RES: freeradius disconnect user using accounting

Vijay S vijay.hcr at gmail.com
Wed Apr 8 13:44:11 CEST 2015 

Hi Leandromelo,

You need to for following command to logout user.

Echo "username" | radclient -r 1 10.0.0.1:3799 disconnect ''secret''

For above to work you will have to enable radius setting in mikrotik to
receive disconnect request from radius server and act on it.

Regards
Vijay A.

On Apr 8, 2015 5:03 PM, "Leandro Melo - Netsul Telecom" <
leandromelo at netsulinternet.com.br> wrote:
>
> sorry, I think I could not express myself. lest go:
>
> I have a mikrotik that controls my clients, authentication is done
through the freeradius.
>
> I setup mikrotik (interim update) to send the radius connection
information every 10 seconds and I could see through the debug radius that
every time the mikrotik sends the information of active connections run the
commands that are within the accounting module {} (/ etc / raddb /
sites-available / default) within the accounting created a condition that
checks the time that the connection is active "% {Acct-Session-Time}" and
if this condition is met must send a command that disconnect the mikrotik
connection, see below:
>
> accounting {
>         unix
>         detail
>         radutmp
>         sqlippool
>         sql1
>         exec
>         if ("% {Acct-Session-Time}"> 30) {
>
>                 # command that will bring down the mikrotik connection,
what is this command?
>         }
>         attr_filter.accounting_response
> }
>
> Att,
>
>
>
> -----Mensagem original-----
> De: Freeradius-Users [mailto:freeradius-users-bounces+leandromelo=
netsulinternet.com.br at lists.freeradius.org] Em nome de Vijay S
> Enviada em: quarta-feira, 8 de abril de 2015 02:26
> Para: FreeRadius users mailing list
> Assunto: Re: freeradius disconnect user using accounting
>
> Hi leandromelo,
> What exactly you want to do, Kindly give clear idea so people here can
help you actually.
>
> Regards
> Vijay A.
> On Apr 8, 2015 12:28 AM, "Leandro Melo - Netsul Telecom" <
leandromelo at netsulinternet.com.br> wrote:
>
> > dear,
> >
> >
> >
> > use FreeRADIUS Version 2.1.12 and mikrotik as hub, set up the interim
> > update for 10 seconds (for testing) so that the radius can drop the
> > connection when the time is reached.
> >
> > set up the / etc / raddb / sites-avaliable / default to
> >
> >
> >
> > accounting {
> >
> > detail
> >
> > unix
> >
> > radutmp
> >
> > sqlippool
> >
> >          sql1
> >
> > exec
> >
> >          if ("% {Acct-Session-Time}"> 30) {
> >
> >            reject
> >
> > }
> >
> > attr_filter.accounting_response
> >
> > }
> >
> >
> >
> > but the log returned by radius if he enters, but drops the connection,
> > what command to derrumar the connection and return a "reply-message" to
the hub?
> >
> >
> >
> > follows the log:
> >
> >
> >
> > ...
> >
> > [sql1]  expand: UPDATE radacct   SET FramedIPAddress =
> > NULLIF('%{Framed-IP-Address}', '')::inet,   AcctSessionTime =
> > '%{Acct-Session-Time}',   AcctInputOctets =
> > (('%{%{Acct-Input-Gigawords}:-0}'::bigint << 32) +
> > '%{%{Acct-Input-Octets}:-0}'::bigint),   AcctOutputOctets =
> > (('%{%{Acct-Output-Gigawords}:-0}'::bigint << 32) +
> > '%{%{Acct-Output-Octets}:-0}'::bigint)   WHERE AcctSessionId =
> > '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}'   AND
NASIPAddress=
> > '%{NAS-IP-Address}' AND AcctStopTime IS NULL -> UPDATE radacct   SET
> > FramedIPAddress = NULLIF('192.168.95.101', '')::inet,   AcctSessionTime
=
> > '1101',   AcctInputOctets = (('0'::bigint << 32) + '211907'::bigint),
> > AcctOutputOctets = (('0'::bigint << 32) + '407325'::bigint)   WHERE
> > AcctSessionId = '81c00012' AND UserName = 'teste1'   AND NASIPAddress=
> > '192.168.1.41' AND AcctStopTime IS NULL
> >
> > rlm_sql (sql1): Reserving sql socket id: 0
> >
> > rlm_sql_postgresql: Status: PGRES_COMMAND_OK
> >
> > rlm_sql_postgresql: query affected rows = 1
> >
> > rlm_sql (sql1): Released sql socket id: 0
> >
> > ++[sql1] returns ok
> >
> > ++[exec] returns noop
> >
> > ++? if ("%{Acct-Session-Time}" > 30)
> >
> >         expand: %{Acct-Session-Time} -> 1101
> >
> > ? Evaluating ("%{Acct-Session-Time}" > 30) -> TRUE
> >
> > ++? if ("%{Acct-Session-Time}" > 30) -> TRUE
> >
> > ++- entering if ("%{Acct-Session-Time}" > 30) {...}
> >
> > +++- if ("%{Acct-Session-Time}" > 30) returns noop
> >
> > ++- group accounting returns noop
> >
> > [attr_filter.accounting_response]   expand: %{User-Name} -> teste1
> >
> > attr_filter: Matched entry DEFAULT at line 12
> >
> > ++[attr_filter.accounting_response] returns updated
> >
> > Sending Accounting-Response of id 232 to 10.0.2.2 port 37115
> >
> > Finished request 21.
> >
> > ...
> >
> >
> >
> > Att,
> >
> >
> >
> >
> >
> >
> >
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
> -----
> Nenhum vírus encontrado nessa mensagem.
> Verificado por AVG - www.avgbrasil.com.br
> Versão: 2015.0.5863 / Banco de dados de vírus: 4321/9486 - Data de
Lançamento: 04/08/15
>
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list