Is it possible to automate a Disconnect-Request based on exceeded Monthly-Usage?
Houman
houmie at gmail.com
Thu Sep 12 21:09:00 CEST 2019
Hi Alan,
Great news, It almost works now.
The issue I get is now the conditional here:
preacct {
preprocess
if (Monthly-Usage > 300000000000) {
update disconnect {
&User-Name = "%{User-Name}"
}
}
(5) NAS-Identifier = "strongSwan"
(5) # Executing section preacct from file
/etc/freeradius/3.0/sites-enabled/default
(5) preacct {
(5) [preprocess] = ok
(5) if (Monthly-Usage > 300000000000) {
(5) ERROR: Failed retrieving values required to evaluate condition
(5) policy acct_unique {
If I comment out the conditional there, it disconnects the user after 300
seconds when the next preacct is due. So fairly happy that this part works.
preacct {
preprocess
#if (Monthly-Usage > 300000000000) {
update disconnect {
&User-Name = "%{User-Name}"
}
#}
Now I wonder why the attribute is not seen?
I have set it like this:
echo 'ATTRIBUTE Monthly-Usage 3001 integer64' >>
/etc/freeradius/3.0/dictionary
update request {
Monthly-Usage = "%{sql:SELECT
COALESCE((SUM(`acctoutputoctets`)), 0) FROM radacct WHERE
`username`='"'"'%{User-Name}'"'"' AND Month(acctupdatetime)=(Month(NOW()))
AND Year(acctupdatetime)=Year(NOW())}"
}
When updating the request, the Monthly-Usage attribute should be already
set, so how comes it doesn't recognise the variable within preacct?
Many Thanks,
Houman
On Wed, 11 Sep 2019 at 22:40, Alan DeKok <aland at deployingradius.com> wrote:
> On Sep 11, 2019, at 2:15 PM, Houman <houmie at gmail.com> wrote:
> >
> > Alright, let's go through the steps.
> >
> > 1) Based on sites-available/originate-coa I have inserted the following
> > into /etc/freeradius/3.0/sites-enabled/default
> >
> > I have added the home_server after the server default like this:
>
> That works... but it's generally recommended to put home servers into
> proxy.conf. That way you can find them later, as they're all in a
> consistent place.
>
> > server default {
> > ...
> > }
> > home_server example-coa {
> > type = coa
> > ipaddr = 127.0.0.1
>
> Uh... is your NAS on localhost? Or is your NAS elsewhere in the
> network?
>
> You probably *don't* want to send CoA packets to FreeRADIUS. As I
> explained before, this will NOT kick the user offline.
>
> > Looking at "man unlang", In the server default I have added this section
> to
> > the preacct:
> >
> > preacct {
> > preprocess
> > if (Monthly-Usage > 300000000000) {
> > update coa {
> > &User-Name = "%{User-Name}"
> > &Acct-Session-Id = "%{Acct-Session-Id}"
> > &NAS-IP-Address = "%{NAS-IP-Address}"
> > }
> > }
>
> That's good.
>
> > This should now send the Disconnect-Request, based on the usage greater
> > than 300 GB.
>
> No, it will send a "coa" packet. Because you've used the word "coa".
> If you want a disconnect, use "disconnect", as is documented in the
> originate-coa file I said to read, AND in "man unlang" I said to read.
>
> > Does this make sense what I have done so far?
>
> Mostly. See the comments above.
>
> And read the NAS documentation to see which attributes are needed in a
> Disconnect-Request packet. We don't know which ones are relevant. If you
> get the list wrong, then then the NAS will send a Disconnect-NAK response.
> And won't tell you which attributes it was looking for.
>
> Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list