Using rlm_rest for authorization and sqlcounters for session and bandwidth limits

Mon Jun 25 20:57:29 CEST 2018

HI Alan,

In addition to my previous mail, can you tell me how to use rlm_sqlcounter
along with the tables radgroupcheck and radgroupusers?

I was able to get it working with the radcheck tables by using the check
names but not radgroupcheck.

Thank you.

On Fri, Jun 22, 2018 at 10:39 PM, Rohith Asrk <rohith.asrk at gmail.com> wrote:

> Thanks for the quick reply Alan. I've experimented a bit and here are some
> observations I make,
>
> 1. The authorize section looks like the way I've defined in the previous
> mail. But the rest module before sql and dailybandwidthcounter
>
> 2. I'm able to put limits on users using the radcheck table but not able
> to do that using the radgroupcheck and radgroupusers table.
>
> I basically wish to put limits on groups, and users shall be a part of it.
> So I created a group named test_group with a test_user in it and put limits
> on the test_group with Max-Daily-Session-Traffic attribute.
>
> It works if I use the radcheck table with the same attribute and values
> but doesn't with the groups.
>
> I'm using the command *radtest test_user test_password localhost 10
> secret_key *to test all this. Is there a different implementation with
> groups or something else I need know?
>
> Regards,
> Rohith ASRK
>
>
> On Fri, Jun 22, 2018 at 9:23 PM, Alan DeKok <aland at deployingradius.com>
> wrote:
>
>> On Jun 22, 2018, at 11:11 AM, Rohith Asrk <rohith.asrk at gmail.com> wrote:
>> > I'm working on a feature for being able to enforce session and bandwidth
>> > limits on users using a web interface of django-freeradius.
>> >
>> > I wish to authenticate the users using the rlm_rest module and use
>> custom
>> > defined sqlcounters for putting limits on users. For ex.,
>>
>>   That should work...
>>
>> > sqlcounter dailybandwidthcounter {
>> >        counter_name = Max-Daily-Session-Traffic
>> >        check_name = Max-Daily-Session-Traffic
>> >        sql_module_instance = sql
>> >        key = 'User-Name'
>> >        reset = daily
>> >        Reply-Message = "Your daily bandwidth limit has reached"
>> >        query = "SELECT sum(AcctOutputOctets) + sum(AcctInputOctets) FROM
>> > radacct WHERE \
>> >                 UserName = '%{${key}}' AND \
>> >                 acctstarttime BETWEEN FROM_UNIXTIME('%%b') AND
>> > FROM_UNIXTIME('%%e')"
>> > }
>>
>>   That just queries the normal "radacct" table tho.
>>
>>   What else do you want to do?
>>
>> > I'm not sure about configuring the FreeRADIUS configuration for
>> > accomplishing this. My authorize section looks like
>> >
>> > authorize {
>> >    # ...
>> >    dailybandwidthcounter
>> >    rest
>> >    # ...
>> > }
>>
>>   That calls "dailybandwidthcounter" before the "rest" module.  Is that
>> what you want?
>>
>>   How do the two modules interact?  Or should they *not* interact?
>>
>> > I wish to use the concept of radius groups to implement this feature,
>> i.e.,
>> > add instances of radgroupcheck with attributes like
>> > Max-Daily-Session-Traffic so that the dailybandwidth counter checks it
>> and
>> > puts the limits.
>>
>>   That should be possible, if you list "sql" before
>> "dailybandwidthcounter".  And, if you put the Max-Daily-Session-Traffic
>> attributes into SQL.
>>
>> > I tried testing it with radclient and radtest but haven't been able to
>> see
>> > any results.
>>
>>   As always, run the server in debug mode to see what it's doing:
>>
>> http://wiki.freeradius.org/radius-X
>>
>> > Am I going the right way? Can anyone help me with the concept
>> > of enforcing limits and also configuration?
>>
>>   It should work pretty much as you've described above.
>>
>>   Alan DeKok.
>>
>>
>> -
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list
>> /users.html
>
>
>