Hi list, I'm trying to set authorize section in my default sites file. I need to allow traffic users in terms of time and bandwidth. So, my attempts were like these: authorize{ dailycounter if (Auth-Type == "Reject") { #I tried also if(!ok) or if (reject) update control{ Post-Auth-Type := "Access-Accept" } dailybandwidthcounter } ..... } The control never enters the condition and the dailycounter returns "reject" Wed Aug 22 13:15:39 2012 : Info: [dailycounter] sql_xlat Wed Aug 22 13:15:39 2012 : Info: [dailycounter] expand: %{User-Name} -> xxxxxx Wed Aug 22 13:15:39 2012 : Info: [dailycounter] sql_set_user escaped user --> 'xxxxxx' Wed Aug 22 13:15:39 2012 : Info: [dailycounter] expand: SELECT SUM(acctsessiontime - GREATEST((1345586400 - UNIX_TIMESTAMP(acctstarttime)), 0)) FROM radacct WHERE username = 'xxxxxx' AND UNIX_TIMESTAMP(acctstarttime) + acctsessiontime
'1345586400' -> SELECT SUM(acctsessiontime - GREATEST((1345586400 - UNIX_TIMESTAMP(acctstarttime)), 0)) FROM radacct WHERE username = 'xxxxxx' AND UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > '1345586400' Wed Aug 22 13:15:39 2012 : Debug: rlm_sql (sql): Reserving sql socket id: 11 Wed Aug 22 13:15:39 2012 : Info: [dailycounter] sql_xlat finished Wed Aug 22 13:15:39 2012 : Debug: rlm_sql (sql): Released sql socket id: 11 Wed Aug 22 13:15:39 2012 : Info: [dailycounter] expand: %{sql:SELECT SUM(acctsessiontime - GREATEST((1345586400 - UNIX_TIMESTAMP(acctstarttime)), 0)) FROM radacct WHERE username = 'xxxxxx' AND UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > '1345586400'} -> 327 Wed Aug 22 13:15:39 2012 : Debug: rlm_sqlcounter: (Check item - counter) is less than zero Wed Aug 22 13:15:39 2012 : Debug: rlm_sqlcounter: Rejected user xxxxxx, check_item=180, counter=327 *Wed Aug 22 13:15:39 2012 : Info: ++[dailycounter] returns reject* Wed Aug 22 13:15:39 2012 : Auth: Invalid user (rlm_sqlcounter: Maximum daily usage time reached): [xxxxxx] (from client localhost port 0 cli xxxxxx) Wed Aug 22 13:15:39 2012 : Info: Using Post-Auth-Type Reject
Thank you very much for any help Regards Ilaria -- ------------------------------------------------ Ilaria De Marinis Settore Reti e Servizi CASPUR - Via dei Tizii ,6 - 00185 Roma e-mail: ilaria.demarinis@caspur.it ------------------------------------------------
On 22/08/12 12:28, Ilaria De Marinis wrote:
Hi list, I'm trying to set authorize section in my default sites file.
I need to allow traffic users in terms of time and bandwidth. So, my attempts were like these:
authorize{ dailycounter
if (Auth-Type == "Reject") { #I tried also if(!ok) or if (reject) update control{ Post-Auth-Type := "Access-Accept" } dailybandwidthcounter } ..... }
This is all wrong. First, if "dailycounter" (or any module) returns "reject", processing of authorize stops. If you want to change this, you need to override the default module return code actions - see doc/configurable_failover. Second, trying to match "Auth-Type" like this won't work, because it's a control item, not a request item. Third, setting "Post-Auth-Type" to "Access-Accept" is meaningless. It doesn't do what you want. So, throw all that way - it's useless. What do you actually want to *do*?
Thank you I want to allow user to surf for 1 hour and for 300MB. If you exceed both limits, you'll be not anymore authorized to access Internet. Regards Ilaria Il 22/08/12 13:47, Phil Mayers ha scritto:
On 22/08/12 12:28, Ilaria De Marinis wrote:
Hi list, I'm trying to set authorize section in my default sites file.
I need to allow traffic users in terms of time and bandwidth. So, my attempts were like these:
authorize{ dailycounter
if (Auth-Type == "Reject") { #I tried also if(!ok) or if (reject) update control{ Post-Auth-Type := "Access-Accept" } dailybandwidthcounter } ..... }
This is all wrong.
First, if "dailycounter" (or any module) returns "reject", processing of authorize stops. If you want to change this, you need to override the default module return code actions - see doc/configurable_failover.
Second, trying to match "Auth-Type" like this won't work, because it's a control item, not a request item.
Third, setting "Post-Auth-Type" to "Access-Accept" is meaningless. It doesn't do what you want.
So, throw all that way - it's useless.
What do you actually want to *do*? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- ------------------------------------------------ Ilaria De Marinis Settore Reti e Servizi Phone: +3906-44486052 CASPUR - Via dei Tizii ,6 - 00185 Roma e-mail: ilaria.demarinis@caspur.it ------------------------------------------------
On Wed, Aug 22, 2012 at 7:39 PM, Ilaria De Marinis <ilaria.demarinis@caspur.it> wrote:
Thank you I want to allow user to surf for 1 hour and for 300MB.
"AND" there as in "if a user have been online for 1 hour but total traffic is only 100 MB, allow him/her to go online again with maximum traffic of 200MB"? If yes, you need to: - make sure your NAS supports an attribute which limits connect time by ammount of traffic (e.g. chllispot-based NAS supports Chillispot-Max-Total-Octets), AND - follow up Phil's advice on how to overide default module return codes -- Fajar
On 22/08/12 13:39, Ilaria De Marinis wrote:
Thank you I want to allow user to surf for 1 hour and for 300MB.
If you exceed both limits, you'll be not anymore authorized to access Internet.
See doc/configurable_failover. There are examples of this. You will need to use a "group {}" block and override the action for the "reject" return code.
Thank you everybody this setting works group { dailybandwidthcounter { ok = 2 reject = 1 } dailycounter { ok = 2 reject = 1 } } regards Ilaria Il 22/08/12 15:27, Phil Mayers ha scritto:
On 22/08/12 13:39, Ilaria De Marinis wrote:
Thank you I want to allow user to surf for 1 hour and for 300MB.
If you exceed both limits, you'll be not anymore authorized to access Internet.
See doc/configurable_failover. There are examples of this. You will need to use a "group {}" block and override the action for the "reject" return code. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- ------------------------------------------------ Ilaria De Marinis Settore Reti e Servizi Phone: +3906-44486052 CASPUR - Via dei Tizii ,6 - 00185 Roma e-mail: ilaria.demarinis@caspur.it ------------------------------------------------
participants (4)
-
Alan DeKok -
Fajar A. Nugraha -
Ilaria De Marinis -
Phil Mayers