Using rlm_rest for authorization and sqlcounters for session and bandwidth limits
Alan DeKok
aland at deployingradius.com
Fri Jun 22 17:53:29 CEST 2018
On Jun 22, 2018, at 11:11 AM, Rohith Asrk <rohith.asrk at gmail.com> wrote:
> I'm working on a feature for being able to enforce session and bandwidth
> limits on users using a web interface of django-freeradius.
>
> I wish to authenticate the users using the rlm_rest module and use custom
> defined sqlcounters for putting limits on users. For ex.,
That should work...
> sqlcounter dailybandwidthcounter {
> counter_name = Max-Daily-Session-Traffic
> check_name = Max-Daily-Session-Traffic
> sql_module_instance = sql
> key = 'User-Name'
> reset = daily
> Reply-Message = "Your daily bandwidth limit has reached"
> query = "SELECT sum(AcctOutputOctets) + sum(AcctInputOctets) FROM
> radacct WHERE \
> UserName = '%{${key}}' AND \
> acctstarttime BETWEEN FROM_UNIXTIME('%%b') AND
> FROM_UNIXTIME('%%e')"
> }
That just queries the normal "radacct" table tho.
What else do you want to do?
> I'm not sure about configuring the FreeRADIUS configuration for
> accomplishing this. My authorize section looks like
>
> authorize {
> # ...
> dailybandwidthcounter
> rest
> # ...
> }
That calls "dailybandwidthcounter" before the "rest" module. Is that what you want?
How do the two modules interact? Or should they *not* interact?
> I wish to use the concept of radius groups to implement this feature, i.e.,
> add instances of radgroupcheck with attributes like
> Max-Daily-Session-Traffic so that the dailybandwidth counter checks it and
> puts the limits.
That should be possible, if you list "sql" before "dailybandwidthcounter". And, if you put the Max-Daily-Session-Traffic attributes into SQL.
> I tried testing it with radclient and radtest but haven't been able to see
> any results.
As always, run the server in debug mode to see what it's doing:
http://wiki.freeradius.org/radius-X
> Am I going the right way? Can anyone help me with the concept
> of enforcing limits and also configuration?
It should work pretty much as you've described above.
Alan DeKok.
More information about the Freeradius-Users
mailing list