RADIUS Server Authorization and Accounting - MY SQL Configuration - Please Help

Javi jmoranrod at gmail.com
Fri Nov 21 08:53:56 CET 2014


Check this link:

https://abechik.wordpress.com/2007/03/15/freeradius-limit-user-access-by-period-started-from-activation-time/

The query that you need to get the module work is the last one in comments
section.

Javier.
El 20/11/2014 14:04, "anusha mule" <anusha.mule9988 at gmail.com> escribió:

> Hi Prabhpal,
>
> Thanks for your reply.
>
>
> Yes, we have the setup-done with Free RADIUS and MySQL enabled.
>
> With the users file and radacct table, we are able authenticate and log
> the RADIUS accounting messages.
>
>
>
> We have the User Polices based on Time and Data usage.
>
>
>
> That is we want to limit the users based on their duration of access and
> usage of data over a multiple session establishment.
>
>
>
> Hence, kindly provide your valuable inputs to acheive this with Free
> RADIUS - MySQL settings.
>
>
>
>
>
> Note :
>
>
>
> One thing is that - we read "sql_counter" module is useful to limit the
> time a user can spend daily, weekly, or monthly on the network.
>
> Has sql_counter has problems in limiting a user's data usage or accounting
> the duration used in the each of the session establishment and provide the
> access.
>
>
>
>
>
> Thanks & Regards,
>
> Anusha M
>
>
>
> On Wed, Nov 19, 2014 at 4:29 PM, Russell Mike <radius.sir at gmail.com>
> wrote:
>
>>  Hi Anusha
>>
>> You are right, this is how it works. You need rlm_sqlcounter setup to
>> achieve that. Do you already have MySQL FreeRADIUS working setup?
>> Authentication & Accounting with MySQL ? Please note, accounting must work
>> with MySQL so that FreeRADIUS can calculate the time. please let me know if
>> you already have above. i can then help further.
>>
>> Thanks / Prabhpal Singh
>>
>>  On Wed, Nov 19, 2014 at 9:27 AM, anusha mule <anusha.mule9988 at gmail.com>
>> wrote:
>>
>>>
>>> Hi,
>>>
>>> We have the following understanding RADIUS Authentication and Accounting
>>> flow :-
>>>
>>>
>>>
>>> 1.       When the Access-request from the NAS, Server will search in
>>> the radcheck table to check the attributes for the user.
>>>
>>> 2.       If check attributes are found and its matches to the user,
>>> then the server will pull the reply items (Attributes like Bandwidth,
>>> Volume, Timeout, etc) from the radreply table for this user and add it in
>>> the Access-Accept packet.
>>>
>>> 3.       On receiving Access-Accept packet, session will get
>>> established for the user and Accounting-Start message will get transmitted
>>> to the Server.
>>>
>>> 4.       The server will update the radacct table with Accounting start
>>> message.
>>>
>>> 5.       When the station get disconnected, Session should get deleted
>>> and Accounting-Stop message should sent to the Server including user
>>> statistics (like Session-time, input-octets, output-octets, etc)in it.
>>>
>>> 6.       Server will update the radacct table with all the attributed
>>> present in the STOP message.
>>>
>>>
>>>
>>> With let us consider the following simple scenario :-
>>>
>>>
>>>
>>> RADIUS Server having User details as
>>>
>>>
>>>
>>> User Name = Joe
>>>
>>> Password    = Joe123
>>>
>>> Timeout      = 30000 Secs
>>>
>>>
>>>
>>> Step 1: During the initial connect  - User should be authenticated and
>>> Access-Accept should contains the attribute value as 30000 Secs,
>>>
>>>               mentioning the max duration that the user session is
>>> allowed.
>>>
>>>
>>>
>>>               Once the session is established, RADIUS Accounting Start
>>> message is send to RADIUS server.
>>>
>>>
>>>
>>>                Next let us say, User has been disconnected after 20000
>>> Secs.
>>>
>>>
>>>
>>>                Again, the RADIUS Accounting Stop message with the
>>> consumed duration of 20000 Secs shall be send to the RADIUS Server.
>>>
>>>
>>>
>>> Step 2:   Now, when the same user tries to authenticate, he should be
>>> authenticated and the Access-Accept provide the Timeout attribute as 10000
>>> Secs ( i.e. 30000 Secs – 20000 Secs)
>>>
>>>
>>>
>>>                  Here, let us assume the user used the full session
>>> duration and get time out.
>>>
>>>
>>>
>>>                Again, the RADIUS Accounting Stop message with the
>>> consumed duration of 10000 Secs shall be send to the RADIUS Server.
>>>
>>>
>>>
>>> Step 3:   Now, when the same user tries to authenticate, he should be
>>> rejected.
>>>
>>>
>>>
>>>
>>>
>>> How can the above be achieved using radius server configurations.
>>>
>>>
>>>
>>> Kindly help us in this.
>>>
>>>  Thanks in advance.
>>>
>>>
>>>
>>> Thank you & Regards,
>>>
>>> Anusha M
>>>
>>>
>>> -
>>> List info/subscribe/unsubscribe? See
>>> http://www.freeradius.org/list/users.html
>>>
>>
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>
>
>
> --
>  Regards,
> Anusha M
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20141121/d9cefc08/attachment-0001.html>


More information about the Freeradius-Users mailing list