RADIUS Server Authorization and Accounting - MY SQL Configuration - Please Help
anusha mule
anusha.mule9988 at gmail.com
Thu Nov 20 14:59:37 CET 2014
Hi Prabhpal,
Thanks for your reply.
Yes, we have the setup-done with Free RADIUS and MySQL enabled.
With the users file and radacct table, we are able authenticate and log the
RADIUS accounting messages.
We have the User Polices based on Time and Data usage.
That is we want to limit the users based on their duration of access and
usage of data over a multiple session establishment.
Hence, kindly provide your valuable inputs to acheive this with Free RADIUS
- MySQL settings.
Note :
One thing is that - we read "sql_counter" module is useful to limit the
time a user can spend daily, weekly, or monthly on the network.
Has sql_counter has problems in limiting a user's data usage or accounting
the duration used in the each of the session establishment and provide the
access.
Thanks & Regards,
Anusha M
On Wed, Nov 19, 2014 at 4:29 PM, Russell Mike <radius.sir at gmail.com> wrote:
> Hi Anusha
>
> You are right, this is how it works. You need rlm_sqlcounter setup to
> achieve that. Do you already have MySQL FreeRADIUS working setup?
> Authentication & Accounting with MySQL ? Please note, accounting must work
> with MySQL so that FreeRADIUS can calculate the time. please let me know if
> you already have above. i can then help further.
>
> Thanks / Prabhpal Singh
>
> On Wed, Nov 19, 2014 at 9:27 AM, anusha mule <anusha.mule9988 at gmail.com>
> wrote:
>
>>
>> Hi,
>>
>> We have the following understanding RADIUS Authentication and Accounting
>> flow :-
>>
>>
>>
>> 1. When the Access-request from the NAS, Server will search in the
>> radcheck table to check the attributes for the user.
>>
>> 2. If check attributes are found and its matches to the user, then
>> the server will pull the reply items (Attributes like Bandwidth, Volume,
>> Timeout, etc) from the radreply table for this user and add it in the
>> Access-Accept packet.
>>
>> 3. On receiving Access-Accept packet, session will get established
>> for the user and Accounting-Start message will get transmitted to the
>> Server.
>>
>> 4. The server will update the radacct table with Accounting start
>> message.
>>
>> 5. When the station get disconnected, Session should get deleted
>> and Accounting-Stop message should sent to the Server including user
>> statistics (like Session-time, input-octets, output-octets, etc)in it.
>>
>> 6. Server will update the radacct table with all the attributed
>> present in the STOP message.
>>
>>
>>
>> With let us consider the following simple scenario :-
>>
>>
>>
>> RADIUS Server having User details as
>>
>>
>>
>> User Name = Joe
>>
>> Password = Joe123
>>
>> Timeout = 30000 Secs
>>
>>
>>
>> Step 1: During the initial connect - User should be authenticated and
>> Access-Accept should contains the attribute value as 30000 Secs,
>>
>> mentioning the max duration that the user session is
>> allowed.
>>
>>
>>
>> Once the session is established, RADIUS Accounting Start
>> message is send to RADIUS server.
>>
>>
>>
>> Next let us say, User has been disconnected after 20000
>> Secs.
>>
>>
>>
>> Again, the RADIUS Accounting Stop message with the
>> consumed duration of 20000 Secs shall be send to the RADIUS Server.
>>
>>
>>
>> Step 2: Now, when the same user tries to authenticate, he should be
>> authenticated and the Access-Accept provide the Timeout attribute as 10000
>> Secs ( i.e. 30000 Secs – 20000 Secs)
>>
>>
>>
>> Here, let us assume the user used the full session
>> duration and get time out.
>>
>>
>>
>> Again, the RADIUS Accounting Stop message with the
>> consumed duration of 10000 Secs shall be send to the RADIUS Server.
>>
>>
>>
>> Step 3: Now, when the same user tries to authenticate, he should be
>> rejected.
>>
>>
>>
>>
>>
>> How can the above be achieved using radius server configurations.
>>
>>
>>
>> Kindly help us in this.
>>
>> Thanks in advance.
>>
>>
>>
>> Thank you & Regards,
>>
>> Anusha M
>>
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
--
Regards,
Anusha M
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20141120/bb4b77da/attachment.html>
More information about the Freeradius-Users
mailing list