tnt-4 wrote:
3) Currently I receive something like Reply-Message = "Your maximum never usage time has been reached" when the counter reaches its limit - even when what was counted as not time but data volume. Can Reply-Message for sqlcounter be configured as in the expiration module?
No. But you can sort out the reply with unlang.
Can you show some examples please? I try to do like this: noresetBytecounter if (reject) { update reply { Reply-Message := "Traffic limit exceeded." } } but if noresetBytecounter return reject freeradius immediatly return reject to user and do not process 'if' clause -- View this message in context: http://www.nabble.com/SQLCounter-configuration-tp21384983p22219985.html Sent from the FreeRadius - User mailing list archive at Nabble.com.
alt_ wrote:
Can you show some examples please? I try to do like this:
noresetBytecounter
if (reject) { update reply { Reply-Message := "Traffic limit exceeded." } }
but if noresetBytecounter return reject freeradius immediatly return reject to user and do not process 'if' clause
You need to put this in the "post-auth" section, "Reject" subsection. See the example configuration files. Alan DeKok.
On Thu, 26 Feb 2009 12:03:22 +0200, Alan DeKok <aland@deployingradius.com> wrote:
alt_ wrote:
Can you show some examples please? I try to do like this:
noresetBytecounter
if (reject) { update reply { Reply-Message := "Traffic limit exceeded." } }
but if noresetBytecounter return reject freeradius immediatly return reject to user and do not process 'if' clause
You need to put this in the "post-auth" section, "Reject" subsection. See the example configuration files.
/etc/freeradius/sites-enabled/default[412]: "SQL Counter" modules aren't allowed in 'post-auth' sections -- they have no such method. -- ISP CrIS, Softwarium
Alexander Solodukhin wrote:
/etc/freeradius/sites-enabled/default[412]: "SQL Counter" modules aren't allowed in 'post-auth' sections -- they have no such method.
The REJECT handler needs to be put into the post-auth section. Not the sqlcounter module. Please READ the default configuration files. The comments in sites-available/default explain how the post-auth reject handler works. Alan DeKok.
Can you show some examples please? I try to do like this:
noresetBytecounter
if (reject) { update reply { Reply-Message := "Traffic limit exceeded." } }
but if noresetBytecounter return reject freeradius immediatly return reject to user and do not process 'if' clause
You need to put this in the "post-auth" section, "Reject" subsection. See the example configuration files.
/etc/freeradius/sites-enabled/default[412]: "SQL Counter" modules aren't allowed in 'post-auth' sections -- they have no such method.
Don't put the counter there but the counter attribute: if(control:Counter-Attribute < 0) { ... Ivan Kalik Kalik Informatika ISP
On Thu, 26 Feb 2009 13:19:06 +0200, <tnt@kalik.net> wrote:
Can you show some examples please? I try to do like this:
noresetBytecounter
if (reject) { update reply { Reply-Message := "Traffic limit exceeded." } }
but if noresetBytecounter return reject freeradius immediatly return reject to user and do not process 'if' clause
You need to put this in the "post-auth" section, "Reject" subsection. See the example configuration files.
/etc/freeradius/sites-enabled/default[412]: "SQL Counter" modules aren't allowed in 'post-auth' sections -- they have no such method.
Don't put the counter there but the counter attribute:
if(control:Counter-Attribute < 0) { ...
Sorry, i read mans and comments in config and try to do like you say but it's not work as i need. I have sqlcounter: sqlcounter noresetBytecounter { counter-name = Total-Max-Octets check-name = Max-Octets reply-name = ChilliSpot-Max-Total-Octets sqlmod-inst = sql key = User-Name reset = never query = "SELECT (SUM(AcctInputOctets)+SUM(AcctOutputOctets)) FROM radacct WHERE UserName='%{%k}'" } post-auth section in sites-enabled/default: Post-Auth-Type REJECT { attr_filter.access_reject if (control:Max-Octets > 0) { update reply { Reply-Message := "Traffic limit exceeded." } } } so, what exactly name must be in control: ? As you can see i try to put Max-Octets, but seems that attribute simly loaded from mysql (even if password wrong and no traffic overlimit occures there 'Traffic limit exceeded.' error message returned) and it's always greater than zero. I try counter:ChilliSpot-Max-Total-Octets but got: Attribute control:ChilliSpot-Max-Total-Octets was not found in debug. Sorry but i something missunderstand in general, please put me on right way. -- ISP CrIS, Softwarium
Sorry, i read mans and comments in config and try to do like you say but it's not work as i need. I have sqlcounter: sqlcounter noresetBytecounter { counter-name = Total-Max-Octets check-name = Max-Octets reply-name = ChilliSpot-Max-Total-Octets sqlmod-inst = sql key = User-Name reset = never query = "SELECT (SUM(AcctInputOctets)+SUM(AcctOutputOctets)) FROM radacct WHERE UserName='%{%k}'" }
post-auth section in sites-enabled/default: Post-Auth-Type REJECT { attr_filter.access_reject
if (control:Max-Octets > 0) { update reply { Reply-Message := "Traffic limit exceeded." } }
}
Looking at that it should probably be: control:Max-Octets (check value) < control:Total-Max-Octets (counter value). I don't think that negative value vill go into (reply:) ChilliSpot-Max-Total-Octets. If it doesn't work, you can check if reply value is zero. Ivan Kalik Kalik Informatika ISP
On Thu, 26 Feb 2009 16:55:00 +0200, <tnt@kalik.net> wrote:
Sorry, i read mans and comments in config and try to do like you say but it's not work as i need. I have sqlcounter: sqlcounter noresetBytecounter { counter-name = Total-Max-Octets check-name = Max-Octets reply-name = ChilliSpot-Max-Total-Octets sqlmod-inst = sql key = User-Name reset = never query = "SELECT (SUM(AcctInputOctets)+SUM(AcctOutputOctets)) FROM radacct WHERE UserName='%{%k}'" }
post-auth section in sites-enabled/default: Post-Auth-Type REJECT { attr_filter.access_reject
if (control:Max-Octets > 0) { update reply { Reply-Message := "Traffic limit exceeded." } }
}
Looking at that it should probably be:
control:Max-Octets (check value) < control:Total-Max-Octets (counter value). I don't think that negative value vill go into (reply:) ChilliSpot-Max-Total-Octets. If it doesn't work, you can check if reply value is zero.
Total-Max-Octets also not found in control list: "Attribute control:Total-Max-Octets was not found" I can do like this: if (!reply:ChilliSpot-Max-Total-Octets) { update reply { Reply-Message := "Traffic limit exceeded." } } but if user enter wrong password "Traffic limit exceeded." error message will be displayed. -- ISP CrIS, Softwarium
I can do like this:
if (!reply:ChilliSpot-Max-Total-Octets) { update reply { Reply-Message := "Traffic limit exceeded." } }
but if user enter wrong password "Traffic limit exceeded." error message will be displayed.
I had a look at the code and sqlcounter module sets the Reply-Message: "Your maximum %s usage time has been reached" when user is rejected. Check for that reply message and alter it. Ivan Kalik Kalik Informatika ISP
On Thu, 26 Feb 2009 20:56:03 +0200, <tnt@kalik.net> wrote:
I can do like this:
if (!reply:ChilliSpot-Max-Total-Octets) { update reply { Reply-Message := "Traffic limit exceeded." } }
but if user enter wrong password "Traffic limit exceeded." error message will be displayed.
I had a look at the code and sqlcounter module sets the Reply-Message: "Your maximum %s usage time has been reached" when user is rejected. Check for that reply message and alter it.
Thank you. I see this solution in the internet, but i need configurable Reply-Message, becouse i want to limit not only traffic, but session time too. -- ISP CrIS, Softwarium
Thank you. I see this solution in the internet, but i need configurable Reply-Message, becouse i want to limit not only traffic, but session time too.
Actually, I can recall that sqlcounter had configurable Reply-Message in early days (I had 1.0.5 where it was configurable). Download 1.0.5 and have a look how was it done. Perhaps you can create a patch for the current version without too much trouble. Ivan Kalik Kalik Informatika ISP
participants (4)
-
Alan DeKok -
Alexander Solodukhin -
alt_ -
tnt@kalik.net