Accounting - limits

Rizky Marunda Dinata rizky.md at gmail.com
Mon Jul 25 15:30:10 CEST 2011


Dear Evgeny,

Yes, freeradius is able to monitor and limit usage, for example will reject
login after 1 GB of  sum ( download+upload), please read info about
sql-counter (http://wiki.freeradius.org/Rlm_sqlcounter)

On Mon, Jul 25, 2011 at 3:53 PM, <
freeradius-users-request at lists.freeradius.org> wrote:

> Send Freeradius-Users mailing list submissions to
>        freeradius-users at lists.freeradius.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>        http://lists.freeradius.org/mailman/listinfo/freeradius-users
> or, via email, send a message with subject or body 'help' to
>        freeradius-users-request at lists.freeradius.org
>
> You can reach the person managing the list at
>        freeradius-users-owner at lists.freeradius.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Freeradius-Users digest..."
>
>
> Today's Topics:
>
>   1. Re: Freeradius Ldap mosule is authenticating with wrong
>      password also (Alan Buxey)
>   2. Please help me ASAP (Its Me)
>   3. Re: Please help me ASAP (Harry Hoffman)
>   4. Accounting - limits (Evgeny Yurchenko)
>   5. How to allow a user login in a certain time? (Lingfeng Xiong)
>   6. RE: Accounting - limits (Ryan Williams)
>   7. Download/Upload Calculation (radiusus)
>   8. counter daily (Angus JIANG Jian)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Sun, 24 Jul 2011 12:48:34 +0100
> From: Alan Buxey <A.L.M.Buxey at lboro.ac.uk>
> Subject: Re: Freeradius Ldap mosule is authenticating with wrong
>        password also
> To: FreeRadius users mailing list
>        <freeradius-users at lists.freeradius.org>
> Message-ID: <20110724114834.GA5422 at lboro.ac.uk>
> Content-Type: text/plain; charset=us-ascii
>
> Hi,
>
> > DEFAULT LDAP-Group == "CiscoRWL2Lr", Auth-Type := Accept
> >         Reply-Message = "Welcome! You have administrative access.",
> >         Service-Type = NAS-Prompt-User,
> >         cisco-avpair = "shell:priv-lvl=15"
>
> as already said, you've configured your RADIUS server to accept
> ANYONE who is in the CiscoRW2Lr group - even if their password
> is 100% wrong.  Auth-Type := Accept opens your box to basically not
> caring about authentication.... only authorization.
>
> remove the auth-type and ensure your authentication is working -
> which will need some work for AD
>
> alan
>
>
> ------------------------------
>
> Message: 2
> Date: Sun, 24 Jul 2011 06:29:56 -0700 (PDT)
> From: Its Me <ktscse at yahoo.com>
> Subject: Please help me ASAP
> To: "freeradius-users at lists.freeradius.org"
>        <freeradius-users at lists.freeradius.org>
> Message-ID:
>        <1311514196.43660.YahooMailNeo at web110116.mail.gq1.yahoo.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Hi,
> I am new user in Linux,I have install freeradius2 rpm in my Linux
> machine(RHEL-5.5 Server),I m facing problem below detail ,please help me how
> can i install and setup my radiusd -X output below problem.
>
> radiusd: #### Opening IP addresses and Ports ####
> listen {
> ??????? type = "auth"
> ??????? ipaddr = *
> ??????? port = 0
> Failed binding to authentication address * port 1812: Address already in
> use
> /etc/raddb/radiusd.conf[240]: Error binding to port for 0.0.0.0 port 1812
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> https://lists.freeradius.org/pipermail/freeradius-users/attachments/20110724/876242a3/attachment.html
> >
>
> ------------------------------
>
> Message: 3
> Date: Sun, 24 Jul 2011 09:41:12 -0400
> From: Harry Hoffman <hhoffman at ip-solutions.net>
> Subject: Re: Please help me ASAP
> To: Its Me <ktscse at yahoo.com>, FreeRadius users mailing list
>        <freeradius-users at lists.freeradius.org>
> Message-ID: <4E2C20F8.30704 at ip-solutions.net>
> Content-Type: text/plain; charset=ISO-8859-1
>
> Either a version of freeradius is already running or something else is
> running on that port or you are trying to start the program as a
> non-root user.
>
> As root run this command and paste the output:
>
> lsof -i :1812
>
> Cheers,
> Harry
>
> On 07/24/2011 09:29 AM, Its Me wrote:
> > Hi,
> > I am new user in Linux,I have install freeradius2 rpm in my Linux
> machine(RHEL-5.5 Server),I m facing problem below detail ,please help me how
> can i install and setup my radiusd -X output below problem.
> >
> > radiusd: #### Opening IP addresses and Ports ####
> > listen {
> >         type = "auth"
> >         ipaddr = *
> >         port = 0
> > Failed binding to authentication address * port 1812: Address already in
> use
> > /etc/raddb/radiusd.conf[240]: Error binding to port for 0.0.0.0 port 1812
> >
> >
> >
> > -
> > List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
> ------------------------------
>
> Message: 4
> Date: Sun, 24 Jul 2011 10:11:15 -0400
> From: Evgeny Yurchenko <ey at tm-k.com>
> Subject: Accounting - limits
> To: freeradius-users at lists.freeradius.org
> Message-ID: <4E2C2803.9090903 at tm-k.com>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> Hello list!
> I am sorry if the question has been asked thousand times, searching
> archives did not give me anything. -(
> Is FreeRADIUS natively capable of data consumption monitoring and limiting
> on per user basis.
> Let's say I want a user to be disabled (no messages to be generated just
> next authentication fails) after he
> downloads/uploads 1GB of data.
> Any hint in this direction would be highly appreciated.
> Thanks,
> Evgeny.
>
>
> ------------------------------
>
> Message: 5
> Date: Mon, 25 Jul 2011 11:30:06 +0800
> From: Lingfeng Xiong <jilingshu at gmail.com>
> Subject: How to allow a user login in a certain time?
> To: freeradius-users at lists.freeradius.org
> Message-ID:
>        <CAONV8HUjr8Z-SOAmH7OhqwiFdD=mT9dxO=uMgWqvnLG7aEfe0A at mail.gmail.com
> >
> Content-Type: text/plain; charset="utf-8"
>
> hi there,
> I am writing a authentication system for a public Cisco System laboratory
> of
> a university. This system allow user to subscribe a cisco device in a
> certain time and during that time, the subscriber should be able to login
> that device. I have already build a FreeRadius server and configure my
> Cisco
> device to authenticate user via Radius. But I have no idea how to configure
> FreeRadius to control the login time.
> For example, a user subscribe a device named 'Test1' for 'July 30, 2011'
> from '10:00 a.m.' to '12:00 p.m.'. He should be able to login 'test1'
> during
> that time, but not before or after.
> I know there existed a module named 'rlm_logintime', but it seems like that
> module can only supply me with scheduled login plan, not a certain time
> period. So could you give me some advice? Thanks.
> BTW: I am runing FreeRadius 2.1.11 on a FreeBSD 8.2-RELEASE system. A MySQL
> database is also running for FreeRadius.
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> https://lists.freeradius.org/pipermail/freeradius-users/attachments/20110725/2991ff1a/attachment.html
> >
>
> ------------------------------
>
> Message: 6
> Date: Mon, 25 Jul 2011 16:29:04 +1000
> From: "Ryan Williams" <ryan at integritynet.com.au>
> Subject: RE: Accounting - limits
> To: "'FreeRadius users mailing list'"
>        <freeradius-users at lists.freeradius.org>
> Message-ID: <008201cc4a94$2623aff0$726b0fd0$@com.au>
> Content-Type: text/plain;       charset="us-ascii"
>
> Hello anonymous!
> You can write a custom SQL query and include it when authenticating the
> user
> to determine if the user has or has not downloaded in excess of 1GB.
> Assuming of course that you're storing the accounting data in an SQL
> database.
>
> Regards,
> Ryan Williams
>
>
>
>
> ------------------------------
>
> Message: 7
> Date: Mon, 25 Jul 2011 01:40:09 -0700 (PDT)
> From: radiusus <alboracle at gmail.com>
> Subject: Download/Upload Calculation
> To: freeradius-users at lists.freeradius.org
> Message-ID: <1311583209349-4630031.post at n5.nabble.com>
> Content-Type: text/plain; charset=us-ascii
>
> Hello,
>
> I am new to radius server and I need some information if possible.
>
> Can anybody help with any documentation regarding the calculation of
> input/output octets on user/daily basis?
> I am interested only in reporting and analyzing the traffic of
> download/upload.
>
> I have been trying to use some Analytical functions and get somewhere but
> still can't be sure as I do not need how to use the Gigawords condition
> etc.
> My cdr's are stored in Oracle DB.
>
> Some information would be really appreciated.
>
> Thanks.
>
> --
> View this message in context:
> http://freeradius.1045715.n5.nabble.com/Download-Upload-Calculation-tp4630031p4630031.html
> Sent from the FreeRadius - User mailing list archive at Nabble.com.
>
>
> ------------------------------
>
> Message: 8
> Date: Mon, 25 Jul 2011 16:53:12 +0800
> From: Angus JIANG Jian <ajiang at ouhk.edu.hk>
> Subject: counter daily
> To: FreeRadius users mailing list
>        <freeradius-users at lists.freeradius.org>
> Message-ID:
>        <
> B0720ABAFE326C44B7E498E5988C0DD33914194958 at OUHKCMS.staffdmn.ouhk.edu.hk>
>
> Content-Type: text/plain; charset="us-ascii"
>
> Dear all,
>
>
> Can you give me an example of how to set the cache-size ?
> This is my config for the counter.
>
>
> counter daily {
>                filename = ${raddbdir}/db.daily
>                key = User-Name
>                count-attribute = Acct-Session-Time
>                reset = daily
>                counter-name = Daily-Session-Time
>                check-name = Max-Daily-Session
>                allowed-servicetype = Framed-User
>                cache-size = 5000
>
>
> #  The RADIUS request is normally cached internally for a short period
> #  of time, after the reply is sent to the NAS.  The reply packet may be
> #  lost in the network, and the NAS will not see it.  The NAS will then
> #  re-send the request, and the server will respond quickly with the
> #  cached reply.
> #
> #  If this value is set too low, then duplicate requests from the NAS
> #  MAY NOT be detected, and will instead be handled as seperate requests.
> #
> #  If this value is set too high, then the server will cache too many
> #  requests, and some new requests may get blocked.  (See 'max_requests'.)
> #
> #  Useful range of values: 2 to 10
> #
> cleanup_delay = 5
>
> Regards
> Angus
>
>
>
>
>
> <<Email Disclaimer>>
> This e-mail and its attachments, if any, are confidential and contain
> information for an intended recipient. The Open University of Hong Kong
> (OUHK) disclaims any liability for any loss or damage if this e-mail is
> received by any person who is not the intended recipient. E-mail
> transmissions cannot be guaranteed to be completely secure, error or virus
> free. No responsibility is accepted by the OUHK for any loss or damage
> arising in any way from receipt or use thereof. Arrangements or statements
> appearing to bind OUHK are not binding upon OUHK unless made in accordance
> with OUHK's constitution and duly authorised. OUHK staff are expressly
> prohibited from breaching applicable law, infringing third party rights,
> making defamatory statements and committing tortious acts by e-mail
> communications.
>
>
>
> ------------------------------
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
> End of Freeradius-Users Digest, Vol 75, Issue 80
> ************************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110725/558206c6/attachment.html>


More information about the Freeradius-Users mailing list