Decisionmaking in FreeRADIUS & Check/Reply Items

K. Hoercher wbhoer at gmail.com
Wed Oct 11 11:00:44 CEST 2006 

On 10/11/06, Jan Mulders <lastchancehotel at gmail.com> wrote:
> Hello list,
>
> I am trying to use the 'files' module of Freeradius to do
> decisionmaking, based on information pulled in from the sql module,
> and the sqlcounter thing.
>
I'm not really knowing much about that. But a quick glance over the
provided bits leads to a few internal "huh?"s

You don't seem to actually use "files" anywhere.  Where do you use
"monthlybytecounter"? And those references to the (allegedly)
"Pool-Name"s in post-auth{} and accounting {} look strange too.

Putting that aside for the moment, (as it doesn't even get that far).

> First off, is this the right way of doing this? I want to assign users
> a different Pool-Name for  each assigned speed, and send
> Max-Download-Speed and Max-Upload-Speed vendor-specific variables to
> the client on each request.
>
> My actual problem relates to the following errors, pulled from radiusd -X:
>

> But... but... the bottom 3 attributes *aren't* check attributes! I
> want to *set* them! Or am I getting entirely the wrong end of the
> stick here?

hm, well, they _are_! You might not want them to be so, but...
1. Pool-Name is in freeradius.internal dictionary, so you shouldn't
mess with that.
2. The other ones produce the same message from lines 195ff in
rlm_files.c. I don't find them in the provided dictionaries. Where\how
do you define them? Obviously they are encoded to a range reserved for
non-reply items and the exception for VSA doesn't kick in.

finally:
> radiusd.conf: "files" modules aren't allowed in 'post-auth' sections
>-- they have no such method.
>radiusd.conf[327] Failed to parse post-auth section.
is quite clear.

>
> Can somebody point out how these rules are meant to be arranged, and
> perhaps how I could do this in sql? It's all quite confusing.
>

Uh, as much as I could infer, you should get rid of this Pool-Name.
Afaik it is unneeded for the purpose of sending back reply attributes
in general as it has to do with ippools.

Provide a sane dictionary for the other two attributes.

Please check man 5 users, the comments in radius.conf at the top of
sqlcounter stanza. Roughly put, you should append "monthlybytecounter"
and "files" to authenticate {}, get rid of "files" "512*" etc and
probably "sql" in post-auth{} and minus "sql" in accounting{}. Make
small changes and check how they work by looking at debug output.

Then you could contemplate putting the logic in users file to sql tables.

regards
K. Hoercher

More information about the Freeradius-Users mailing list