Hi, Here i would explain daily counter. if you need weekly, monthly, forever, volume quota  do the same.

Note:
The Counter For Volume Quota Is Different

1.) Create SQL Counter

sqlcounter dailycounter {
                counter-name = "Daily-Session-Time"
                check-name = "Max-Daily-Session"
                reply-name = "Session-Timeout"
                sqlmod-inst = "sql"
                key = "User-Name"
                reset = "daily"
                cache-size = 5000
                query = "SELECT SUM(acctsessiontime) FROM radacct WHERE username = '%{%k}' AND acctstarttime BETWEEN FROM_UNIXTIME('%b') AND FROM_UNIXTIME('%e')"

2.) Enable Counter in  "/etc/freeradius/radiusd.conf"

instantiate {
 dailycounter
more entries..
}

3.) Enable Counter in "default virtual server" /etc/freeradius/sites-available/default

authorize {
dailycounter
more entries..
}


4.) Restart FreeRADIUS, If problem see in debug.


5.) Apply Attributes To User

Check items
Max-Daily-Session := 3600

Reply Item:
Max-Daily-Session := 3600


All This Should Do..




On Wed, Nov 19, 2014 at 9:27 AM, anusha mule <anusha.mule9988@gmail.com> wrote:

Hi,
 
We have the following understanding RADIUS Authentication and Accounting flow :-

 

1.       When the Access-request from the NAS, Server will search in the radcheck table to check the attributes for the user.

2.       If check attributes are found and its matches to the user, then the server will pull the reply items (Attributes like Bandwidth, Volume, Timeout, etc) from the radreply table for this user and add it in the Access-Accept packet.

3.       On receiving Access-Accept packet, session will get established for the user and Accounting-Start message will get transmitted to the Server.

4.       The server will update the radacct table with Accounting start message.

5.       When the station get disconnected, Session should get deleted and Accounting-Stop message should sent to the Server including user statistics (like Session-time, input-octets, output-octets, etc)in it.

6.       Server will update the radacct table with all the attributed present in the STOP message.

 

With let us consider the following simple scenario :-

 

RADIUS Server having User details as

 

User Name = Joe

Password    = Joe123

Timeout      = 30000 Secs

 

Step 1: During the initial connect  - User should be authenticated and Access-Accept should contains the attribute value as 30000 Secs,

              mentioning the max duration that the user session is allowed.

 

              Once the session is established, RADIUS Accounting Start message is send to RADIUS server.

 

               Next let us say, User has been disconnected after 20000 Secs.

 

               Again, the RADIUS Accounting Stop message with the consumed duration of 20000 Secs shall be send to the RADIUS Server.

 

Step 2:   Now, when the same user tries to authenticate, he should be authenticated and the Access-Accept provide the Timeout attribute as 10000 Secs ( i.e. 30000 Secs – 20000 Secs)

 

                 Here, let us assume the user used the full session duration and get time out.

 

               Again, the RADIUS Accounting Stop message with the consumed duration of 10000 Secs shall be send to the RADIUS Server.

              

Step 3:   Now, when the same user tries to authenticate, he should be rejected.

 

 

How can the above be achieved using radius server configurations.

 

Kindly help us in this.


Thanks in advance.

 

Thank you & Regards,

Anusha M



-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html