Using rlm_rest for authorization and sqlcounters for session and bandwidth limits

Alan DeKok aland at
Fri Jun 22 17:53:29 CEST 2018

On Jun 22, 2018, at 11:11 AM, Rohith Asrk <rohith.asrk at> wrote:
> I'm working on a feature for being able to enforce session and bandwidth
> limits on users using a web interface of django-freeradius.
> I wish to authenticate the users using the rlm_rest module and use custom
> defined sqlcounters for putting limits on users. For ex.,

  That should work...

> sqlcounter dailybandwidthcounter {
>        counter_name = Max-Daily-Session-Traffic
>        check_name = Max-Daily-Session-Traffic
>        sql_module_instance = sql
>        key = 'User-Name'
>        reset = daily
>        Reply-Message = "Your daily bandwidth limit has reached"
>        query = "SELECT sum(AcctOutputOctets) + sum(AcctInputOctets) FROM
> radacct WHERE \
>                 UserName = '%{${key}}' AND \
>                 acctstarttime BETWEEN FROM_UNIXTIME('%%b') AND
> }

  That just queries the normal "radacct" table tho.

  What else do you want to do?

> I'm not sure about configuring the FreeRADIUS configuration for
> accomplishing this. My authorize section looks like
> authorize {
>    # ...
>    dailybandwidthcounter
>    rest
>    # ...
> }

  That calls "dailybandwidthcounter" before the "rest" module.  Is that what you want?

  How do the two modules interact?  Or should they *not* interact?

> I wish to use the concept of radius groups to implement this feature, i.e.,
> add instances of radgroupcheck with attributes like
> Max-Daily-Session-Traffic so that the dailybandwidth counter checks it and
> puts the limits.

  That should be possible, if you list "sql" before "dailybandwidthcounter".  And, if you put the Max-Daily-Session-Traffic attributes into SQL.

> I tried testing it with radclient and radtest but haven't been able to see
> any results.

  As always, run the server in debug mode to see what it's doing:

> Am I going the right way? Can anyone help me with the concept
> of enforcing limits and also configuration?

  It should work pretty much as you've described above.

  Alan DeKok.

More information about the Freeradius-Users mailing list