Is it possible to automate a Disconnect-Request based on exceeded Monthly-Usage?

Houman houmie at gmail.com
Wed Sep 11 09:05:59 CEST 2019


Hi Alan and Jorge,

Sorry, I should have explained that I'm using StrongSwan as my NAS, which
is supporting CoA :

---

StrongSwan Release 4.6.3
<https://wiki.strongswan.org/projects/strongswan/wiki/463> introduces
support for the RADIUS Session-Timeout attribute and the Dynamic
Authorization extension, RFC 5176.

A received Session-Timeout from the RADIUS backend is enforced using
Repeated Authentication, RFC 4478.

The Dynamic Authorization Extension allows a RADIUS backend to actively
terminate a session using a Disconnect-Request, or change the timeout of a
session using a Session-Timeout attribute in a CoA-Request. The extension
is enabled using a *dae* section in the *eap-radius* configuration
---

I can see when I send a Disconnect-Request manually like this:

echo User-Name=houman | radclient -x 127.0.0.1:3799 disconnect ''secret123''

The NAS is able to see the CoA packet and disconnects the user already.

I have found the home server example in sites-available/originate-coa. I
think I have to set it up under /etc/freeradius/3.0/proxy.cnf.

Alan, I'm a bit lost here when you said:

> That's what "originate-com" is for.
> The documentation isn't perfect, but it should be good.  When you receive
an accounting >request packet, check for over the limit, and if so, send a
Disconnect-Request packet.

I think you mean I have to do that
in /etc/freeradius/3.0/sites-enabled/default under the section:

update request { ... }

In what programming language do I have to do that? I think it has to be in
SQL right?

I already do this to capture the monthly usage upon each request:

update request {

                Monthly-Usage = "%{sql:SELECT
COALESCE((SUM(`acctoutputoctets`)), 0) FROM radacct WHERE
`username`='%{User-Name}' AND Month(acctupdatetime)=(Month(NOW())) AND
Year(acctupdatetime)=Year(NOW())}"

        }

Now I need to add another line underneath to compare the Monthly-Usage
against a value and then send the Disconnect-Request if it's greater than
the value.  How Do I raise the Disconnect-Request?


Many Thanks,

Houman


More information about the Freeradius-Users mailing list