Netgate SG-1000 microFirewall

Author Topic: Freeradius3 accounting bugs  (Read 318 times)

0 Members and 1 Guest are viewing this topic.

Offline FrottyZ

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Freeradius3 accounting bugs
« on: February 26, 2018, 09:00:17 am »
There seem to be several issues on 2.4 with CP and freeradius3, and I don't seem to be the only one havign them:
https://forum.pfsense.org/index.php?topic=133698.0
https://forum.pfsense.org/index.php?topic=126311.0

The wiki page is still for the freeradius2 package and hasn't been updated in a year https://doc.pfsense.org/index.php/FreeRADIUS_2.x_package

My problems are:
  • With Start/Stop (freeradius) accounting mode, Last Activity equals login time and thus users always get disconnected after soft timeout (Interim seems to work, but I didn't test it thoroughly yet)
  • As the thread I linked above, limiting concurrent connections with freeradius3 doesn't work at all. Users can connect any amount of devices.

Both of these issues used to work fine with 2.3 and freeradius2
Since the update, both don't work anymore.

The field "Number of Simultaneous Connections" says "If using FreeRADIUS with Captive Portal you should leave this empty. Read the documentation!"


Can someone tell me where this documentation is supposed to be?
https://doc.pfsense.org/index.php/FreeRADIUS_2.x_package <- This wiki page contains exactly 1 line, and it doesn't say anything about conjunction with CP.
https://doc.pfsense.org/index.php/Captive_Portal <- This page doesn't say anything about freeradius at all.
https://doc.pfsense.org/index.php/Using_Captive_Portal_with_FreeRADIUS <- I did everything as it is stated here. I'm authenticating users every minute, and the log has the entries. However even with simultanous use set to 1 or 0 even, users can still connect an arbitrary amount.

I don't need time/traffic accounting. I'm only interested in limiting simultaneous connections. The "disable concurrent connections" in the CP config limits it to 1, which is bad.
I want to allow 2 or 3 devices per user.

I'm really out of luck and time here. I'm getting no response on my redmine tickets and neither on the IRC channel.

The only option I see now is to downgrade to pfsense 2.3 or switch to OPNSense, but I would like to not waste my time with this.

I can provide any information you ask. Can someone please address this obvious issue?
If it is broken and will not be fixed, please also do tell, so I can give up trying to get this working.
« Last Edit: February 26, 2018, 09:09:18 am by FrottyZ »

Offline mke

  • Newbie
  • *
  • Posts: 22
  • Karma: +0/-0
    • View Profile
Re: Freeradius3 accounting bugs
« Reply #1 on: March 01, 2018, 12:47:51 pm »
Same problem on my end. I need user limit feature badly. Why it stopped working in ver 3?

Offline FrottyZ

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: Freeradius3 accounting bugs
« Reply #2 on: March 17, 2018, 10:13:33 am »
Yea. Still having this problem.
I fixed soft-timeout by changing to interim accounting.
Device limit is still not working though.
Any help guys?

Offline FrottyZ

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: Freeradius3 accounting bugs
« Reply #3 on: April 01, 2018, 07:57:37 am »
Bump

Offline jaspras

  • Jr. Member
  • **
  • Posts: 80
  • Karma: +7/-0
    • View Profile
Re: Freeradius3 accounting bugs
« Reply #4 on: April 01, 2018, 01:24:45 pm »
Simultaneous-Use := 2 in radcheck table

works for me...

Offline mke

  • Newbie
  • *
  • Posts: 22
  • Karma: +0/-0
    • View Profile
Re: Freeradius3 accounting bugs
« Reply #5 on: April 09, 2018, 03:07:27 pm »
Can you tell me what other captive portal settings you did like accounting? Option with radcheck does not work for me unless I do sth wrong. I put that in “check item”

Offline jaspras

  • Jr. Member
  • **
  • Posts: 80
  • Karma: +7/-0
    • View Profile
Re: Freeradius3 accounting bugs
« Reply #6 on: April 09, 2018, 05:29:38 pm »
I have it set up as interim accounting and
Reauthenticate every minute
From the cp side

from radius I had to
Enable sql noresetcounter

I will post more info tomorrow

Offline mke

  • Newbie
  • *
  • Posts: 22
  • Karma: +0/-0
    • View Profile
Re: Freeradius3 accounting bugs
« Reply #7 on: April 10, 2018, 08:33:51 am »
Also would you mind to tell where I can find in the radius "noresetcounter"?

Offline mke

  • Newbie
  • *
  • Posts: 22
  • Karma: +0/-0
    • View Profile
Re: Freeradius3 accounting bugs
« Reply #8 on: April 11, 2018, 09:11:54 pm »
Also would you mind to tell where I can find in the radius "noresetcounter"?

So I did all you said except noresetcounter which I am not sure where it is. It does not seem to work.

Offline jaspras

  • Jr. Member
  • **
  • Posts: 80
  • Karma: +7/-0
    • View Profile
Re: Freeradius3 accounting bugs
« Reply #9 on: April 16, 2018, 11:49:08 pm »
Alright try this

Set Accounting to Stop/Start (FreeRadius)

Enable Reauthenticate connected users every minute

in radcheck table

-----------------------------------------
john | Simultaneous-use | := | 1
-----------------------------------------

forget about noresetcounter

also works for me