Re: MAX-Monthly-Traffic V2 Post.

[Sajeewa Warnakulasuriya]

The session counter works where it sets session-timeout value when the 
user first authenticates and NAS disconnects the user when the session 
exceeds this value and not the RADIUS.

For the below to work your NAS must be able to disconnect the USER the 
same way as above but be able to track the traffic for the session and 
initiate the disconnection from the NAS.

As Alexandre suggested CoA is a better idea.

Regards,



Sajeewa Warnakulasuriya

Systems Development Manager



ispONE is a wholesale ISP built to help internet access resellers and
independent ISPs to compete in the Australian marketplace through
ONE Brand, ONE Provider, ONE Solution.

Level 14
520 Collins Street
Melbourne 3000 VIC


Phone:  1300 663 400

Fax:      1300 665 400

E-Mail: sajee...@ispone.com.au

Web:    http://www.ispone.com.au/

On Wed, 19 Aug 2009, Alexandre Chapellon wrote:

You are expecting an interim update to send session-timeout to your nas
so it disconnect your user?
If so, two things seems incorrect to me.

   1- You're measuring traffic volume and want disconnection to set
based on time (session-timout)... a bit tricky isn't it?

   2- I think the attribute "Session-Timeout" cannot be found in
interim-updates packets (maybe I'm wrong), rfc 2869 specify that:  "It
is envisioned that an Interim Accounting record (with Acct-Status-Type =
Interim-Update (3)) would contain all of the attributes normally found
in an Accounting Stop     message with the exception of the
Acct-Term-Cause attribute."

What you would need is an attribute known by your nas and representing
remaining traffic. That attrbute should be sent at acct-start time and
would trigger a disconnection from the NAS when traffic limit is
reached. If such a attribute does not exists for your NAS, you should
take a look at CoA server.
Maybe someone have better idea...?

Le mercredi 19 ao??t 2009 ?? 15:56 +0100, Neville a ??crit :

Hi everyone,

I've decided to submit this question again as it was not quite worded
correctly, and to send as PLAIN TEXT.

I'm trying to setup a new counter maxmonthlytraffic, which uses the same
method to disconnect a user by sending the Session-Timout Reply Atrribute as
with MAX-ALL-Sessions.

This is what I've done so far...

I've added to ./raddb/sql/mysql/counter.conf

sqlcounter monthlytraffic {
                counter-name = Monthly-Traffic
                check-name = Max-Monthly-Traffic
                sqlmod-inst = sql
                key = User-Name
                reset = monthly

                query = "SELECT (sum(acctinputoctets)+sum(acctoutputoctets))
\
                FROM radacct WHERE username='%{%k}' AND \
                Month(acctstoptime) =(Month(NOW())) AND \
                Year(acctstoptime) = Year(NOW())"
}

authorize {
.
monthlytraffic
.
}

instantiate {
.
monthlytraffic
.
}

created a dictionary entry in daloradius database of:-

id 9433
Type integer
Attribute Max-Monthly-Traffic
Value NULL
Format NULL
Vendor dictionary.freeradius.internal
RecommendedOP :=
RecommendedTable check
RecommendedHelper
RecommendedTooltip Check Monthly Traffic Allowance

User created as "testmaxm", with the following attributes set:-

Check
Simultaneous-Use := 1
Pool-Name := tvpool
Cleartext-Password := testmaxm
Max-Monthly-Traffic := 10490000   (10Mb)   (If this is removed from the
Check, the user connects fine, so everything else is working)

Reply
Framed-MTU = 1400
Framed-Protocol = PPP
Service-Type = Framed-User
Acct-Interim-Interval := 300    (Every 5 mins for testing)
=====


Although this seems to be working on the initial Connection, it does not
send the Session Time Out Reply during the Interim Acct Updates if the Usage
has execeed.

From the Debug below, the usages is shown as "37940156"  during a Acct
Update e.g. 906612 + 3733544 and is more than the initial check value of
Max-Monthly-Traffic := 10490000, so I would have expected a Session-Timout
Reply to be sent.

However this is working ok on disconnect and reconnect, as I get...

rlm_sqlcounter: (Check item - counter) is less than zero
rlm_sqlcounter: Rejected user testmaxm, check_item=10490000,
counter=89021682
++[monthlytraffic] returns reject
Invalid user (rlm_sqlcounter: Maximum monthly usage time reached):
[testmaxm/<via Auth-Type = mschap>] (from client VPN1-UK port 1)

rlm_sqlcounter: (Check item - counter) is less than zero
rlm_sqlcounter: Rejected user testmaxm, check_item=10490000,
counter=89021682
++[monthlytraffic] returns reject
Invalid user (rlm_sqlcounter: Maximum monthly usage time reached):
[testmaxm/<via Auth-Type = mschap>] (from client VPN1-UK port 1)

Any Ideas why I did not get disconnect during the original session as this
is what I'm after.


FreeRadius2 Debug

.
.
rlm_sqlcounter: Check item is greater than query result
rlm_sqlcounter: Authorized user testmaxm, check_item=10490000, counter=80411
rlm_sqlcounter: Sent Reply-Item for user testmaxm, Type=Session-Timeout,
value=11601138
++[monthlytraffic] returns ok
.
.

rad_recv: Accounting-Request packet from host aaa.bbb.ccc.ddd port 53637,
id=47, length=140
        Acct-Session-Id = "4A8B6FA0721900"
        User-Name = "testmaxm"
        Acct-Status-Type = Interim-Update
        Service-Type = Framed-User
        Framed-Protocol = PPP
        Acct-Authentic = RADIUS
        Acct-Session-Time = 600
        Acct-Output-Octets = 37033544
        Acct-Input-Octets = 906612
        Acct-Output-Packets = 27837
        Acct-Input-Packets = 15791
        NAS-Port-Type = Async
        Framed-IP-Address = 192.168.0.29
        NAS-Identifier = "aaa.bbb.ccc.ddd"
        NAS-Port = 1
        Acct-Delay-Time = 0
+- entering group preacct {...}
++[preprocess] returns ok
[acct_unique] Hashing 'NAS-Port = 1,Client-IP-Address =
193.33.186.190,NAS-IP-Address = aaa.bbb.ccc.ddd,Acct-Session-Id =
"4A8B6FA0721900",User-Name = "testmaxm"'
[acct_unique] Acct-Unique-Session-ID = "049e959019a363e4".
++[acct_unique] returns ok
[suffix] No '@' in User-Name = "testmaxm", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
+- entering group accounting {...}
[detail]        expand:
/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d ->
/var/log/radius/radacct/aaa.bbb.ccc.ddd/detail-20090819
[detail] /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands
to /var/log/radius/radacct/aaa.bbb.ccc.ddd/detail-20090819
[detail]        expand: %t -> Wed Aug 19 03:31:04 2009
++[detail] returns ok
rlm_sql (sql): Reserving sql socket id: 1
[sqlippool]     expand: %{User-Name} -> testmaxm
[sqlippool] sql_set_user escaped user --> 'testmaxm'
[sqlippool]     expand: START TRANSACTION -> START TRANSACTION
rlm_sql_mysql: query:  START TRANSACTION
[sqlippool]     expand: UPDATE radippool  SET expiry_time = NOW() + INTERVAL
3600 SECOND  WHERE nasipaddress = '%{Nas-IP-Address}' AND pool_key =
'%{NAS-Port}'  AND username = '%{User-Name}'  AND callingstationid =
'%{Calling-Station-Id}'  AND framedipaddress = '%{Framed-IP-Address}' ->
UPDATE radippool  SET expiry_time = NOW() + INTERVAL 3600 SECOND  WHERE
nasipaddress = 'aaa.bbb.ccc.ddd' AND pool_key = '1'  AND username =
'testmaxm'  AND callingstationid = ''  AND framedipaddress = '192.168.0.29'
rlm_sql_mysql: query:  UPDATE radippool  SET expiry_time = NOW() + INTERVAL
3600 SECOND  WHERE nasipaddress = 'aaa.bbb.ccc.ddd' AND pool_key = '1'  AND
username = 'testmaxm'  AND callingstationid = ''  AND framedipaddress =
'192.168.0.29'
[sqlippool]     expand: COMMIT -> COMMIT
rlm_sql_mysql: query:  COMMIT
rlm_sql (sql): Released sql socket id: 1
++[sqlippool] returns ok
[sql]   expand: %{User-Name} -> testmaxm
[sql] sql_set_user escaped user --> 'testmaxm'
[sql]   expand: %{Acct-Input-Gigawords} ->
[sql]   expand: %{Acct-Input-Octets} -> 906612
[sql]   expand: %{Acct-Output-Gigawords} ->
[sql]   expand: %{Acct-Output-Octets} -> 37033544
[sql]   expand:            UPDATE radacct           SET
framedipaddress = '%{Framed-IP-Address}',              acctsessiontime     =
'%{Acct-Session-Time}',              acctinputoctets     =
'%{%{Acct-Input-Gigawords}:-0}'  << 32 |
'%{%{Acct-Input-Octets}:-0}',              acctoutputoctets    =
'%{%{Acct-Output-Gigawords}:-0}' << 32 |
'%{%{Acct-Output-Octets}:-0}'           WHERE acctsessionid =
'%{Acct-Session-Id}'           AND username        = '%{SQL-User-Name}'
AND nasipaddress    = '%{NAS-IP-Address}' ->            UPDATE radacct
SET              framedipaddress = '192.168.0.29',
acctsessiontime     = '600',              acctinputoctets     = '0'  << 32 |
'906612',              acctoutputoctets    = '0' << 32 |
'37033544'           WHERE acctsessionid = '4A8B6FA0721900'           AND
username        = 'testmaxm'
[sql]   expand: /var/log/radius/sqltrace.sql -> /var/log/radius/sqltrace.sql
rlm_sql (sql): Reserving sql socket id: 0
rlm_sql_mysql: query:             UPDATE radacct           SET
framedipaddress = '192.168.0.29',              acctsessiontime     = '600',
acctinputoctets     = '0'  << 32 |
'906612',              acctoutputoctets    = '0' << 32 |
'37033544'           WHERE acctsessionid = '4A8B6FA0721900'           AND
username        = 'testmaxm'           AND nasipaddress    =
'aaa.bbb.ccc.ddd'
rlm_sql (sql): Released sql socket id: 0
++[sql] returns ok
[attr_filter.accounting_response]       expand: %{User-Name} -> testmaxm
 attr_filter: Matched entry DEFAULT at line 12
++[attr_filter.accounting_response] returns updated
Sending Accounting-Response of id 47 to aaa.bbb.ccc.ddd port 53637
Finished request 16.
Cleaning up request 16 ID 47 with timestamp +1965
Going to the next request
Ready to process requests.


Thx
Nev

================
CentOS 5.3
pptpd 1.3.4 / ppp 2.4.4
freeradius2 2.1.6
radiusclient-ng 0.5.6
daloRadius 0.9-8-SVN
================

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html