Bug #7333
closed
RADIUS accounting packets are broken.
0%
Description
Instead of recalculating a users data traffic each minute it seems pfsense is just collecting the data the first minute a user is logged in then reseeding that same data each following minute until the user logs out.
See this post for more details: https://forum.pfsense.org/index.php?topic=126311.0
Updated by Brandon lockley over 8 years ago
Seems this is only an issue when "Accounting updates" is set to Start/Stop (Which is the mode specifically recommended in the documentation) the accounting seems to work fine when running in Interim mode.
Updated by Jim Pingle over 8 years ago
- Status changed from New to Not a Bug
- Assignee set to Jim Pingle
- Priority changed from High to Normal
- Affected Version deleted (
2.3.3)
What specific settings did you have active before and after? (RADIUS and things like re-authenticate and so on)
And which document were you following?
Even if there isn't a bug here we can get the docs straightened out.
Updated by Brandon lockley over 8 years ago
https://doc.pfsense.org/index.php/Using_Captive_Portal_with_FreeRADIUS
The only setting i changed was "Accounting updates" in CP from Start/Stop to Interim. I will have to do a lot more testing to make sure everything is actually working properly but so far it looks like it is. The documentation also says to disable concurrent user logins but i tried enabling them and it still seems to work fine. It seems a separate temporary "used-octets" file is created for each system the user logs in on and when the user logs out on that system the temp file is deleted and the total is added to the main used-octets file for that user.
Unfortunately i have already spent way to long working on this little side project so i need to get back to work on other projects for now but when i have time to work on this again i plan to use the data collected by radius accounting to build a system using scripts to manage per user data limits in a way that will hopefully be very powerful and flexible.
I just hope there is a way to manage things like user bandwidth restrictions and network access using scripts or that idea may not get off the drawing board.
Updated by Kill Bill over 8 years ago
Jim Pingle - There are some extremely bad articles about FreeRADIUS, such as one suggesting to install some third-party Samba package on pfSense. Please, go through the docs and update/delete the things.
https://doc.pfsense.org/index.php/FreeRADIUS_2.x_package#Microsoft_Active_Directory_and_LDAP
Updated by Brandon lockley over 8 years ago
Regarding the original issue. I think it may still be a bug because highly doubt that is the intended behavior for Stop/Start mode
Updated by Jim Pingle over 8 years ago
Brandon lockley wrote:
Regarding the original issue. I think it may still be a bug because highly doubt that is the intended behavior for Stop/Start mode
From your original report "Instead of recalculating a users data traffic each minute" -- that wouldn't be done with START/STOP accounting, only Interim. Unless you have "Reauthenticate connected users every minute" enabled but that is NOT for accounting, but re-auth.
If you have "Reauthenticate connected users every minute" enabled it's a new login each minute without a logout, that isn't going to be interpreted properly by RADIUS, and it doesn't send a STOP so it wouldn't recalculate usage each minute.
You have to use Interim to get Interim updates otherwise it will only send the full data with the STOP when the user is logged out/timed out/etc.
Kill Bill wrote:
Jim Pingle - There are some extremely bad articles about FreeRADIUS, such as one suggesting to install some third-party Samba package on pfSense. Please, go through the docs and update/delete the things.
I removed those links.
Updated by Jim Pingle over 8 years ago
I added some notes to the book and doc wiki articles in question to clarify what options to use.
Thanks!