We do what you want for our wireless network, except we bill by traffic volume rather than time.
We're using freeradius backended into postgresql (moving to sybase) and use Cisco's
Service Selection Gateway (SSG) feature set on a Cisco router to control access to the internet and
rate users' traffic.
The short version of how it works is as follows:
1. Unauthenticated user tries to surf the web and gets transparently redirected to a login web page
(courtesy of an SSG feature). Alternatively, we could just tell user's to go to a login page before
they are granted access.
2. User's enters their name, password. The cgi script tries to authenticate them to the SSG.
3. The SSG passes on the user's credentials to the radius server.
4. The radius server checks the database to verify the user's password and that they have
sufficient money. The return accept packet to the SSG, contains policy information in some
VSA's saying how much usage to give the user.
(Because of the way the SSG works, this stage actually contains via 3 radius transactions.)
5. The SSG connects the user, granting them access to the network with a specified limit of
volume (could be time) and then returns a response to the CGI script.
6. The SSG spits out an accounting start record.
7. The CGI script brings up a pop-up window showing the user their current status (eg: Remaining money)
and then brings up the original web page they requested.
8. When the user has used all their money/time, the SSG kicks them off and spits out a stop accounting record.
-----------------------
The radius server just contains the policy of how many widgets to give the user. The policy is enforced
via some NAS box, in my case on an SSG, but there is no reason you couldn't write some wrapper scripts around ipchains or some other firewall product.
We have also billed users by spitting out accounting records every minute and have the some triggers on the radacct table in freeradius' database backend which then initiate kicking off a user when they've used their limit. This was easier to implement, but not as scalable as having your policy enforced by your NAS.
Conceptually, this is all very simple but there was a fair bit of scripting to glue it all together into a polished product customised for our environment. If you're after an out of the box solution, then this probably not much help.
Regards, - Hindrik
On Tuesday, Sep 16, 2003, at 00:10 Australia/Sydney, Juliano Moises da Luz wrote:
Hi All,
Does anyone knows a free web based solution to billing wireless user access using freeradius/mysql? I setup a public hotspot using linux/freeradius/mysql but now I need to control how much time each user access.
Can someone help me?
Juliano Luz [EMAIL PROTECTED] Www.vant.net.br
--------------------------------------------- Hindrik Buining Senior Network Services Engineer Communications Unit University of New South Wales Sydney, Australia [EMAIL PROTECTED] ---------------------------------------------
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
