Conditionals in FreeRadius

Alan DeKok aland at deployingradius.com
Thu Oct 2 10:02:05 CEST 2008


Tom Cooper wrote:
> We have ADSL users to authenticate on freeradius which reads the user
> info via an OpenLDAP server. Now when the user has used a certain amount
> of data he must be flagged as blocked. His connection is disconnected
> and upon reconnection he is assigned a different IP address with
> restricted connectivity until he tops up his account. I can see that his
> information needs to be changed in LDAP 

  No.  Don't pollute your LDAP database with connection tracking
information.

  Use an SQL database to track sessions, and reject users who go over
their limit.  Anyone who is over their limit should not be checked
against LDAP.

> Is it maybe better accomplished from freeradius than from LDAP? The
> record needs to be changed in LDAP for our admin portal to make use of
> this to check the client's status.

  Recent versions of the server include an "sqlcounter" module that does
all of this tracking automatically.

> My radius version used is freeradius-1.1.3-1.2.el5

  Upgrade.

  Alan DeKok.



More information about the Freeradius-Users mailing list