authenticate against bytes in and out with sqlcounter

Martin Potgieter martin at systemadmin.co.za
Wed Nov 9 23:28:20 CET 2005 

hello,
I am using freeradius 1.0.5 and trying to get to a point where I can 
deny access to a user when he has "used" more than a specific amount of 
bandwidth in a month (from the 1st to the last day of the month).  
rlm_sqlcounter seems to be what I need.  I have configured it as I think 
it should be but when I go into debug mode the values seem to get 
changed at a point. 

Here is my sqlcounter.conf file:

+++++++++++++++++++++++++++++++++++++++++++++++++++++++
        sqlcounter monthlycounter {
                counter-name = Max-Bytes
                check-name = Max-Bytes
                sqlmod-inst = sql
                key = User-Name
                reset = monthly
                Reply-Message = "You have reached your bandwidth cap for 
this Month"
                query = "SELECT sum(AcctOutputOctets) + 
sum(AcctInputOctets) FROM radacct where UserName = '%{%k}'"
        }
+++++++++++++++++++++++++++++++++++++++++++++++++++++++

In my radiusd.conf my authorize section is as follows:

+++++++++++++++++++++++++++++++++++++++++++++++++++++++
 authorize {
        preprocess
        chap
        mschap
        suffix
        sql
        monthlycounter
}
+++++++++++++++++++++++++++++++++++++++++++++++++++++++

When I am in debug mode I get the following:

+++++++++++++++++++++++++++++++++++++++++++++++++++++++
Thu Nov 10 00:17:41 2005 : Debug: rlm_sql (sql): Reserving sql socket id: 4
Thu Nov 10 00:17:41 2005 : Debug: rlm_sql_mysql: query:  SELECT 
sum(AcctOutputOctets) + sum(AcctInputOctets) FROM radacct where UserName 
= 'surfing at home'
Thu Nov 10 00:17:41 2005 : Debug: rlm_sql (sql): - sql_xlat finished
Thu Nov 10 00:17:41 2005 : Debug: rlm_sql (sql): Released sql socket id: 4
Thu Nov 10 00:17:41 2005 : Debug: radius_xlat:  '9628587663'
Thu Nov 10 00:17:41 2005 : Debug: rlm_sqlcounter: (Check item - counter) 
is greater than zero
Thu Nov 10 00:17:41 2005 : Debug: rlm_sqlcounter: Authorized user 
surfing at home, check_item=-1073741824, counter=2147483647
Thu Nov 10 00:17:41 2005 : Debug: rlm_sqlcounter: Sent Reply-Item for 
user surfing at home, Type=Session-Timeout, value=1
Thu Nov 10 00:17:41 2005 : Debug:   modsingle[authorize]: returned from 
monthlycounter (rlm_sqlcounter) for request 2

+++++++++++++++++++++++++++++++++++++++++++++++++++++++

Why the altered negative number in the check_item?   Is the radius_xlat 
doing something?  Do I need to put in Max-Bytes in one of the dictionary 
files?  The example in experimental.conf did not mention anything about 
adding attributes so I assumed not.
Also the "counter=2147483647" is not the value I have in the database 
for that user...
I am missing something here :-)


Thanks for any help


Martin

More information about the Freeradius-Users mailing list