MAX-Monthly-Traffic V2 Post.

Alexandre Chapellon alexandre.chapellon at mana.pf
Wed Aug 19 19:55:47 CEST 2009 

You are expecting an interim update to send session-timeout to your nas
so it disconnect your user?
If so, two things seems incorrect to me.

    1- You're measuring traffic volume and want disconnection to set
based on time (session-timout)... a bit tricky isn't it?

    2- I think the attribute "Session-Timeout" cannot be found in
interim-updates packets (maybe I'm wrong), rfc 2869 specify that:  "It
is envisioned that an Interim Accounting record (with Acct-Status-Type =
Interim-Update (3)) would contain all of the attributes normally found
in an Accounting Stop     message with the exception of the
Acct-Term-Cause attribute."

What you would need is an attribute known by your nas and representing
remaining traffic. That attrbute should be sent at acct-start time and
would trigger a disconnection from the NAS when traffic limit is
reached. If such a attribute does not exists for your NAS, you should
take a look at CoA server.
Maybe someone have better idea...?

Le mercredi 19 août 2009 à 15:56 +0100, Neville a écrit :

> Hi everyone,
> 
> I've decided to submit this question again as it was not quite worded 
> correctly, and to send as PLAIN TEXT.
> 
> I'm trying to setup a new counter maxmonthlytraffic, which uses the same 
> method to disconnect a user by sending the Session-Timout Reply Atrribute as 
> with MAX-ALL-Sessions.
> 
> This is what I've done so far...
> 
> I've added to ./raddb/sql/mysql/counter.conf
> 
> sqlcounter monthlytraffic {
>                 counter-name = Monthly-Traffic
>                 check-name = Max-Monthly-Traffic
>                 sqlmod-inst = sql
>                 key = User-Name
>                 reset = monthly
> 
>                 query = "SELECT (sum(acctinputoctets)+sum(acctoutputoctets)) 
> \
>                 FROM radacct WHERE username='%{%k}' AND \
>                 Month(acctstoptime) =(Month(NOW())) AND \
>                 Year(acctstoptime) = Year(NOW())"
> }
> 
> authorize {
> .
> monthlytraffic
> .
> }
> 
> instantiate {
> .
> monthlytraffic
> .
> }
> 
> created a dictionary entry in daloradius database of:-
> 
> id 9433
> Type integer
> Attribute Max-Monthly-Traffic
> Value NULL
> Format NULL
> Vendor dictionary.freeradius.internal
> RecommendedOP :=
> RecommendedTable check
> RecommendedHelper
> RecommendedTooltip Check Monthly Traffic Allowance
> 
> User created as "testmaxm", with the following attributes set:-
> 
> Check
> Simultaneous-Use := 1
> Pool-Name := tvpool
> Cleartext-Password := testmaxm
> Max-Monthly-Traffic := 10490000   (10Mb)   (If this is removed from the 
> Check, the user connects fine, so everything else is working)
> 
> Reply
> Framed-MTU = 1400
> Framed-Protocol = PPP
> Service-Type = Framed-User
> Acct-Interim-Interval := 300    (Every 5 mins for testing)
> =====
> 
> 
> Although this seems to be working on the initial Connection, it does not 
> send the Session Time Out Reply during the Interim Acct Updates if the Usage 
> has execeed.
> 
> >From the Debug below, the usages is shown as "37940156"  during a Acct 
> Update e.g. 906612 + 3733544 and is more than the initial check value of 
> Max-Monthly-Traffic := 10490000, so I would have expected a Session-Timout 
> Reply to be sent.
> 
> However this is working ok on disconnect and reconnect, as I get...
> 
> rlm_sqlcounter: (Check item - counter) is less than zero
> rlm_sqlcounter: Rejected user testmaxm, check_item=10490000, 
> counter=89021682
> ++[monthlytraffic] returns reject
> Invalid user (rlm_sqlcounter: Maximum monthly usage time reached): 
> [testmaxm/<via Auth-Type = mschap>] (from client VPN1-UK port 1)
> 
> rlm_sqlcounter: (Check item - counter) is less than zero
> rlm_sqlcounter: Rejected user testmaxm, check_item=10490000, 
> counter=89021682
> ++[monthlytraffic] returns reject
> Invalid user (rlm_sqlcounter: Maximum monthly usage time reached): 
> [testmaxm/<via Auth-Type = mschap>] (from client VPN1-UK port 1)
> 
> Any Ideas why I did not get disconnect during the original session as this 
> is what I'm after.
> 
> 
> FreeRadius2 Debug
> 
> .
> .
> rlm_sqlcounter: Check item is greater than query result
> rlm_sqlcounter: Authorized user testmaxm, check_item=10490000, counter=80411
> rlm_sqlcounter: Sent Reply-Item for user testmaxm, Type=Session-Timeout, 
> value=11601138
> ++[monthlytraffic] returns ok
> .
> .
> 
> rad_recv: Accounting-Request packet from host aaa.bbb.ccc.ddd port 53637, 
> id=47, length=140
>         Acct-Session-Id = "4A8B6FA0721900"
>         User-Name = "testmaxm"
>         Acct-Status-Type = Interim-Update
>         Service-Type = Framed-User
>         Framed-Protocol = PPP
>         Acct-Authentic = RADIUS
>         Acct-Session-Time = 600
>         Acct-Output-Octets = 37033544
>         Acct-Input-Octets = 906612
>         Acct-Output-Packets = 27837
>         Acct-Input-Packets = 15791
>         NAS-Port-Type = Async
>         Framed-IP-Address = 192.168.0.29
>         NAS-Identifier = "aaa.bbb.ccc.ddd"
>         NAS-Port = 1
>         Acct-Delay-Time = 0
> +- entering group preacct {...}
> ++[preprocess] returns ok
> [acct_unique] Hashing 'NAS-Port = 1,Client-IP-Address = 
> 193.33.186.190,NAS-IP-Address = aaa.bbb.ccc.ddd,Acct-Session-Id = 
> "4A8B6FA0721900",User-Name = "testmaxm"'
> [acct_unique] Acct-Unique-Session-ID = "049e959019a363e4".
> ++[acct_unique] returns ok
> [suffix] No '@' in User-Name = "testmaxm", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> +- entering group accounting {...}
> [detail]        expand: 
> /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d -> 
> /var/log/radius/radacct/aaa.bbb.ccc.ddd/detail-20090819
> [detail] /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands 
> to /var/log/radius/radacct/aaa.bbb.ccc.ddd/detail-20090819
> [detail]        expand: %t -> Wed Aug 19 03:31:04 2009
> ++[detail] returns ok
> rlm_sql (sql): Reserving sql socket id: 1
> [sqlippool]     expand: %{User-Name} -> testmaxm
> [sqlippool] sql_set_user escaped user --> 'testmaxm'
> [sqlippool]     expand: START TRANSACTION -> START TRANSACTION
> rlm_sql_mysql: query:  START TRANSACTION
> [sqlippool]     expand: UPDATE radippool  SET expiry_time = NOW() + INTERVAL 
> 3600 SECOND  WHERE nasipaddress = '%{Nas-IP-Address}' AND pool_key = 
> '%{NAS-Port}'  AND username = '%{User-Name}'  AND callingstationid = 
> '%{Calling-Station-Id}'  AND framedipaddress = '%{Framed-IP-Address}' -> 
> UPDATE radippool  SET expiry_time = NOW() + INTERVAL 3600 SECOND  WHERE 
> nasipaddress = 'aaa.bbb.ccc.ddd' AND pool_key = '1'  AND username = 
> 'testmaxm'  AND callingstationid = ''  AND framedipaddress = '192.168.0.29'
> rlm_sql_mysql: query:  UPDATE radippool  SET expiry_time = NOW() + INTERVAL 
> 3600 SECOND  WHERE nasipaddress = 'aaa.bbb.ccc.ddd' AND pool_key = '1'  AND 
> username = 'testmaxm'  AND callingstationid = ''  AND framedipaddress = 
> '192.168.0.29'
> [sqlippool]     expand: COMMIT -> COMMIT
> rlm_sql_mysql: query:  COMMIT
> rlm_sql (sql): Released sql socket id: 1
> ++[sqlippool] returns ok
> [sql]   expand: %{User-Name} -> testmaxm
> [sql] sql_set_user escaped user --> 'testmaxm'
> [sql]   expand: %{Acct-Input-Gigawords} ->
> [sql]   expand: %{Acct-Input-Octets} -> 906612
> [sql]   expand: %{Acct-Output-Gigawords} ->
> [sql]   expand: %{Acct-Output-Octets} -> 37033544
> [sql]   expand:            UPDATE radacct           SET 
> framedipaddress = '%{Framed-IP-Address}',              acctsessiontime     = 
> '%{Acct-Session-Time}',              acctinputoctets     = 
> '%{%{Acct-Input-Gigawords}:-0}'  << 32 | 
> '%{%{Acct-Input-Octets}:-0}',              acctoutputoctets    = 
> '%{%{Acct-Output-Gigawords}:-0}' << 32 | 
> '%{%{Acct-Output-Octets}:-0}'           WHERE acctsessionid = 
> '%{Acct-Session-Id}'           AND username        = '%{SQL-User-Name}' 
> AND nasipaddress    = '%{NAS-IP-Address}' ->            UPDATE radacct 
> SET              framedipaddress = '192.168.0.29', 
> acctsessiontime     = '600',              acctinputoctets     = '0'  << 32 | 
> '906612',              acctoutputoctets    = '0' << 32 | 
> '37033544'           WHERE acctsessionid = '4A8B6FA0721900'           AND 
> username        = 'testmaxm'
> [sql]   expand: /var/log/radius/sqltrace.sql -> /var/log/radius/sqltrace.sql
> rlm_sql (sql): Reserving sql socket id: 0
> rlm_sql_mysql: query:             UPDATE radacct           SET 
> framedipaddress = '192.168.0.29',              acctsessiontime     = '600', 
> acctinputoctets     = '0'  << 32 | 
> '906612',              acctoutputoctets    = '0' << 32 | 
> '37033544'           WHERE acctsessionid = '4A8B6FA0721900'           AND 
> username        = 'testmaxm'           AND nasipaddress    = 
> 'aaa.bbb.ccc.ddd'
> rlm_sql (sql): Released sql socket id: 0
> ++[sql] returns ok
> [attr_filter.accounting_response]       expand: %{User-Name} -> testmaxm
>  attr_filter: Matched entry DEFAULT at line 12
> ++[attr_filter.accounting_response] returns updated
> Sending Accounting-Response of id 47 to aaa.bbb.ccc.ddd port 53637
> Finished request 16.
> Cleaning up request 16 ID 47 with timestamp +1965
> Going to the next request
> Ready to process requests.
> 
> 
> Thx
> Nev
> 
> ================
> CentOS 5.3
> pptpd 1.3.4 / ppp 2.4.4
> freeradius2 2.1.6
> radiusclient-ng 0.5.6
> daloRadius 0.9-8-SVN
> ================ 
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090819/598f4ae0/attachment.html>

More information about the Freeradius-Users mailing list