Modules - dictionary

Alan DeKok aland at deployingradius.com
Mon Mar 14 19:09:24 CET 2016


On Mar 14, 2016, at 4:23 AM, Oscar Jofre <oscar at jofre.com> wrote:
> I do setup test environment, read, test and try to understand CoA with my English difficult....

  It's fine.

> Next challenge is to disconnect user if it's over limit session time.
> 
> To do it easy I just activate originate-coa
> 
> 	cd /etc/raddb/sites-enabled
> 	ln -s ../sites-available/originate-coa ./

  And edit it to use the correct IP addresses.

> I'm using one freeRadius to identify user from more than 300 mikrotiks hotspots. Every Nas (mikrotik) has a dynamic IP (openvpn) I can't fix an IP for every NAS (mikrotik). All have standard configurations.

  RADIUS doesn't work well with dynamic IPs.

  If you own the hotspots, you should set them up with private IPs inside of the VPN tunnel.  Then, send RADIUS traffic to the private IPs.

> Then:
> 
> 	1) how can handle this pool of Nas (mikrotiks) with COA on original-cos ?

  You can't.  RADIUS is based on static IPs.

> 	     How can I setup original-coa to setup ipaddr (pool of openvpn Ip's 172.16.0.2 - 172.16.255.555)	
> 	    Then                &NAS-IP-Address = "%{NAS-IP-Address}" is pointing to real NAS (mikrotik)

  You can't.

> 	2) Then because I'm planning to my clients (mikrotik - NAS) can have different setup (daylicounter with differents resets)
>                     I can create daylicounters with differets attributes.
> 	     It's possible to create a daylicounter_account module to add on accounting and send disconnect CoA user when user goes over limit?

  The dailycounter module won't automatically disconnect the user, but you can write policies to glue them together,

> 	    I mean same that does daylicounter but instead of replay Session-Timeout replay Coa disconnect.

  No.  The dailycounter module counts.  It doesn't do a lot else.  You have to write policies to implement what you want.

  Alan DeKok.




More information about the Freeradius-Users mailing list