RADIUS + MySQL + decisionmaking?
Guy Fraser
guy at incentre.net
Wed Sep 27 19:23:53 CEST 2006
On Wed, 2006-09-27 at 02:47 +0100, Jan Mulders wrote:
> Hello,
>
> I am trying to set up some decision-making logic into FreeRADIUS, to
> assign users a different speed of service depending on how much
> bandwidth they've used since their billing started.
>
> I want to issue 512k speed to users in group A, who have used less
> than 20GB of bandwidth (monthlybytecounter is working fine at the
> moment and totals this up nicely). However, if they've used more than
> 20GB, I want to issue 256k speed to users.
>
> For group B, I want users to get 10Mbps as long as they've used less
> than 50GB of bandwidth, and 1Mbps if they're over.
>
> I want to assign the values for speed to some vendor-specific
> variable, let's say Max-User-Speed.
>
Hi
I am replying because I haven't seen any other replies.
The Attribute you use will depend on the "NAS" equipment
you are using. Check the documentation and dictionaries
for your radius client.
> I am using MySQL for this. Here is a snippet from my database:
>
> radcheck table:
>
> username, attribute, op, value
> testuser1, Password, ==, testing
>
> usergroup table:
>
> username, groupname
> testuser1, groupa
>
>
> Here is a snippet from my radiusd.conf file:
>
> instantiate {
> monthlybytecounter
> }
>
> authorize {
> preprocess
> sql
> }
>
> authenticate {
> pap
> }
>
> preacct {
> preprocess
> }
>
> accounting {
> #acct_unique
> #detail
> sql
> radutmp # ?
> }
>
>
> session {
> radutmp # ?
> sql
>
> }
>
> My question is... how do I implement this? Can anyone write down a few
> examples of how I'd go about making these rules?
>
> Would I perhaps be better off making a cronjob or something that
> changes the user's group to one of the following? groupA_belowcap,
> groupA_overcap, groupB_belowcap, groupB_overcap?
>
I do not usually work with MySQL but you are on the right track
using a counter but you didn't say if it was an sql_counter, which
is what I would use. I would also drop the "radutmp" bits, and do
everything from SQL. One other note, I usually keep the "detail"
bits, for archival purposes in case of a dispute.
As for examples, this is as close as I can give you with the bits
you want :
--- snip ---
modules {
detail acct_log {
detailfile = ${radacctdir}/%Y/%m/detail-%Y%m%d
detailperm = 0640
dirperm = 0750
}
sqlcounter dailycounter {
counter-name = Daily-Session-Time
check-name = Max-Daily-Session
sqlmod-inst = sql
key = User-Name
reset = daily
query = "SELECT SUM(AcctSessionTime - \
GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) \
FROM radacct WHERE UserName='%{%k}' AND \
UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'"
}
sqlcounter monthlycounter {
counter-name = Monthly-Session-Time
check-name = Max-Monthly-Session
sqlmod-inst = sql
key = User-Name
reset = monthly
query = "SELECT SUM(AcctSessionTime - \
GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) \
FROM radacct WHERE UserName='%{%k}' AND \
UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'"
}
}
instantiate {
dailycounter
monthlycounter
}
authorize {
sql
dailycounter
monthlycounter
}
accounting {
acct_log
sql
}
session {
sql
}
--- snip ---
More information about the Freeradius-Users
mailing list