RADIUS Server Authorization and Accounting - MY SQL Configuration - Please Help
Russell Mike
radius.sir at gmail.com
Mon Nov 24 11:08:43 CET 2014
Hi, Here i would explain daily counter. if you need weekly, monthly,
forever, volume quota do the same.
*Note: *The Counter For Volume Quota Is Different
1.) Create SQL Counter
sqlcounter *dailycounter *{
counter-name = "Daily-Session-Time"
check-name = "*Max-Daily-Session*"
reply-name = "Session-Timeout"
sqlmod-inst = "sql"
key = "User-Name"
reset = "daily"
cache-size = 5000
query = "SELECT SUM(acctsessiontime) FROM radacct WHERE
username = '%{%k}' AND acctstarttime BETWEEN FROM_UNIXTIME('%b') AND
FROM_UNIXTIME('%e')"
2.) Enable Counter in "/etc/freeradius/radiusd.conf"
instantiate {
* dailycounter*
more entries..
}
3.) Enable Counter in "default virtual server"
/etc/freeradius/sites-available/default
authorize {
*dailycounter*
more entries..
}
4.) Restart FreeRADIUS, If problem see in debug.
5.) Apply Attributes To User
Check items
Max-Daily-Session := 3600
Reply Item:
Max-Daily-Session := 3600
All This Should Do..
On Wed, Nov 19, 2014 at 9:27 AM, anusha mule <anusha.mule9988 at gmail.com>
wrote:
>
> Hi,
>
> We have the following understanding RADIUS Authentication and Accounting
> flow :-
>
>
>
> 1. When the Access-request from the NAS, Server will search in the
> radcheck table to check the attributes for the user.
>
> 2. If check attributes are found and its matches to the user, then
> the server will pull the reply items (Attributes like Bandwidth, Volume,
> Timeout, etc) from the radreply table for this user and add it in the
> Access-Accept packet.
>
> 3. On receiving Access-Accept packet, session will get established
> for the user and Accounting-Start message will get transmitted to the
> Server.
>
> 4. The server will update the radacct table with Accounting start
> message.
>
> 5. When the station get disconnected, Session should get deleted
> and Accounting-Stop message should sent to the Server including user
> statistics (like Session-time, input-octets, output-octets, etc)in it.
>
> 6. Server will update the radacct table with all the attributed
> present in the STOP message.
>
>
>
> With let us consider the following simple scenario :-
>
>
>
> RADIUS Server having User details as
>
>
>
> User Name = Joe
>
> Password = Joe123
>
> Timeout = 30000 Secs
>
>
>
> Step 1: During the initial connect - User should be authenticated and
> Access-Accept should contains the attribute value as 30000 Secs,
>
> mentioning the max duration that the user session is
> allowed.
>
>
>
> Once the session is established, RADIUS Accounting Start
> message is send to RADIUS server.
>
>
>
> Next let us say, User has been disconnected after 20000
> Secs.
>
>
>
> Again, the RADIUS Accounting Stop message with the
> consumed duration of 20000 Secs shall be send to the RADIUS Server.
>
>
>
> Step 2: Now, when the same user tries to authenticate, he should be
> authenticated and the Access-Accept provide the Timeout attribute as 10000
> Secs ( i.e. 30000 Secs – 20000 Secs)
>
>
>
> Here, let us assume the user used the full session
> duration and get time out.
>
>
>
> Again, the RADIUS Accounting Stop message with the
> consumed duration of 10000 Secs shall be send to the RADIUS Server.
>
>
>
> Step 3: Now, when the same user tries to authenticate, he should be
> rejected.
>
>
>
>
>
> How can the above be achieved using radius server configurations.
>
>
>
> Kindly help us in this.
>
> Thanks in advance.
>
>
>
> Thank you & Regards,
>
> Anusha M
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20141124/ee94f209/attachment-0001.html>
More information about the Freeradius-Users
mailing list