Is it possible to automate a Disconnect-Request based on exceeded Monthly-Usage?

Jorge Pereira jpereira at freeradius.org
Tue Sep 10 22:18:19 CEST 2019 

Houman,

	First of all, verify if your NAS has support to CoA. If yes, enable it. Then, you should configure the home_server { … } following the sample in proxy.conf, therefore you will be able to interact with your NAS sending the commands like Disconnect-Request
--
Jorge Pereira
jpereira at freeradius.org



> On 10 Sep 2019, at 17:06, Houman <houmie at gmail.com> wrote:
> 
> Hello,
> 
> I have setup the FreeRadius like the following to prevent a user
> from logging in after his monthly usage has been exceeded.
> 
> echo 'ATTRIBUTE       Monthly-Usage          3001    integer64' >>
> /etc/freeradius/3.0/dictionary
> 
> sed -i '/authorize {/a\
>   update request {\
>                Monthly-Usage = "%{sql:SELECT
> COALESCE((SUM(`acctoutputoctets`)), 0) FROM radacct WHERE
> `username`='"'"'%{User-Name}'"'"' AND
> Month(acctupdatetime)=(Month(NOW())) AND
> Year(acctupdatetime)=Year(NOW())}"\
>        }\
> ' /etc/freeradius/3.0/sites-enabled/default
> 
> INSERT INTO radcheck (username,attribute,op,VALUE) VALUES
> ('houman','Monthly-Usage','<',10000);
> 
> While this works fine, the user won't be disconnected after the
> monthly-usage has been exceeded. Instead only if the user disconnects
> voluntarily and tries to reconnect again would he be prevented.
> 
> So I'm trying to find a way to disconnect the user the moment his limit has
> been reached.
> 
> After some research I have come across Dynamic Authorization extension and
> have enabled it like this:
> 
> *dae {*
> 
> *  enable = yes     *
> 
> *  listen = 0.0.0.0  *
> 
> *  port = 3799       *
> 
> *  secret = secret123     *
> 
> *}*
> 
> 
> Now I can disconnect myself from the command line, like this:
> 
> 
> *echo User-Name=houman | radclient -x 127.0.0.1:3799
> <http://127.0.0.1:3799> disconnect ''secret123''*
> 
> 
> That's very nice. So I could run a Python script via a crontab job to check
> every minute to see which users have exceeded their monthly-usage and
> disconnect them.
> 
> But I was wondering if there is a way to automate the disconnect directly
> via free radius so that I don't have to run the crontab job.
> 
> Is there a way that I'm overlooking?
> 
> Many Thanks,
> Houman
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list