rdo, sexta-feira, 7 de maio de 2004 �s 15:06 voc� escreveu:
rsp> I�m using freeradius and the autentication methos by userfile, now i have to
rsp> create 2 usergroups, one for 1hour to surf in the internet othre for 6hours.
rsp> Can anyone help me about creating these 2 usergroups and setting ups each user
rsp> for desired usergroup.
Ol� Rui,
eu escrevi uma mensagem para outra pessoa h� poucos minutos, tratando
de uma situa��o parecida. Veja se isso n�o lhe ajuda... Voc� precisa
usar SQL para este m�todo, ele n�o funciona com arquivos.
---------------------------------------------------------------------
Hi,
this is my attempt to explain how to make the SQL counters work. It is
not too hard to make it work, once you have a stable installation. I
wasn't able to make it work, for several reasons...
Have a look at the file rlm_sqlcounter in the doc folder. It will tell
you that you have to compile the server with support for
rlm_sqlcounter installed. The configure script refused to build a
valid Makefile on my FreeBSD 4.5 box, but worked fine on 5.2.
Once you have the server compiled with that option, follow the text
file and create a sqlcounter.conf file. I am using just this for now:
sqlcounter noresetcounter {
counter-name = Max-All-Session-Time
check-name = Max-All-Session
sqlmod-inst = sql
# key = User-Name
key = Stripped-User-Name
reset = never
query = "SELECT SUM(AcctSessionTime) FROM radacct WHERE
UserName='%{%k}'"
}
I don't know how you are storing the usernames in your tables. I am
stripping the domain, so I had to modify the original example to get a
result from MySQL instead of an empty response.
Then, still following the doc/rlm_sqlcounter file, I included the
noresetcounter in the authorize section of radiusd.conf.
Now all you should have to do is create a group which checks the
Max-All-Session value. My tables are set up like this:
radcheck is used only for the password check:
'username' == 'somepassword'
radgroupcheck checks for the maximum allowed time for the subscription
plan the user belongs to:
'groupname' Max-All-Session := 600 <- I used just 5 minutes of allowed time
'groupname' Auth-Type := Local
radgroupreply contains everything I have to send back, but note that
the Session-Timeout is generated by the counter and added
automatically:
'groupname' Framed-Protocol == PPP
'groupname' Service-Type == Framed-User
'groupname' Idle-Timeout := 600
'groupname' Acct-Interim-Interval := 300
Naturally you will need at least one account record to test the
setup. If you run the server in debug mode, you should get something
like this:
rlm_sqlcounter: (Check item - counter) is greater than zero
rlm_sqlcounter: Authorized user joao.silva, check_item=600, counter=586
rlm_sqlcounter: Sent Reply-Item for user joao.silva, Type=Session-Timeout, value=14
As the user stayed on-line for 586 seconds already, he has only 14
seconds left. The package sent back to the user is something like
this:
Framed-Protocol == PPP
Service-Type == Framed-User
Idle-Timeout := 600
Acct-Interim-Interval := 300
Session-Timeout = 14
Well, I hope this helps you somehow.
Ulrich
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
