Usage instead of time accounting

Sean sean at swarmhotspots.com
Fri Feb 3 19:00:49 CET 2006


Hi'

I've been using FreeRadius authorisation and accounting for my Internet
Hotspot service for some time. It performs perfectly. Up to now all of
my clients use time based tickets(One hour, one day, one week and one
month) I now have a client that wants to supply tickets that will limit
the usage in bytes of a user. Can this be done and if so can anyone
recommend a source for documentation. I've Googled for the last few days
and checked the DD-WRT and Chillispot forums to no avail.

Regards and rhanks in advance,

Sean Bracken

http://swarmhotspots.com

On Fri, 2006-02-03 at 17:55 +0100,
freeradius-users-request at lists.freeradius.org wrote:
> Send Freeradius-Users mailing list submissions to
> 	freeradius-users at lists.freeradius.org
> 
> To subscribe or unsubscribe via the World Wide Web, visit
> 	http://lists.freeradius.org/mailman/listinfo/freeradius-users
> or, via email, send a message with subject or body 'help' to
> 	freeradius-users-request at lists.freeradius.org
> 
> You can reach the person managing the list at
> 	freeradius-users-owner at lists.freeradius.org
> 
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Freeradius-Users digest..."
> 
> 
> Today's Topics:
> 
>    1. (Fwd) Detail Filter method (Breuer Nicolas)
>    2. Re: Detail Filter method (Nicolas Baradakis)
>    3. R: SQL.conf new query (Carlo Prestopino)
>    4. Re: how to log username in uppercase in radacct
>       (Nicolas Baradakis)
>    5. Root Certificate via ADS (Armin Kr?mer)
>    6. Re: FDS + Freeradius = pain. (Joey McDonald)
> 
> 
> ----------------------------------------------------------------------
> 
> Message: 1
> Date: Fri, 03 Feb 2006 14:14:54 +0100
> From: "Breuer Nicolas" <Nicolas.Breuer at Belcenter.biz>
> Subject: (Fwd) Detail Filter method
> To: freeradius-users at lists.freeradius.org
> Message-ID: <43E3655E.29093.29B17267 at Nicolas.Breuer.Belcenter.biz>
> Content-Type: text/plain; charset="iso-8859-1"
> 
>  In /etc/raddb/acct_users file:
> 
> DEFAULT Acct-Status-Type == Interim-Update, Acct-Type := empty
> 
> And in /etc/raddb/radiusd.conf:
> 
> modules {
> 
> 	always ok {
> 		rcode = ok
> 	}
> 
> 	...
> }
> 
> ...
> 
> accounting {
> 
> 	# Log start & stop
> 	detail
> 
> 	Acct-Type empty {
> 		ok
> 	}
> }
> 
> -- 
> Nicolas Baradakis
> 
> 
> 
>  Can i also put the empty section only in detail module
>  because i have a sql line in account (to log everything)
> 
>  I wouldlike only to disable it in detail accounting.
> 
> 
> 
> 
> 
> ------- Forwarded message follows -------
> From:           	Breuer Nicolas <Nicolas.Breuer at Belcenter.biz>
> To:             	freeradius-users at lists.freeradius.org
> Subject:        	Detail Filter method
> Send reply to:  	Nicolas.Breuer at BelCenter.biz
> Date sent:      	Fri, 03 Feb 2006 10:54:43 +0100
> 
> 
>  Hello all,
> 
>  I'm using the "detailled" logs with FreeRadius.
> 
>  I wouldlike to filter the interim updates to not logged
>  them. Is it possible ??
> 
>  I wouldlike to only have a logs files with start & stop..
> 
>  It would be a nice option, i think..
> 
>  
> 
> ------- End of forwarded message -------
> 
> Breuer Nicolas
> Content & Marketing Manager.
> Network Supervisor.
> 
> BELCENTER ISP & PORTALS
> Avenue Henri Conscience, 94 
> B -1140 Bruxelles
> Tl. :+32 2 243 0 243
> Fax :+32 2 243 0 244
> Mobile :+32 486 50 27 87
> E-Mail : Nicolas.Breuer at Belcenter.biz
> http://www.BelCenter.be | http://www.BelCenter.net
> http://www.BelCenter.lu  | http://www.BelCenter.nl
> 
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: https://list.xs4all.nl/pipermail/freeradius-users/attachments/20060203/6a9e517f/attachment-0001.html
> 
> ------------------------------
> 
> Message: 2
> Date: Fri, 3 Feb 2006 15:01:02 +0100
> From: Nicolas Baradakis <nbk at sitadelle.com>
> Subject: Re: Detail Filter method
> To: freeradius-users at lists.freeradius.org
> Message-ID: <20060203140102.GR16964 at asuka.tech.sitadelle.com>
> Content-Type: text/plain; charset=us-ascii
> 
> Breuer Nicolas wrote:
> 
> >  Can i also put the empty section only in detail module
> >  because i have a sql line in account (to log everything)
> >
> >  I wouldlike only to disable it in detail accounting.
> 
> Please no HTML to the list.
> 
> You can add the sql module in the subsection, as explained in the
> provided documentation: http://freeradius.org/radiusd/doc/Acct-Type
> 
> For example, in acct_users:
> 
> DEFAULT Acct-Status-Type == Interim-Update, Acct-Type := interim
> 
> And in radiusd.conf:
> 
> accounting {
> 
> 	sql
> 	detail
> 
> 	Acct-Type interim {
> 		sql
> 	}
> }
> 
> -- 
> Nicolas Baradakis
> 
> 
> 
> ------------------------------
> 
> Message: 3
> Date: Fri, 3 Feb 2006 15:02:55 +0100
> From: "Carlo Prestopino" <c.prestopino at waitalia.com>
> Subject: R: SQL.conf new query
> To: "'FreeRadius users mailing list'"
> 	<freeradius-users at lists.freeradius.org>
> Message-ID: <200602031402.k13DqskH046702 at mxdrop5.xs4all.nl>
> Content-Type: text/plain;	charset="us-ascii"
> 
> Ok, problem solved, as you can see at this post
> http://lists.freeradius.org/pipermail/freeradius-devel/2006-February/009446.
> html
> 
> Thank you to everyone
> 
> Regards,
> Carlo
> 
> 
> 
> 
> 
> ------------------------------
> 
> Message: 4
> Date: Fri, 3 Feb 2006 15:51:23 +0100
> From: Nicolas Baradakis <nbk at sitadelle.com>
> Subject: Re: how to log username in uppercase in radacct
> To: FreeRadius users mailing list
> 	<freeradius-users at lists.freeradius.org>
> Message-ID: <20060203145123.GS16964 at asuka.tech.sitadelle.com>
> Content-Type: text/plain; charset=us-ascii
> 
> baynaa at mobinet.mn wrote:
> 
> > Can anyone tell me how I can configure radius so that Username field is
> > logged in uppercase for all records in RadAcct table.
> 
> Please no HTML to the list.
> 
> You could change the queries in /etc/raddb/sql.conf to use the UPPER()
> function.
> 
> For example:
> 
> accounting_start_query = "INSERT into radacct (UserName, ... ) values (UPPER('%{SQL-User-Name}'), ... );"
> 
> -- 
> Nicolas Baradakis
> 
> 
> 
> ------------------------------
> 
> Message: 5
> Date: Fri, 03 Feb 2006 16:58:48 +0100
> From: Armin Kr?mer <Kraemer.Armin at web.de>
> Subject: Root Certificate via ADS
> To: freeradius-users at lists.freeradius.org
> Message-ID: <466882286 at web.de>
> Content-Type: text/plain; charset="iso-8859-1"
> 
> 
> Hi, im planing to install my generated root Certifikate via W2k ADS to the Clients. 
> 
> How can i do this via AADS? What do i have to do in ADS and Group Policies?
> 
> The second question ist that i will have to set a mark onto my certifikate at the Trusted RootCertifikate Field at the network Connection (hoe you understand what i mean) . How can i do this? Intall Root Certifikate and set this mark that i can use EAP-TLS wit Freeradius? I dont want to put it on 300 clients per hand :-)
> 
>  
> 
> Thank 
> 
> Armin
> 
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: https://list.xs4all.nl/pipermail/freeradius-users/attachments/20060203/3644c9f5/attachment-0001.html
> 
> ------------------------------
> 
> Message: 6
> Date: Fri, 3 Feb 2006 09:32:39 -0700
> From: Joey McDonald <jmcdice at gmail.com>
> Subject: Re: FDS + Freeradius = pain.
> To: Phil Mayers <p.mayers at imperial.ac.uk>
> Cc: FreeRadius users mailing list
> 	<freeradius-users at lists.freeradius.org>
> Message-ID:
> 	<b0d010580602030832w3adc4f2fo148688c0d4b2ec at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
> 
> Hi Phil,
> 
> Thanks for the response.
> 
> > rlm_ldap: Adding userPassword as User-Password, value { & op=21
> >
> > The line above looks wrong, but it never ends up being a problem
> > because...
> >
> > > rlm_ldap: looking for reply items in directory...
> > > rlm_ldap: user joey authorized to use remote access
> > > rlm_ldap: ldap_release_conn: Release Id: 0
> >
> > ...during authenticate...
> 
> 
> Sure, I don't think that FDS has the radius extensions yet although I've
> created an ldif to add them if needed but in the mean time I've just
> commented out:
>    access_attr = "dialupAccess"
> 
> because I want all my users to be able to use the VPN.
> 
> > rlm_ldap: - authenticate
> > > rlm_ldap: login attempt by "joey" with password "xxxxxxxx"
> > > rlm_ldap: user DN: uid=joey,ou=People, dc=example,dc=net
> > > rlm_ldap: (re)connect to ldap.example.net:389, authentication 1
> > > rlm_ldap: bind as uid=joey,ou=People, dc=example,dc=net/xxxxxxxx to
> > > ldap.example.net:389
> > > rlm_ldap: waiting for bind result ...
> > > rlm_ldap: Bind was successful
> > > rlm_ldap: user joey authenticated succesfully
> >
> > ...auth-type == LDAP and an LDAP simple bind is done to answer the PAP
> > request from radtest. This ONLY works with PAP because an LDAP simple
> > bind needs the plaintext password.
> >
> > > Login OK: [joey/xxxxxxx] (from client el-oso port 0)
> > > Sending Access-Accept of id 116 to 172.33.100.18:32811
> > >
> > > So that tells me that I've got the communication to my LDAP server
> > > properly configured.
> > >
> > > However when my PPTP server sends authentication requests to my radius
> > > server, I always get "Login incorrect: [joey/<no User-Password
> > > attribute>]"
> >
> > Since it's a PPTP server you are almost certainly going to be using
> > MS-CHAP, which requires either:
> >
> >   1. The NT password hash to be in LDAP and readable by FreeRadius
> >   2. The plaintext password to be in LDAP and readable
> >   3. Samba, domain membership, winbind and the ntlm_auth plugin option
> > for the mschap module
> 
> 
> Well, I'm not using windows systems at all - I've got OSX clients and a
> linux-based PPTP server. The passwords are stored as SSHA in my LDAP
> directory. That finally makes sense as to why radtest works, so thanks! My
> next question is, what Auth-Type should I be using for SSHA's stored in an
> LDAP directory. Clearly LDAP isn't going to be it if it doesn't support
> decrypting passwords and I don't wish to store passwords in plain text in
> the directory.
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: https://list.xs4all.nl/pipermail/freeradius-users/attachments/20060203/9fbe7796/attachment.html
> 
> ------------------------------
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 
> 
> End of Freeradius-Users Digest, Vol 10, Issue 12
> ************************************************
> 



More information about the Freeradius-Users mailing list