Update control in Post-Auth
Randeep
randeep123 at gmail.com
Mon Aug 8 12:37:04 CEST 2016
Hi everyone,
I want to check two things in pre-auth.
1. Whether the user's network plan subscription is active or not.
2. Whether the data usage has crossed the Max-Data cap or not.
In post-auth,
update control {
# 1. Checks whether the plan subscription is active or not.
#Getting the subscription_from value from the radcheck table.
Tmp-String-2 := "%{sql:select subscription_from from radcheck where
radcheck.username='%{User-Name}'}"
#Checking its been how many days from the date of subscription
Tmp-Integer-3 := "%{sql:SELECT
DATEDIFF(CURDATE(),subscription_from) FROM radcheck where radcheck.username
= '%{User-Name}'}"
#Getting validity(actual subscription duration)
Tmp-Integer-2 := "%{sql:select validity from radcheck where
radcheck.username='%{User-Name}'}"
# 2. Checks whether the data usage has crossed the Max-Data or not.
# Getting the current data usage (Data usage from subscription_from
to current date)
Tmp-Integer-0 := "%{sql:SELECT
COALESCE((SUM(acctoutputoctets)-SUM(iptv_usage)),0) AS Total FROM radacct
where (acctstarttime between DATE_FORMAT(NOW() ,(select subscription_from
from radcheck where username='%{User-Name}')) AND NOW() ) AND
radacct.username='%{User-Name}'}"
#Value of Max-Data from the radgroupcheck for the group of the user
Tmp-Integer-1 := "%{sql: SELECT radgroupcheck.value FROM
radusergroup INNER JOIN radgroupcheck ON radusergroup.groupname =
radgroupcheck.groupname WHERE radusergroup.username='%{User-Name}' AND
radgroupcheck.attribute='Max-Data'}"
#Getting the Mikrotik rate limit for applying FUP
Tmp-String-1 := "%{sql: SELECT radgroupcheck.value FROM
radusergroup INNER JOIN radgroupcheck ON radusergroup.groupname =
radgroupcheck.groupname WHERE radusergroup.username='%{User-Name}' AND
radgroupcheck.attribute='Mikrotik-Rate-Limit'}"
}
#check1
#Checking condition for plan subscription expiry (days from
subscription > plan duration)
if ("%{control:Tmp-Integer-3}" > "%{control:Tmp-Integer-2}") {
update {
control:Auth-Type := "Reject"
reply:Reply-Message := "Your subscription has
expired. Please renew your subscription to continue the service"
}
}
#check2
#Checking whether usage exceeded the Max-Data cap
if ("%{control:Tmp-Integer-0}" > "%{control:Tmp-Integer-1}") {
update reply {
Reply-Message := "Your Bandwidth Limit has been
reached"
Mikrotik-Rate-Limit := "%{control:Tmp-String-1}"
}
}
But in check1 I am always getting Access-Accept
Also,
is it possible to give two checks in update control?
In logs I can see this.
Mon Aug 8 16:13:24 2016 : Debug: (1) if ("%{control:Tmp-Integer-3}" >
"%{control:Tmp-Integer-2}") {
Mon Aug 8 16:13:24 2016 : Debug: (1) EXPAND TMPL XLAT STRUCT
Mon Aug 8 16:13:24 2016 : Debug: (1) EXPAND %{control:Tmp-Integer-3}
Mon Aug 8 16:13:24 2016 : Debug: (1) --> 47
Mon Aug 8 16:13:24 2016 : Debug: (1) EXPAND TMPL XLAT STRUCT
Mon Aug 8 16:13:24 2016 : Debug: (1) EXPAND %{control:Tmp-Integer-2}
Mon Aug 8 16:13:24 2016 : Debug: (1) --> 30
Mon Aug 8 16:13:24 2016 : Debug: (1) if ("%{control:Tmp-Integer-3}" >
"%{control:Tmp-Integer-2}") -> TRUE
Mon Aug 8 16:13:24 2016 : Debug: (1) if ("%{control:Tmp-Integer-3}" >
"%{control:Tmp-Integer-2}") {
Mon Aug 8 16:13:24 2016 : Debug: (1) update {
Mon Aug 8 16:13:24 2016 : Debug: (1) control:Auth-Type := Reject
Mon Aug 8 16:13:24 2016 : Debug: (1) Overwriting value "PAP" with
"Reject"
Mon Aug 8 16:13:24 2016 : Debug: (1) reply:Reply-Message := "Your
subscription has expired. Please renew your subscription to continue the
service"
Mon Aug 8 16:13:24 2016 : Debug: (1) } # update = noop
Mon Aug 8 16:13:24 2016 : Debug: (1) } # if
("%{control:Tmp-Integer-3}" > "%{control:Tmp-Integer-2}") = noop
Mon Aug 8 16:13:24 2016 : Debug: (1) modsingle[post-auth]: calling
exec (rlm_exec) for request 1
Mon Aug 8 16:13:24 2016 : Debug: (1) modsingle[post-auth]: returned
from exec (rlm_exec) for request 1
Mon Aug 8 16:13:24 2016 : Debug: (1) [exec] = noop
Mon Aug 8 16:13:24 2016 : Debug: (1) policy
remove_reply_message_if_eap {
Mon Aug 8 16:13:24 2016 : Debug: (1) if (&reply:EAP-Message &&
&reply:Reply-Message) {
Mon Aug 8 16:13:24 2016 : Debug: (1) if (&reply:EAP-Message &&
&reply:Reply-Message) -> FALSE
Mon Aug 8 16:13:24 2016 : Debug: (1) else {
Mon Aug 8 16:13:24 2016 : Debug: (1) modsingle[post-auth]: calling
noop (rlm_always) for request 1
Mon Aug 8 16:13:24 2016 : Debug: (1) modsingle[post-auth]:
returned from noop (rlm_always) for request 1
Mon Aug 8 16:13:24 2016 : Debug: (1) [noop] = noop
Mon Aug 8 16:13:24 2016 : Debug: (1) } # else = noop
Mon Aug 8 16:13:24 2016 : Debug: (1) } # policy
remove_reply_message_if_eap = noop
Mon Aug 8 16:13:24 2016 : Debug: (1) } # post-auth = ok
Mon Aug 8 16:13:24 2016 : Debug: (1) Sent Access-Accept Id 69 from
127.0.0.1:1812 to 127.0.0.1:53474 length 0
Mon Aug 8 16:13:24 2016 : Debug: (1) Framed-Protocol = PPP
Mon Aug 8 16:13:24 2016 : Debug: (1) Framed-MTU = 1500
Mon Aug 8 16:13:24 2016 : Debug: (1) Framed-Routing = Broadcast-Listen
Mon Aug 8 16:13:24 2016 : Debug: (1) Framed-Compression =
Van-Jacobson-TCP-IP
Mon Aug 8 16:13:24 2016 : Debug: (1) Idle-Timeout = 300
Mon Aug 8 16:13:24 2016 : Debug: (1) Service-Type = Framed-User
Mon Aug 8 16:13:24 2016 : Debug: (1) Acct-Interim-Interval = 60
Mon Aug 8 16:13:24 2016 : Debug: (1) Mikrotik-Rate-Limit = '6144k/6144k'
Mon Aug 8 16:13:24 2016 : Debug: (1) Reply-Message := 'Your subscription
has expired. Please renew your subscription to continue the service'
Mon Aug 8 16:13:24 2016 : Debug: (1) Finished request
Mon Aug 8 16:13:24 2016 : Debug: Waking up in 4.9 seconds.
Please advice.
--
Randeep
Mob: +919447831699[kerala]
Mob: +919880050349[B'lore]
http://twitter.com/Randeeppr
http://in.linkedin.com/in/randeeppr
[image: --]
Randeep Raman
[image: http://]about.me/Randeeppr
<http://about.me/Randeeppr>
More information about the Freeradius-Users
mailing list