Project

General

Profile

Actions

Bug #8251

open

Captiveportal + FreeRadius "Last activity" resets to Session start

Added by Frotty Zaoldyeck about 4 years ago. Updated over 2 years ago.

Status:
Feedback
Priority:
Normal
Assignee:
-
Category:
FreeRADIUS
Target version:
-
Start date:
01/01/2018
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Affected Version:
Affected Plus Version:
Affected Architecture:

Description

Hi again.
I still have the exact same problem I reported before since moving to 2.4: https://redmine.pfsense.org/issues/8058
I thought it was resolved because some users didn't get the problem, but most users still permanently have to re-log, me included.
After several updates of pfsense base and the radius package, nothing has improved and this is really a huge issue for me. Any help would be appreciated.
The only thing left I haven't done so far is a complete pfsense reinstall without restoring config or going back to 2.3

My Setup: I have a captive portal with username/pw login using freeradius which also runs on the pfsense machine.
I have accounting and re-authentication set up:

Here the whole config:

/usr/local/etc/raddb/radiusd.conf
prefix = /usr/local
exec_prefix = ${prefix}
sysconfdir = ${prefix}/etc
localstatedir = /var
sbindir = ${exec_prefix}/sbin
logdir = ${localstatedir}/log
raddbdir = ${sysconfdir}/raddb
radacctdir = ${logdir}/radacct
name = radiusd
confdir = ${raddbdir}
modconfdir = ${confdir}/mods-config
certdir = ${confdir}/certs
cadir = ${confdir}/certs
run_dir = ${localstatedir}/run
db_dir = ${raddbdir}
libdir = /usr/local/lib/freeradius-3.0.15
pidfile = ${run_dir}/${name}.pid
max_request_time = 60
cleanup_delay = 5
max_requests = 2048
hostname_lookups = no
regular_expressions = yes
extended_expressions = yes

log {
    destination = files
    colourise = yes
    file = ${logdir}/radius.log
    syslog_facility = daemon
    stripped_names = no
    auth = yes
    auth_badpass = no
    auth_goodpass = no
    msg_goodpass = "" 
    msg_badpass = "" 
    msg_denied = "You are already logged in - access denied" 
}

checkrad = ${sbindir}/checkrad
security {
    allow_core_dumps = no
    max_attributes = 200
    reject_delay = 1
    status_server = no
    # Disable this check since it may not be accurate due to how FreeBSD patches OpenSSL
    allow_vulnerable_openssl = yes
}

$INCLUDE  clients.conf
thread pool {
    start_servers = 5
    max_servers = 64
    min_spare_servers = 3
    max_spare_servers = 10
    max_queue_size = 65536
    max_requests_per_server = 0
    auto_limit_acct = no
}

modules {
    $INCLUDE ${confdir}/mods-enabled/
}

instantiate {
    exec
    expr
    expiration
    logintime
    ### Dis-/Enable sql instatiate
    #sql
    daily
    weekly
    monthly
    forever
}
policy {
    $INCLUDE policy.d/
}
$INCLUDE sites-enabled/

/usr/local/etc/raddb/clients.conf

client "NAS" {
    ipaddr = 192.168.1.1
    proto = udp
    secret = 'xxx'
    require_message_authenticator = no
    nas_type = other
    ### login = !root ###
    ### password = someadminpass ###
    limit {
        max_connections = 16
        lifetime = 0
        idle_timeout = 30
    }
}

When users first log in, "Last Activity" updates fine:

But then, randomly after some time, the "Last Activity" of any user is just set to session start. It doesn't even stay at last "Last Activity", it gets completely reset:

Even though in radius.log I receive "Login OK" every minute

Mon Jan  1 15:10:37 2018 : Info: Debugger not attached
Mon Jan  1 15:10:37 2018 : Warning: [/usr/local/etc/raddb/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay"     found in filter list for realm "DEFAULT". 
Mon Jan  1 15:10:37 2018 : Warning: [/usr/local/etc/raddb/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay-USec"     found in filter list for realm "DEFAULT". 
Mon Jan  1 15:10:37 2018 : Info: Loaded virtual server <default>
Mon Jan  1 15:10:37 2018 : Info: Loaded virtual server default
Mon Jan  1 15:10:37 2018 : Warning: Ignoring "sql" (see raddb/mods-available/README.rst)
Mon Jan  1 15:10:37 2018 : Warning: Ignoring "ldap" (see raddb/mods-available/README.rst)
Mon Jan  1 15:10:37 2018 : Info: Loaded virtual server inner-tunnel-ttls
Mon Jan  1 15:10:37 2018 : Info: Loaded virtual server inner-tunnel-peap
Mon Jan  1 15:10:37 2018 : Info: Ready to process requests
Mon Jan  1 15:10:40 2018 : Auth: (0) Login OK: [xx] (from client NAS port 2014 cli yy) 
Mon Jan  1 15:10:52 2018 : Auth: (2) Login OK: [xx] (from client NAS port 2016 cli yy) 
Mon Jan  1 15:10:57 2018 : Auth: (5) Login OK: [xx] (from client NAS port 2010 cli yy) 
Mon Jan  1 15:10:58 2018 : Auth: (8) Login OK: [xx] (from client NAS port 2012 cli yy) 
Mon Jan  1 15:11:00 2018 : Auth: (11) Login OK: [xx] (from client NAS port 2014 cli yy) 
Mon Jan  1 15:11:01 2018 : Auth: (14) Login OK: [xx] (from client NAS port 2016 cli yy) 
Mon Jan  1 15:11:03 2018 : Auth: (17) Login OK: [xx] (from client NAS port 2018 cli yy) 
Mon Jan  1 15:11:04 2018 : Auth: (20) Login OK: [xx] (from client NAS port 2020 cli yy) 
Mon Jan  1 15:11:06 2018 : Auth: (23) Login OK: [xx] (from client NAS port 2022 cli yy) 
Mon Jan  1 15:11:07 2018 : Auth: (26) Login OK: [xx] (from client NAS port 2024 cli yy) 
Mon Jan  1 15:11:09 2018 : Auth: (29) Login OK: [xx] (from client NAS port 2026 cli yy) 

Actions

Also available in: Atom PDF