HI Alan, In addition to my previous mail, can you tell me how to use rlm_sqlcounter along with the tables radgroupcheck and radgroupusers? I was able to get it working with the radcheck tables by using the check names but not radgroupcheck. Thank you. On Fri, Jun 22, 2018 at 10:39 PM, Rohith Asrk <rohith.asrk@gmail.com> wrote:
Thanks for the quick reply Alan. I've experimented a bit and here are some observations I make,
1. The authorize section looks like the way I've defined in the previous mail. But the rest module before sql and dailybandwidthcounter
2. I'm able to put limits on users using the radcheck table but not able to do that using the radgroupcheck and radgroupusers table.
I basically wish to put limits on groups, and users shall be a part of it. So I created a group named test_group with a test_user in it and put limits on the test_group with Max-Daily-Session-Traffic attribute.
It works if I use the radcheck table with the same attribute and values but doesn't with the groups.
I'm using the command *radtest test_user test_password localhost 10 secret_key *to test all this. Is there a different implementation with groups or something else I need know?
Regards, Rohith ASRK
On Fri, Jun 22, 2018 at 9:23 PM, Alan DeKok <aland@deployingradius.com> wrote:
On Jun 22, 2018, at 11:11 AM, Rohith Asrk <rohith.asrk@gmail.com> wrote:
I'm working on a feature for being able to enforce session and bandwidth limits on users using a web interface of django-freeradius.
I wish to authenticate the users using the rlm_rest module and use custom defined sqlcounters for putting limits on users. For ex.,
That should work...
sqlcounter dailybandwidthcounter { counter_name = Max-Daily-Session-Traffic check_name = Max-Daily-Session-Traffic sql_module_instance = sql key = 'User-Name' reset = daily Reply-Message = "Your daily bandwidth limit has reached" query = "SELECT sum(AcctOutputOctets) + sum(AcctInputOctets) FROM radacct WHERE \ UserName = '%{${key}}' AND \ acctstarttime BETWEEN FROM_UNIXTIME('%%b') AND FROM_UNIXTIME('%%e')" }
That just queries the normal "radacct" table tho.
What else do you want to do?
I'm not sure about configuring the FreeRADIUS configuration for accomplishing this. My authorize section looks like
authorize { # ... dailybandwidthcounter rest # ... }
That calls "dailybandwidthcounter" before the "rest" module. Is that what you want?
How do the two modules interact? Or should they *not* interact?
I wish to use the concept of radius groups to implement this feature, i.e., add instances of radgroupcheck with attributes like Max-Daily-Session-Traffic so that the dailybandwidth counter checks it and puts the limits.
That should be possible, if you list "sql" before "dailybandwidthcounter". And, if you put the Max-Daily-Session-Traffic attributes into SQL.
I tried testing it with radclient and radtest but haven't been able to see any results.
As always, run the server in debug mode to see what it's doing:
http://wiki.freeradius.org/radius-X
Am I going the right way? Can anyone help me with the concept of enforcing limits and also configuration?
It should work pretty much as you've described above.
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list /users.html