a.cudbardb at freeradius.org
Tue Dec 4 21:58:19 CET 2012
On 4 Dec 2012, at 18:14, amanda edades <amanda.edades at gmail.com> wrote:
> I am trying to use my RADIUS server to designate user group memberships specifying QoS policies and monthly data caps. When authenticating, the server returns an AVP that tells what group a user is in, and the NAS will apply the associated QoS policies to his traffic. The RADIUS server checks if a user is over his data cap on every Access-Request and Interim-Update packet. When the user exceeds the data cap defined for his group, the RADIUS server originates a CoA and sends a new group assignment in which his traffic is throttled.
> Everything works fine now, but if the RADIUS server finds that a user is over his cap, it first returns its default group assignment taken from the radgroupreply table, then sends a CoA.
> Output from RADIUS:
> Sending Accounting-Response of id 122 to 127.0.0.1 port 33544
> Access-Group = "Group1"
> WARNING: Empty pre-proxy section. Using default return values.
> Sending CoA-Request of id 223 to 127.0.0.1 port 3799
> User-Name = "1907444"
> Access-Group = "ThrottledGroup"
> Finished request 8.
> So the NAS receives the default group assignment, then the throttled group assignment immediately after. To avoid confusion and transmitting unnecessary data, in the case when a data cap is exceeded, how to I prevent the RADIUS server from returning the default values from the radgroupreply table, and only send the CoA?
Add a group check item for the user not being over the limit?
More information about the Freeradius-Users