RADIUS Server Authorization and Accounting - MY SQL Configuration - Please Help
Hi, We have the following understanding RADIUS Authentication and Accounting flow :- 1. When the Access-request from the NAS, Server will search in the radcheck table to check the attributes for the user. 2. If check attributes are found and its matches to the user, then the server will pull the reply items (Attributes like Bandwidth, Volume, Timeout, etc) from the radreply table for this user and add it in the Access-Accept packet. 3. On receiving Access-Accept packet, session will get established for the user and Accounting-Start message will get transmitted to the Server. 4. The server will update the radacct table with Accounting start message. 5. When the station get disconnected, Session should get deleted and Accounting-Stop message should sent to the Server including user statistics (like Session-time, input-octets, output-octets, etc)in it. 6. Server will update the radacct table with all the attributed present in the STOP message. With let us consider the following simple scenario :- RADIUS Server having User details as User Name = Joe Password = Joe123 Timeout = 30000 Secs Step 1: During the initial connect - User should be authenticated and Access-Accept should contains the attribute value as 30000 Secs, mentioning the max duration that the user session is allowed. Once the session is established, RADIUS Accounting Start message is send to RADIUS server. Next let us say, User has been disconnected after 20000 Secs. Again, the RADIUS Accounting Stop message with the consumed duration of 20000 Secs shall be send to the RADIUS Server. Step 2: Now, when the same user tries to authenticate, he should be authenticated and the Access-Accept provide the Timeout attribute as 10000 Secs ( i.e. 30000 Secs – 20000 Secs) Here, let us assume the user used the full session duration and get time out. Again, the RADIUS Accounting Stop message with the consumed duration of 10000 Secs shall be send to the RADIUS Server. Step 3: Now, when the same user tries to authenticate, he should be rejected. How can the above be achieved using radius server configurations. Kindly help us in this. Thanks in advance. Thank you & Regards, Anusha M
Hi Anusha You are right, this is how it works. You need rlm_sqlcounter setup to achieve that. Do you already have MySQL FreeRADIUS working setup? Authentication & Accounting with MySQL ? Please note, accounting must work with MySQL so that FreeRADIUS can calculate the time. please let me know if you already have above. i can then help further. Thanks / Prabhpal Singh On Wed, Nov 19, 2014 at 9:27 AM, anusha mule <anusha.mule9988@gmail.com> wrote:
Hi,
We have the following understanding RADIUS Authentication and Accounting flow :-
1. When the Access-request from the NAS, Server will search in the radcheck table to check the attributes for the user.
2. If check attributes are found and its matches to the user, then the server will pull the reply items (Attributes like Bandwidth, Volume, Timeout, etc) from the radreply table for this user and add it in the Access-Accept packet.
3. On receiving Access-Accept packet, session will get established for the user and Accounting-Start message will get transmitted to the Server.
4. The server will update the radacct table with Accounting start message.
5. When the station get disconnected, Session should get deleted and Accounting-Stop message should sent to the Server including user statistics (like Session-time, input-octets, output-octets, etc)in it.
6. Server will update the radacct table with all the attributed present in the STOP message.
With let us consider the following simple scenario :-
RADIUS Server having User details as
User Name = Joe
Password = Joe123
Timeout = 30000 Secs
Step 1: During the initial connect - User should be authenticated and Access-Accept should contains the attribute value as 30000 Secs,
mentioning the max duration that the user session is allowed.
Once the session is established, RADIUS Accounting Start message is send to RADIUS server.
Next let us say, User has been disconnected after 20000 Secs.
Again, the RADIUS Accounting Stop message with the consumed duration of 20000 Secs shall be send to the RADIUS Server.
Step 2: Now, when the same user tries to authenticate, he should be authenticated and the Access-Accept provide the Timeout attribute as 10000 Secs ( i.e. 30000 Secs – 20000 Secs)
Here, let us assume the user used the full session duration and get time out.
Again, the RADIUS Accounting Stop message with the consumed duration of 10000 Secs shall be send to the RADIUS Server.
Step 3: Now, when the same user tries to authenticate, he should be rejected.
How can the above be achieved using radius server configurations.
Kindly help us in this.
Thanks in advance.
Thank you & Regards,
Anusha M
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi Prabhpal, Thanks for your reply. Yes, we have the setup-done with Free RADIUS and MySQL enabled. With the users file and radacct table, we are able authenticate and log the RADIUS accounting messages. We have the User Polices based on Time and Data usage. That is we want to limit the users based on their duration of access and usage of data over a multiple session establishment. Hence, kindly provide your valuable inputs to acheive this with Free RADIUS - MySQL settings. Note : One thing is that - we read "sql_counter" module is useful to limit the time a user can spend daily, weekly, or monthly on the network. Has sql_counter has problems in limiting a user's data usage or accounting the duration used in the each of the session establishment and provide the access. Thanks & Regards, Anusha M On Wed, Nov 19, 2014 at 4:29 PM, Russell Mike <radius.sir@gmail.com> wrote:
Hi Anusha
You are right, this is how it works. You need rlm_sqlcounter setup to achieve that. Do you already have MySQL FreeRADIUS working setup? Authentication & Accounting with MySQL ? Please note, accounting must work with MySQL so that FreeRADIUS can calculate the time. please let me know if you already have above. i can then help further.
Thanks / Prabhpal Singh
On Wed, Nov 19, 2014 at 9:27 AM, anusha mule <anusha.mule9988@gmail.com> wrote:
Hi,
We have the following understanding RADIUS Authentication and Accounting flow :-
1. When the Access-request from the NAS, Server will search in the radcheck table to check the attributes for the user.
2. If check attributes are found and its matches to the user, then the server will pull the reply items (Attributes like Bandwidth, Volume, Timeout, etc) from the radreply table for this user and add it in the Access-Accept packet.
3. On receiving Access-Accept packet, session will get established for the user and Accounting-Start message will get transmitted to the Server.
4. The server will update the radacct table with Accounting start message.
5. When the station get disconnected, Session should get deleted and Accounting-Stop message should sent to the Server including user statistics (like Session-time, input-octets, output-octets, etc)in it.
6. Server will update the radacct table with all the attributed present in the STOP message.
With let us consider the following simple scenario :-
RADIUS Server having User details as
User Name = Joe
Password = Joe123
Timeout = 30000 Secs
Step 1: During the initial connect - User should be authenticated and Access-Accept should contains the attribute value as 30000 Secs,
mentioning the max duration that the user session is allowed.
Once the session is established, RADIUS Accounting Start message is send to RADIUS server.
Next let us say, User has been disconnected after 20000 Secs.
Again, the RADIUS Accounting Stop message with the consumed duration of 20000 Secs shall be send to the RADIUS Server.
Step 2: Now, when the same user tries to authenticate, he should be authenticated and the Access-Accept provide the Timeout attribute as 10000 Secs ( i.e. 30000 Secs – 20000 Secs)
Here, let us assume the user used the full session duration and get time out.
Again, the RADIUS Accounting Stop message with the consumed duration of 10000 Secs shall be send to the RADIUS Server.
Step 3: Now, when the same user tries to authenticate, he should be rejected.
How can the above be achieved using radius server configurations.
Kindly help us in this.
Thanks in advance.
Thank you & Regards,
Anusha M
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Regards, Anusha M
Check this link: https://abechik.wordpress.com/2007/03/15/freeradius-limit-user-access-by-per... The query that you need to get the module work is the last one in comments section. Javier. El 20/11/2014 14:04, "anusha mule" <anusha.mule9988@gmail.com> escribió:
Hi Prabhpal,
Thanks for your reply.
Yes, we have the setup-done with Free RADIUS and MySQL enabled.
With the users file and radacct table, we are able authenticate and log the RADIUS accounting messages.
We have the User Polices based on Time and Data usage.
That is we want to limit the users based on their duration of access and usage of data over a multiple session establishment.
Hence, kindly provide your valuable inputs to acheive this with Free RADIUS - MySQL settings.
Note :
One thing is that - we read "sql_counter" module is useful to limit the time a user can spend daily, weekly, or monthly on the network.
Has sql_counter has problems in limiting a user's data usage or accounting the duration used in the each of the session establishment and provide the access.
Thanks & Regards,
Anusha M
On Wed, Nov 19, 2014 at 4:29 PM, Russell Mike <radius.sir@gmail.com> wrote:
Hi Anusha
You are right, this is how it works. You need rlm_sqlcounter setup to achieve that. Do you already have MySQL FreeRADIUS working setup? Authentication & Accounting with MySQL ? Please note, accounting must work with MySQL so that FreeRADIUS can calculate the time. please let me know if you already have above. i can then help further.
Thanks / Prabhpal Singh
On Wed, Nov 19, 2014 at 9:27 AM, anusha mule <anusha.mule9988@gmail.com> wrote:
Hi,
We have the following understanding RADIUS Authentication and Accounting flow :-
1. When the Access-request from the NAS, Server will search in the radcheck table to check the attributes for the user.
2. If check attributes are found and its matches to the user, then the server will pull the reply items (Attributes like Bandwidth, Volume, Timeout, etc) from the radreply table for this user and add it in the Access-Accept packet.
3. On receiving Access-Accept packet, session will get established for the user and Accounting-Start message will get transmitted to the Server.
4. The server will update the radacct table with Accounting start message.
5. When the station get disconnected, Session should get deleted and Accounting-Stop message should sent to the Server including user statistics (like Session-time, input-octets, output-octets, etc)in it.
6. Server will update the radacct table with all the attributed present in the STOP message.
With let us consider the following simple scenario :-
RADIUS Server having User details as
User Name = Joe
Password = Joe123
Timeout = 30000 Secs
Step 1: During the initial connect - User should be authenticated and Access-Accept should contains the attribute value as 30000 Secs,
mentioning the max duration that the user session is allowed.
Once the session is established, RADIUS Accounting Start message is send to RADIUS server.
Next let us say, User has been disconnected after 20000 Secs.
Again, the RADIUS Accounting Stop message with the consumed duration of 20000 Secs shall be send to the RADIUS Server.
Step 2: Now, when the same user tries to authenticate, he should be authenticated and the Access-Accept provide the Timeout attribute as 10000 Secs ( i.e. 30000 Secs – 20000 Secs)
Here, let us assume the user used the full session duration and get time out.
Again, the RADIUS Accounting Stop message with the consumed duration of 10000 Secs shall be send to the RADIUS Server.
Step 3: Now, when the same user tries to authenticate, he should be rejected.
How can the above be achieved using radius server configurations.
Kindly help us in this.
Thanks in advance.
Thank you & Regards,
Anusha M
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Regards, Anusha M
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi I could not read the list today, there is no such limit. You can do all that eg: data volume quota limit, user can use their time in multiple sessions. What kind of NAS you use? We will do it, no issue. Check list will follow this email. Prabhpal On Thursday, November 20, 2014, anusha mule <anusha.mule9988@gmail.com> wrote:
Hi Prabhpal,
Thanks for your reply.
Yes, we have the setup-done with Free RADIUS and MySQL enabled.
With the users file and radacct table, we are able authenticate and log the RADIUS accounting messages.
We have the User Polices based on Time and Data usage.
That is we want to limit the users based on their duration of access and usage of data over a multiple session establishment.
Hence, kindly provide your valuable inputs to acheive this with Free RADIUS - MySQL settings.
Note :
One thing is that - we read "sql_counter" module is useful to limit the time a user can spend daily, weekly, or monthly on the network.
Has sql_counter has problems in limiting a user's data usage or accounting the duration used in the each of the session establishment and provide the access.
Thanks & Regards,
Anusha M
On Wed, Nov 19, 2014 at 4:29 PM, Russell Mike <radius.sir@gmail.com <javascript:_e(%7B%7D,'cvml','radius.sir@gmail.com');>> wrote:
Hi Anusha
You are right, this is how it works. You need rlm_sqlcounter setup to achieve that. Do you already have MySQL FreeRADIUS working setup? Authentication & Accounting with MySQL ? Please note, accounting must work with MySQL so that FreeRADIUS can calculate the time. please let me know if you already have above. i can then help further.
Thanks / Prabhpal Singh
On Wed, Nov 19, 2014 at 9:27 AM, anusha mule <anusha.mule9988@gmail.com <javascript:_e(%7B%7D,'cvml','anusha.mule9988@gmail.com');>> wrote:
Hi,
We have the following understanding RADIUS Authentication and Accounting flow :-
1. When the Access-request from the NAS, Server will search in the radcheck table to check the attributes for the user.
2. If check attributes are found and its matches to the user, then the server will pull the reply items (Attributes like Bandwidth, Volume, Timeout, etc) from the radreply table for this user and add it in the Access-Accept packet.
3. On receiving Access-Accept packet, session will get established for the user and Accounting-Start message will get transmitted to the Server.
4. The server will update the radacct table with Accounting start message.
5. When the station get disconnected, Session should get deleted and Accounting-Stop message should sent to the Server including user statistics (like Session-time, input-octets, output-octets, etc)in it.
6. Server will update the radacct table with all the attributed present in the STOP message.
With let us consider the following simple scenario :-
RADIUS Server having User details as
User Name = Joe
Password = Joe123
Timeout = 30000 Secs
Step 1: During the initial connect - User should be authenticated and Access-Accept should contains the attribute value as 30000 Secs,
mentioning the max duration that the user session is allowed.
Once the session is established, RADIUS Accounting Start message is send to RADIUS server.
Next let us say, User has been disconnected after 20000 Secs.
Again, the RADIUS Accounting Stop message with the consumed duration of 20000 Secs shall be send to the RADIUS Server.
Step 2: Now, when the same user tries to authenticate, he should be authenticated and the Access-Accept provide the Timeout attribute as 10000 Secs ( i.e. 30000 Secs – 20000 Secs)
Here, let us assume the user used the full session duration and get time out.
Again, the RADIUS Accounting Stop message with the consumed duration of 10000 Secs shall be send to the RADIUS Server.
Step 3: Now, when the same user tries to authenticate, he should be rejected.
How can the above be achieved using radius server configurations.
Kindly help us in this.
Thanks in advance.
Thank you & Regards,
Anusha M
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Regards, Anusha M
Hi i am sorry, i have delayed you enough already. i want to put efforts for 1 hour today to resolve your issue. have you fix the problem or still have issues? Thanks On Fri, Nov 21, 2014 at 6:36 PM, Russell Mike <radius.sir@gmail.com> wrote:
Hi I could not read the list today, there is no such limit. You can do all that eg: data volume quota limit, user can use their time in multiple sessions. What kind of NAS you use? We will do it, no issue. Check list will follow this email.
Prabhpal
On Thursday, November 20, 2014, anusha mule <anusha.mule9988@gmail.com> wrote:
Hi Prabhpal,
Thanks for your reply.
Yes, we have the setup-done with Free RADIUS and MySQL enabled.
With the users file and radacct table, we are able authenticate and log the RADIUS accounting messages.
We have the User Polices based on Time and Data usage.
That is we want to limit the users based on their duration of access and usage of data over a multiple session establishment.
Hence, kindly provide your valuable inputs to acheive this with Free RADIUS - MySQL settings.
Note :
One thing is that - we read "sql_counter" module is useful to limit the time a user can spend daily, weekly, or monthly on the network.
Has sql_counter has problems in limiting a user's data usage or accounting the duration used in the each of the session establishment and provide the access.
Thanks & Regards,
Anusha M
On Wed, Nov 19, 2014 at 4:29 PM, Russell Mike <radius.sir@gmail.com> wrote:
Hi Anusha
You are right, this is how it works. You need rlm_sqlcounter setup to achieve that. Do you already have MySQL FreeRADIUS working setup? Authentication & Accounting with MySQL ? Please note, accounting must work with MySQL so that FreeRADIUS can calculate the time. please let me know if you already have above. i can then help further.
Thanks / Prabhpal Singh
On Wed, Nov 19, 2014 at 9:27 AM, anusha mule <anusha.mule9988@gmail.com
wrote:
Hi,
We have the following understanding RADIUS Authentication and Accounting flow :-
1. When the Access-request from the NAS, Server will search in the radcheck table to check the attributes for the user.
2. If check attributes are found and its matches to the user, then the server will pull the reply items (Attributes like Bandwidth, Volume, Timeout, etc) from the radreply table for this user and add it in the Access-Accept packet.
3. On receiving Access-Accept packet, session will get established for the user and Accounting-Start message will get transmitted to the Server.
4. The server will update the radacct table with Accounting start message.
5. When the station get disconnected, Session should get deleted and Accounting-Stop message should sent to the Server including user statistics (like Session-time, input-octets, output-octets, etc)in it.
6. Server will update the radacct table with all the attributed present in the STOP message.
With let us consider the following simple scenario :-
RADIUS Server having User details as
User Name = Joe
Password = Joe123
Timeout = 30000 Secs
Step 1: During the initial connect - User should be authenticated and Access-Accept should contains the attribute value as 30000 Secs,
mentioning the max duration that the user session is allowed.
Once the session is established, RADIUS Accounting Start message is send to RADIUS server.
Next let us say, User has been disconnected after 20000 Secs.
Again, the RADIUS Accounting Stop message with the consumed duration of 20000 Secs shall be send to the RADIUS Server.
Step 2: Now, when the same user tries to authenticate, he should be authenticated and the Access-Accept provide the Timeout attribute as 10000 Secs ( i.e. 30000 Secs – 20000 Secs)
Here, let us assume the user used the full session duration and get time out.
Again, the RADIUS Accounting Stop message with the consumed duration of 10000 Secs shall be send to the RADIUS Server.
Step 3: Now, when the same user tries to authenticate, he should be rejected.
How can the above be achieved using radius server configurations.
Kindly help us in this.
Thanks in advance.
Thank you & Regards,
Anusha M
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Regards, Anusha M
Hi, Still we are facing the same issue, please suggest me the changes has to be done in freeradius. And also clarify me about radcheck and radreply tables and what all attributes have to be configured in both the tables for verifying the same scenario. Thanks & Regards, Anusha M On Mon, Nov 24, 2014 at 1:40 PM, Russell Mike <radius.sir@gmail.com> wrote:
Hi
i am sorry, i have delayed you enough already. i want to put efforts for 1 hour today to resolve your issue. have you fix the problem or still have issues? Thanks
On Fri, Nov 21, 2014 at 6:36 PM, Russell Mike <radius.sir@gmail.com> wrote:
Hi I could not read the list today, there is no such limit. You can do all that eg: data volume quota limit, user can use their time in multiple sessions. What kind of NAS you use? We will do it, no issue. Check list will follow this email.
Prabhpal
On Thursday, November 20, 2014, anusha mule <anusha.mule9988@gmail.com> wrote:
Hi Prabhpal,
Thanks for your reply.
Yes, we have the setup-done with Free RADIUS and MySQL enabled.
With the users file and radacct table, we are able authenticate and log the RADIUS accounting messages.
We have the User Polices based on Time and Data usage.
That is we want to limit the users based on their duration of access and usage of data over a multiple session establishment.
Hence, kindly provide your valuable inputs to acheive this with Free RADIUS - MySQL settings.
Note :
One thing is that - we read "sql_counter" module is useful to limit the time a user can spend daily, weekly, or monthly on the network.
Has sql_counter has problems in limiting a user's data usage or accounting the duration used in the each of the session establishment and provide the access.
Thanks & Regards,
Anusha M
On Wed, Nov 19, 2014 at 4:29 PM, Russell Mike <radius.sir@gmail.com> wrote:
Hi Anusha
You are right, this is how it works. You need rlm_sqlcounter setup to achieve that. Do you already have MySQL FreeRADIUS working setup? Authentication & Accounting with MySQL ? Please note, accounting must work with MySQL so that FreeRADIUS can calculate the time. please let me know if you already have above. i can then help further.
Thanks / Prabhpal Singh
On Wed, Nov 19, 2014 at 9:27 AM, anusha mule < anusha.mule9988@gmail.com> wrote:
Hi,
We have the following understanding RADIUS Authentication and Accounting flow :-
1. When the Access-request from the NAS, Server will search in the radcheck table to check the attributes for the user.
2. If check attributes are found and its matches to the user, then the server will pull the reply items (Attributes like Bandwidth, Volume, Timeout, etc) from the radreply table for this user and add it in the Access-Accept packet.
3. On receiving Access-Accept packet, session will get established for the user and Accounting-Start message will get transmitted to the Server.
4. The server will update the radacct table with Accounting start message.
5. When the station get disconnected, Session should get deleted and Accounting-Stop message should sent to the Server including user statistics (like Session-time, input-octets, output-octets, etc)in it.
6. Server will update the radacct table with all the attributed present in the STOP message.
With let us consider the following simple scenario :-
RADIUS Server having User details as
User Name = Joe
Password = Joe123
Timeout = 30000 Secs
Step 1: During the initial connect - User should be authenticated and Access-Accept should contains the attribute value as 30000 Secs,
mentioning the max duration that the user session is allowed.
Once the session is established, RADIUS Accounting Start message is send to RADIUS server.
Next let us say, User has been disconnected after 20000 Secs.
Again, the RADIUS Accounting Stop message with the consumed duration of 20000 Secs shall be send to the RADIUS Server.
Step 2: Now, when the same user tries to authenticate, he should be authenticated and the Access-Accept provide the Timeout attribute as 10000 Secs ( i.e. 30000 Secs – 20000 Secs)
Here, let us assume the user used the full session duration and get time out.
Again, the RADIUS Accounting Stop message with the consumed duration of 10000 Secs shall be send to the RADIUS Server.
Step 3: Now, when the same user tries to authenticate, he should be rejected.
How can the above be achieved using radius server configurations.
Kindly help us in this.
Thanks in advance.
Thank you & Regards,
Anusha M
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Regards, Anusha M
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Regards, Anusha M
On Thu, Nov 20, 2014 at 8:59 PM, anusha mule <anusha.mule9988@gmail.com> wrote:
One thing is that - we read "sql_counter" module is useful to limit the time a user can spend daily, weekly, or monthly on the network.
Has sql_counter has problems in limiting a user's data usage or accounting the duration used in the each of the session establishment and provide the access.
Not really. Basically it counts/sums something from accounting table (e.g. session time), compare it against something else (e.g. user time quota), and return the difference in an attribute (e.g. session-timeout). If your NAS (e.g. chillispot, openvpn, mikrotik routers, whatever) has an attribute that supports data limit, then you can use sqlcounter for that (e.g. http://forum.mikrotik.com/viewtopic.php?f=3&t=33879) You could setup multiple instance of sql counters, one for time limit, one for data limit. -- Fajar
Hi, Here i would explain daily counter. if you need weekly, monthly, forever, volume quota do the same. *Note: *The Counter For Volume Quota Is Different 1.) Create SQL Counter sqlcounter *dailycounter *{ counter-name = "Daily-Session-Time" check-name = "*Max-Daily-Session*" reply-name = "Session-Timeout" sqlmod-inst = "sql" key = "User-Name" reset = "daily" cache-size = 5000 query = "SELECT SUM(acctsessiontime) FROM radacct WHERE username = '%{%k}' AND acctstarttime BETWEEN FROM_UNIXTIME('%b') AND FROM_UNIXTIME('%e')" 2.) Enable Counter in "/etc/freeradius/radiusd.conf" instantiate { * dailycounter* more entries.. } 3.) Enable Counter in "default virtual server" /etc/freeradius/sites-available/default authorize { *dailycounter* more entries.. } 4.) Restart FreeRADIUS, If problem see in debug. 5.) Apply Attributes To User Check items Max-Daily-Session := 3600 Reply Item: Max-Daily-Session := 3600 All This Should Do.. On Wed, Nov 19, 2014 at 9:27 AM, anusha mule <anusha.mule9988@gmail.com> wrote:
Hi,
We have the following understanding RADIUS Authentication and Accounting flow :-
1. When the Access-request from the NAS, Server will search in the radcheck table to check the attributes for the user.
2. If check attributes are found and its matches to the user, then the server will pull the reply items (Attributes like Bandwidth, Volume, Timeout, etc) from the radreply table for this user and add it in the Access-Accept packet.
3. On receiving Access-Accept packet, session will get established for the user and Accounting-Start message will get transmitted to the Server.
4. The server will update the radacct table with Accounting start message.
5. When the station get disconnected, Session should get deleted and Accounting-Stop message should sent to the Server including user statistics (like Session-time, input-octets, output-octets, etc)in it.
6. Server will update the radacct table with all the attributed present in the STOP message.
With let us consider the following simple scenario :-
RADIUS Server having User details as
User Name = Joe
Password = Joe123
Timeout = 30000 Secs
Step 1: During the initial connect - User should be authenticated and Access-Accept should contains the attribute value as 30000 Secs,
mentioning the max duration that the user session is allowed.
Once the session is established, RADIUS Accounting Start message is send to RADIUS server.
Next let us say, User has been disconnected after 20000 Secs.
Again, the RADIUS Accounting Stop message with the consumed duration of 20000 Secs shall be send to the RADIUS Server.
Step 2: Now, when the same user tries to authenticate, he should be authenticated and the Access-Accept provide the Timeout attribute as 10000 Secs ( i.e. 30000 Secs – 20000 Secs)
Here, let us assume the user used the full session duration and get time out.
Again, the RADIUS Accounting Stop message with the consumed duration of 10000 Secs shall be send to the RADIUS Server.
Step 3: Now, when the same user tries to authenticate, he should be rejected.
How can the above be achieved using radius server configurations.
Kindly help us in this.
Thanks in advance.
Thank you & Regards,
Anusha M
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
participants (4)
-
anusha mule -
Fajar A. Nugraha -
Javi -
Russell Mike