issue with dialup.conf
Brian Candler
B.Candler at pobox.com
Sun Feb 6 19:32:52 CET 2011
On Sun, Feb 06, 2011 at 04:55:34PM +0200, Tyller D wrote:
> freeradius is used to authenticate users at our hotspots, as we are
> using different nas devices and we must cater for them all i did this.
> in dictionary file I added an attribute called databank, then I created
> a perl script to check which type of nas the user is coming from and
> renaming databank to the correct attribute, now that works fine.
Not sure what you mean by "renaming databank to the correct attribute" - are
you actually changing the authentication database? If so that's scary.
If you simply want to send a different attribute based on what type of NAS
they are connecting from, then you can change the response attribute sent,
without modifying the underlying database.
For identifying the NAS: the simplest way is to use the preprocess
module. It reads the "huntgroups" file which maps NAS-IP-Address to control
attribute Huntgroup-Name, and then you can use a regular users file to add
an appropriate attribute, or do it in unlang:
sql
if ( "%{control:Huntgroup-Name}" == "Foo" && "%{reply:Databank}" ) {
update reply {
OtherAttr = "%{reply:Databank}"
Databank !* ""
}
}
Or you can do anything in perl of course.
The point is, I don't think you should be updating the database simply to
change which reply attribute is sent based on which NAS they're connecting
from at this instant.
> Then
> on the stop request I need to update the value associated to databank
> to be (databank - (acctinputoctets+acctoutputoctets)). that way
> limiting users to only as much "data" as we stipulated in the begining.
I'm guessing your "databank" is some sort of data limit attribute, a bit
like a Session-Timeout but for bytes transferred?
> my problem is that it doesn't always update the databank value, I can
> see how much traffic a users used in his session (i.e. in the radacct
> table) so the accounting_stop_query & accounting_stop_query_alt are
> not failing, its just not updating the databank value in radcheck.
...
> here are the two queries
> accounting_stop_query = " \
> UPDATE radacct,radcheck SET \
> radacct.acctstoptime = '%S', \
> radacct.acctsessiontime = '%{Acct-Session-Time}', \
> radacct.acctinputoctets =
> '%{%{Acct-Input-Gigawords}:-0}' << 32 | \
> '%{%{Acct-Input-Octets}:-0}', \
> radacct.acctoutputoctets =
> '%{%{Acct-Output-Gigawords}:-0}' << 32 | \
> '%{%{Acct-Output-Octets}:-0}', \
> radacct.acctterminatecause = '%{Acct-Terminate-Cause}', \
> radcheck.value = radcheck.value -
> '%{Acct-Output-Octets}' - '%{Acct-Input-Octets}', \
> radacct.acctstopdelay = '%{%{Acct-Delay-Time}:-0}', \
> radacct.connectinfo_stop = '%{Connect-Info}' \
> WHERE radacct.acctsessionid = '%{Acct-Session-Id}' \
> AND radcheck.username = '%{SQL-User-Name}' \
> AND radcheck.attribute = 'databank' \
> AND radacct.username = '%{SQL-User-Name}' \
> AND radacct.nasipaddress = '%{NAS-IP-Address}'"
That's a scary update: updating two independent tables with the same query.
What database are you using? Calling a stored procedure would be a much
cleaner way of doing this, if your database supports it. (I use mysql which
does)
accounting_stop_query = "CALL process_stop_packet(...)"
Then you can do two separate updates, which I think is what you really want.
> does anyone know how this can happen?
Watch radiusd -X until you see it happen. Look at exactly what SQL updates
are being done.
> could it be something to do with
> interim-updates (grasping at straws here).
Sounds highly unlikely to me.
More information about the Freeradius-Users
mailing list