<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
<META NAME="GENERATOR" CONTENT="GtkHTML/3.26.3">
</HEAD>
<BODY>
You are expecting an interim update to send session-timeout to your nas so it disconnect your user?<BR>
If so, two things seems incorrect to me.<BR>
<BR>
1- You're measuring traffic volume and want disconnection to set based on time (session-timout)... a bit tricky isn't it?<BR>
<BR>
2- I think the attribute "Session-Timeout" cannot be found in interim-updates packets (maybe I'm wrong), rfc 2869 specify that: "It is envisioned that an Interim Accounting record (with Acct-Status-Type = Interim-Update (3)) would contain all of the attributes normally found in an Accounting Stop message with the exception of the Acct-Term-Cause attribute."<BR>
<BR>
What you would need is an attribute known by your nas and representing remaining traffic. That attrbute should be sent at acct-start time and would trigger a disconnection from the NAS when traffic limit is reached. If such a attribute does not exists for your NAS, you should take a look at CoA server.<BR>
Maybe someone have better idea...?<BR>
<BR>
Le mercredi 19 août 2009 à 15:56 +0100, Neville a écrit :
<BLOCKQUOTE TYPE=CITE>
<PRE>
Hi everyone,
I've decided to submit this question again as it was not quite worded
correctly, and to send as PLAIN TEXT.
I'm trying to setup a new counter maxmonthlytraffic, which uses the same
method to disconnect a user by sending the Session-Timout Reply Atrribute as
with MAX-ALL-Sessions.
This is what I've done so far...
I've added to ./raddb/sql/mysql/counter.conf
sqlcounter monthlytraffic {
counter-name = Monthly-Traffic
check-name = Max-Monthly-Traffic
sqlmod-inst = sql
key = User-Name
reset = monthly
query = "SELECT (sum(acctinputoctets)+sum(acctoutputoctets))
\
FROM radacct WHERE username='%{%k}' AND \
Month(acctstoptime) =(Month(NOW())) AND \
Year(acctstoptime) = Year(NOW())"
}
authorize {
.
monthlytraffic
.
}
instantiate {
.
monthlytraffic
.
}
created a dictionary entry in daloradius database of:-
id 9433
Type integer
Attribute Max-Monthly-Traffic
Value NULL
Format NULL
Vendor dictionary.freeradius.internal
RecommendedOP :=
RecommendedTable check
RecommendedHelper
RecommendedTooltip Check Monthly Traffic Allowance
User created as "testmaxm", with the following attributes set:-
Check
Simultaneous-Use := 1
Pool-Name := tvpool
Cleartext-Password := testmaxm
Max-Monthly-Traffic := 10490000 (10Mb) (If this is removed from the
Check, the user connects fine, so everything else is working)
Reply
Framed-MTU = 1400
Framed-Protocol = PPP
Service-Type = Framed-User
Acct-Interim-Interval := 300 (Every 5 mins for testing)
=====
Although this seems to be working on the initial Connection, it does not
send the Session Time Out Reply during the Interim Acct Updates if the Usage
has execeed.
>From the Debug below, the usages is shown as "37940156" during a Acct
Update e.g. 906612 + 3733544 and is more than the initial check value of
Max-Monthly-Traffic := 10490000, so I would have expected a Session-Timout
Reply to be sent.
However this is working ok on disconnect and reconnect, as I get...
rlm_sqlcounter: (Check item - counter) is less than zero
rlm_sqlcounter: Rejected user testmaxm, check_item=10490000,
counter=89021682
++[monthlytraffic] returns reject
Invalid user (rlm_sqlcounter: Maximum monthly usage time reached):
[testmaxm/<via Auth-Type = mschap>] (from client VPN1-UK port 1)
rlm_sqlcounter: (Check item - counter) is less than zero
rlm_sqlcounter: Rejected user testmaxm, check_item=10490000,
counter=89021682
++[monthlytraffic] returns reject
Invalid user (rlm_sqlcounter: Maximum monthly usage time reached):
[testmaxm/<via Auth-Type = mschap>] (from client VPN1-UK port 1)
Any Ideas why I did not get disconnect during the original session as this
is what I'm after.
FreeRadius2 Debug
.
.
rlm_sqlcounter: Check item is greater than query result
rlm_sqlcounter: Authorized user testmaxm, check_item=10490000, counter=80411
rlm_sqlcounter: Sent Reply-Item for user testmaxm, Type=Session-Timeout,
value=11601138
++[monthlytraffic] returns ok
.
.
rad_recv: Accounting-Request packet from host aaa.bbb.ccc.ddd port 53637,
id=47, length=140
Acct-Session-Id = "4A8B6FA0721900"
User-Name = "testmaxm"
Acct-Status-Type = Interim-Update
Service-Type = Framed-User
Framed-Protocol = PPP
Acct-Authentic = RADIUS
Acct-Session-Time = 600
Acct-Output-Octets = 37033544
Acct-Input-Octets = 906612
Acct-Output-Packets = 27837
Acct-Input-Packets = 15791
NAS-Port-Type = Async
Framed-IP-Address = 192.168.0.29
NAS-Identifier = "aaa.bbb.ccc.ddd"
NAS-Port = 1
Acct-Delay-Time = 0
+- entering group preacct {...}
++[preprocess] returns ok
[acct_unique] Hashing 'NAS-Port = 1,Client-IP-Address =
193.33.186.190,NAS-IP-Address = aaa.bbb.ccc.ddd,Acct-Session-Id =
"4A8B6FA0721900",User-Name = "testmaxm"'
[acct_unique] Acct-Unique-Session-ID = "049e959019a363e4".
++[acct_unique] returns ok
[suffix] No '@' in User-Name = "testmaxm", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
+- entering group accounting {...}
[detail] expand:
/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d ->
/var/log/radius/radacct/aaa.bbb.ccc.ddd/detail-20090819
[detail] /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands
to /var/log/radius/radacct/aaa.bbb.ccc.ddd/detail-20090819
[detail] expand: %t -> Wed Aug 19 03:31:04 2009
++[detail] returns ok
rlm_sql (sql): Reserving sql socket id: 1
[sqlippool] expand: %{User-Name} -> testmaxm
[sqlippool] sql_set_user escaped user --> 'testmaxm'
[sqlippool] expand: START TRANSACTION -> START TRANSACTION
rlm_sql_mysql: query: START TRANSACTION
[sqlippool] expand: UPDATE radippool SET expiry_time = NOW() + INTERVAL
3600 SECOND WHERE nasipaddress = '%{Nas-IP-Address}' AND pool_key =
'%{NAS-Port}' AND username = '%{User-Name}' AND callingstationid =
'%{Calling-Station-Id}' AND framedipaddress = '%{Framed-IP-Address}' ->
UPDATE radippool SET expiry_time = NOW() + INTERVAL 3600 SECOND WHERE
nasipaddress = 'aaa.bbb.ccc.ddd' AND pool_key = '1' AND username =
'testmaxm' AND callingstationid = '' AND framedipaddress = '192.168.0.29'
rlm_sql_mysql: query: UPDATE radippool SET expiry_time = NOW() + INTERVAL
3600 SECOND WHERE nasipaddress = 'aaa.bbb.ccc.ddd' AND pool_key = '1' AND
username = 'testmaxm' AND callingstationid = '' AND framedipaddress =
'192.168.0.29'
[sqlippool] expand: COMMIT -> COMMIT
rlm_sql_mysql: query: COMMIT
rlm_sql (sql): Released sql socket id: 1
++[sqlippool] returns ok
[sql] expand: %{User-Name} -> testmaxm
[sql] sql_set_user escaped user --> 'testmaxm'
[sql] expand: %{Acct-Input-Gigawords} ->
[sql] expand: %{Acct-Input-Octets} -> 906612
[sql] expand: %{Acct-Output-Gigawords} ->
[sql] expand: %{Acct-Output-Octets} -> 37033544
[sql] expand: UPDATE radacct SET
framedipaddress = '%{Framed-IP-Address}', acctsessiontime =
'%{Acct-Session-Time}', acctinputoctets =
'%{%{Acct-Input-Gigawords}:-0}' << 32 |
'%{%{Acct-Input-Octets}:-0}', acctoutputoctets =
'%{%{Acct-Output-Gigawords}:-0}' << 32 |
'%{%{Acct-Output-Octets}:-0}' WHERE acctsessionid =
'%{Acct-Session-Id}' AND username = '%{SQL-User-Name}'
AND nasipaddress = '%{NAS-IP-Address}' -> UPDATE radacct
SET framedipaddress = '192.168.0.29',
acctsessiontime = '600', acctinputoctets = '0' << 32 |
'906612', acctoutputoctets = '0' << 32 |
'37033544' WHERE acctsessionid = '4A8B6FA0721900' AND
username = 'testmaxm'
[sql] expand: /var/log/radius/sqltrace.sql -> /var/log/radius/sqltrace.sql
rlm_sql (sql): Reserving sql socket id: 0
rlm_sql_mysql: query: UPDATE radacct SET
framedipaddress = '192.168.0.29', acctsessiontime = '600',
acctinputoctets = '0' << 32 |
'906612', acctoutputoctets = '0' << 32 |
'37033544' WHERE acctsessionid = '4A8B6FA0721900' AND
username = 'testmaxm' AND nasipaddress =
'aaa.bbb.ccc.ddd'
rlm_sql (sql): Released sql socket id: 0
++[sql] returns ok
[attr_filter.accounting_response] expand: %{User-Name} -> testmaxm
attr_filter: Matched entry DEFAULT at line 12
++[attr_filter.accounting_response] returns updated
Sending Accounting-Response of id 47 to aaa.bbb.ccc.ddd port 53637
Finished request 16.
Cleaning up request 16 ID 47 with timestamp +1965
Going to the next request
Ready to process requests.
Thx
Nev
================
CentOS 5.3
pptpd 1.3.4 / ppp 2.4.4
freeradius2 2.1.6
radiusclient-ng 0.5.6
daloRadius 0.9-8-SVN
================
-
List info/subscribe/unsubscribe? See <A HREF="http://www.freeradius.org/list/users.html">http://www.freeradius.org/list/users.html</A>
</PRE>
</BLOCKQUOTE>
</BODY>
</HTML>