You are expecting an interim update to send session-timeout to your nas so it disconnect your user? If so, two things seems incorrect to me.
1- You're measuring traffic volume and want disconnection to set based on time (session-timout)... a bit tricky isn't it? 2- I think the attribute "Session-Timeout" cannot be found in interim-updates packets (maybe I'm wrong), rfc 2869 specify that: "It is envisioned that an Interim Accounting record (with Acct-Status-Type = Interim-Update (3)) would contain all of the attributes normally found in an Accounting Stop message with the exception of the Acct-Term-Cause attribute." What you would need is an attribute known by your nas and representing remaining traffic. That attrbute should be sent at acct-start time and would trigger a disconnection from the NAS when traffic limit is reached. If such a attribute does not exists for your NAS, you should take a look at CoA server. Maybe someone have better idea...? Le mercredi 19 août 2009 à 15:56 +0100, Neville a écrit : > Hi everyone, > > I've decided to submit this question again as it was not quite worded > correctly, and to send as PLAIN TEXT. > > I'm trying to setup a new counter maxmonthlytraffic, which uses the same > method to disconnect a user by sending the Session-Timout Reply Atrribute as > with MAX-ALL-Sessions. > > This is what I've done so far... > > I've added to ./raddb/sql/mysql/counter.conf > > sqlcounter monthlytraffic { > counter-name = Monthly-Traffic > check-name = Max-Monthly-Traffic > sqlmod-inst = sql > key = User-Name > reset = monthly > > query = "SELECT (sum(acctinputoctets)+sum(acctoutputoctets)) > \ > FROM radacct WHERE username='%{%k}' AND \ > Month(acctstoptime) =(Month(NOW())) AND \ > Year(acctstoptime) = Year(NOW())" > } > > authorize { > . > monthlytraffic > . > } > > instantiate { > . > monthlytraffic > . > } > > created a dictionary entry in daloradius database of:- > > id 9433 > Type integer > Attribute Max-Monthly-Traffic > Value NULL > Format NULL > Vendor dictionary.freeradius.internal > RecommendedOP := > RecommendedTable check > RecommendedHelper > RecommendedTooltip Check Monthly Traffic Allowance > > User created as "testmaxm", with the following attributes set:- > > Check > Simultaneous-Use := 1 > Pool-Name := tvpool > Cleartext-Password := testmaxm > Max-Monthly-Traffic := 10490000 (10Mb) (If this is removed from the > Check, the user connects fine, so everything else is working) > > Reply > Framed-MTU = 1400 > Framed-Protocol = PPP > Service-Type = Framed-User > Acct-Interim-Interval := 300 (Every 5 mins for testing) > ===== > > > Although this seems to be working on the initial Connection, it does not > send the Session Time Out Reply during the Interim Acct Updates if the Usage > has execeed. > > >From the Debug below, the usages is shown as "37940156" during a Acct > Update e.g. 906612 + 3733544 and is more than the initial check value of > Max-Monthly-Traffic := 10490000, so I would have expected a Session-Timout > Reply to be sent. > > However this is working ok on disconnect and reconnect, as I get... > > rlm_sqlcounter: (Check item - counter) is less than zero > rlm_sqlcounter: Rejected user testmaxm, check_item=10490000, > counter=89021682 > ++[monthlytraffic] returns reject > Invalid user (rlm_sqlcounter: Maximum monthly usage time reached): > [testmaxm/<via Auth-Type = mschap>] (from client VPN1-UK port 1) > > rlm_sqlcounter: (Check item - counter) is less than zero > rlm_sqlcounter: Rejected user testmaxm, check_item=10490000, > counter=89021682 > ++[monthlytraffic] returns reject > Invalid user (rlm_sqlcounter: Maximum monthly usage time reached): > [testmaxm/<via Auth-Type = mschap>] (from client VPN1-UK port 1) > > Any Ideas why I did not get disconnect during the original session as this > is what I'm after. > > > FreeRadius2 Debug > > . > . > rlm_sqlcounter: Check item is greater than query result > rlm_sqlcounter: Authorized user testmaxm, check_item=10490000, counter=80411 > rlm_sqlcounter: Sent Reply-Item for user testmaxm, Type=Session-Timeout, > value=11601138 > ++[monthlytraffic] returns ok > . > . > > rad_recv: Accounting-Request packet from host aaa.bbb.ccc.ddd port 53637, > id=47, length=140 > Acct-Session-Id = "4A8B6FA0721900" > User-Name = "testmaxm" > Acct-Status-Type = Interim-Update > Service-Type = Framed-User > Framed-Protocol = PPP > Acct-Authentic = RADIUS > Acct-Session-Time = 600 > Acct-Output-Octets = 37033544 > Acct-Input-Octets = 906612 > Acct-Output-Packets = 27837 > Acct-Input-Packets = 15791 > NAS-Port-Type = Async > Framed-IP-Address = 192.168.0.29 > NAS-Identifier = "aaa.bbb.ccc.ddd" > NAS-Port = 1 > Acct-Delay-Time = 0 > +- entering group preacct {...} > ++[preprocess] returns ok > [acct_unique] Hashing 'NAS-Port = 1,Client-IP-Address = > 193.33.186.190,NAS-IP-Address = aaa.bbb.ccc.ddd,Acct-Session-Id = > "4A8B6FA0721900",User-Name = "testmaxm"' > [acct_unique] Acct-Unique-Session-ID = "049e959019a363e4". > ++[acct_unique] returns ok > [suffix] No '@' in User-Name = "testmaxm", looking up realm NULL > [suffix] No such realm "NULL" > ++[suffix] returns noop > +- entering group accounting {...} > [detail] expand: > /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d -> > /var/log/radius/radacct/aaa.bbb.ccc.ddd/detail-20090819 > [detail] /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands > to /var/log/radius/radacct/aaa.bbb.ccc.ddd/detail-20090819 > [detail] expand: %t -> Wed Aug 19 03:31:04 2009 > ++[detail] returns ok > rlm_sql (sql): Reserving sql socket id: 1 > [sqlippool] expand: %{User-Name} -> testmaxm > [sqlippool] sql_set_user escaped user --> 'testmaxm' > [sqlippool] expand: START TRANSACTION -> START TRANSACTION > rlm_sql_mysql: query: START TRANSACTION > [sqlippool] expand: UPDATE radippool SET expiry_time = NOW() + INTERVAL > 3600 SECOND WHERE nasipaddress = '%{Nas-IP-Address}' AND pool_key = > '%{NAS-Port}' AND username = '%{User-Name}' AND callingstationid = > '%{Calling-Station-Id}' AND framedipaddress = '%{Framed-IP-Address}' -> > UPDATE radippool SET expiry_time = NOW() + INTERVAL 3600 SECOND WHERE > nasipaddress = 'aaa.bbb.ccc.ddd' AND pool_key = '1' AND username = > 'testmaxm' AND callingstationid = '' AND framedipaddress = '192.168.0.29' > rlm_sql_mysql: query: UPDATE radippool SET expiry_time = NOW() + INTERVAL > 3600 SECOND WHERE nasipaddress = 'aaa.bbb.ccc.ddd' AND pool_key = '1' AND > username = 'testmaxm' AND callingstationid = '' AND framedipaddress = > '192.168.0.29' > [sqlippool] expand: COMMIT -> COMMIT > rlm_sql_mysql: query: COMMIT > rlm_sql (sql): Released sql socket id: 1 > ++[sqlippool] returns ok > [sql] expand: %{User-Name} -> testmaxm > [sql] sql_set_user escaped user --> 'testmaxm' > [sql] expand: %{Acct-Input-Gigawords} -> > [sql] expand: %{Acct-Input-Octets} -> 906612 > [sql] expand: %{Acct-Output-Gigawords} -> > [sql] expand: %{Acct-Output-Octets} -> 37033544 > [sql] expand: UPDATE radacct SET > framedipaddress = '%{Framed-IP-Address}', acctsessiontime = > '%{Acct-Session-Time}', acctinputoctets = > '%{%{Acct-Input-Gigawords}:-0}' << 32 | > '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = > '%{%{Acct-Output-Gigawords}:-0}' << 32 | > '%{%{Acct-Output-Octets}:-0}' WHERE acctsessionid = > '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' > AND nasipaddress = '%{NAS-IP-Address}' -> UPDATE radacct > SET framedipaddress = '192.168.0.29', > acctsessiontime = '600', acctinputoctets = '0' << 32 | > '906612', acctoutputoctets = '0' << 32 | > '37033544' WHERE acctsessionid = '4A8B6FA0721900' AND > username = 'testmaxm' > [sql] expand: /var/log/radius/sqltrace.sql -> /var/log/radius/sqltrace.sql > rlm_sql (sql): Reserving sql socket id: 0 > rlm_sql_mysql: query: UPDATE radacct SET > framedipaddress = '192.168.0.29', acctsessiontime = '600', > acctinputoctets = '0' << 32 | > '906612', acctoutputoctets = '0' << 32 | > '37033544' WHERE acctsessionid = '4A8B6FA0721900' AND > username = 'testmaxm' AND nasipaddress = > 'aaa.bbb.ccc.ddd' > rlm_sql (sql): Released sql socket id: 0 > ++[sql] returns ok > [attr_filter.accounting_response] expand: %{User-Name} -> testmaxm > attr_filter: Matched entry DEFAULT at line 12 > ++[attr_filter.accounting_response] returns updated > Sending Accounting-Response of id 47 to aaa.bbb.ccc.ddd port 53637 > Finished request 16. > Cleaning up request 16 ID 47 with timestamp +1965 > Going to the next request > Ready to process requests. > > > Thx > Nev > > ================ > CentOS 5.3 > pptpd 1.3.4 / ppp 2.4.4 > freeradius2 2.1.6 > radiusclient-ng 0.5.6 > daloRadius 0.9-8-SVN > ================ > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html