Is it possible to automate a Disconnect-Request based on exceeded Monthly-Usage?
Houman
houmie at gmail.com
Wed Sep 11 09:05:59 CEST 2019
Hi Alan and Jorge,
Sorry, I should have explained that I'm using StrongSwan as my NAS, which
is supporting CoA :
---
StrongSwan Release 4.6.3
<https://wiki.strongswan.org/projects/strongswan/wiki/463> introduces
support for the RADIUS Session-Timeout attribute and the Dynamic
Authorization extension, RFC 5176.
A received Session-Timeout from the RADIUS backend is enforced using
Repeated Authentication, RFC 4478.
The Dynamic Authorization Extension allows a RADIUS backend to actively
terminate a session using a Disconnect-Request, or change the timeout of a
session using a Session-Timeout attribute in a CoA-Request. The extension
is enabled using a *dae* section in the *eap-radius* configuration
---
I can see when I send a Disconnect-Request manually like this:
echo User-Name=houman | radclient -x 127.0.0.1:3799 disconnect ''secret123''
The NAS is able to see the CoA packet and disconnects the user already.
I have found the home server example in sites-available/originate-coa. I
think I have to set it up under /etc/freeradius/3.0/proxy.cnf.
Alan, I'm a bit lost here when you said:
> That's what "originate-com" is for.
> The documentation isn't perfect, but it should be good. When you receive
an accounting >request packet, check for over the limit, and if so, send a
Disconnect-Request packet.
I think you mean I have to do that
in /etc/freeradius/3.0/sites-enabled/default under the section:
update request { ... }
In what programming language do I have to do that? I think it has to be in
SQL right?
I already do this to capture the monthly usage upon each request:
update request {
Monthly-Usage = "%{sql:SELECT
COALESCE((SUM(`acctoutputoctets`)), 0) FROM radacct WHERE
`username`='%{User-Name}' AND Month(acctupdatetime)=(Month(NOW())) AND
Year(acctupdatetime)=Year(NOW())}"
}
Now I need to add another line underneath to compare the Monthly-Usage
against a value and then send the Disconnect-Request if it's greater than
the value. How Do I raise the Disconnect-Request?
Many Thanks,
Houman
More information about the Freeradius-Users
mailing list