I understand the approach is to scan the radius accounting database periodically (ensuring you are getting the accounting updated fast enough) and then run the radclient to trigger the disconnect.
http://lists.freeradius.org/pipermail/freeradius-users/2007-September/022210.html When I ran this (on a small network) we got notifications of usage and then killed sessions to cause lockouts if needed (sometimes we would be rate limiting or directing to a capture page to promote payment). Regards Alexander Alexander Neilson Neilson Productions Limited [email protected] 021 329 681 On 17 March 2016 at 17:25, JAHANZAIB SYED <[email protected]> wrote: > I really appreciate that you spare time to reply my annoying query, I read > that few times before, I have the script to disconnect user using > radclient, but still I am unable to understand in which part I can execute > this script? how can i collect date for active users who have reached there > limit? howto tell the script to disconnect the over quota active users? > > From: [email protected] > > Date: Thu, 17 Mar 2016 17:15:50 +1300 > > To: [email protected] > > Subject: Re: [Mikrotik] mikrotik with freeradius Quota exceed auto > disconnection not working > > > > These links may help you, the first one has a specific line for > Mikrotik's > > > > http://wiki.freeradius.org/protocol/Disconnect-Messages > > > > "For Mikrotik try: > > > > # cat packet.txt | radclient -r 1 10.0.0.1:1700 disconnect ''secret'' > > > > where -r 1 means retry only once and give up." > > > > > http://lists.freeradius.org/pipermail/freeradius-users/2012-April/059993.html > > > > Regards > > Alexander > > > > Alexander Neilson > > Neilson Productions Limited > > > > [email protected] > > 021 329 681 > > > > On 17 March 2016 at 16:58, JAHANZAIB SYED <[email protected]> wrote: > > > > > accept my apology that I am really new to freeradius thing. I am doing > LAB > > > testing and its pretty straight forward setup. One Mikrotik and one One > > > Freeradius server on Ubuntu 12.x with standard installation. Nothing > > > customized. > > > > > > Can you please give me that how can I trigger the disconnection script > (I > > > can make my own script like using RADCLIENT) once the user hit the > limit? > > > > From: [email protected] > > > > Date: Thu, 17 Mar 2016 16:41:55 +1300 > > > > To: [email protected] > > > > Subject: Re: [Mikrotik] mikrotik with freeradius Quota exceed auto > > > disconnection not working > > > > > > > > Please see the below. > > > > > > > > > > > > > ------------------------------------------------------------------------- > > > > > > > > http://wiki.mikrotik.com/wiki/Manual:RADIUS_Client > > > > > > > > Change of Authorization > > > > > > > > RADIUS disconnect and Change of Authorization (according to RFC3576) > are > > > > supported as well. These attributes may be changed by a CoA request > from > > > > the RADIUS server: > > > > > > > > - Mikrotik-Group > > > > - Mikrotik-Recv-Limit > > > > - Mikrotik-Xmit-Limit > > > > - Mikrotik-Rate-Limit > > > > - Ascend-Data-Rate (only if Mikrotik-Rate-Limit is not present) > > > > - Ascend-XMit-Rate (only if Mikrotik-Rate-Limit is not present) > > > > - Mikrotik-Mark-Id > > > > - Filter-Id > > > > - Mikrotik-Advertise-Url > > > > - Mikrotik-Advertise-Interval > > > > - Session-Timeout > > > > - Idle-Timeout > > > > - Port-Limit > > > > > > > > Note that it is not possible to change IP address, pool or routes > that > > > way > > > > - for such changes a user must be disconnected first. > > > > ------------------------------------------------------------------ > > > > > > > > > > > > > > > > So you could send a disconnect when they hit limit or change > > > authorisation > > > > to set rate limit to something really small. > > > > > > > > If this isn't working a capture of someone crossing the rate limit > and > > > the > > > > COA / POD may allow others or myself to help diagnose (please also > > > include > > > > a sanitised config showing the relevant areas and a network diagram > to > > > help > > > > understand anything specific in your setup) > > > > > > > > > > > > Regards > > > > Alexander > > > > > > > > Alexander Neilson > > > > Neilson Productions Limited > > > > > > > > [email protected] > > > > 021 329 681 > > > > > > > > On 17 March 2016 at 16:24, JAHANZAIB SYED <[email protected]> > wrote: > > > > > > > > > Thanks for the reply. I am testing now on 6.x with same issue, > > > > > Any example? > > > > > > > > > > > From: [email protected] > > > > > > Date: Thu, 17 Mar 2016 16:21:27 +1300 > > > > > > To: [email protected] > > > > > > Subject: Re: [Mikrotik] mikrotik with freeradius Quota exceed > auto > > > > > disconnection not working > > > > > > > > > > > > Are you configured to send COA or POD from the radius server > once the > > > > > limit is reached? > > > > > > > > > > > > I understand Mikrotik may have published a new dictionary for > radius > > > to > > > > > reflect changes they have made > > > > > > > > > > > > IIRC they used to allow only POD and no COA but now support COA > as > > > well. > > > > > This may allow you to make it work on 6.34 but not in V5. > > > > > > > > > > > > Also maybe check if you have these signals configured with a > capture > > > to > > > > > ensure they are sent across. > > > > > > > > > > > > Regards > > > > > > Alexander > > > > > > > > > > > > > On 17/03/2016, at 16:04, JAHANZAIB SYED <[email protected]> > > > wrote: > > > > > > > > > > > > > > Testing it on Mikrotik 5.20 and 6.34.x > > > > > > > Same issue that user dont get auto disconnect when quota > reaches > > > > > limit. [however they get access denied on there next login] > > > > > > > > > > > > > > > > > > > > >> Date: Wed, 16 Mar 2016 08:34:38 -0400 > > > > > > >> From: [email protected] > > > > > > >> To: [email protected] > > > > > > >> Subject: Re: [Mikrotik] mikrotik with freeradius Quota exceed > auto > > > > > disconnection not working > > > > > > >> > > > > > > >> What version of Mikrotik? > > > > > > >> > > > > > > >>> On Wed, March 16, 2016 6:16 am, JAHANZAIB SYED wrote: > > > > > > >>> I am using Mikrotik with FREERADIUS 2.x. Radius Incoming is > > > enabled > > > > > with > > > > > > >>> port 1700. > > > > > > >>> > > > > > > >>> My problem is that after user reaches his quota limit , he > does > > > not > > > > > gets > > > > > > >>> disconnect automatically. If I disconnect him myself and he > try > > > to > > > > > > >>> reconnect then he gets access denied. how this disconnection > can > > > be > > > > > made > > > > > > >>> automatically? > > > > > > >>> > > > > > > >>> Using following sql counter. > > > > > > >>> > > > > > > >>> > > > > > > >>> sqlcounter totalbytecounter { counter-name = > Mikrotik-Total-Limit > > > > > > >>> check-name = Mikrotik-Total-Limit reply-name = > > > Mikrotik-Total-Limit > > > > > > >>> reply-message = "You have reached your bandwidth limit" > > > sqlmod-inst > > > > > = sql > > > > > > >>> key = User-Name reset = never query = "SELECT > > > > > > >>> ((SUM(AcctInputOctets)+SUM(AcctOutputOctets))) FROM radacct > WHERE > > > > > > >>> UserName='%{%k}'" > > > > > > >>> } > > > > > > >>> > > > > > > >>> > > > > > > >>> Also I have defined this under authorize section in > > > > > > >>> /etc/freeradius/sites-enabled/default > > > > > > >>> > > > > > > >>> > > > > > > >>> totalbytecounter > > > > > > >>> > > > > > > >>> Help Please. > > > > > > >>> > > > > > > >>> > > > > > > >>> > > > > > > >>> > > > > > > >>> -------------- next part -------------- > > > > > > >>> An HTML attachment was scrubbed... > > > > > > >>> URL: > > > > > > >>> < > > > > > > > > > http://mail.butchevans.com/pipermail/mikrotik/attachments/20160316/4ce02 > > > > > > >>> 42d/attachment.html> > > > > > > >>> _______________________________________________ > > > > > > >>> Mikrotik mailing list > > > > > > >>> [email protected] > > > > > > >>> http://mail.butchevans.com/mailman/listinfo/mikrotik > > > > > > >>> > > > > > > >>> > > > > > > >>> Visit http://blog.butchevans.com/ for tutorials related to > > > Mikrotik > > > > > > >>> RouterOS > > > > > > >> > > > > > > >> > > > > > > >> _______________________________________________ > > > > > > >> Mikrotik mailing list > > > > > > >> [email protected] > > > > > > >> http://mail.butchevans.com/mailman/listinfo/mikrotik > > > > > > >> > > > > > > >> Visit http://blog.butchevans.com/ for tutorials related to > > > Mikrotik > > > > > RouterOS > > > > > > > > > > > > > > -------------- next part -------------- > > > > > > > An HTML attachment was scrubbed... > > > > > > > URL: < > > > > > > > > > http://mail.butchevans.com/pipermail/mikrotik/attachments/20160317/74cc3f9f/attachment.html > > > > > > > > > > > > > _______________________________________________ > > > > > > > Mikrotik mailing list > > > > > > > [email protected] > > > > > > > http://mail.butchevans.com/mailman/listinfo/mikrotik > > > > > > > > > > > > > > Visit http://blog.butchevans.com/ for tutorials related to > > > Mikrotik > > > > > RouterOS > > > > > > _______________________________________________ > > > > > > Mikrotik mailing list > > > > > > [email protected] > > > > > > http://mail.butchevans.com/mailman/listinfo/mikrotik > > > > > > > > > > > > Visit http://blog.butchevans.com/ for tutorials related to > Mikrotik > > > > > RouterOS > > > > > > > > > > -------------- next part -------------- > > > > > An HTML attachment was scrubbed... > > > > > URL: < > > > > > > > > > http://mail.butchevans.com/pipermail/mikrotik/attachments/20160317/a62a307f/attachment.html > > > > > > > > > > > _______________________________________________ > > > > > Mikrotik mailing list > > > > > [email protected] > > > > > http://mail.butchevans.com/mailman/listinfo/mikrotik > > > > > > > > > > Visit http://blog.butchevans.com/ for tutorials related to > Mikrotik > > > > > RouterOS > > > > > > > > > -------------- next part -------------- > > > > An HTML attachment was scrubbed... > > > > URL: < > > > > http://mail.butchevans.com/pipermail/mikrotik/attachments/20160317/b29e43e2/attachment.html > > > > > > > > _______________________________________________ > > > > Mikrotik mailing list > > > > [email protected] > > > > http://mail.butchevans.com/mailman/listinfo/mikrotik > > > > > > > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik > > > RouterOS > > > > > > -------------- next part -------------- > > > An HTML attachment was scrubbed... > > > URL: < > > > > http://mail.butchevans.com/pipermail/mikrotik/attachments/20160317/61c5707b/attachment.html > > > > > > > _______________________________________________ > > > Mikrotik mailing list > > > [email protected] > > > http://mail.butchevans.com/mailman/listinfo/mikrotik > > > > > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik > > > RouterOS > > > > > -------------- next part -------------- > > An HTML attachment was scrubbed... > > URL: < > http://mail.butchevans.com/pipermail/mikrotik/attachments/20160317/e297b067/attachment.html > > > > _______________________________________________ > > Mikrotik mailing list > > [email protected] > > http://mail.butchevans.com/mailman/listinfo/mikrotik > > > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik > RouterOS > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: < > http://mail.butchevans.com/pipermail/mikrotik/attachments/20160317/2b5a84e1/attachment.html > > > _______________________________________________ > Mikrotik mailing list > [email protected] > http://mail.butchevans.com/mailman/listinfo/mikrotik > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik > RouterOS > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.butchevans.com/pipermail/mikrotik/attachments/20160317/4852e740/attachment.html> _______________________________________________ Mikrotik mailing list [email protected] http://mail.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
