Freeradius-Users Digest, Vol 45, Issue 31

Hanno Schupp hanno.schupp at gmail.com
Mon Jan 12 00:30:11 CET 2009


>
> > Dear All,
> >
> >
> >
> > I have a few questions regarding the rlm_sqlcounter module and its
> > configuration. I have a freeradius 2.1.0 communicating with a router
> running
> > chillispot 1.1  I set up counters for time, data volume, and with
> different
> > reset periods. All works fine and as expected.
> >
> >
> >
> > Here my questions:
> >
> >
> >
> > 1)      After the time or data volume for a period (say a month) is
> reached
> > the user is automatically disconnected – as expected. Rather them not
> > allowing to log in , I would like freeradius to return some other
> attributes
> > (WISPr-Bandwidth-Max-Up and WISPr-Bandwidth-Max-Down work fine with
> > ChilliSpot) to be sent to the router for the user, so that a connection
> is
> > still possible, but at a much lower maximum speed. Can that be done, and
> if
> > so, can someone give me a pointer. I was thinking maybe using unlang, but
> I
> > may be barking up the wrong tree.
> >
>
> You might be better off making changes to your provisioning system
> assuming you are using a database backend although
> you might be able to get away with unlang.


I know 'I might be able to get away with unlang'. I was hoping for a useful
pointer as to how.

I have followed this up further and have a new roadblock. I have put this
code into my 'authorize' section:
...
        monthlytotal
        if (reject) {
        update control {
                        Auth-Type := "Accept"
        }
        update reply {
                        WISPr-Bandwidth-Max-Down := 256000
                        WISPr-Bandwidth-Max-Up := 32000
                }
        }
        monthlyupload
        monthlydownload

        logintime
...

Module monthlytotal is behaving as expected (definition below), throwing a
reject, when the so far in the month used Octets exceed the set limit for
the user.

However, what appears to happen when looking through the debug (below),
freeradius appears to stop processing any further modules in the authorise
section. Is that what is expected? If so, can this behaviour be changed
through configuration, or does this require a whole new module?

...
sqlcounter monthlytotal {
                counter-name = Max-Monthly-Total-Octets
                        check-name = Max-Monthly-Total
                        reply-name = ChilliSpot-Max-Total-Octets
                        sqlmod-inst = sql02
                        key = User-Name
                        reset = monthly
        query = "SELECT IFNULL(SUM(AcctInputOctets - GREATEST((%b -
UNIX_TIMESTAMP(AcctStartTime)), 0))+ SUM(AcctOutputOctets -GREATEST((%b -
UNIX_TIMESTAMP(AcctStartTime)), 0)),0) FROM radacct WHERE UserName='%{%k}'
AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'"
}
...

...
Mon Jan 12 11:49:28 2009 : Debug: rlm_sqlcounter: (Check item - counter) is
less than zero
Mon Jan 12 11:49:28 2009 : Debug: rlm_sqlcounter: Rejected user yubvef24,
check_item=500000, counter=535178
Mon Jan 12 11:49:28 2009 : Info: ++[monthlytotal] returns reject
Mon Jan 12 11:49:28 2009 : Info: Using Post-Auth-Type Reject
Mon Jan 12 11:49:28 2009 : Info: +- entering group REJECT {...}
Mon Jan 12 11:49:28 2009 : Debug:       expand: %{User-Name} -> yubvef24
Mon Jan 12 11:49:28 2009 : Debug:  attr_filter: Matched entry DEFAULT at
line 11
Mon Jan 12 11:49:28 2009 : Info: ++[attr_filter.access_reject] returns
updated
Mon Jan 12 11:49:28 2009 : Info: Delaying reject of request 0 for 1 seconds
...



>
>
> >
> >
> > 2)      The   reset = monthly   method seem to the first of the current
> > month. That is one way of doing it, but I would like the reset to occur
> at
> > the same date in the month every month. So if someone signs up, say on
> the
> > 12th of a month, the reset will occur every month on the 12th. Can that
> be
> > done with freeradius?
> >
> >
>
> rlm_sqlcounter only support calendar month or day or week.


I am surprised to hear that, as this seems to be the standard way any ISP I
came accross in this part of the world seems to define a 'month', including
large internationals. If the final answer remains 'no, this cannot be done',
who do I need to contact to discuss sponsoring the development of such a new
feature within the module?

>
>
> >
> > 3)      Currently I receive something like   Reply-Message = "Your
> maximum
> > never usage time has been reached"   when the counter reaches its limit –
> > even when what was counted as not time but data volume. Can Reply-Message
> > for sqlcounter be configured as in the expiration module?
> >
> >
>
> rlm_sqlcounter does not have provision for cusom reply messages. There
> was a patch floating around to send custom reply messages from
> rlm_sqlcounter. Probably you should look in mailing list archives.
>
I have done that, thanks. Neither search for 'rlm_sqlcounter' nor
'Reply-Message' yielded anything useful.


>
> >
> > 4)      One surprise I have had: I don't quite understand how the system
> > calculates the day for the beginning of the reset = weekly. I appreciate
> > that calculating the day of the week is not easy as for example first of
> the
> > current month or beginning of the day, so I was not surprised to not have
> a
> > Monday, but I was surprised to see the SQL query run with 'Fri Jan 09
> 2009
> > 00:00:00 GMT+1300 (New Zealand Daylight Time)' as beginning of the week,
> > when running the query on a Saturday. BTW, SQL time is configured
> correctly,
> > and the UNIX_TIMESTAMP is giving a correct timestamp for local time. What
> am
> > I missing?
> > (Note: When setting reset = 7d, I get something more explainable like
> 'Sat
> > Jan 10 2009 00:00:00 GMT+1300 (New Zealand Daylight Time)', which is the
> > beginning of the today's day. Should reset = weekly and reset =7d yield
> the
> > same result? If not, what is weekly vs 7d, and why does the week not
> start
> > on a Monday?
> >
>
Interesting running it today, Monday, 12 January 2009 12:26:36 p.m. NZSTD, I
get Tuesday, 6 January 2009 12:00:00 a.m. NZSTD as beginning of the time
weekly period the system is checking.
Can someone explain that logic?




---------- Forwarded message ----------
From: Eric <bbahar3 at gmail.com>
To: freeradius-users at lists.freeradius.org
Date: Sun, 11 Jan 2009 08:26:41 +0330
Subject: Re:freeradius doesn't sent information to mysql
I had sent an instance of accounting request from my vpn server to radius
server. you send me that  I haven't got anything configured in the
accounting section. do you mean that vpn server frame is correct but
accounting section in radius server doesn't work?

>rad_recv: Accounting-Request packet from host 10.10.10.3:11858, id=133,
>length=260
>        Acct-Status-Type = Start
>        Acct-Delay-Time = 0
>        NAS-IP-Address = 10.10.10.3
>        Service-Type = Framed-User
>        Framed-Protocol = PPP
>        NAS-Port = 4
>        MS-RAS-Vendor = 311
>        MS-RAS-Version = "MSRASV5.20"
>        NAS-Port-Type = Virtual
>        Tunnel-Type:0 = PPTP
>        Tunnel-Medium-Type:0 = IP
>        Calling-Station-Id = "192.168.201.59"
>        Tunnel-Client-Endpoint:0 = "192.168.201.59"
>        Microsoft-Attr-35 = 0x4d5352415356352e3130
>        Microsoft-Attr-34 = 0x4d535241532d302d312d34304432

> 454332364243374334
> >        Acct-Session-Id = "118382"
> >        User-Name = "school"
> >        Framed-IP-Address = 10.10.10.4
> >        Framed-MTU = 1400
> >        Session-Timeout = 389554
> >        Idle-Timeout = 1200
> >        Acct-Multi-Session-Id = "953"
> >        Acct-Link-Count = 1
> >        Event-Timestamp = "Dec 31 2008 15:45:03 IRST"
> >        Acct-Authentic = RADIUS
> >        MS-MPPE-Encryption-Types = 0x00000000
> >Sending Accounting-Response of id 133 to 10.10.10.3 port 11858
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090112/e0360f7d/attachment.html>


More information about the Freeradius-Users mailing list