Freeradius 3.0.15 Fair Usage Policy doesn't work

Wed Oct 10 15:17:43 CEST 2018

I am running on the freeradius 3.0.15 on Ubuntu 16.04 almost over 4 month.
But still I couldn't figure out how to deploy fair usage policy.

I just want to reply Mikrotik-Rate-Limit to user when they hit the quota
for daily.

1- nano /etc/freeradius/mods-enabled/sqlcounter

I added the following counter

    sqlcounter dailyquota{
    count_attribute = Acct-Input-Octets
    counter_name = My-Total-Data-Limit
    check_name = My-Total-Limit
    sqlmod-inst = sql
    key = User-Name
    reset = never
    query = "SELECT ((SUM(AcctInputOctets)+SUM(AcctOutputOctets))) FROM
radacct WHERE UserName='%{User-Name}'"
    }

2- nano /etc/freeradius/sites-enabled/default

    nano /etc/freeradius/sites-available/default

In authorize section added the counter name

    authorize {
    ......
    dailyquota
    ......
    }

In accounting section added the counter query and reply message

    accounting {
    ......
    if ( "%{sql: SELECT ((SUM(AcctInputOctets)+SUM(AcctOutputOctets))) FROM
radacct WHERE UserName='%{User-Name}'}" > "%{sql: SELECT value from
radcheck where username='%{User-Name}' and attribute='My-Total-Limit'}" ) {
    update disconnect {
    Mikrotik-Rate-Limit := "2M/2M"
    Reply-Message := "You have reached your transfer limit. Limited
bandwidth"
    }
    }
    ......
    }

3- Define the My-Total-Limit attribute on dictionary

    ATTRIBUTE       My-Total-Limit           3001    integer64

4- Add the user with the attribute that 10 MB quota

    INSERT INTO radcheck (id ,username ,attribute ,op ,value) VALUES (NULL
, 'gorkem', 'Cleartext-Password', ':=', '123');
    INSERT INTO radcheck (id ,username ,attribute ,op ,value) VALUES (NULL
, 'gorkem', 'My-Total-Limit', ':=', '10000000');

5- Restart the freeradius service, try to authenticate then look your
accounting data.

Result is interesting, when user pass over his quota (10MB), user can still
keep going to use internet. Nothing changed while user is connected.

But If the user logout, He try to login again reply message deployed when
he logged in. After than user can get the new speed limit for his session.
I don't want to do this. I think it must be automatically.

I want to send CoA reqeust to Mikrotik NAS client for change the user speed
limit automatically. How can I achive that?

Is there anyone figure out, that how to do ?

Here is my debug output:
https://drive.google.com/open?id=1ClT3D291tO6GXf9L6VPJ1h1ZTsizFUhu

Also there one more question, in my debug output that i realized. When I
add the dailyquota freeradius, it automatically add the
reply_name=Session-Timeout to counter. So I looked on the Mikrotik router
of the users session timeout is deployed My-Total-Limit value as the time
10000000 seconds (almost 116 day)

How can I solve this problem, Is there anyone figure out, how it should be
done?

Görkem İnanç KORKMAZ
Junior IT Engineer