusd -X
    Listening on authentication *:1812
    Listening on accounting *:1813
    Ready to process requests.
    --------------------------------------
    rad_recv: Access-Request packet from host 10.0.0.4:33551, id=38, length=121
    Service-Type = Framed-User
    Framed-Protocol = PPP
    NAS-Port = 114
    NAS-Port-Type = Ethernet
    User-Name = "saqua"
    Calling-Station-Id = "00:E0:4C:08:533"
    Called-Station-Id = "mar"
    NAS-Port-Id = "bridge1"
    User-Password = "saqua"
    NAS-Identifier = "PPPoE_Teste"
    NAS-IP-Address = 10.0.0.4
    rad_lowerpair: User-Name now 'saqua'
    rad_lowerpair: User-Password now 'saqua'
    rad_rmspace_pair: User-Name now 'saqua'
    rad_rmspace_pair: User-Password now 'saqua'
    Processing the authorize section of radiusd.conf
    modcall: entering group authorize for request 0
    modcall[authorize]: module "chap" returns noop for request 0
    modcall[authorize]: module "mschap" returns noop for request 0
    radius_xlat: 'saqua'
    rlm_sql (sql): sql_set_user escaped user --> 'saqua'
    radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'saqua' ORDER BY id'
    rlm_sql (sql): Reserving sql socket id: 4
    rlm_sql_mysql: query: SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'saqua' ORDER BY id
    radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'saqua' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
    rlm_sql_mysql: query: SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'saqua' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id
    radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = 'saqua' ORDER BY id'
    rlm_sql_mysql: query: SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = 'saqua' ORDER BY id
    radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'saqua' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
    rlm_sql_mysql: query: SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'saqua' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id
    rlm_sql (sql): Released sql socket id: 4
    modcall[authorize]: module "sql" returns ok for request 0
    modcall: leaving group authorize (returns ok) for request 0
    auth: type Local
    auth: user supplied User-Password matches local User-Password
    Processing the session section of radiusd.conf
    modcall: entering group session for request 0
    radius_xlat: 'saqua'
    rlm_sql (sql): sql_set_user escaped user --> 'saqua'
    radius_xlat: 'SELECT COUNT(*) FROM radacct WHERE UserName='saqua' AND AcctStopTime = 0'
    rlm_sql (sql): Reserving sql socket id: 3
    rlm_sql_mysql: query: SELECT COUNT(*) FROM radacct WHERE UserName='saqua' AND AcctStopTime = 0
    rlm_sql (sql): Released sql socket id: 3
    modcall[session]: module "sql" returns ok for request 0
    modcall: leaving group session (returns ok) for request 0
    Login OK: [saqua/saqua] (from client mar port 114 cli 00:E0:4C:08:533)
    Processing the post-auth section of radiusd.conf
    modcall: entering group post-auth for request 0
    rlm_sql (sql): Processing sql_postauth
    radius_xlat: 'saqua'
    rlm_sql (sql): sql_set_user escaped user --> 'saqua'
    radius_xlat: 'INSERT into radpostauth (user, pass, reply, date) values ('saqua', 'saqua', 'Access-Accept', NOW())'
    radius_xlat: '/var/log/sqltrace.sql'
    rlm_sql (sql) in sql_postauth: query is INSERT into radpostauth (user, pass, reply, date) values ('saqua', 'saqua', 'Access-Accept', NOW())
    rlm_sql (sql): Reserving sql socket id: 2
    rlm_sql_mysql: query: INSERT into radpostauth (user, pass, reply, date) values ('saqua', 'saqua', 'Access-Accept', NOW())
    rlm_sql (sql): Released sql socket id: 2
    modcall[post-auth]: module "sql" returns ok for request 0
    modcall: leaving group post-auth (returns ok) for request 0
    Sending Access-Accept of id 38 to 10.0.0.4 port 33551
    Mikrotik-Rate-Limit := "128k/128k 256k/256k 200k/200k 180/180"
    Framed-Pool := "liberado"
    Finished request 0
    Going to the next request
    --- Walking the entire request list ---
    Arquivos Anexos Arquivos Anexos
    Última edição por AndersonMachado; 22-05-2009 às 11:38. Razão: anexo

  2. #2

    Padrão Resolvido

    Sat May 23 13:45:27 2009 : Auth: Multiple logins (max 1) : [saqua/saqua] (from client PPPoE_Teste port 1629 cli 00:E0:4C:08:533)
    Sat May 23 13:45:38 2009 : Auth: Multiple logins (max 1) : [saqua/saqua] (from client PPPoE_Teste port 1630 cli 00:E0:4C:08:533)


    1 ) Basicamente era a parte do checkrad

    2 ) naspasswd

    coloquei isso no naspasswd :

    10.0.0.4 SNMP mar123

  3. #3

    Padrão

    Citação Postado originalmente por AndersonMachado Ver Post
    Sat May 23 13:45:27 2009 : Auth: Multiple logins (max 1) : [saqua/saqua] (from client PPPoE_Teste port 1629 cli 00:E0:4C:08:533)
    Sat May 23 13:45:38 2009 : Auth: Multiple logins (max 1) : [saqua/saqua] (from client PPPoE_Teste port 1630 cli 00:E0:4C:08:533)


    1 ) Basicamente era a parte do checkrad

    2 ) naspasswd

    coloquei isso no naspasswd :

    10.0.0.4 SNMP mar123
    Caso você deixe de instalar os pacotes SNMP o sintoma é o mesmo, apesar de configurado o bloqueio de simultâneos não funciona.

  4. #4

    Padrão

    pessoal to com problema parecido..
    eu to usando um dica aki mesmo do forum onde o radius verifica no mk a conexao pra nao ficar aamarrado.. usando o nas modo mikrotik_snmp
    mas quando uso perco o simultaneos..
    alguem pode me ajudar ?