Is it possible to automate a Disconnect-Request based on exceeded Monthly-Usage?

Houman houmie at gmail.com
Thu Sep 12 21:09:00 CEST 2019


Hi Alan,

Great news, It almost works now.

The issue I get is now the conditional here:

preacct {
        preprocess
        if (Monthly-Usage > 300000000000) {
            update disconnect {
                        &User-Name = "%{User-Name}"
            }
        }

(5)   NAS-Identifier = "strongSwan"
(5) # Executing section preacct from file
/etc/freeradius/3.0/sites-enabled/default
(5)   preacct {
(5)     [preprocess] = ok
(5)     if (Monthly-Usage > 300000000000) {
(5)     ERROR: Failed retrieving values required to evaluate condition
(5)     policy acct_unique {

If I comment out the conditional there, it disconnects the user after 300
seconds when the next preacct is due.  So fairly happy that this part works.

preacct {
        preprocess
        #if (Monthly-Usage > 300000000000) {
        update disconnect {
                        &User-Name = "%{User-Name}"
        }
        #}

Now I wonder why the attribute is not seen?

I have set it like this:

echo 'ATTRIBUTE Monthly-Usage 3001 integer64' >>
/etc/freeradius/3.0/dictionary

update request {
           Monthly-Usage = "%{sql:SELECT
COALESCE((SUM(`acctoutputoctets`)), 0) FROM radacct WHERE
`username`='"'"'%{User-Name}'"'"' AND Month(acctupdatetime)=(Month(NOW()))
AND Year(acctupdatetime)=Year(NOW())}"
}

When updating the request, the Monthly-Usage attribute should be already
set, so how comes it doesn't recognise the variable within preacct?

Many Thanks,
Houman


On Wed, 11 Sep 2019 at 22:40, Alan DeKok <aland at deployingradius.com> wrote:

> On Sep 11, 2019, at 2:15 PM, Houman <houmie at gmail.com> wrote:
> >
> > Alright, let's go through the steps.
> >
> > 1) Based on sites-available/originate-coa I have inserted the following
> > into /etc/freeradius/3.0/sites-enabled/default
> >
> > I have added the home_server after the server default like this:
>
>   That works... but it's generally recommended to put home servers into
> proxy.conf.  That way you can find them later, as they're all in a
> consistent place.
>
> > server default {
> >   ...
> > }
> > home_server example-coa {
> >        type = coa
> >        ipaddr = 127.0.0.1
>
>   Uh...  is your NAS on localhost?  Or is your NAS elsewhere in the
> network?
>
>   You probably *don't* want to send CoA packets to FreeRADIUS.  As I
> explained before, this will NOT kick the user offline.
>
> > Looking at "man unlang", In the server default I have added this section
> to
> > the preacct:
> >
> > preacct {
> >        preprocess
> >        if (Monthly-Usage > 300000000000) {
> >                update coa {
> >                        &User-Name = "%{User-Name}"
> >                        &Acct-Session-Id = "%{Acct-Session-Id}"
> >                        &NAS-IP-Address = "%{NAS-IP-Address}"
> >                }
> >        }
>
>   That's good.
>
> > This should now send the Disconnect-Request, based on the usage greater
> > than 300 GB.
>
>   No, it will send a "coa" packet.  Because you've used the word "coa".
> If you want a disconnect, use "disconnect", as is documented in the
> originate-coa file I said to read, AND in "man unlang" I said to read.
>
> > Does this make sense what I have done so far?
>
>    Mostly.  See the comments above.
>
>   And read the NAS documentation to see which attributes are needed in a
> Disconnect-Request packet.  We don't know which ones are relevant.  If you
> get the list wrong, then then the NAS will send a Disconnect-NAK response.
> And won't tell you which attributes it was looking for.
>
>   Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list