Modules - dictionary

Oscar Jofre oscar at jofre.com
Mon Mar 14 09:23:50 CET 2016


Hi again,

I do setup test environment, read, test and try to understand CoA with my English difficult....

I've setup dailycouter on accounting and users are not allowed to connect when reached limit session time.

Next challenge is to disconnect user if it's over limit session time.

To do it easy I just activate originate-coa

	cd /etc/raddb/sites-enabled
	ln -s ../sites-available/originate-coa ./

For test I have a mikrotik connected with openvpn with freeradius.

	OpenVpn server 172.16.0.1 (this is the IP I use on mikrotik to setup Radius Address)
	Vpn Connection assig NAS-IP-Mikrotik=172.16.0.10

Then on originate-coa I setup ipaddr and secret :
	ipaddr = 172.16.0.1

I modify /etc/raddb/sites-available/default  adding (now is for test and test that disconnects ok) 
	...	
	accounting {
		.....
	        update disconnect  {
	               &User-Name = "%{User-Name}"
               		&Acct-Session-Id = "%{Acct-Session-Id}"
	               &NAS-IP-Address = "%{NAS-IP-Address}"
	               &Framed-IP-Address = "%{Framed-IP-Address}"
        	       }	
	}
	
Restart radius and test.

What I See (I know you will know) - working with hotspot users.

	- When I log hotspot user then I got connected but at the same time disconnects.
		(that should be because mikrotik or freeradius after authorization sends/execute accounting)
		That’s not really a problem because I have to add if(....) before update disconnect to check limits.....

Here are my questions. (just to know if I can do it and come light to do it)

I'm using one freeRadius to identify user from more than 300 mikrotiks hotspots. Every Nas (mikrotik) has a dynamic IP (openvpn) I can't fix an IP for every NAS (mikrotik). All have standard configurations.
Then:

	1) how can handle this pool of Nas (mikrotiks) with COA on original-coa ?
	     How can I setup original-coa to setup ipaddr (pool of openvpn Ip's 172.16.0.2 - 172.16.255.555)	
	    Then                &NAS-IP-Address = "%{NAS-IP-Address}" is pointing to real NAS (mikrotik)
                  
	2) Then because I'm planning to my clients (mikrotik - NAS) can have different setup (daylicounter with differents resets)
                     I can create daylicounters with differets attributes.
	     It's possible to create a daylicounter_account module to add on accounting and send disconnect CoA user when user goes over limit?
	    I mean same that does daylicounter but instead of replay Session-Timeout replay Coa disconnect.


If someone have donne something silimar can share code ? 

Thanks a lot ! 





-----Mensaje original-----
De: Freeradius-Users [mailto:freeradius-users-bounces+oscar=jofre.com at lists.freeradius.org] En nombre de Alan DeKok
Enviado el: domingo, 21 de febrero de 2016 14:01
Para: FreeRadius users mailing list
Asunto: Re: Modules - dictionary

On Feb 21, 2016, at 3:48 AM, Oscar Jofre <oscar at jofre.com> wrote:
>> You put "update coa" in an authorize section or an accounting section.
> 
> On  sites-available/default ?

  Yes.  Or in any other virtual server.

  Do the "authorize" or "accounting" sections show up anywhere else?

> It is possible to send CoA only when user is over limit session ? I mean how to join with dailycounter ?

  Write "unlang" rules.

  We write documentation which describes how the server works, and how to configure it.  We do *not* write documentation which describes exactly how to implement every possible request.

  You *must* read the documentation, understand it, and come up with the solution.  We can help you, but this is a free support list... we won't do everything for you.

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html




More information about the Freeradius-Users mailing list