You'll need to check this during connection process and you can send
info to NAS about traffic limit (if your NAS support this)
Волошин Вячеслав wrote:
Radius and NAS can worked in one way. Only NAS send accounts paket to
RADIUS. RADIUS CANT send packet to NAS server (if quota user traffic
limit exceeded)!!!!!!!
----- Original Message -----
*From:* Eric <mailto:[email protected]>
*To:* [email protected]
<mailto:[email protected]>
*Sent:* Sunday, May 03, 2009 2:09 PM
*Subject:* Re :checking authorization in the duration of connection
NAS sends accounting update packets in periodic times. I want freeradius use this updates and
check my online users periodically and send Disconnect packet if user's traffic is above my
limit.
How can it do this?
any document about config ?
Eric wrote:
Hi,
My radius server use ldap server for authorize and
authentication.I set an attribute in ldap server that is the
check-name in sqlcounter to limit users Input traffic. I want
when user traffic reaches to this amount the user become stop
but radius checks ldap attributes only at the first of
connection not in the middle. How can I set radius server
check users traffic with the amount of this attribute in ldap
server in the duration of connection?
The radius server steps out of the way once authentication and
authorization is complete, nor does it have the ability to
disconnect a user from a NAS. You need to have the NAS disconnect
the user itself when a threshold is reached. This is accomplished
by returning a vendor specific attribute specifying the limit for
the session which the NAS then maintains. Once the limit on the
NAS is reached the NAS terminates the session. You'll have to
check your NAS documentation for a traffic limiting parameter. In
the other common case of disconnect after a time duration it's
handled by computing the session length during authorization and
returning attribute 194 with the maximum number of seconds for the
connection. This attribute is understood by comon NAS devices and
is known variously as Ascend-Maximum-Time, Cisco-Maximum-Time or
Lucent-Maximum-Time. You'll need to apply the same logic for data
volume.
------------------------------------------------------------------------
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
------------------------------------------------------------------------
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
