Yeah, I found a method to do this. It involves configuring your NAS to reauthenticate the user every 20 minutes or so (I use OpenVPN with a NAS plugin, it does key renegotiation every 20 minutes so this is ideal for me), and using a Perl script with rlm_perl to do your own calculations. Read below to see how to make it work with a NAS that doesn't periodically renegotiate, and supports Packet of Disconnection.
<br><br>My Perl script does a query to find the bytes used for each user (I also specify date/time requirements, but this isn't shown here):<br><br>SELECT SUM(inputoctets + outputoctets) FROM radacct WHERE username='$username'';
<br><br>Then you can make it compare it with the user's user-group attribute, eg:<br><br>$result = SELECT SUM(inputoctets + outputoctets) FROM radacct WHERE username='$username'';<br>$bytesused = $result[0];
<br><br>if ($check['user-group' == "heavyusers")<br>{<br> # give the user full speed service if their byte usage is below 100GB<br> if $bytesused < 100000000<br> { <br> return AUTH_OK;<br> }<br>
else<br> {<br> return AUTH_REJECT;<br> }<br>}<br><br>...and repeat as neccassary. (note, this is off the top of my head with no reference to the rlm_perl script I use, so some values will likely be fuzzy or outright wrong)
<br><br>This way, I didn't have to hack around with complicated, awkward modules in FreeRADIUS - all I needed to do was move the functionality and decisionmaking logic to Perl. This saved me -days- of work, and is very flexible.
<br><br>It all depends on what methods you have to enforce user disconnection: I was lucky enough to be able to ask for the creator of the OpenVPN plugin to add an 'reauthenticate every 20 minutes' option, which if it failed, booted the user off the NAS. Read your NAS documentation: specifically, look for if/when it reauthenticates, and if it supports Packet-Of-Disconnection. If it does support PoD, then you can easily add this functionality to the Perl script that runs on accounting, and it'll work just fine without periodic reauthentications.
<br><br>Hope this helps! <br><br>Jan<br><div><span class="gmail_quote">On 19/05/07, <b class="gmail_sendername">Trio Yulistianto</b> <<a href="mailto:trioy99@gmail.com">trioy99@gmail.com</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
so.. its mean that freeradius not yet supporting about this limit ?<br>so i have to ask mikrotik ?<br><br><div><span class="q"><span class="gmail_quote">2007/5/18, <a href="mailto:tnt@kalik.co.yu" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
tnt@kalik.co.yu</a> <<a href="mailto:tnt@kalik.co.yu" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
tnt@kalik.co.yu</a>>:</span></span><div><span class="e" id="q_112a496bfae46c73_2"><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">With a bit of gymnastics it can be done. You can run an outside program
<br>on accounting updates checking Octet total - if it goes over the limit<br>it can send PoD (if Mikrotik supports this). But is it worth it? How<br>much over the limit can they go in one session (you are setting a<br>monthly limit)? Think about limiting sessions with Session-Timeout as
<br>well.<br><br>Or "simply" ask Mikrotik to introduce Mikrotik-Total-Limit VSA. If<br>enough people request it ...<br><br>Ivan Kalik<br>Kalik Informatika ISP<br><br>Dana 18/5/2007, "Trio Yulistianto" <
<a href="mailto:trioy99@gmail.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">trioy99@gmail.com</a>> piše:<br><br>>yupes you are right... it can't stop user from going over the limit,
<br>>but i need to kick while the limit reached as time session...<br>
>any body success with this ? please tell me how<br>><br><br>-<br>List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
http://www.freeradius.org/list/users.html</a><br></blockquote>
</span></div></div><br>
<br>-<br>List info/subscribe/unsubscribe? See <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br></blockquote>
</div><br>