RADIUS Server Authorization and Accounting - MY SQL Configuration - Please Help

Russell Mike radius.sir at gmail.com
Mon Nov 24 09:10:43 CET 2014


Hi

i am sorry, i have delayed you enough already. i want to put efforts for 1
hour today to resolve your issue. have you fix the problem or still have
issues?
Thanks

On Fri, Nov 21, 2014 at 6:36 PM, Russell Mike <radius.sir at gmail.com> wrote:

> Hi
> I could not read the list today, there is no such limit. You can do all
> that eg: data volume quota limit, user can use their time in multiple
> sessions. What kind of NAS you use?  We will do it, no issue. Check list
> will follow this email.
>
> Prabhpal
>
>
> On Thursday, November 20, 2014, anusha mule <anusha.mule9988 at gmail.com>
> wrote:
>
>> Hi Prabhpal,
>>
>> Thanks for your reply.
>>
>>
>> Yes, we have the setup-done with Free RADIUS and MySQL enabled.
>>
>> With the users file and radacct table, we are able authenticate and log
>> the RADIUS accounting messages.
>>
>>
>>
>> We have the User Polices based on Time and Data usage.
>>
>>
>>
>> That is we want to limit the users based on their duration of access and
>> usage of data over a multiple session establishment.
>>
>>
>>
>> Hence, kindly provide your valuable inputs to acheive this with Free
>> RADIUS - MySQL settings.
>>
>>
>>
>>
>>
>> Note :
>>
>>
>>
>> One thing is that - we read "sql_counter" module is useful to limit the
>> time a user can spend daily, weekly, or monthly on the network.
>>
>> Has sql_counter has problems in limiting a user's data usage or
>> accounting the duration used in the each of the session establishment and
>> provide the access.
>>
>>
>>
>>
>>
>> Thanks & Regards,
>>
>> Anusha M
>>
>>
>>
>> On Wed, Nov 19, 2014 at 4:29 PM, Russell Mike <radius.sir at gmail.com>
>> wrote:
>>
>>>  Hi Anusha
>>>
>>> You are right, this is how it works. You need rlm_sqlcounter setup to
>>> achieve that. Do you already have MySQL FreeRADIUS working setup?
>>> Authentication & Accounting with MySQL ? Please note, accounting must work
>>> with MySQL so that FreeRADIUS can calculate the time. please let me know if
>>> you already have above. i can then help further.
>>>
>>> Thanks / Prabhpal Singh
>>>
>>>  On Wed, Nov 19, 2014 at 9:27 AM, anusha mule <anusha.mule9988 at gmail.com
>>> > wrote:
>>>
>>>>
>>>> Hi,
>>>>
>>>> We have the following understanding RADIUS Authentication and
>>>> Accounting flow :-
>>>>
>>>>
>>>>
>>>> 1.       When the Access-request from the NAS, Server will search in
>>>> the radcheck table to check the attributes for the user.
>>>>
>>>> 2.       If check attributes are found and its matches to the user,
>>>> then the server will pull the reply items (Attributes like Bandwidth,
>>>> Volume, Timeout, etc) from the radreply table for this user and add it in
>>>> the Access-Accept packet.
>>>>
>>>> 3.       On receiving Access-Accept packet, session will get
>>>> established for the user and Accounting-Start message will get transmitted
>>>> to the Server.
>>>>
>>>> 4.       The server will update the radacct table with Accounting
>>>> start message.
>>>>
>>>> 5.       When the station get disconnected, Session should get deleted
>>>> and Accounting-Stop message should sent to the Server including user
>>>> statistics (like Session-time, input-octets, output-octets, etc)in it.
>>>>
>>>> 6.       Server will update the radacct table with all the attributed
>>>> present in the STOP message.
>>>>
>>>>
>>>>
>>>> With let us consider the following simple scenario :-
>>>>
>>>>
>>>>
>>>> RADIUS Server having User details as
>>>>
>>>>
>>>>
>>>> User Name = Joe
>>>>
>>>> Password    = Joe123
>>>>
>>>> Timeout      = 30000 Secs
>>>>
>>>>
>>>>
>>>> Step 1: During the initial connect  - User should be authenticated and
>>>> Access-Accept should contains the attribute value as 30000 Secs,
>>>>
>>>>               mentioning the max duration that the user session is
>>>> allowed.
>>>>
>>>>
>>>>
>>>>               Once the session is established, RADIUS Accounting Start
>>>> message is send to RADIUS server.
>>>>
>>>>
>>>>
>>>>                Next let us say, User has been disconnected after 20000
>>>> Secs.
>>>>
>>>>
>>>>
>>>>                Again, the RADIUS Accounting Stop message with the
>>>> consumed duration of 20000 Secs shall be send to the RADIUS Server.
>>>>
>>>>
>>>>
>>>> Step 2:   Now, when the same user tries to authenticate, he should be
>>>> authenticated and the Access-Accept provide the Timeout attribute as 10000
>>>> Secs ( i.e. 30000 Secs – 20000 Secs)
>>>>
>>>>
>>>>
>>>>                  Here, let us assume the user used the full session
>>>> duration and get time out.
>>>>
>>>>
>>>>
>>>>                Again, the RADIUS Accounting Stop message with the
>>>> consumed duration of 10000 Secs shall be send to the RADIUS Server.
>>>>
>>>>
>>>>
>>>> Step 3:   Now, when the same user tries to authenticate, he should be
>>>> rejected.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> How can the above be achieved using radius server configurations.
>>>>
>>>>
>>>>
>>>> Kindly help us in this.
>>>>
>>>>  Thanks in advance.
>>>>
>>>>
>>>>
>>>> Thank you & Regards,
>>>>
>>>> Anusha M
>>>>
>>>>
>>>> -
>>>> List info/subscribe/unsubscribe? See
>>>> http://www.freeradius.org/list/users.html
>>>>
>>>
>>>
>>> -
>>> List info/subscribe/unsubscribe? See
>>> http://www.freeradius.org/list/users.html
>>>
>>
>>
>>
>> --
>>  Regards,
>> Anusha M
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20141124/aa4d5818/attachment-0001.html>


More information about the Freeradius-Users mailing list