issue with dialup.conf

Tyller D tyllerd at gmail.com
Sun Feb 6 20:41:36 CET 2011


Sorry, maybe i didn't explain correctly.

Im not updating the database. I am using auth-type perl and when the user
authenticates my perl script looks in the db to see what nas is bieng used
on that IP and then checks the value for "databank" for the user and then
send the correct attribute with the correct value like so

                                        $RAD_REPLY{'Nomadix-MaxBytesDown'} =
"$DATABANK";

(in this example its a nomadix gateway)

That part works perfectly. The issue im having is when the stop request
comes in, it doesn't update the value in the radcheck table, well it does
but only sometimes..

On Sun, Feb 6, 2011 at 8:32 PM, Brian Candler <B.Candler at pobox.com> wrote:

> On Sun, Feb 06, 2011 at 04:55:34PM +0200, Tyller D wrote:
> >    freeradius is used to authenticate users at our hotspots, as we are
> >    using different nas devices and we must cater for them all i did this.
> >    in dictionary file I added an attribute called databank, then I
> created
> >    a perl script to check which type of nas the user is coming from and
> >    renaming databank to the correct attribute, now that works fine.
>
> Not sure what you mean by "renaming databank to the correct attribute" -
> are
> you actually changing the authentication database? If so that's scary.
>
> If you simply want to send a different attribute based on what type of NAS
> they are connecting from, then you can change the response attribute sent,
> without modifying the underlying database.
>
> For identifying the NAS: the simplest way is to use the preprocess
> module.  It reads the "huntgroups" file which maps NAS-IP-Address to
> control
> attribute Huntgroup-Name, and then you can use a regular users file to add
> an appropriate attribute, or do it in unlang:
>
>    sql
>
>    if ( "%{control:Huntgroup-Name}" == "Foo" && "%{reply:Databank}" ) {
>        update reply {
>            OtherAttr = "%{reply:Databank}"
>            Databank !* ""
>        }
>    }
>
>
> Or you can do anything in perl of course.
>
> The point is, I don't think you should be updating the database simply to
> change which reply attribute is sent based on which NAS they're connecting
> from at this instant.
>
> >    Then
> >    on the stop request I need to update the value associated to databank
> >    to be (databank - (acctinputoctets+acctoutputoctets)). that way
> >    limiting users to only as much "data" as we stipulated in the
> begining.
>
> I'm guessing your "databank" is some sort of data limit attribute, a bit
> like a Session-Timeout but for bytes transferred?
>
> >    my problem is that it doesn't always update the databank value, I can
> >    see how much traffic a users used in his session (i.e. in the radacct
> >    table) so the  accounting_stop_query &  accounting_stop_query_alt are
> >    not failing, its just not updating the databank value in radcheck.
> ...
> >    here are the two queries
> >            accounting_stop_query = " \
> >              UPDATE radacct,radcheck SET \
> >                 radacct.acctstoptime       = '%S', \
> >                 radacct.acctsessiontime    = '%{Acct-Session-Time}', \
> >                 radacct.acctinputoctets    =
> >    '%{%{Acct-Input-Gigawords}:-0}' << 32 | \
> >                                      '%{%{Acct-Input-Octets}:-0}', \
> >                 radacct.acctoutputoctets   =
> >    '%{%{Acct-Output-Gigawords}:-0}' << 32 | \
> >                                      '%{%{Acct-Output-Octets}:-0}', \
> >                 radacct.acctterminatecause = '%{Acct-Terminate-Cause}', \
> >                    radcheck.value = radcheck.value -
> >    '%{Acct-Output-Octets}' - '%{Acct-Input-Octets}', \
> >                 radacct.acctstopdelay      = '%{%{Acct-Delay-Time}:-0}',
> \
> >                 radacct.connectinfo_stop   = '%{Connect-Info}' \
> >              WHERE radacct.acctsessionid   = '%{Acct-Session-Id}' \
> >            AND radcheck.username = '%{SQL-User-Name}' \
> >            AND radcheck.attribute = 'databank' \
> >              AND radacct.username          = '%{SQL-User-Name}' \
> >              AND radacct.nasipaddress      = '%{NAS-IP-Address}'"
>
> That's a scary update: updating two independent tables with the same query.
>
> What database are you using? Calling a stored procedure would be a much
> cleaner way of doing this, if your database supports it. (I use mysql which
> does)
>
>    accounting_stop_query = "CALL process_stop_packet(...)"
>
> Then you can do two separate updates, which I think is what you really
> want.
>
> >    does anyone know how this can happen?
>
> Watch radiusd -X until you see it happen. Look at exactly what SQL updates
> are being done.
>
> >    could it be something to do with
> >    interim-updates (grasping at straws here).
>
> Sounds highly unlikely to me.
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110206/63550842/attachment.html>


More information about the Freeradius-Users mailing list