RADIUS Server Authorization and Accounting - MY SQL Configuration - Please Help
anusha mule
anusha.mule9988 at gmail.com
Wed Nov 19 10:27:26 CET 2014
Hi,
We have the following understanding RADIUS Authentication and Accounting
flow :-
1. When the Access-request from the NAS, Server will search in the
radcheck table to check the attributes for the user.
2. If check attributes are found and its matches to the user, then
the server will pull the reply items (Attributes like Bandwidth, Volume,
Timeout, etc) from the radreply table for this user and add it in the
Access-Accept packet.
3. On receiving Access-Accept packet, session will get established
for the user and Accounting-Start message will get transmitted to the
Server.
4. The server will update the radacct table with Accounting start
message.
5. When the station get disconnected, Session should get deleted and
Accounting-Stop message should sent to the Server including user statistics
(like Session-time, input-octets, output-octets, etc)in it.
6. Server will update the radacct table with all the attributed
present in the STOP message.
With let us consider the following simple scenario :-
RADIUS Server having User details as
User Name = Joe
Password = Joe123
Timeout = 30000 Secs
Step 1: During the initial connect - User should be authenticated and
Access-Accept should contains the attribute value as 30000 Secs,
mentioning the max duration that the user session is allowed.
Once the session is established, RADIUS Accounting Start
message is send to RADIUS server.
Next let us say, User has been disconnected after 20000 Secs.
Again, the RADIUS Accounting Stop message with the consumed
duration of 20000 Secs shall be send to the RADIUS Server.
Step 2: Now, when the same user tries to authenticate, he should be
authenticated and the Access-Accept provide the Timeout attribute as 10000
Secs ( i.e. 30000 Secs – 20000 Secs)
Here, let us assume the user used the full session
duration and get time out.
Again, the RADIUS Accounting Stop message with the consumed
duration of 10000 Secs shall be send to the RADIUS Server.
Step 3: Now, when the same user tries to authenticate, he should be
rejected.
How can the above be achieved using radius server configurations.
Kindly help us in this.
Thanks in advance.
Thank you & Regards,
Anusha M
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20141119/e8878712/attachment.html>
More information about the Freeradius-Users
mailing list