RES: freeradius disconnect user using accounting

Marcelo Santoro santoro.ice at gmail.com
Wed Apr 8 14:07:52 CEST 2015 

Leandro, you can use SESSION-TIMEOUT param in your radreply table, where you will set the max time that the user can be logged :)

I am also brazilian 👍

> Em 08/04/2015, Ă s 08:27, Leandro Melo - Netsul Telecom <leandromelo at netsulinternet.com.br> escreveu:
> 
> sorry, I think I could not express myself. lest go:
> 
> I have a mikrotik that controls my clients, authentication is done through the freeradius.
> 
> I setup mikrotik (interim update) to send the radius connection information every 10 seconds and I could see through the debug radius that every time the mikrotik sends the information of active connections run the commands that are within the accounting module {} (/ etc / raddb / sites-available / default) within the accounting created a condition that checks the time that the connection is active "% {Acct-Session-Time}" and if this condition is met must send a command that disconnect the mikrotik connection, see below:
> 
> accounting {
>    unix 
>    detail 
>    radutmp 
>    sqlippool 
>    sql1 
>    exec 
>    if ("% {Acct-Session-Time}"> 30) {
> 
>        # command that will bring down the mikrotik connection, what is this command? 
>    } 
>    attr_filter.accounting_response
> }
> 
> Att,
> 
> 
> 
> -----Mensagem original-----
> De: Freeradius-Users [mailto:freeradius-users-bounces+leandromelo=netsulinternet.com.br at lists.freeradius.org] Em nome de Vijay S
> Enviada em: quarta-feira, 8 de abril de 2015 02:26
> Para: FreeRadius users mailing list
> Assunto: Re: freeradius disconnect user using accounting
> 
> Hi leandromelo,
> What exactly you want to do, Kindly give clear idea so people here can help you actually.
> 
> Regards
> Vijay A.
>> On Apr 8, 2015 12:28 AM, "Leandro Melo - Netsul Telecom" < leandromelo at netsulinternet.com.br> wrote:
>> 
>> dear,
>> 
>> 
>> 
>> use FreeRADIUS Version 2.1.12 and mikrotik as hub, set up the interim 
>> update for 10 seconds (for testing) so that the radius can drop the 
>> connection when the time is reached.
>> 
>> set up the / etc / raddb / sites-avaliable / default to
>> 
>> 
>> 
>> accounting {
>> 
>> detail
>> 
>> unix
>> 
>> radutmp
>> 
>> sqlippool
>> 
>>         sql1
>> 
>> exec
>> 
>>         if ("% {Acct-Session-Time}"> 30) {
>> 
>>           reject
>> 
>> }
>> 
>> attr_filter.accounting_response
>> 
>> }
>> 
>> 
>> 
>> but the log returned by radius if he enters, but drops the connection, 
>> what command to derrumar the connection and return a "reply-message" to the hub?
>> 
>> 
>> 
>> follows the log:
>> 
>> 
>> 
>> ...
>> 
>> [sql1]  expand: UPDATE radacct   SET FramedIPAddress =
>> NULLIF('%{Framed-IP-Address}', '')::inet,   AcctSessionTime =
>> '%{Acct-Session-Time}',   AcctInputOctets =
>> (('%{%{Acct-Input-Gigawords}:-0}'::bigint << 32) +
>> '%{%{Acct-Input-Octets}:-0}'::bigint),   AcctOutputOctets =
>> (('%{%{Acct-Output-Gigawords}:-0}'::bigint << 32) +
>> '%{%{Acct-Output-Octets}:-0}'::bigint)   WHERE AcctSessionId =
>> '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}'   AND NASIPAddress=
>> '%{NAS-IP-Address}' AND AcctStopTime IS NULL -> UPDATE radacct   SET
>> FramedIPAddress = NULLIF('192.168.95.101', '')::inet,   AcctSessionTime =
>> '1101',   AcctInputOctets = (('0'::bigint << 32) + '211907'::bigint),
>> AcctOutputOctets = (('0'::bigint << 32) + '407325'::bigint)   WHERE
>> AcctSessionId = '81c00012' AND UserName = 'teste1'   AND NASIPAddress=
>> '192.168.1.41' AND AcctStopTime IS NULL
>> 
>> rlm_sql (sql1): Reserving sql socket id: 0
>> 
>> rlm_sql_postgresql: Status: PGRES_COMMAND_OK
>> 
>> rlm_sql_postgresql: query affected rows = 1
>> 
>> rlm_sql (sql1): Released sql socket id: 0
>> 
>> ++[sql1] returns ok
>> 
>> ++[exec] returns noop
>> 
>> ++? if ("%{Acct-Session-Time}" > 30)
>> 
>>        expand: %{Acct-Session-Time} -> 1101
>> 
>> ? Evaluating ("%{Acct-Session-Time}" > 30) -> TRUE
>> 
>> ++? if ("%{Acct-Session-Time}" > 30) -> TRUE
>> 
>> ++- entering if ("%{Acct-Session-Time}" > 30) {...}
>> 
>> +++- if ("%{Acct-Session-Time}" > 30) returns noop
>> 
>> ++- group accounting returns noop
>> 
>> [attr_filter.accounting_response]   expand: %{User-Name} -> teste1
>> 
>> attr_filter: Matched entry DEFAULT at line 12
>> 
>> ++[attr_filter.accounting_response] returns updated
>> 
>> Sending Accounting-Response of id 232 to 10.0.2.2 port 37115
>> 
>> Finished request 21.
>> 
>> ...
>> 
>> 
>> 
>> Att,
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> -----
> Nenhum vĂ­rus encontrado nessa mensagem.
> Verificado por AVG - www.avgbrasil.com.br
> Versão: 2015.0.5863 / Banco de dados de vírus: 4321/9486 - Data de Lançamento: 04/08/15
> 
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list