help - simultaneous accounting

Fajar A. Nugraha list at fajar.net
Sat Oct 6 11:47:22 CEST 2012


On Sat, Oct 6, 2012 at 2:38 PM, 劉君羿 <trantor.liu at gmail.com> wrote:
> I want to allow simultaneous use of accounts.
> However, RFC 2866 says that the Acct-Session-Time
>>
>> can only be present in Accounting-Request records where the
>> Acct-Status-Type is set to Stop [Page 17]
>

Look for  "Interim Accounting Updates". Probably on rfc 2869.

>
> Does this mean that RADIUS protocol can not manage simultaneous use of an
> account?
>
> For example, an account with Session-Timeout 2 hours is shared by two users.
> User1 login first and use the account for 1 hour,
> user2 then login (user1 still accessing the account),
> then user2 turns out two have 2 hours, which is wrong and is because that
> user1 not yet send Acct-Session-Time to the server.

It's possible, but not easy.

Short version is you need to check all the accounting records for that
user, both stopped, and running (updated by interim updates), and
calculate whether the limit is already reached. Storing accounting
records in db will make this easier. When it does, you need to send
disconnect request packet to the NAS (and not all NAS might support
that). All the necessary building blocks are there, but you need to
create the necessary config yourself.

See "man unlang" for starters, in particular look for "coa",
"disconnect", and "Obtaining results from databases"

-- 
Fajar


More information about the Freeradius-Users mailing list