Modules - dictionary

Oscar Jofre oscar at jofre.com
Mon Mar 14 23:03:47 CET 2016


Hi ,

>> Next challenge is to disconnect user if it's over limit session time.
>> 
>> To do it easy I just activate originate-coa
>> 
>> 	cd /etc/raddb/sites-enabled
>> 	ln -s ../sites-available/originate-coa ./

 > And edit it to use the correct IP addresses.


Then that means that for each Nas-client (mikrotik) connected with the freeradius, I have to add on originate-coa:

home_server example-coa {
        type = coa
        ipaddr = 172.16.0.10
        port = 3799
        secret =  secret

        #  CoA specific parameters.  See raddb/proxy.conf for details.
        coa {
                irt = 2
                mrt = 16
                mrc = 5
                mrd = 30
        }
}


home_server2 example-coa2 {
        type = coa
        ipaddr = 172.16.0.10
        port = 3799
        secret =  secret

        #  CoA specific parameters.  See raddb/proxy.conf for details.
        coa {
                irt = 2
                mrt = 16
                mrc = 5
                mrd = 30
        }
}

.....

home_servern example-coan {
        type = coa
        ipaddr = 172.16.0.10
        port = 3799
        secret =  secret

        #  CoA specific parameters.  See raddb/proxy.conf for details.
        coa {
                irt = 2
                mrt = 16
                mrc = 5
                mrd = 30
        }
}

That’s not good for me.

Is not possible to add ipaddr (&NAS-IP-Address) on accounting ?

I think I misunderstand something ...

Thanks

-----Mensaje original-----
De: Freeradius-Users [mailto:freeradius-users-bounces+oscar=jofre.com at lists.freeradius.org] En nombre de Alan DeKok
Enviado el: lunes, 14 de marzo de 2016 19:09
Para: FreeRadius users mailing list
Asunto: Re: Modules - dictionary

On Mar 14, 2016, at 4:23 AM, Oscar Jofre <oscar at jofre.com> wrote:
> I do setup test environment, read, test and try to understand CoA with my English difficult....

  It's fine.

> Next challenge is to disconnect user if it's over limit session time.
> 
> To do it easy I just activate originate-coa
> 
> 	cd /etc/raddb/sites-enabled
> 	ln -s ../sites-available/originate-coa ./

  And edit it to use the correct IP addresses.

> I'm using one freeRadius to identify user from more than 300 mikrotiks hotspots. Every Nas (mikrotik) has a dynamic IP (openvpn) I can't fix an IP for every NAS (mikrotik). All have standard configurations.

  RADIUS doesn't work well with dynamic IPs.

  If you own the hotspots, you should set them up with private IPs inside of the VPN tunnel.  Then, send RADIUS traffic to the private IPs.

> Then:
> 
> 	1) how can handle this pool of Nas (mikrotiks) with COA on original-cos ?

  You can't.  RADIUS is based on static IPs.

> 	     How can I setup original-coa to setup ipaddr (pool of openvpn Ip's 172.16.0.2 - 172.16.255.555)	
> 	    Then                &NAS-IP-Address = "%{NAS-IP-Address}" is pointing to real NAS (mikrotik)

  You can't.

> 	2) Then because I'm planning to my clients (mikrotik - NAS) can have different setup (daylicounter with differents resets)
>                     I can create daylicounters with differets attributes.
> 	     It's possible to create a daylicounter_account module to add on accounting and send disconnect CoA user when user goes over limit?

  The dailycounter module won't automatically disconnect the user, but you can write policies to glue them together,

> 	    I mean same that does daylicounter but instead of replay Session-Timeout replay Coa disconnect.

  No.  The dailycounter module counts.  It doesn't do a lot else.  You have to write policies to implement what you want.

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html




More information about the Freeradius-Users mailing list