On 4 Dec 2012, at 18:14, amanda edades <[email protected]> wrote:
> Hello, > > I am trying to use my RADIUS server to designate user group memberships > specifying QoS policies and monthly data caps. When authenticating, the > server returns an AVP that tells what group a user is in, and the NAS will > apply the associated QoS policies to his traffic. The RADIUS server checks > if a user is over his data cap on every Access-Request and Interim-Update > packet. When the user exceeds the data cap defined for his group, the RADIUS > server originates a CoA and sends a new group assignment in which his traffic > is throttled. > > Everything works fine now, but if the RADIUS server finds that a user is over > his cap, it first returns its default group assignment taken from the > radgroupreply table, then sends a CoA. > > Output from RADIUS: > Sending Accounting-Response of id 122 to 127.0.0.1 port 33544 > Access-Group = "Group1" > WARNING: Empty pre-proxy section. Using default return values. > Sending CoA-Request of id 223 to 127.0.0.1 port 3799 > User-Name = "1907444" > Access-Group = "ThrottledGroup" > Finished request 8. > > So the NAS receives the default group assignment, then the throttled group > assignment immediately after. To avoid confusion and transmitting > unnecessary data, in the case when a data cap is exceeded, how to I prevent > the RADIUS server from returning the default values from the radgroupreply > table, and only send the CoA? Add a group check item for the user not being over the limit? -Arran - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

