我希望有人能帮助我。 我搜索并“尝试”并阅读并...但是我找不到答案。 我尝试简单地启用和使用sqlcounter(尤其是dailycounter)来对通过FR3进行身份验证的WiFi客户端进行使用。 客户端身份验证可以正常工作,并且计数器在某种程度上也可以正常工作(很重要):
dailycounter: --> 21568
(10) dailycounter: Allowing user, &control:Max-Daily-Session value (53333) is greater than counter value (21568)
(10) dailycounter: Time remaining (30271s) is greater than time to reset (31765s). Adding 30271s to reply value
(10) dailycounter: Setting &reply:Session-Timeout value to 30271
(10) [dailycounter] = ok
但会话超时回复为0(零)
我再次“从头开始”。 即使没有EAP / PEAP,计数器也只是计数, 以某种方式显示正确的数据(最大每日会话数减去计数器值) 但是它只是不会将正确查询和计算出的值发送回NAS。
有人可以指出正确的方向吗,我想我只是缺少一小部分但import和config的一部分。 不幸的是,调试输出并不能真正帮助我找到缺少的部分。
我们非常感谢您的帮助。 TIA,伊曼纽尔
这里是没有EAP / PEAP的新“新鲜”调试输出
(13) Received Access-Request Id 188 from 192.168.6.11:52775 to 192.168.6.11:1812 length 74
(13) User-Name = "eman"
(13) User-Password = "25833"
(13) NAS-IP-Address = 127.0.0.1
(13) NAS-Port = 100
(13) Message-Authenticator = 0x028d977af7d1c89d016536914028f925
(13) # Executing section authorize from file /opt/etc/raddb/sites-enabled/default
(13) authorize {
(13) policy filter_username {
(13) if (&User-Name) {
(13) if (&User-Name) -> TRUE
(13) if (&User-Name) {
(13) if (&User-Name =~ / /) {
(13) if (&User-Name =~ / /) -> FALSE
(13) if (&User-Name =~ /@[^@]*@/ ) {
(13) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(13) if (&User-Name =~ /\.\./ ) {
(13) if (&User-Name =~ /\.\./ ) -> FALSE
(13) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) {
(13) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)) -> FALSE
(13) if (&User-Name =~ /\.$/) {
(13) if (&User-Name =~ /\.$/) -> FALSE
(13) if (&User-Name =~ /@\./) {
(13) if (&User-Name =~ /@\./) -> FALSE
(13) } # if (&User-Name) = notfound
(13) } # policy filter_username = notfound
(13) [preprocess] = ok
(13) [chap] = noop
(13) [mschap] = noop
(13) [digest] = noop
(13) suffix: Checking for suffix after "@"
(13) suffix: No '@' in User-Name = "eman", looking up realm NULL
(13) suffix: No such realm "NULL"
(13) [suffix] = noop
(13) eap: No EAP-Message, not doing EAP
(13) [eap] = noop
(13) sql: EXPAND %{User-Name}
(13) sql: --> eman
(13) sql: SQL-User-Name set to 'eman'
rlm_sql (sql): Reserved connection (1)
(13) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id
(13) sql: --> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'eman' ORDER BY id
(13) sql: Executing select query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'eman' ORDER BY id
(13) sql: User found in radcheck table
(13) sql: Conditional check items matched, merging assignment check items
(13) sql: Cleartext-Password := "25833"
(13) sql: Max-Daily-Session := 53333
(13) sql: EXPAND SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id
(13) sql: --> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'eman' ORDER BY id
(13) sql: Executing select query: SELECT id, username, attribute, value, op FROM radreply WHERE username = 'eman' ORDER BY id
(13) sql: EXPAND SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority
(13) sql: --> SELECT groupname FROM radusergroup WHERE username = 'eman' ORDER BY priority
(13) sql: Executing select query: SELECT groupname FROM radusergroup WHERE username = 'eman' ORDER BY priority
(13) sql: User found in the group table
(13) sql: EXPAND SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{SQL-Group}' ORDER BY id
(13) sql: --> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'WiFi' ORDER BY id
(13) sql: Executing select query: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'WiFi' ORDER BY id
(13) sql: Group "WiFi": Conditional check items matched
(13) sql: Group "WiFi": Merging assignment check items
(13) sql: NAS-Port-Type := Wireless-802.11
(13) sql: EXPAND SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{SQL-Group}' ORDER BY id
(13) sql: --> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'WiFi' ORDER BY id
(13) sql: Executing select query: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'WiFi' ORDER BY id
(13) sql: Group "WiFi": Merging reply items
rlm_sql (sql): Released connection (1)
Need 2 more connections to reach 10 spares
rlm_sql (sql): Opening additional connection (8), 1 of 24 pending slots used
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql_mysql: Connected to database 'radius' on 192.168.6.11 via TCP/IP, server version 5.5.5-10.0.34-MariaDB, protocol version 10
(13) [sql] = ok
(13) [pap] = updated
sqlcounter_expand: 'SELECT IFNULL(SUM(acctsessiontime - GREATEST((1544803200 - UNIX_TIMESTAMP(acctstarttime)), 0)),0) FROM radacct WHERE username = '%{User-Name}' AND UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > '1544803200''
(13) dailycounter: EXPAND %{User-Name}
(13) dailycounter: --> eman
(13) dailycounter: SQL-User-Name set to 'eman'
rlm_sql (sql): Reserved connection (6)
(13) dailycounter: Executing select query: SELECT IFNULL(SUM(acctsessiontime - GREATEST((1544803200 - UNIX_TIMESTAMP(acctstarttime)), 0)),0) FROM radacct WHERE username = 'eman' AND UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > '1544803200'
rlm_sql (sql): Released connection (6)
(13) dailycounter: EXPAND %{sql:SELECT IFNULL(SUM(acctsessiontime - GREATEST((1544803200 - UNIX_TIMESTAMP(acctstarttime)), 0)),0) FROM radacct WHERE username = '%{User-Name}' AND UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > '1544803200'}
*****(13) dailycounter: --> 3262
(13) dailycounter: Allowing user, &control:Max-Daily-Session value (53333) is greater than counter value (3262)
(13) dailycounter: Time remaining (28560s) is greater than time to reset (50071s). Adding 28560s to reply value
(13) dailycounter: Setting &reply:Session-Timeout value to 28560
(13) [dailycounter] = ok*****
(13) } # authorize = updated
(13) Found Auth-Type = PAP
(13) # Executing group from file /opt/etc/raddb/sites-enabled/default
(13) Auth-Type PAP {
(13) pap: Login attempt with password
(13) pap: Comparing with "known good" Cleartext-Password
(13) pap: User authenticated successfully
(13) [pap] = ok
(13) } # Auth-Type PAP = ok
(13) # Executing section post-auth from file /opt/etc/raddb/sites-enabled/default
(13) post-auth {
(13) update {
(13) No attributes updated
(13) } # update = noop
(13) sql: EXPAND .query
(13) sql: --> .query
(13) sql: Using query template 'query'
rlm_sql (sql): Reserved connection (2)
(13) sql: EXPAND %{User-Name}
(13) sql: --> eman
(13) sql: SQL-User-Name set to 'eman'
(13) sql: EXPAND INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S')
(13) sql: --> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'eman', '25833', 'Access-Accept', '2018-12-15 16:04:00')
(13) sql: Executing query: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'eman', '25833', 'Access-Accept', '2018-12-15 16:04:00')
(13) sql: SQL query returned: success
(13) sql: 1 record(s) updated
rlm_sql (sql): Released connection (2)
Need 1 more connections to reach 10 spares
rlm_sql (sql): Opening additional connection (9), 1 of 23 pending slots used
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql_mysql: Connected to database 'radius' on 192.168.6.11 via TCP/IP, server version 5.5.5-10.0.34-MariaDB, protocol version 10
(13) [sql] = ok
(13) [exec] = noop
(13) policy remove_reply_message_if_eap {
(13) if (&reply:EAP-Message && &reply:Reply-Message) {
(13) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
(13) else {
(13) [noop] = noop
(13) } # else = noop
(13) } # policy remove_reply_message_if_eap = noop
(13) } # post-auth = ok
(13) Sent Access-Accept Id 188 from 192.168.6.11:1812 to 192.168.6.11:52775 length 0
(13) Session-Timeout = 0
(13) Finished request
Waking up in 4.9 seconds.