Usage instead of time accounting

Chris Knipe savage at savage.za.org
Fri Feb 3 22:19:07 CET 2006


I use rlm_perl and custom scripts running at a Accounting Update.  If used 
bytes is over a certain limit, I disconnect the user and disable the account 
in a mysql database.

Regards,
Chris.

----- Original Message ----- 
From: "Sean" <sean at swarmhotspots.com>
To: <freeradius-users at lists.freeradius.org>
Sent: Friday, February 03, 2006 8:00 PM
Subject: Usage instead of time accounting


> Hi'
>
> I've been using FreeRadius authorisation and accounting for my Internet
> Hotspot service for some time. It performs perfectly. Up to now all of
> my clients use time based tickets(One hour, one day, one week and one
> month) I now have a client that wants to supply tickets that will limit
> the usage in bytes of a user. Can this be done and if so can anyone
> recommend a source for documentation. I've Googled for the last few days
> and checked the DD-WRT and Chillispot forums to no avail.
>
> Regards and rhanks in advance,
>
> Sean Bracken
>
> http://swarmhotspots.com
>
> On Fri, 2006-02-03 at 17:55 +0100,
> freeradius-users-request at lists.freeradius.org wrote:
>> Send Freeradius-Users mailing list submissions to
>> freeradius-users at lists.freeradius.org
>>
>> To subscribe or unsubscribe via the World Wide Web, visit
>> http://lists.freeradius.org/mailman/listinfo/freeradius-users
>> or, via email, send a message with subject or body 'help' to
>> freeradius-users-request at lists.freeradius.org
>>
>> You can reach the person managing the list at
>> freeradius-users-owner at lists.freeradius.org
>>
>> When replying, please edit your Subject line so it is more specific
>> than "Re: Contents of Freeradius-Users digest..."
>>
>>
>> Today's Topics:
>>
>>    1. (Fwd) Detail Filter method (Breuer Nicolas)
>>    2. Re: Detail Filter method (Nicolas Baradakis)
>>    3. R: SQL.conf new query (Carlo Prestopino)
>>    4. Re: how to log username in uppercase in radacct
>>       (Nicolas Baradakis)
>>    5. Root Certificate via ADS (Armin Kr?mer)
>>    6. Re: FDS + Freeradius = pain. (Joey McDonald)
>>
>>
>> ----------------------------------------------------------------------
>>
>> Message: 1
>> Date: Fri, 03 Feb 2006 14:14:54 +0100
>> From: "Breuer Nicolas" <Nicolas.Breuer at Belcenter.biz>
>> Subject: (Fwd) Detail Filter method
>> To: freeradius-users at lists.freeradius.org
>> Message-ID: <43E3655E.29093.29B17267 at Nicolas.Breuer.Belcenter.biz>
>> Content-Type: text/plain; charset="iso-8859-1"
>>
>>  In /etc/raddb/acct_users file:
>>
>> DEFAULT Acct-Status-Type == Interim-Update, Acct-Type := empty
>>
>> And in /etc/raddb/radiusd.conf:
>>
>> modules {
>>
>> always ok {
>> rcode = ok
>> }
>>
>> ...
>> }
>>
>> ...
>>
>> accounting {
>>
>> # Log start & stop
>> detail
>>
>> Acct-Type empty {
>> ok
>> }
>> }
>>
>> -- 
>> Nicolas Baradakis
>>
>>
>>
>>  Can i also put the empty section only in detail module
>>  because i have a sql line in account (to log everything)
>>
>>  I wouldlike only to disable it in detail accounting.
>>
>>
>>
>>
>>
>> ------- Forwarded message follows -------
>> From:           Breuer Nicolas <Nicolas.Breuer at Belcenter.biz>
>> To:             freeradius-users at lists.freeradius.org
>> Subject:        Detail Filter method
>> Send reply to:  Nicolas.Breuer at BelCenter.biz
>> Date sent:      Fri, 03 Feb 2006 10:54:43 +0100
>>
>>
>>  Hello all,
>>
>>  I'm using the "detailled" logs with FreeRadius.
>>
>>  I wouldlike to filter the interim updates to not logged
>>  them. Is it possible ??
>>
>>  I wouldlike to only have a logs files with start & stop..
>>
>>  It would be a nice option, i think..
>>
>>
>>
>> ------- End of forwarded message -------
>>
>> Breuer Nicolas
>> Content & Marketing Manager.
>> Network Supervisor.
>>
>> BELCENTER ISP & PORTALS
>> Avenue Henri Conscience, 94
>> B -1140 Bruxelles
>> Tl. :+32 2 243 0 243
>> Fax :+32 2 243 0 244
>> Mobile :+32 486 50 27 87
>> E-Mail : Nicolas.Breuer at Belcenter.biz
>> http://www.BelCenter.be | http://www.BelCenter.net
>> http://www.BelCenter.lu  | http://www.BelCenter.nl
>>
>> -------------- next part --------------
>> An HTML attachment was scrubbed...
>> URL: 
>> https://list.xs4all.nl/pipermail/freeradius-users/attachments/20060203/6a9e517f/attachment-0001.html
>>
>> ------------------------------
>>
>> Message: 2
>> Date: Fri, 3 Feb 2006 15:01:02 +0100
>> From: Nicolas Baradakis <nbk at sitadelle.com>
>> Subject: Re: Detail Filter method
>> To: freeradius-users at lists.freeradius.org
>> Message-ID: <20060203140102.GR16964 at asuka.tech.sitadelle.com>
>> Content-Type: text/plain; charset=us-ascii
>>
>> Breuer Nicolas wrote:
>>
>> >  Can i also put the empty section only in detail module
>> >  because i have a sql line in account (to log everything)
>> >
>> >  I wouldlike only to disable it in detail accounting.
>>
>> Please no HTML to the list.
>>
>> You can add the sql module in the subsection, as explained in the
>> provided documentation: http://freeradius.org/radiusd/doc/Acct-Type
>>
>> For example, in acct_users:
>>
>> DEFAULT Acct-Status-Type == Interim-Update, Acct-Type := interim
>>
>> And in radiusd.conf:
>>
>> accounting {
>>
>> sql
>> detail
>>
>> Acct-Type interim {
>> sql
>> }
>> }
>>
>> -- 
>> Nicolas Baradakis
>>
>>
>>
>> ------------------------------
>>
>> Message: 3
>> Date: Fri, 3 Feb 2006 15:02:55 +0100
>> From: "Carlo Prestopino" <c.prestopino at waitalia.com>
>> Subject: R: SQL.conf new query
>> To: "'FreeRadius users mailing list'"
>> <freeradius-users at lists.freeradius.org>
>> Message-ID: <200602031402.k13DqskH046702 at mxdrop5.xs4all.nl>
>> Content-Type: text/plain; charset="us-ascii"
>>
>> Ok, problem solved, as you can see at this post
>> http://lists.freeradius.org/pipermail/freeradius-devel/2006-February/009446.
>> html
>>
>> Thank you to everyone
>>
>> Regards,
>> Carlo
>>
>>
>>
>>
>>
>> ------------------------------
>>
>> Message: 4
>> Date: Fri, 3 Feb 2006 15:51:23 +0100
>> From: Nicolas Baradakis <nbk at sitadelle.com>
>> Subject: Re: how to log username in uppercase in radacct
>> To: FreeRadius users mailing list
>> <freeradius-users at lists.freeradius.org>
>> Message-ID: <20060203145123.GS16964 at asuka.tech.sitadelle.com>
>> Content-Type: text/plain; charset=us-ascii
>>
>> baynaa at mobinet.mn wrote:
>>
>> > Can anyone tell me how I can configure radius so that Username field is
>> > logged in uppercase for all records in RadAcct table.
>>
>> Please no HTML to the list.
>>
>> You could change the queries in /etc/raddb/sql.conf to use the UPPER()
>> function.
>>
>> For example:
>>
>> accounting_start_query = "INSERT into radacct (UserName, ... ) values 
>> (UPPER('%{SQL-User-Name}'), ... );"
>>
>> -- 
>> Nicolas Baradakis
>>
>>
>>
>> ------------------------------
>>
>> Message: 5
>> Date: Fri, 03 Feb 2006 16:58:48 +0100
>> From: Armin Kr?mer <Kraemer.Armin at web.de>
>> Subject: Root Certificate via ADS
>> To: freeradius-users at lists.freeradius.org
>> Message-ID: <466882286 at web.de>
>> Content-Type: text/plain; charset="iso-8859-1"
>>
>>
>> Hi, im planing to install my generated root Certifikate via W2k ADS to 
>> the Clients.
>>
>> How can i do this via AADS? What do i have to do in ADS and Group 
>> Policies?
>>
>> The second question ist that i will have to set a mark onto my 
>> certifikate at the Trusted RootCertifikate Field at the network 
>> Connection (hoe you understand what i mean) . How can i do this? Intall 
>> Root Certifikate and set this mark that i can use EAP-TLS wit Freeradius? 
>> I dont want to put it on 300 clients per hand :-)
>>
>>
>>
>> Thank
>>
>> Armin
>>
>> -------------- next part --------------
>> An HTML attachment was scrubbed...
>> URL: 
>> https://list.xs4all.nl/pipermail/freeradius-users/attachments/20060203/3644c9f5/attachment-0001.html
>>
>> ------------------------------
>>
>> Message: 6
>> Date: Fri, 3 Feb 2006 09:32:39 -0700
>> From: Joey McDonald <jmcdice at gmail.com>
>> Subject: Re: FDS + Freeradius = pain.
>> To: Phil Mayers <p.mayers at imperial.ac.uk>
>> Cc: FreeRadius users mailing list
>> <freeradius-users at lists.freeradius.org>
>> Message-ID:
>> <b0d010580602030832w3adc4f2fo148688c0d4b2ec at mail.gmail.com>
>> Content-Type: text/plain; charset="iso-8859-1"
>>
>> Hi Phil,
>>
>> Thanks for the response.
>>
>> > rlm_ldap: Adding userPassword as User-Password, value { & op=21
>> >
>> > The line above looks wrong, but it never ends up being a problem
>> > because...
>> >
>> > > rlm_ldap: looking for reply items in directory...
>> > > rlm_ldap: user joey authorized to use remote access
>> > > rlm_ldap: ldap_release_conn: Release Id: 0
>> >
>> > ...during authenticate...
>>
>>
>> Sure, I don't think that FDS has the radius extensions yet although I've
>> created an ldif to add them if needed but in the mean time I've just
>> commented out:
>>    access_attr = "dialupAccess"
>>
>> because I want all my users to be able to use the VPN.
>>
>> > rlm_ldap: - authenticate
>> > > rlm_ldap: login attempt by "joey" with password "xxxxxxxx"
>> > > rlm_ldap: user DN: uid=joey,ou=People, dc=example,dc=net
>> > > rlm_ldap: (re)connect to ldap.example.net:389, authentication 1
>> > > rlm_ldap: bind as uid=joey,ou=People, dc=example,dc=net/xxxxxxxx to
>> > > ldap.example.net:389
>> > > rlm_ldap: waiting for bind result ...
>> > > rlm_ldap: Bind was successful
>> > > rlm_ldap: user joey authenticated succesfully
>> >
>> > ...auth-type == LDAP and an LDAP simple bind is done to answer the PAP
>> > request from radtest. This ONLY works with PAP because an LDAP simple
>> > bind needs the plaintext password.
>> >
>> > > Login OK: [joey/xxxxxxx] (from client el-oso port 0)
>> > > Sending Access-Accept of id 116 to 172.33.100.18:32811
>> > >
>> > > So that tells me that I've got the communication to my LDAP server
>> > > properly configured.
>> > >
>> > > However when my PPTP server sends authentication requests to my 
>> > > radius
>> > > server, I always get "Login incorrect: [joey/<no User-Password
>> > > attribute>]"
>> >
>> > Since it's a PPTP server you are almost certainly going to be using
>> > MS-CHAP, which requires either:
>> >
>> >   1. The NT password hash to be in LDAP and readable by FreeRadius
>> >   2. The plaintext password to be in LDAP and readable
>> >   3. Samba, domain membership, winbind and the ntlm_auth plugin option
>> > for the mschap module
>>
>>
>> Well, I'm not using windows systems at all - I've got OSX clients and a
>> linux-based PPTP server. The passwords are stored as SSHA in my LDAP
>> directory. That finally makes sense as to why radtest works, so thanks! 
>> My
>> next question is, what Auth-Type should I be using for SSHA's stored in 
>> an
>> LDAP directory. Clearly LDAP isn't going to be it if it doesn't support
>> decrypting passwords and I don't wish to store passwords in plain text in
>> the directory.
>> -------------- next part --------------
>> An HTML attachment was scrubbed...
>> URL: 
>> https://list.xs4all.nl/pipermail/freeradius-users/attachments/20060203/9fbe7796/attachment.html
>>
>> ------------------------------
>>
>> -
>> List info/subscribe/unsubscribe? See 
>> http://www.freeradius.org/list/users.html
>>
>>
>> End of Freeradius-Users Digest, Vol 10, Issue 12
>> ************************************************
>>
> -
> List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html
> 





More information about the Freeradius-Users mailing list