Comments on: freeradius et rlm_sqlcounter http://aandre.evolix.net/2009/04/15/freeradius-et-rlm_sqlcounter/ geeky lines Sun, 31 Jan 2010 11:16:07 +0100 http://wordpress.org/?v=2.8.4 hourly 1 By: Ahmed http://aandre.evolix.net/2009/04/15/freeradius-et-rlm_sqlcounter/comment-page-1/#comment-18714 Ahmed Sun, 31 Jan 2010 11:16:07 +0000 http://aandre.evolix.net/?p=260#comment-18714 Bonjour, j'ai ajouté ce module mais tjrs il n'est pas pris en considération. Voici mon fichier de config : prefix = /usr exec_prefix = ${prefix} sysconfdir = /etc localstatedir = /var sbindir = ${exec_prefix}/sbin logdir = ${localstatedir}/log/freeradius raddbdir = ${sysconfdir}/freeradius radacctdir = ${logdir}/radacct confdir = ${raddbdir} run_dir = ${localstatedir}/run/freeradius log_file = ${logdir}/radius.log log_destination = files libdir = ${exec_prefix}/lib/freeradius pidfile = ${run_dir}/freeradius.pid max_request_time = 30 delete_blocked_requests = no cleanup_delay = 5 max_requests = 1024 listen { ipaddr = * port = 0 type = auth } listen { ipaddr = * port = 0 type = acct } hostname_lookups = no allow_core_dumps = no regular_expressions = yes extended_expressions = yes log { syslog_facility = daemon } log_stripped_names = no log_auth = no log_auth_badpass = no log_auth_goodpass = no checkrad = ${sbindir}/checkrad security { max_attributes = 200 reject_delay = 1 status_server = no } proxy_requests = no $INCLUDE ${confdir}/clients.conf snmp = no thread pool { start_servers = 5 max_servers = 32 min_spare_servers = 3 max_spare_servers = 10 max_requests_per_server = 0 } modules { pap { auto_header = no } chap { authtype = CHAP } pam { pam_auth = radiusd } unix { radwtmp = ${logdir}/radwtmp } $INCLUDE ${confdir}/eap.conf mschap { } ldap ldap { server = "ldap-neel.grenoble.cnrs.fr" identity = "cn=radius,dc=grenoble,dc=cnrs,dc=fr" password = admin-pwd basedn = "dc=grenoble,dc=cnrs,dc=fr" filter = "(|(|(uid=%{Stripped-User-Name:-%{User-Name}})(mail=%{Stripped-User-Name:-%{User-Name}}))(mail=%{Stripped-User-Name:-%{User-Name}}@grenoble.cnrs.fr))" base_filter = "(objectclass=radiusprofile)" ldap_connections_number = 5 timeout = 4 timelimit = 3 net_timeout = 1 tls { start_tls = no } dictionary_mapping = ${raddbdir}/ldap.attrmap auto_header = yes groupname_attribute = radiusGroupName #groupmembership_filter = "(|(&(uid=%{Stripped-User-Name:-%{User-Name}}))(&(aliasMail=%{Stripped-User-Name:-%{User-Name}})))(objectclass=radiusProfile)" groupmembership_filter = "(|(|(uid=%{Stripped-User-Name:-%{User-Name}})(mail=%{Stripped-User-Name:-%{User-Name}}))(mail=%{Stripped-User-Name:-%{User-Name}}@grenoble.cnrs.fr))" groupmembership_attribute = radiusGroupName } realm IPASS { format = prefix delimiter = "/" } realm suffix { format = suffix delimiter = "@" } realm realmpercent { format = suffix delimiter = "%" } realm ntdomain { format = prefix delimiter = "\\" } checkval { item-name = Calling-Station-Id check-name = Calling-Station-Id data-type = string } attr_rewrite addtunneltype { attribute = Tunnel-Type searchin = proxy_reply searchfor = "[+ ]" replacewith = "VLAN" new_attribute = yes } attr_rewrite addtunnelmediumtype { attribute = Tunnel-Medium-Type searchin = proxy_reply searchfor = "[+ ]" replacewith = "IEEE-802" new_attribute = yes } attr_rewrite addvlanmcbt { attribute = Tunnel-Private-Group-ID searchin = proxy_reply searchfor = "[+ ]" replacewith = "244" new_attribute = yes } preprocess { huntgroups = ${confdir}/huntgroups hints = ${confdir}/hints with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no } files { usersfile = ${confdir}/users acctusersfile = ${confdir}/acct_users preproxy_usersfile = ${confdir}/preproxy_users compat = no } detail { detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d detailperm = 0600 header = "%t" } acct_unique { key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" } $INCLUDE ${confdir}/sql.conf radutmp { filename = ${logdir}/radutmp username = %{User-Name} case_sensitive = yes check_with_nas = yes perm = 0600 callerid = "yes" } radutmp sradutmp { filename = ${logdir}/sradutmp perm = 0644 callerid = "no" } attr_filter attr_filter.post-proxy { attrsfile = ${confdir}/attrs } attr_filter attr_filter.pre-proxy { attrsfile = ${confdir}/attrs.pre-proxy } sqlcounter noresetcounter { counter-name = Max-All-Session-Time check-name = "Max-All-Session" reply-name = Session-Timeout sqlmod-inst = sql key = User-Name reset = never query = "SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='%{%k}'" } sqlcounter hourlycounter { counter-name = Hourly-Session-Time check-name = Max-Hourly-Session reply-name = Session-Timeout sqlmod-inst = sql key = User-Name reset = hourly query = "SELECT SUM(AcctSessionTime - \ GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) \ FROM radacct WHERE UserName='%{%k}' AND \ UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'" } sqlcounter dailycounter { counter-name = Daily-Session-Time check-name = Max-Daily-Session reply-name = Session-Timeout sqlmod-inst = sql key = User-Name reset = daily query = "SELECT SUM(AcctSessionTime - \ GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) \ FROM radacct WHERE UserName='%{%k}' AND \ UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'" } sqlcounter monthlycounter { counter-name = Monthly-Session-Time check-name = Max-Monthly-Session reply-name = Session-Timeout sqlmod-inst = sql key = User-Name reset = monthly query = "SELECT SUM(AcctSessionTime - \ GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) \ FROM radacct WHERE UserName='%{%k}' AND \ UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'" } sqlcounter yearlycounter { counter-name = Yearly-Session-Time check-name = Max-Yearly-Session reply-name = Session-Timeout sqlmod-inst = sql key = User-Name reset = 12m query = "SELECT SUM(AcctSessionTime - \ GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) \ FROM radacct WHERE UserName='%{%k}' AND \ UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'" } always fail { rcode = fail } always reject { rcode = reject } always ok { rcode = ok simulcount = 0 mpp = no } expr { } digest { } expiration { reply-message = "Password Has Expired\r\n" } logintime { reply-message = "You are calling outside your allowed timespan\r\n" minimum-timeout = 60 } exec { wait = yes input_pairs = request shell_escape = yes output = none } exec echo { wait = yes program = "/bin/echo %{User-Name}" input_pairs = request output_pairs = reply shell_escape = yes } logintime { } } instantiate { exec expr } authorize { preprocess sql pap chap mschap unix suffix eap files Autz-Type LDAP { ldap } expiration logintime noresetcounter hourlycounter dailycounter monthlycounter yearlycounter } authenticate { Auth-Type PAP { pap } Auth-Type CHAP { chap } eap } preacct { preprocess acct_unique suffix files } accounting { detail unix radutmp sql } session { radutmp sql } post-auth { } pre-proxy { files } post-proxy { Post-Proxy-Type post.proxy.mcbt { addtunneltype addtunnelmediumtype addvlanmcbt } eap } Est vous pouvez m'aider ?? Bonjour, j’ai ajouté ce module mais tjrs il n’est pas pris en considération.

Voici mon fichier de config :

prefix = /usr
exec_prefix = ${prefix}
sysconfdir = /etc
localstatedir = /var
sbindir = ${exec_prefix}/sbin
logdir = ${localstatedir}/log/freeradius
raddbdir = ${sysconfdir}/freeradius
radacctdir = ${logdir}/radacct
confdir = ${raddbdir}
run_dir = ${localstatedir}/run/freeradius
log_file = ${logdir}/radius.log
log_destination = files
libdir = ${exec_prefix}/lib/freeradius
pidfile = ${run_dir}/freeradius.pid
max_request_time = 30
delete_blocked_requests = no
cleanup_delay = 5
max_requests = 1024
listen {
ipaddr = *
port = 0
type = auth
}
listen {
ipaddr = *
port = 0
type = acct
}
hostname_lookups = no
allow_core_dumps = no
regular_expressions = yes
extended_expressions = yes
log {
syslog_facility = daemon
}
log_stripped_names = no
log_auth = no
log_auth_badpass = no
log_auth_goodpass = no
checkrad = ${sbindir}/checkrad
security {
max_attributes = 200
reject_delay = 1
status_server = no
}
proxy_requests = no
$INCLUDE ${confdir}/clients.conf
snmp = no
thread pool {
start_servers = 5
max_servers = 32
min_spare_servers = 3
max_spare_servers = 10
max_requests_per_server = 0
}
modules {
pap {
auto_header = no
}
chap {
authtype = CHAP
}
pam {
pam_auth = radiusd
}
unix {
radwtmp = ${logdir}/radwtmp
}
$INCLUDE ${confdir}/eap.conf
mschap {
}
ldap ldap {
server = “ldap-neel.grenoble.cnrs.fr”
identity = “cn=radius,dc=grenoble,dc=cnrs,dc=fr”
password = admin-pwd
basedn = “dc=grenoble,dc=cnrs,dc=fr”
filter = “(|(|(uid=%{Stripped-User-Name:-%{User-Name}})(mail=%{Stripped-User-Name:-%{User-Name}}))(mail=%{Stripped-User-Name:-%{User-Name}}@grenoble.cnrs.fr))”
base_filter = “(objectclass=radiusprofile)”
ldap_connections_number = 5
timeout = 4
timelimit = 3
net_timeout = 1
tls {
start_tls = no
}
dictionary_mapping = ${raddbdir}/ldap.attrmap
auto_header = yes
groupname_attribute = radiusGroupName
#groupmembership_filter = “(|(&(uid=%{Stripped-User-Name:-%{User-Name}}))(&(aliasMail=%{Stripped-User-Name:-%{User-Name}})))(objectclass=radiusProfile)”
groupmembership_filter = “(|(|(uid=%{Stripped-User-Name:-%{User-Name}})(mail=%{Stripped-User-Name:-%{User-Name}}))(mail=%{Stripped-User-Name:-%{User-Name}}@grenoble.cnrs.fr))”
groupmembership_attribute = radiusGroupName
}
realm IPASS {
format = prefix
delimiter = “/”
}
realm suffix {
format = suffix
delimiter = “@”
}
realm realmpercent {
format = suffix
delimiter = “%”
}
realm ntdomain {
format = prefix
delimiter = “\\”
}
checkval {
item-name = Calling-Station-Id
check-name = Calling-Station-Id
data-type = string
}
attr_rewrite addtunneltype {
attribute = Tunnel-Type
searchin = proxy_reply
searchfor = “[+ ]”
replacewith = “VLAN”
new_attribute = yes
}
attr_rewrite addtunnelmediumtype {
attribute = Tunnel-Medium-Type
searchin = proxy_reply
searchfor = “[+ ]”
replacewith = “IEEE-802″
new_attribute = yes
}
attr_rewrite addvlanmcbt {
attribute = Tunnel-Private-Group-ID
searchin = proxy_reply
searchfor = “[+ ]”
replacewith = “244″
new_attribute = yes
}
preprocess {
huntgroups = ${confdir}/huntgroups
hints = ${confdir}/hints
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
}
files {
usersfile = ${confdir}/users
acctusersfile = ${confdir}/acct_users
preproxy_usersfile = ${confdir}/preproxy_users
compat = no
}
detail {
detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d
detailperm = 0600
header = “%t”
}
acct_unique {
key = “User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port”
}
$INCLUDE ${confdir}/sql.conf
radutmp {
filename = ${logdir}/radutmp
username = %{User-Name}
case_sensitive = yes
check_with_nas = yes
perm = 0600
callerid = “yes”
}
radutmp sradutmp {
filename = ${logdir}/sradutmp
perm = 0644
callerid = “no”
}
attr_filter attr_filter.post-proxy {
attrsfile = ${confdir}/attrs
}
attr_filter attr_filter.pre-proxy {
attrsfile = ${confdir}/attrs.pre-proxy
}

sqlcounter noresetcounter {
counter-name = Max-All-Session-Time
check-name = “Max-All-Session”
reply-name = Session-Timeout
sqlmod-inst = sql
key = User-Name
reset = never
query = “SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName=’%{%k}’”
}

sqlcounter hourlycounter {
counter-name = Hourly-Session-Time
check-name = Max-Hourly-Session
reply-name = Session-Timeout
sqlmod-inst = sql
key = User-Name
reset = hourly
query = “SELECT SUM(AcctSessionTime – \
GREATEST((%b – UNIX_TIMESTAMP(AcctStartTime)), 0)) \
FROM radacct WHERE UserName=’%{%k}’ AND \
UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > ‘%b’”
}

sqlcounter dailycounter {
counter-name = Daily-Session-Time
check-name = Max-Daily-Session
reply-name = Session-Timeout
sqlmod-inst = sql
key = User-Name
reset = daily
query = “SELECT SUM(AcctSessionTime – \
GREATEST((%b – UNIX_TIMESTAMP(AcctStartTime)), 0)) \
FROM radacct WHERE UserName=’%{%k}’ AND \
UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > ‘%b’”
}

sqlcounter monthlycounter {
counter-name = Monthly-Session-Time
check-name = Max-Monthly-Session
reply-name = Session-Timeout
sqlmod-inst = sql
key = User-Name
reset = monthly
query = “SELECT SUM(AcctSessionTime – \
GREATEST((%b – UNIX_TIMESTAMP(AcctStartTime)), 0)) \
FROM radacct WHERE UserName=’%{%k}’ AND \
UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > ‘%b’”
}

sqlcounter yearlycounter {
counter-name = Yearly-Session-Time
check-name = Max-Yearly-Session
reply-name = Session-Timeout
sqlmod-inst = sql
key = User-Name
reset = 12m
query = “SELECT SUM(AcctSessionTime – \
GREATEST((%b – UNIX_TIMESTAMP(AcctStartTime)), 0)) \
FROM radacct WHERE UserName=’%{%k}’ AND \
UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > ‘%b’”
}

always fail {
rcode = fail
}
always reject {
rcode = reject
}
always ok {
rcode = ok
simulcount = 0
mpp = no
}
expr {
}
digest {
}
expiration {
reply-message = “Password Has Expired\r\n”
}
logintime {
reply-message = “You are calling outside your allowed timespan\r\n”
minimum-timeout = 60
}
exec {
wait = yes
input_pairs = request
shell_escape = yes
output = none
}
exec echo {
wait = yes
program = “/bin/echo %{User-Name}”
input_pairs = request
output_pairs = reply
shell_escape = yes
}
logintime {
}
}

instantiate {
exec
expr
}

authorize {
preprocess
sql
pap
chap
mschap
unix
suffix
eap
files
Autz-Type LDAP {
ldap
}
expiration
logintime
noresetcounter
hourlycounter
dailycounter
monthlycounter
yearlycounter
}

authenticate {
Auth-Type PAP {
pap
}
Auth-Type CHAP {
chap
}
eap
}

preacct {
preprocess
acct_unique
suffix
files
}
accounting {
detail
unix
radutmp
sql
}
session {
radutmp
sql
}
post-auth {
}
pre-proxy {
files
}
post-proxy {
Post-Proxy-Type post.proxy.mcbt {
addtunneltype
addtunnelmediumtype
addvlanmcbt
}
eap
}

Est vous pouvez m’aider ??

]]>