checking authorization in the duration of connection

Marinko Tarlac mangia81 at gmail.com
Sun May 3 13:05:20 CEST 2009 

You'll need to check this during connection process and you can send 
info to NAS about traffic limit (if your NAS support this)

Волошин Вячеслав wrote:
> Radius and NAS can worked in one way. Only NAS send accounts paket to 
> RADIUS. RADIUS CANT send packet to NAS server (if quota user traffic 
> limit exceeded)!!!!!!!
>
>     ----- Original Message -----
>     *From:* Eric <mailto:bbahar3 at gmail.com>
>     *To:* freeradius-users at lists.freeradius.org
>     <mailto:freeradius-users at lists.freeradius.org>
>     *Sent:* Sunday, May 03, 2009 2:09 PM
>     *Subject:* Re :checking authorization in the duration of connection
>
>     NAS sends accounting update packets in periodic times. I want freeradius use this updates and 
>     check my online users periodically and send Disconnect packet if user's traffic is above my
>
>     limit.
>     How can it do this?
>     any document about config ? 
>     Eric wrote:
>         
>
>         Hi,
>               
>
>         My radius server use ldap server for authorize and
>         authentication.I set an attribute in ldap server that is the
>         check-name in sqlcounter to limit users Input traffic. I want
>         when user traffic reaches to this amount the user become stop
>         but radius checks ldap attributes only at the first of
>         connection not in the middle. How can I set radius server
>         check users traffic with the amount of this attribute in ldap
>         server in the duration of connection? 
>
>     The radius server steps out of the way once authentication and
>     authorization is complete, nor does it have the ability to
>     disconnect a user from a NAS. You need to have the NAS disconnect
>     the user itself when a threshold is reached. This is accomplished
>     by returning a vendor specific attribute specifying the limit for
>     the session which the NAS then maintains. Once the limit on the
>     NAS is reached the NAS terminates the session. You'll have to
>     check your NAS documentation for a traffic limiting parameter. In
>     the other common case of disconnect after a time duration it's
>     handled by computing the session length during authorization and
>     returning attribute 194 with the maximum number of seconds for the
>     connection. This attribute is understood by comon NAS devices and
>     is known variously as Ascend-Maximum-Time, Cisco-Maximum-Time or
>     Lucent-Maximum-Time. You'll need to apply the same logic for data
>     volume.
>
>
>         
>
>     ------------------------------------------------------------------------
>     -
>     List info/subscribe/unsubscribe? See
>     http://www.freeradius.org/list/users.html
>
> ------------------------------------------------------------------------
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list