RES: RES: freeradius disconnect user using accounting

Leandro Melo - Netsul Telecom leandromelo at netsulinternet.com.br
Wed Apr 8 16:21:34 CEST 2015


Marcelo,

thanks for the reply, using the session-timeout attribute in radreply works perfectly, but I need to create a global setting to disconnect all connections have the same time session-timeout and do not want to apply this setting on each connection in radreply.

Another factor that is most important to perform this routine so do I need to disconnect the customer only between the hours of 00: 00hs to 06: 00hs, ie, even if the connection has reached its timeout the radius will expect the condition of time be pleased to disconnect the connection, something like this:

if ("% {Acct-Session-Time}"> 30 && ($ (date + "% k") -g 0 && $ (date + "% k") -lt 6)) {
   # Disconnects the connection
}

explaining:
if the connection time is longer than 30 seconds and the server time is between midnight and six o'clock in the morning, makes the disconnection.

do not know if this is correct way, but so far was the one who could find.

I thank you


Att,



-----Mensagem original-----
De: Freeradius-Users [mailto:freeradius-users-bounces+leandromelo=netsulinternet.com.br at lists.freeradius.org] Em nome de Marcelo Santoro
Enviada em: quarta-feira, 8 de abril de 2015 09:08
Para: FreeRadius users mailing list
Assunto: Re: RES: freeradius disconnect user using accounting

Leandro, you can use SESSION-TIMEOUT param in your radreply table, where you will set the max time that the user can be logged :)

I am also brazilian 👍

> Em 08/04/2015, Ă s 08:27, Leandro Melo - Netsul Telecom <leandromelo at netsulinternet.com.br> escreveu:
> 
> sorry, I think I could not express myself. lest go:
> 
> I have a mikrotik that controls my clients, authentication is done through the freeradius.
> 
> I setup mikrotik (interim update) to send the radius connection information every 10 seconds and I could see through the debug radius that every time the mikrotik sends the information of active connections run the commands that are within the accounting module {} (/ etc / raddb / sites-available / default) within the accounting created a condition that checks the time that the connection is active "% {Acct-Session-Time}" and if this condition is met must send a command that disconnect the mikrotik connection, see below:
> 
> accounting {
>    unix 
>    detail 
>    radutmp 
>    sqlippool 
>    sql1 
>    exec 
>    if ("% {Acct-Session-Time}"> 30) {
> 
>        # command that will bring down the mikrotik connection, what is this command? 
>    } 
>    attr_filter.accounting_response
> }
> 
> Att,
> 
> 
> 
> -----Mensagem original-----
> De: Freeradius-Users 
> [mailto:freeradius-users-bounces+leandromelo=netsulinternet.com.br at lis
> ts.freeradius.org] Em nome de Vijay S Enviada em: quarta-feira, 8 de 
> abril de 2015 02:26
> Para: FreeRadius users mailing list
> Assunto: Re: freeradius disconnect user using accounting
> 
> Hi leandromelo,
> What exactly you want to do, Kindly give clear idea so people here can help you actually.
> 
> Regards
> Vijay A.
>> On Apr 8, 2015 12:28 AM, "Leandro Melo - Netsul Telecom" < leandromelo at netsulinternet.com.br> wrote:
>> 
>> dear,
>> 
>> 
>> 
>> use FreeRADIUS Version 2.1.12 and mikrotik as hub, set up the interim 
>> update for 10 seconds (for testing) so that the radius can drop the 
>> connection when the time is reached.
>> 
>> set up the / etc / raddb / sites-avaliable / default to
>> 
>> 
>> 
>> accounting {
>> 
>> detail
>> 
>> unix
>> 
>> radutmp
>> 
>> sqlippool
>> 
>>         sql1
>> 
>> exec
>> 
>>         if ("% {Acct-Session-Time}"> 30) {
>> 
>>           reject
>> 
>> }
>> 
>> attr_filter.accounting_response
>> 
>> }
>> 
>> 
>> 
>> but the log returned by radius if he enters, but drops the 
>> connection, what command to derrumar the connection and return a "reply-message" to the hub?
>> 
>> 
>> 
>> follows the log:
>> 
>> 
>> 
>> ...
>> 
>> [sql1]  expand: UPDATE radacct   SET FramedIPAddress =
>> NULLIF('%{Framed-IP-Address}', '')::inet,   AcctSessionTime =
>> '%{Acct-Session-Time}',   AcctInputOctets =
>> (('%{%{Acct-Input-Gigawords}:-0}'::bigint << 32) +
>> '%{%{Acct-Input-Octets}:-0}'::bigint),   AcctOutputOctets =
>> (('%{%{Acct-Output-Gigawords}:-0}'::bigint << 32) +
>> '%{%{Acct-Output-Octets}:-0}'::bigint)   WHERE AcctSessionId =
>> '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}'   AND NASIPAddress=
>> '%{NAS-IP-Address}' AND AcctStopTime IS NULL -> UPDATE radacct   SET
>> FramedIPAddress = NULLIF('192.168.95.101', '')::inet,   AcctSessionTime =
>> '1101',   AcctInputOctets = (('0'::bigint << 32) + '211907'::bigint),
>> AcctOutputOctets = (('0'::bigint << 32) + '407325'::bigint)   WHERE
>> AcctSessionId = '81c00012' AND UserName = 'teste1'   AND NASIPAddress=
>> '192.168.1.41' AND AcctStopTime IS NULL
>> 
>> rlm_sql (sql1): Reserving sql socket id: 0
>> 
>> rlm_sql_postgresql: Status: PGRES_COMMAND_OK
>> 
>> rlm_sql_postgresql: query affected rows = 1
>> 
>> rlm_sql (sql1): Released sql socket id: 0
>> 
>> ++[sql1] returns ok
>> 
>> ++[exec] returns noop
>> 
>> ++? if ("%{Acct-Session-Time}" > 30)
>> 
>>        expand: %{Acct-Session-Time} -> 1101
>> 
>> ? Evaluating ("%{Acct-Session-Time}" > 30) -> TRUE
>> 
>> ++? if ("%{Acct-Session-Time}" > 30) -> TRUE
>> 
>> ++- entering if ("%{Acct-Session-Time}" > 30) {...}
>> 
>> +++- if ("%{Acct-Session-Time}" > 30) returns noop
>> 
>> ++- group accounting returns noop
>> 
>> [attr_filter.accounting_response]   expand: %{User-Name} -> teste1
>> 
>> attr_filter: Matched entry DEFAULT at line 12
>> 
>> ++[attr_filter.accounting_response] returns updated
>> 
>> Sending Accounting-Response of id 232 to 10.0.2.2 port 37115
>> 
>> Finished request 21.
>> 
>> ...
>> 
>> 
>> 
>> Att,
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
> -
> List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html
> -----
> Nenhum vĂ­rus encontrado nessa mensagem.
> Verificado por AVG - www.avgbrasil.com.br
> VersĂŁo: 2015.0.5863 / Banco de dados de vĂ­rus: 4321/9486 - Data de 
> Lançamento: 04/08/15
> 
> 
> -
> List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-----
Nenhum vĂ­rus encontrado nessa mensagem.
Verificado por AVG - www.avgbrasil.com.br
Versão: 2015.0.5863 / Banco de dados de vírus: 4321/9486 - Data de Lançamento: 04/08/15




More information about the Freeradius-Users mailing list