Hello,
I noticed that in Winbox you can set an uptime limit in hotspot so the user is disconnected after a period of time.
The issue is that it doesn't seem to be writing them to Radius. It keeps them locally.
I do know that Radius is working becuase when I add a user using Radius Manager (3rd party web interface for freeradius) it works, it even disconnects them once they have downloaded their limit.
In the AAA tab for winbox/hotspot I have checked the "use Radius" and "accounting" boxes, I also added a 1 min update, but still no go.
Can anyone tell me why when I enter the users in winbox they are not talking to Radius ?
Thx !
I assume you set up your freeradius server to authenticate your users from MySQL or PostgreSQL.
Did you set up you sql.conf enabling accounting with INSERT and UPDATE queries and did you enable accounting in your radiusd.conf file?
Also check if you do not block/firewall out port 1813/udp on your radius server which allows it to gather accounting info from your NAS server.
Did you set up you sql.conf enabling accounting with INSERT and UPDATE queries and did you enable accounting in your radiusd.conf file?
Also check if you do not block/firewall out port 1813/udp on your radius server which allows it to gather accounting info from your NAS server.
Hi Yazzy
That's correct it uses mysql.
Here is the sql.conf
======================
# Configuration for the SQL module, when using MySQL.
#
# The database schema is available at:
#
# src/radiusd/src/modules/rlm_sql/drivers/rlm_sql_mysql/db_mysql.sql
#
# If you are using PostgreSQL, please use 'postgresql.conf', instead.
# If you are using Oracle, please use 'oracle.conf', instead.
# If you are using MS-SQL, please use 'mssql.conf', instead.
#
# $Id: sql.conf,v 1.41.2.1 2004/06/10 00:45:01 phampson Exp $
#
sql {
# Database type
# Current supported are: rlm_sql_mysql, rlm_sql_postgresql,
# rlm_sql_iodbc, rlm_sql_oracle, rlm_sql_unixodbc, rlm_sql_freetds
driver = "rlm_sql_mysql"
# Connect info
server = "localhost"
login = "xxxxx"
password = "xxxxx"
# Database table configuration
radius_db = "xxxxx"
# If you want both stop and start records logged to the
# same SQL table, leave this as is. If you want them in
# different tables, put the start table in acct_table1
# and stop table in acct_table2
acct_table1 = "radacct"
acct_table2 = "radacct"
# Allow for storing data after authentication
postauth_table = "radpostauth"
authcheck_table = "radcheck"
authreply_table = "radreply"
groupcheck_table = "radgroupcheck"
groupreply_table = "radgroupreply"
usergroup_table = "usergroup"
# Remove stale session if checkrad does not see a double login
deletestalesessions = yes
# Print all SQL statements when in debug mode (-x)
sqltrace = yes
sqltracefile = ${logdir}/sqltrace.sql
# number of sql connections to make to server
num_sql_socks = 5
# number of seconds to dely retrying on a failed database
# connection (per_socket)
connect_failure_retry_delay = 60
# Safe characters list for sql queries. Everything else is replaced
# with their mime-encoded equivalents.
# The default list should be ok
#safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
#######################################################################
# Query config: Username
#######################################################################
# This is the username that will get substituted, escaped, and added
# as attribute 'SQL-User-Name'. '%{SQL-User-Name}' should be used below
# everywhere a username substitution is needed so you you can be sure
# the username passed from the client is escaped properly.
#
# Uncomment the next line, if you want the sql_user_name to mean:
#
# Use Stripped-User-Name, if it's there.
# Else use User-Name, if it's there,
# Else use hard-coded string "DEFAULT" as the user name.
#sql_user_name = "%{Stripped-User-Name:-%{User-Name:-DEFAULT}}"
#
sql_user_name = "%{User-Name}"
#######################################################################
# Default profile
#######################################################################
# This is the default profile. It is found in SQL by group membership.
# That means that this profile must be a member of at least one group
# which will contain the corresponding check and reply items.
# This profile will be queried in the authorize section for every user.
# The point is to assign all users a default profile without having to
# manually add each one to a group that will contain the profile.
# The SQL module will also honor the User-Profile attribute. This
# attribute can be set anywhere in the authorize section (ie the users
# file). It is found exactly as the default profile is found.
# If it is set then it will *overwrite* the default profile setting.
# The idea is to select profiles based on checks on the incoming packets,
# not on user group membership. For example:
# -- users file --
# DEFAULT Service-Type == Outbound-User, User-Profile := "outbound"
# DEFAULT Service-Type == Framed-User, User-Profile := "framed"
#
# By default the default_user_profile is not set
#
#default_user_profile = "DEFAULT"
#
# Determines if we will query the default_user_profile or the User-Profile
# if the user is not found. If the profile is found then we consider the user
# found. By default this is set to 'no'.
#
#query_on_not_found = no
#######################################################################
# Authorization Queries
#######################################################################
# These queries compare the check items for the user
# in ${authcheck_table} and setup the reply items in
# ${authreply_table}. You can use any query/tables
# you want, but the return data for each row MUST
# be in the following order:
#
# 0. Row ID (currently unused)
# 1. UserName/GroupName
# 2. Item Attr Name
# 3. Item Attr Value
# 4. Item Attr Operation
#######################################################################
# Use these for case sensitive usernames. WARNING: Slower queries!
# authorize_check_query = "SELECT id,UserName,Attribute,Value,op FROM ${authcheck_table} WHERE STRCMP(Username, '%{SQL-User-Name}') = 0 ORDER BY id"
# authorize_reply_query = "SELECT id,UserName,Attribute,Value,op FROM ${authreply_table} WHERE STRCMP(Username, '%{SQL-User-Name}') = 0 ORDER BY id"
authorize_check_query = "SELECT id,UserName,Attribute,Value,op FROM ${authcheck_table} WHERE Username = '%{SQL-User-Name}' ORDER BY id"
authorize_reply_query = "SELECT id,UserName,Attribute,Value,op FROM ${authreply_table} WHERE Username = '%{SQL-User-Name}' ORDER BY id"
# Use these for case sensitive usernames. WANRING: Slower queries!
# authorize_group_check_query = "SELECT ${groupcheck_table}.id,${groupcheck_table}.GroupName,${groupcheck_table}.Attribute,${groupcheck_table}.Value,${groupcheck_table}.op FROM ${groupcheck_table},${usergroup_table} WHERE STRCMP(${usergroup_table}.Username, '%{SQL-User-Name}') = 0 AND ${usergroup_table}.GroupName = ${groupcheck_table}.GroupName ORDER BY ${groupcheck_table}.id"
# authorize_group_reply_query = "SELECT ${groupreply_table}.id,${groupreply_table}.GroupName,${groupreply_table}.Attribute,${groupreply_table}.Value,${groupreply_table}.op FROM ${groupreply_table},${usergroup_table} WHERE STRCMP(${usergroup_table}.Username, '%{SQL-User-Name}') = 0 AND ${usergroup_table}.GroupName = ${groupreply_table}.GroupName ORDER BY ${groupreply_table}.id"
authorize_group_check_query = "SELECT ${groupcheck_table}.id,${groupcheck_table}.GroupName,${groupcheck_table}.Attribute,${groupcheck_table}.Value,${groupcheck_table}.op FROM ${groupcheck_table},${usergroup_table} WHERE ${usergroup_table}.Username = '%{SQL-User-Name}' AND ${usergroup_table}.GroupName = ${groupcheck_table}.GroupName ORDER BY ${groupcheck_table}.id"
authorize_group_reply_query = "SELECT ${groupreply_table}.id,${groupreply_table}.GroupName,${groupreply_table}.Attribute,${groupreply_table}.Value,${groupreply_table}.op FROM ${groupreply_table},${usergroup_table} WHERE ${usergroup_table}.Username = '%{SQL-User-Name}' AND ${usergroup_table}.GroupName = ${groupreply_table}.GroupName ORDER BY ${groupreply_table}.id"
#######################################################################
# Accounting Queries
#######################################################################
# accounting_onoff_query - query for Accounting On/Off packets
# accounting_update_query - query for Accounting update packets
# accounting_update_query_alt - query for Accounting update packets
# (alternate in case first query fails)
# accounting_start_query - query for Accounting start packets
# accounting_start_query_alt - query for Accounting start packets
# (alternate in case first query fails)
# accounting_stop_query - query for Accounting stop packets
# accounting_stop_query_alt - query for Accounting start packets
# (alternate in case first query doesn't
# affect any existing rows in the table)
#######################################################################
accounting_onoff_query = "UPDATE ${acct_table1} SET AcctStopTime='%S', AcctSessionTime=unix_timestamp('%S') - unix_timestamp(AcctStartTime), AcctTerminateCause='%{Acct-Terminate-Cause}', AcctStopDelay = '%{Acct-Delay-Time}' WHERE AcctSessionTime=0 AND AcctStopTime=0 AND NASIPAddress= '%{NAS-IP-Address}' AND AcctStartTime <= '%S'"
accounting_update_query = "UPDATE ${acct_table1} \
SET FramedIPAddress = '%{Framed-IP-Address}', \
AcctSessionTime = '%{Acct-Session-Time}', \
AcctInputOctets = '%{Acct-Input-Octets}', \
AcctOutputOctets = '%{Acct-Output-Octets}' \
WHERE AcctSessionId = '%{Acct-Session-Id}' \
AND UserName = '%{SQL-User-Name}' \
AND NASIPAddress= '%{NAS-IP-Address}'"
accounting_update_query_alt = "INSERT into ${acct_table1} (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay) values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S',INTERVAL (%{Acct-Session-Time:-0} + %{Acct-Delay-Time:-0}) SECOND), '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Acct-Input-Octets}', '%{Acct-Output-Octets}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0')"
accounting_start_query = "INSERT into ${acct_table1} (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S', '0', '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '%{Acct-Delay-Time}', '0')"
accounting_start_query_alt = "UPDATE ${acct_table1} SET AcctStartTime = '%S', AcctStartDelay = '%{Acct-Delay-Time}', ConnectInfo_start = '%{Connect-Info}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress = '%{NAS-IP-Address}'"
accounting_stop_query = "UPDATE ${acct_table2} SET AcctStopTime = '%S', AcctSessionTime = '%{Acct-Session-Time}', AcctInputOctets = '%{Acct-Input-Octets}', AcctOutputOctets = '%{Acct-Output-Octets}', AcctTerminateCause = '%{Acct-Terminate-Cause}', AcctStopDelay = '%{Acct-Delay-Time}', ConnectInfo_stop = '%{Connect-Info}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress = '%{NAS-IP-Address}'"
accounting_stop_query_alt = "INSERT into ${acct_table2} (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{Acct-Session-Time:-0} + %{Acct-Delay-Time:-0}) SECOND), '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Connect-Info}', '%{Acct-Input-Octets}', '%{Acct-Output-Octets}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Acct-Terminate-Cause}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{Acct-Delay-Time}')"
#######################################################################
# Simultaneous Use Checking Queries
#######################################################################
# simul_count_query - query for the number of current connections
# - If this is not defined, no simultaneouls use checking
# - will be performed by this module instance
# simul_verify_query - query to return details of current connections for verification
# - Leave blank or commented out to disable verification step
# - Note that the returned field order should not be changed.
#######################################################################
# Uncomment simul_count_query to enable simultaneous use checking
# simul_count_query = "SELECT COUNT(*) FROM ${acct_table1} WHERE UserName='%{SQL-User-Name}' AND AcctStopTime = 0"
simul_verify_query = "SELECT RadAcctId, AcctSessionId, UserName, NASIPAddress, NASPortId, FramedIPAddress, CallingStationId, FramedProtocol FROM ${acct_table1} WHERE UserName='%{SQL-User-Name}' AND AcctStopTime = 0"
#######################################################################
# Group Membership Queries
#######################################################################
# group_membership_query - Check user group membership
#######################################################################
group_membership_query = "SELECT GroupName FROM ${usergroup_table} WHERE UserName='%{SQL-User-Name}'"
#######################################################################
# Authentication Logging Queries
#######################################################################
# postauth_query - Insert some info after authentication
#######################################################################
postauth_query = "INSERT into ${postauth_table} (id, user, pass, reply, date) values ('', '%{User-Name}', '%{User-Password:-Chap-Password}', '%{reply:Packet-Type}', NOW())"
#
# Set to 'yes' to read radius clients from the database ('nas' table)
#readclients = yes
}
====================
I think I have, whereabouts is it set ?
That's correct it uses mysql.
Here is the sql.conf
======================
# Configuration for the SQL module, when using MySQL.
#
# The database schema is available at:
#
# src/radiusd/src/modules/rlm_sql/drivers/rlm_sql_mysql/db_mysql.sql
#
# If you are using PostgreSQL, please use 'postgresql.conf', instead.
# If you are using Oracle, please use 'oracle.conf', instead.
# If you are using MS-SQL, please use 'mssql.conf', instead.
#
# $Id: sql.conf,v 1.41.2.1 2004/06/10 00:45:01 phampson Exp $
#
sql {
# Database type
# Current supported are: rlm_sql_mysql, rlm_sql_postgresql,
# rlm_sql_iodbc, rlm_sql_oracle, rlm_sql_unixodbc, rlm_sql_freetds
driver = "rlm_sql_mysql"
# Connect info
server = "localhost"
login = "xxxxx"
password = "xxxxx"
# Database table configuration
radius_db = "xxxxx"
# If you want both stop and start records logged to the
# same SQL table, leave this as is. If you want them in
# different tables, put the start table in acct_table1
# and stop table in acct_table2
acct_table1 = "radacct"
acct_table2 = "radacct"
# Allow for storing data after authentication
postauth_table = "radpostauth"
authcheck_table = "radcheck"
authreply_table = "radreply"
groupcheck_table = "radgroupcheck"
groupreply_table = "radgroupreply"
usergroup_table = "usergroup"
# Remove stale session if checkrad does not see a double login
deletestalesessions = yes
# Print all SQL statements when in debug mode (-x)
sqltrace = yes
sqltracefile = ${logdir}/sqltrace.sql
# number of sql connections to make to server
num_sql_socks = 5
# number of seconds to dely retrying on a failed database
# connection (per_socket)
connect_failure_retry_delay = 60
# Safe characters list for sql queries. Everything else is replaced
# with their mime-encoded equivalents.
# The default list should be ok
#safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
#######################################################################
# Query config: Username
#######################################################################
# This is the username that will get substituted, escaped, and added
# as attribute 'SQL-User-Name'. '%{SQL-User-Name}' should be used below
# everywhere a username substitution is needed so you you can be sure
# the username passed from the client is escaped properly.
#
# Uncomment the next line, if you want the sql_user_name to mean:
#
# Use Stripped-User-Name, if it's there.
# Else use User-Name, if it's there,
# Else use hard-coded string "DEFAULT" as the user name.
#sql_user_name = "%{Stripped-User-Name:-%{User-Name:-DEFAULT}}"
#
sql_user_name = "%{User-Name}"
#######################################################################
# Default profile
#######################################################################
# This is the default profile. It is found in SQL by group membership.
# That means that this profile must be a member of at least one group
# which will contain the corresponding check and reply items.
# This profile will be queried in the authorize section for every user.
# The point is to assign all users a default profile without having to
# manually add each one to a group that will contain the profile.
# The SQL module will also honor the User-Profile attribute. This
# attribute can be set anywhere in the authorize section (ie the users
# file). It is found exactly as the default profile is found.
# If it is set then it will *overwrite* the default profile setting.
# The idea is to select profiles based on checks on the incoming packets,
# not on user group membership. For example:
# -- users file --
# DEFAULT Service-Type == Outbound-User, User-Profile := "outbound"
# DEFAULT Service-Type == Framed-User, User-Profile := "framed"
#
# By default the default_user_profile is not set
#
#default_user_profile = "DEFAULT"
#
# Determines if we will query the default_user_profile or the User-Profile
# if the user is not found. If the profile is found then we consider the user
# found. By default this is set to 'no'.
#
#query_on_not_found = no
#######################################################################
# Authorization Queries
#######################################################################
# These queries compare the check items for the user
# in ${authcheck_table} and setup the reply items in
# ${authreply_table}. You can use any query/tables
# you want, but the return data for each row MUST
# be in the following order:
#
# 0. Row ID (currently unused)
# 1. UserName/GroupName
# 2. Item Attr Name
# 3. Item Attr Value
# 4. Item Attr Operation
#######################################################################
# Use these for case sensitive usernames. WARNING: Slower queries!
# authorize_check_query = "SELECT id,UserName,Attribute,Value,op FROM ${authcheck_table} WHERE STRCMP(Username, '%{SQL-User-Name}') = 0 ORDER BY id"
# authorize_reply_query = "SELECT id,UserName,Attribute,Value,op FROM ${authreply_table} WHERE STRCMP(Username, '%{SQL-User-Name}') = 0 ORDER BY id"
authorize_check_query = "SELECT id,UserName,Attribute,Value,op FROM ${authcheck_table} WHERE Username = '%{SQL-User-Name}' ORDER BY id"
authorize_reply_query = "SELECT id,UserName,Attribute,Value,op FROM ${authreply_table} WHERE Username = '%{SQL-User-Name}' ORDER BY id"
# Use these for case sensitive usernames. WANRING: Slower queries!
# authorize_group_check_query = "SELECT ${groupcheck_table}.id,${groupcheck_table}.GroupName,${groupcheck_table}.Attribute,${groupcheck_table}.Value,${groupcheck_table}.op FROM ${groupcheck_table},${usergroup_table} WHERE STRCMP(${usergroup_table}.Username, '%{SQL-User-Name}') = 0 AND ${usergroup_table}.GroupName = ${groupcheck_table}.GroupName ORDER BY ${groupcheck_table}.id"
# authorize_group_reply_query = "SELECT ${groupreply_table}.id,${groupreply_table}.GroupName,${groupreply_table}.Attribute,${groupreply_table}.Value,${groupreply_table}.op FROM ${groupreply_table},${usergroup_table} WHERE STRCMP(${usergroup_table}.Username, '%{SQL-User-Name}') = 0 AND ${usergroup_table}.GroupName = ${groupreply_table}.GroupName ORDER BY ${groupreply_table}.id"
authorize_group_check_query = "SELECT ${groupcheck_table}.id,${groupcheck_table}.GroupName,${groupcheck_table}.Attribute,${groupcheck_table}.Value,${groupcheck_table}.op FROM ${groupcheck_table},${usergroup_table} WHERE ${usergroup_table}.Username = '%{SQL-User-Name}' AND ${usergroup_table}.GroupName = ${groupcheck_table}.GroupName ORDER BY ${groupcheck_table}.id"
authorize_group_reply_query = "SELECT ${groupreply_table}.id,${groupreply_table}.GroupName,${groupreply_table}.Attribute,${groupreply_table}.Value,${groupreply_table}.op FROM ${groupreply_table},${usergroup_table} WHERE ${usergroup_table}.Username = '%{SQL-User-Name}' AND ${usergroup_table}.GroupName = ${groupreply_table}.GroupName ORDER BY ${groupreply_table}.id"
#######################################################################
# Accounting Queries
#######################################################################
# accounting_onoff_query - query for Accounting On/Off packets
# accounting_update_query - query for Accounting update packets
# accounting_update_query_alt - query for Accounting update packets
# (alternate in case first query fails)
# accounting_start_query - query for Accounting start packets
# accounting_start_query_alt - query for Accounting start packets
# (alternate in case first query fails)
# accounting_stop_query - query for Accounting stop packets
# accounting_stop_query_alt - query for Accounting start packets
# (alternate in case first query doesn't
# affect any existing rows in the table)
#######################################################################
accounting_onoff_query = "UPDATE ${acct_table1} SET AcctStopTime='%S', AcctSessionTime=unix_timestamp('%S') - unix_timestamp(AcctStartTime), AcctTerminateCause='%{Acct-Terminate-Cause}', AcctStopDelay = '%{Acct-Delay-Time}' WHERE AcctSessionTime=0 AND AcctStopTime=0 AND NASIPAddress= '%{NAS-IP-Address}' AND AcctStartTime <= '%S'"
accounting_update_query = "UPDATE ${acct_table1} \
SET FramedIPAddress = '%{Framed-IP-Address}', \
AcctSessionTime = '%{Acct-Session-Time}', \
AcctInputOctets = '%{Acct-Input-Octets}', \
AcctOutputOctets = '%{Acct-Output-Octets}' \
WHERE AcctSessionId = '%{Acct-Session-Id}' \
AND UserName = '%{SQL-User-Name}' \
AND NASIPAddress= '%{NAS-IP-Address}'"
accounting_update_query_alt = "INSERT into ${acct_table1} (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay) values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S',INTERVAL (%{Acct-Session-Time:-0} + %{Acct-Delay-Time:-0}) SECOND), '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Acct-Input-Octets}', '%{Acct-Output-Octets}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0')"
accounting_start_query = "INSERT into ${acct_table1} (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S', '0', '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '%{Acct-Delay-Time}', '0')"
accounting_start_query_alt = "UPDATE ${acct_table1} SET AcctStartTime = '%S', AcctStartDelay = '%{Acct-Delay-Time}', ConnectInfo_start = '%{Connect-Info}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress = '%{NAS-IP-Address}'"
accounting_stop_query = "UPDATE ${acct_table2} SET AcctStopTime = '%S', AcctSessionTime = '%{Acct-Session-Time}', AcctInputOctets = '%{Acct-Input-Octets}', AcctOutputOctets = '%{Acct-Output-Octets}', AcctTerminateCause = '%{Acct-Terminate-Cause}', AcctStopDelay = '%{Acct-Delay-Time}', ConnectInfo_stop = '%{Connect-Info}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress = '%{NAS-IP-Address}'"
accounting_stop_query_alt = "INSERT into ${acct_table2} (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{Acct-Session-Time:-0} + %{Acct-Delay-Time:-0}) SECOND), '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Connect-Info}', '%{Acct-Input-Octets}', '%{Acct-Output-Octets}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Acct-Terminate-Cause}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{Acct-Delay-Time}')"
#######################################################################
# Simultaneous Use Checking Queries
#######################################################################
# simul_count_query - query for the number of current connections
# - If this is not defined, no simultaneouls use checking
# - will be performed by this module instance
# simul_verify_query - query to return details of current connections for verification
# - Leave blank or commented out to disable verification step
# - Note that the returned field order should not be changed.
#######################################################################
# Uncomment simul_count_query to enable simultaneous use checking
# simul_count_query = "SELECT COUNT(*) FROM ${acct_table1} WHERE UserName='%{SQL-User-Name}' AND AcctStopTime = 0"
simul_verify_query = "SELECT RadAcctId, AcctSessionId, UserName, NASIPAddress, NASPortId, FramedIPAddress, CallingStationId, FramedProtocol FROM ${acct_table1} WHERE UserName='%{SQL-User-Name}' AND AcctStopTime = 0"
#######################################################################
# Group Membership Queries
#######################################################################
# group_membership_query - Check user group membership
#######################################################################
group_membership_query = "SELECT GroupName FROM ${usergroup_table} WHERE UserName='%{SQL-User-Name}'"
#######################################################################
# Authentication Logging Queries
#######################################################################
# postauth_query - Insert some info after authentication
#######################################################################
postauth_query = "INSERT into ${postauth_table} (id, user, pass, reply, date) values ('', '%{User-Name}', '%{User-Password:-Chap-Password}', '%{reply:Packet-Type}', NOW())"
#
# Set to 'yes' to read radius clients from the database ('nas' table)
#readclients = yes
}
====================
I think I have, whereabouts is it set ?
Your sql.conf seems fine.
Did you try to run your radius server in debugging mode and see what happens when you run radtest against it?
Try to run that on your radius server:
radtest user@example.tdl user_password 127.0.0.1 1812 radius_password 127.0.0.1
And fire up radius with -xxyzsf -l stdout flags for debugging.
You can also login to your MySQL database and check the status of the accounting table:
# mysql -u username -p radius_database
Enter password:
select * from radacct where UserName='user@example.tdl' ORDER BY AcctStartTime;
user@example.tdl can be just user depending on how you store your usernames.
Did you try to run your radius server in debugging mode and see what happens when you run radtest against it?
Try to run that on your radius server:
radtest user@example.tdl user_password 127.0.0.1 1812 radius_password 127.0.0.1
And fire up radius with -xxyzsf -l stdout flags for debugging.
You can also login to your MySQL database and check the status of the accounting table:
# mysql -u username -p radius_database
Enter password:
select * from radacct where UserName='user@example.tdl' ORDER BY AcctStartTime;
user@example.tdl can be just user depending on how you store your usernames.
rosst@dude:~$ radtest xxx xxx 127.0.0.1 1812 xxxxx 127.0.0.1
Sending Access-Request of id 25 to 127.0.0.1:1812
User-Name = "xxxx"
User-Password = "xxxx"
NAS-IP-Address = dude
NAS-Port = 1812
Framed-Protocol = PPP
rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=25, length=62
Reply-Message = "\r\nAccess denied (external check failed)."
=================================
mysql> select * from radacct where UserName='test' ORDER BY AcctStartTime;
+-----------+---------------+------------------+----------+-------+-------------
--+------------+-------------+---------------------+---------------------+------
-----------+---------------+-------------------+------------------+-------------
----+------------------+-------------------+-------------------+----------------
----+-------------+----------------+-----------------+----------------+---------
------+
| RadAcctId | AcctSessionId | AcctUniqueId | UserName | Realm | NASIPAddress
| NASPortId | NASPortType | AcctStartTime | AcctStopTime | AcctS
essionTime | AcctAuthentic | ConnectInfo_start | ConnectInfo_stop | AcctInputOct
ets | AcctOutputOctets | CalledStationId | CallingStationId | AcctTerminateCa
use | ServiceType | FramedProtocol | FramedIPAddress | AcctStartDelay | AcctStop
Delay |
+-----------+---------------+------------------+----------+-------+-------------
--+------------+-------------+---------------------+---------------------+------
-----------+---------------+-------------------+------------------+-------------
----+------------------+-------------------+-------------------+----------------
----+-------------+----------------+-----------------+----------------+---------
------+
| 1 | 8030000c | 18e79c58fe99b572 | test | | 202.0.155.17
3 | 2147483647 | Ethernet | 2005-01-17 11:54:27 | 2005-01-17 11:56:00 |
84 | | | | 116
171 | 2166736 | 00:0C:42:03:2A:42 | 00:0F:1F:DE:80:B5 | NAS-Request
| | | 192.168.20.199 | 0 |
0 |
| 2 | 80300014 | 224e357025b282fb | test | | 202.0.155.17
3 | 2147483647 | Ethernet | 2005-01-17 11:57:13 | 2005-01-17 11:57:13 |
0 | | | |
0 | 0 | 00:0C:42:03:2A:42 | 00:0F:1F:DE:80:B5 |
| | | 192.168.20.199 | 0 |
0 |
+-----------+---------------+------------------+----------+-------+-------------
--+------------+-------------+---------------------+---------------------+------
-----------+---------------+-------------------+------------------+-------------
----+------------------+-------------------+-------------------+----------------
----+-------------+----------------+-----------------+----------------+---------
------+
2 rows in set (0.00 sec)
not sure what that all means
...
Sending Access-Request of id 25 to 127.0.0.1:1812
User-Name = "xxxx"
User-Password = "xxxx"
NAS-IP-Address = dude
NAS-Port = 1812
Framed-Protocol = PPP
rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=25, length=62
Reply-Message = "\r\nAccess denied (external check failed)."
=================================
mysql> select * from radacct where UserName='test' ORDER BY AcctStartTime;
+-----------+---------------+------------------+----------+-------+-------------
--+------------+-------------+---------------------+---------------------+------
-----------+---------------+-------------------+------------------+-------------
----+------------------+-------------------+-------------------+----------------
----+-------------+----------------+-----------------+----------------+---------
------+
| RadAcctId | AcctSessionId | AcctUniqueId | UserName | Realm | NASIPAddress
| NASPortId | NASPortType | AcctStartTime | AcctStopTime | AcctS
essionTime | AcctAuthentic | ConnectInfo_start | ConnectInfo_stop | AcctInputOct
ets | AcctOutputOctets | CalledStationId | CallingStationId | AcctTerminateCa
use | ServiceType | FramedProtocol | FramedIPAddress | AcctStartDelay | AcctStop
Delay |
+-----------+---------------+------------------+----------+-------+-------------
--+------------+-------------+---------------------+---------------------+------
-----------+---------------+-------------------+------------------+-------------
----+------------------+-------------------+-------------------+----------------
----+-------------+----------------+-----------------+----------------+---------
------+
| 1 | 8030000c | 18e79c58fe99b572 | test | | 202.0.155.17
3 | 2147483647 | Ethernet | 2005-01-17 11:54:27 | 2005-01-17 11:56:00 |
84 | | | | 116
171 | 2166736 | 00:0C:42:03:2A:42 | 00:0F:1F:DE:80:B5 | NAS-Request
| | | 192.168.20.199 | 0 |
0 |
| 2 | 80300014 | 224e357025b282fb | test | | 202.0.155.17
3 | 2147483647 | Ethernet | 2005-01-17 11:57:13 | 2005-01-17 11:57:13 |
0 | | | |
0 | 0 | 00:0C:42:03:2A:42 | 00:0F:1F:DE:80:B5 |
| | | 192.168.20.199 | 0 |
0 |
+-----------+---------------+------------------+----------+-------+-------------
--+------------+-------------+---------------------+---------------------+------
-----------+---------------+-------------------+------------------+-------------
----+------------------+-------------------+-------------------+----------------
----+-------------+----------------+-----------------+----------------+---------
------+
2 rows in set (0.00 sec)
not sure what that all means
...
First of all, allow 127.0.0.1 in clients.conf or the IP of your local interface and use it to connect to the radius server with radtest.
radtest xxx xxx 202.0.155.17 1812 xxxxx 202.0.155.17
could work.
Then check if you get an answer back from your radius server.
Then login and logout with a ppp client and check the sql table and see if your accounting info got updated.
I suggest you to read the docs as you obviously still have a long way to go...
Also browse the Freeradius mailinglist for the answer.
The FrerRadius mailinglist is a more proper place to ask questions about stuff like that.
And for the future, please don't paste in all that irrelevant info here as it makes it difficult or even cumbersome to read...
And remember to firewall out your radius server and allow it only from certain IPs.
radtest xxx xxx 202.0.155.17 1812 xxxxx 202.0.155.17
could work.
Then check if you get an answer back from your radius server.
Then login and logout with a ppp client and check the sql table and see if your accounting info got updated.
I suggest you to read the docs as you obviously still have a long way to go...
Also browse the Freeradius mailinglist for the answer.
The FrerRadius mailinglist is a more proper place to ask questions about stuff like that.
And for the future, please don't paste in all that irrelevant info here as it makes it difficult or even cumbersome to read...
And remember to firewall out your radius server and allow it only from certain IPs.
basically simple hotspot functionality.
kinda like prepaid cards yes.
User connects to network
gets IP address
opens browser and gets redirected to a webpage
either log in or pay by CC (only in timelimits, not data)
The reason for the original question was that I noticed when using winbox that you can add a hotspot user with a timelimit.
What I didn't understand is why the user added by Winbox was not showing up in Radius and vice versa.
I am 100% sure that the Radius server is working 100%, becuase I can add a user via Radius Manager, and that user can login using the mikrotik hotspot page and they get disconnected once they use their MB's up.
So basically want to automate it all, for a hotel.
kinda like prepaid cards yes.
User connects to network
gets IP address
opens browser and gets redirected to a webpage
either log in or pay by CC (only in timelimits, not data)
The reason for the original question was that I noticed when using winbox that you can add a hotspot user with a timelimit.
What I didn't understand is why the user added by Winbox was not showing up in Radius and vice versa.
I am 100% sure that the Radius server is working 100%, becuase I can add a user via Radius Manager, and that user can login using the mikrotik hotspot page and they get disconnected once they use their MB's up.
So basically want to automate it all, for a hotel.
this is what I see now yes, but when adding a user by winbox it gives me the option of specifying a time, I don't know how to do this with Radius (radius manager has no option either), I was hoping they would syncronise somehow.but wait - if you added the user with winbox, right?, then this has nothing to do with radius ... the user is in the router's local database. local database and radius database are two different things, they are not being syncronised.
you CAN do it in the hotspot manager: http://moon.mt.lv/radius/
when adding the user you can set total uptime there
when adding the user you can set total uptime there
http://www.mikrotik.com/hotspot.html
Just reading thru that documentation, it looks like exactly what we need.
WIll it be made available so we can host it sometime soon ?
In the documentation it doesn't say anything about automating it though.
Just reading thru that documentation, it looks like exactly what we need.
WIll it be made available so we can host it sometime soon ?
In the documentation it doesn't say anything about automating it though.
Who is online
Users browsing this forum: Bing [Bot], grayfoxbsd and 143 guests