Hi Alan, We could make it work. We had to add the following. testcounter { reject = 1 } if (reject) { ok update reply { Reply-Message := "Reached bandwidth . Limiting the bandwidth" Mikrotik-Rate-Limit := "512k/512k" } update control { Auth-Type := "Accept" } } Thanks and Regards, Randeep On Thu, Jun 25, 2015 at 11:05 AM, Randeep <randeep123@gmail.com> wrote:
Hi Alan,
In Authorize section,
I have added this.
testcounter { reject = 1 } if (reject) { update reply { Reply-Message := "You have reached your transfer limit. Limited bandwitch" } update control { Auth-Type := "Accept" Mikrotik-Rate-Limit = "512k/512k" } }
But it is still rejecting the request.
Please see the logs below: rad_recv: Access-Request packet from host 192.168.1.1 port 49909, id=16, length=194 NAS-Port-Type = Ethernet Calling-Station-Id = "38:63:BB:AA:23:C8" Called-Station-Id = "server1" NAS-Port-Id = "LAN" User-Name = "randeep" NAS-Port = 2151677957 Acct-Session-Id = "80400005" Framed-IP-Address = 192.168.1.178 Mikrotik-Host-IP = 192.168.1.178 CHAP-Challenge = 0x4baef28ea406d49bb458d208906128d8 CHAP-Password = 0xcfee47d6e2bef349d10af8145eeb71d303 Service-Type = Login-User WISPr-Logoff-URL = "http://192.168.1.1/logout" NAS-Identifier = "MikroTik" NAS-IP-Address = 192.168.1.1 Thu Jun 25 10:47:11 2015 : Info: # Executing section authorize from file /etc/raddb/sites-enabled/default Thu Jun 25 10:47:11 2015 : Info: +- entering group authorize {...} Thu Jun 25 10:47:11 2015 : Info: ++[preprocess] returns ok Thu Jun 25 10:47:11 2015 : Info: [auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/192.168.1.1/auth-detail-20150625 Thu Jun 25 10:47:11 2015 : Info: [auth_log] /var/log/radius/radacct/%{ Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/ 192.168.1.1/auth-detail-20150625 Thu Jun 25 10:47:11 2015 : Info: [auth_log] expand: %t -> Thu Jun 25 10:47:11 2015 Thu Jun 25 10:47:11 2015 : Info: ++[auth_log] returns ok Thu Jun 25 10:47:11 2015 : Info: [chap] Setting 'Auth-Type := CHAP' Thu Jun 25 10:47:11 2015 : Info: ++[chap] returns ok Thu Jun 25 10:47:11 2015 : Info: ++[mschap] returns noop Thu Jun 25 10:47:11 2015 : Info: [suffix] No '@' in User-Name = "randeep", looking up realm NULL Thu Jun 25 10:47:11 2015 : Info: [suffix] No such realm "NULL" Thu Jun 25 10:47:11 2015 : Info: ++[suffix] returns noop Thu Jun 25 10:47:11 2015 : Info: [eap] No EAP-Message, not doing EAP Thu Jun 25 10:47:11 2015 : Info: ++[eap] returns noop Thu Jun 25 10:47:11 2015 : Info: ++[files] returns noop Thu Jun 25 10:47:11 2015 : Info: [sql] expand: %{User-Name} -> randeep Thu Jun 25 10:47:11 2015 : Info: [sql] sql_set_user escaped user --> 'randeep' Thu Jun 25 10:47:11 2015 : Debug: rlm_sql (sql): Reserving sql socket id: 3 Thu Jun 25 10:47:11 2015 : Info: [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'randeep' ORDER BY id Thu Jun 25 10:47:11 2015 : Debug: WARNING: Found User-Password == "...". Thu Jun 25 10:47:11 2015 : Debug: WARNING: Are you sure you don't mean Cleartext-Password? Thu Jun 25 10:47:11 2015 : Debug: WARNING: See "man rlm_pap" for more information. Thu Jun 25 10:47:11 2015 : Info: [sql] User found in radcheck table Thu Jun 25 10:47:11 2015 : Info: [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'randeep' ORDER BY id Thu Jun 25 10:47:11 2015 : Info: [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'randeep' ORDER BY priority Thu Jun 25 10:47:11 2015 : Info: [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'admins' ORDER BY id Thu Jun 25 10:47:11 2015 : Info: [sql] User found in group admins Thu Jun 25 10:47:11 2015 : Info: [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'admins' ORDER BY id Thu Jun 25 10:47:11 2015 : Debug: rlm_sql (sql): Released sql socket id: 3 Thu Jun 25 10:47:11 2015 : Info: ++[sql] returns ok Thu Jun 25 10:47:11 2015 : Debug: rlm_sqlcounter: Entering module authorize code Thu Jun 25 10:47:11 2015 : Debug: sqlcounter_expand: 'SELECT SUM(acctinputoctets) + SUM(acctoutputoctets) FROM radacct WHERE username='%{User-Name}'' Thu Jun 25 10:47:11 2015 : Info: [testcounter] expand: SELECT SUM(acctinputoctets) + SUM(acctoutputoctets) FROM radacct WHERE username='%{User-Name}' -> SELECT SUM(acctinputoctets) + SUM(acctoutputoctets) FROM radacct WHERE username='randeep' Thu Jun 25 10:47:11 2015 : Debug: WARNING: Please replace '%S' with '${sqlmod-inst}' Thu Jun 25 10:47:11 2015 : Debug: sqlcounter_expand: '%{sql:SELECT SUM(acctinputoctets) + SUM(acctoutputoctets) FROM radacct WHERE username='randeep'}' Thu Jun 25 10:47:11 2015 : Info: [testcounter] sql_xlat Thu Jun 25 10:47:11 2015 : Info: [testcounter] expand: %{User-Name} -> randeep Thu Jun 25 10:47:11 2015 : Info: [testcounter] sql_set_user escaped user --> 'randeep' Thu Jun 25 10:47:11 2015 : Info: [testcounter] expand: SELECT SUM(acctinputoctets) + SUM(acctoutputoctets) FROM radacct WHERE username='randeep' -> SELECT SUM(acctinputoctets) + SUM(acctoutputoctets) FROM radacct WHERE username='randeep' Thu Jun 25 10:47:11 2015 : Debug: rlm_sql (sql): Reserving sql socket id: 2 Thu Jun 25 10:47:11 2015 : Info: [testcounter] sql_xlat finished Thu Jun 25 10:47:11 2015 : Debug: rlm_sql (sql): Released sql socket id: 2 Thu Jun 25 10:47:11 2015 : Info: [testcounter] expand: %{sql:SELECT SUM(acctinputoctets) + SUM(acctoutputoctets) FROM radacct WHERE username='randeep'} -> 42164020 Thu Jun 25 10:47:11 2015 : Debug: rlm_sqlcounter: (Check item - counter) is less than zero Thu Jun 25 10:47:11 2015 : Debug: rlm_sqlcounter: Rejected user randeep, check_item=10240000, counter=42164020 Thu Jun 25 10:47:11 2015 : Info: ++[testcounter] returns reject Thu Jun 25 10:47:11 2015 : Info: ++? if (reject) Thu Jun 25 10:47:11 2015 : Info: ? Evaluating (reject) -> TRUE Thu Jun 25 10:47:11 2015 : Info: ++? if (reject) -> TRUE Thu Jun 25 10:47:11 2015 : Info: ++- entering if (reject) {...} Thu Jun 25 10:47:11 2015 : Info: +++[reply] returns reject Thu Jun 25 10:47:11 2015 : Info: +++[control] returns reject Thu Jun 25 10:47:11 2015 : Info: ++- if (reject) returns reject Thu Jun 25 10:47:11 2015 : Auth: Invalid user (rlm_sqlcounter: Maximum monthly usage time reached): [randeep] (from client mikrotik port 2151677957 cli 38:63:BB:AA:23:C8) Thu Jun 25 10:47:11 2015 : Info: Using Post-Auth-Type Reject Thu Jun 25 10:47:11 2015 : Info: # Executing group from file /etc/raddb/sites-enabled/default Thu Jun 25 10:47:11 2015 : Info: +- entering group REJECT {...} Thu Jun 25 10:47:11 2015 : Info: [attr_filter.access_reject] expand: %{User-Name} -> randeep Thu Jun 25 10:47:11 2015 : Debug: attr_filter: Matched entry DEFAULT at line 11 Thu Jun 25 10:47:11 2015 : Info: ++[attr_filter.access_reject] returns updated Thu Jun 25 10:47:11 2015 : Info: Delaying reject of request 0 for 1 seconds Thu Jun 25 10:47:11 2015 : Debug: Going to the next request Thu Jun 25 10:47:11 2015 : Debug: Waking up in 0.9 seconds. rad_recv: Access-Request packet from host 192.168.1.1 port 49909, id=16, length=194 Thu Jun 25 10:47:11 2015 : Info: Waiting to send Access-Reject to client mikrotik port 49909 - ID: 16 Thu Jun 25 10:47:11 2015 : Debug: Waking up in 0.6 seconds. rad_recv: Access-Request packet from host 192.168.1.1 port 49909, id=16, length=194 Thu Jun 25 10:47:11 2015 : Info: Waiting to send Access-Reject to client mikrotik port 49909 - ID: 16 Thu Jun 25 10:47:11 2015 : Debug: Waking up in 0.3 seconds. Thu Jun 25 10:47:12 2015 : Info: Sending delayed reject for request 0 Sending Access-Reject of id 16 to 192.168.1.1 port 49909 Reply-Message = "You have reached your transfer limit. Limited bandwitch" Thu Jun 25 10:47:12 2015 : Debug: Waking up in 4.9 seconds.
Am I doing something wrong?
Regards, Randeep
On Wed, Jun 24, 2015 at 6:25 PM, Alan DeKok <aland@deployingradius.com> wrote:
On Jun 24, 2015, at 8:21 AM, Randeep <randeep123@gmail.com> wrote:
We are having a unlimit plan with after 30GB there will be FUP applied. Initlially the speed will be 4 mbps and after 30G the speed will be 2mbps.
That's possible.
But the counter is not working:
No, it's working as documented. If you want it to do something else, configure it to do something else.
It is just not letting the user log in. If the limit is reached it is sending access-reject instead of letting the user login with less internet speed. Please see then logs below.
You should edit the "authorize" section, and do:
authorize { ...
sqlcounter { reject = 1 }
if (reject) { # set 2mbps
} else { # set 4mbps }
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Randeep Mob: +919447831699[kerala] Mob: +919880050349[B'lore] http://twitter.com/Randeeppr http://in.linkedin.com/in/randeeppr
[image: --] Randeep Raman [image: http://]about.me/Randeeppr <http://about.me/Randeeppr>
-- Randeep Mob: +919447831699[kerala] Mob: +919880050349[B'lore] http://twitter.com/Randeeppr http://in.linkedin.com/in/randeeppr [image: --] Randeep Raman [image: http://]about.me/Randeeppr <http://about.me/Randeeppr>