Re: usage counter....
so.. its mean that freeradius not yet supporting about this limit ? so i have to ask mikrotik ? 2007/5/18, [EMAIL PROTECTED] [EMAIL PROTECTED]: With a bit of gymnastics it can be done. You can run an outside program on accounting updates checking Octet total - if it goes over the limit it can send PoD (if Mikrotik supports this). But is it worth it? How much over the limit can they go in one session (you are setting a monthly limit)? Think about limiting sessions with Session-Timeout as well. Or simply ask Mikrotik to introduce Mikrotik-Total-Limit VSA. If enough people request it ... Ivan Kalik Kalik Informatika ISP Dana 18/5/2007, Trio Yulistianto [EMAIL PROTECTED] piše: yupes you are right... it can't stop user from going over the limit, but i need to kick while the limit reached as time session... any body success with this ? please tell me how - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: usage counter....
Yeah, I found a method to do this. It involves configuring your NAS to reauthenticate the user every 20 minutes or so (I use OpenVPN with a NAS plugin, it does key renegotiation every 20 minutes so this is ideal for me), and using a Perl script with rlm_perl to do your own calculations. Read below to see how to make it work with a NAS that doesn't periodically renegotiate, and supports Packet of Disconnection. My Perl script does a query to find the bytes used for each user (I also specify date/time requirements, but this isn't shown here): SELECT SUM(inputoctets + outputoctets) FROM radacct WHERE username='$username''; Then you can make it compare it with the user's user-group attribute, eg: $result = SELECT SUM(inputoctets + outputoctets) FROM radacct WHERE username='$username''; $bytesused = $result[0]; if ($check['user-group' == heavyusers) { # give the user full speed service if their byte usage is below 100GB if $bytesused 1 { return AUTH_OK; } else { return AUTH_REJECT; } } ...and repeat as neccassary. (note, this is off the top of my head with no reference to the rlm_perl script I use, so some values will likely be fuzzy or outright wrong) This way, I didn't have to hack around with complicated, awkward modules in FreeRADIUS - all I needed to do was move the functionality and decisionmaking logic to Perl. This saved me -days- of work, and is very flexible. It all depends on what methods you have to enforce user disconnection: I was lucky enough to be able to ask for the creator of the OpenVPN plugin to add an 'reauthenticate every 20 minutes' option, which if it failed, booted the user off the NAS. Read your NAS documentation: specifically, look for if/when it reauthenticates, and if it supports Packet-Of-Disconnection. If it does support PoD, then you can easily add this functionality to the Perl script that runs on accounting, and it'll work just fine without periodic reauthentications. Hope this helps! Jan On 19/05/07, Trio Yulistianto [EMAIL PROTECTED] wrote: so.. its mean that freeradius not yet supporting about this limit ? so i have to ask mikrotik ? 2007/5/18, [EMAIL PROTECTED] [EMAIL PROTECTED]: With a bit of gymnastics it can be done. You can run an outside program on accounting updates checking Octet total - if it goes over the limit it can send PoD (if Mikrotik supports this). But is it worth it? How much over the limit can they go in one session (you are setting a monthly limit)? Think about limiting sessions with Session-Timeout as well. Or simply ask Mikrotik to introduce Mikrotik-Total-Limit VSA. If enough people request it ... Ivan Kalik Kalik Informatika ISP Dana 18/5/2007, Trio Yulistianto [EMAIL PROTECTED] piše: yupes you are right... it can't stop user from going over the limit, but i need to kick while the limit reached as time session... any body success with this ? please tell me how - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: usage counter....
That is not standard radius attribute so it can't be enforced on every peace of equipment. Freeradius will happily send such attribute (if you define it yourself in the dictionary) but NAS won't know what to do with it. You have an option to use NAS that has such VSA (like Chillispot) or create that functionality yourself by using an outside program and interim checks. Ivan Kalik Kalik Informatika ISP Dana 19/5/2007, Trio Yulistianto [EMAIL PROTECTED] piše: so.. its mean that freeradius not yet supporting about this limit ? so i have to ask mikrotik ? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: usage counter....
We are starting with wireless soon, so I planned to adapt monthlycounter sqlcounter: query = SELECT SUM( AcctInputOctets + AcctOutputOctets) FROM radacct WHERE UserName='%{%k}' AND AcctStartTime FROM_UNIXTIME('%b') Remove reply-name, change check-name to Max-Monthly-Octets and check with: Max-Monthly-Octetsnumberofbytes I haven't implemented it yet (planning first to install 2.0 for testing next week), but I think it will work. It can't stop user from going over the limit as timed counters can, but it should stop them from connecting next time. Ivan Kalik Kalik Informatika ISP Dana 18/5/2007, Trio Yulistianto [EMAIL PROTECTED] piše: next problem... i have read all documentation ebaout sql counter and all based on time.. any docoumentation about volume based ? volume based (total of inputoctets and outputoctets) in my case, i want to give user limitation about his byte usage, ie. user heavy : has 10 Gb (total of inputoctets and outputoctets) per month user medium : has 5 Gb (total of inputoctets and outputoctets) per month user light : has 1 Gb (total of inputoctets and outputoctets) per month how thats can handle by freeradius and mysql ? fyi. my nas is mikrotik v2.9.40 for now i just limiting by *Mikrotik-Recv-Limit *and *Mikrotik-Xmit-Limit * attribute* *any solution to limiting by total of those 2 variables ? thanks be4 trio - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: usage counter....
yupes you are right... it can't stop user from going over the limit, but i need to kick while the limit reached as time session... any body success with this ? please tell me how 2007/5/18, [EMAIL PROTECTED] [EMAIL PROTECTED]: We are starting with wireless soon, so I planned to adapt monthlycounter sqlcounter: query = SELECT SUM( AcctInputOctets + AcctOutputOctets) FROM radacct WHERE UserName='%{%k}' AND AcctStartTime FROM_UNIXTIME('%b') Remove reply-name, change check-name to Max-Monthly-Octets and check with: Max-Monthly-Octetsnumberofbytes I haven't implemented it yet (planning first to install 2.0 for testing next week), but I think it will work. It can't stop user from going over the limit as timed counters can, but it should stop them from connecting next time. Ivan Kalik Kalik Informatika ISP Dana 18/5/2007, Trio Yulistianto [EMAIL PROTECTED] piše: next problem... i have read all documentation ebaout sql counter and all based on time.. any docoumentation about volume based ? volume based (total of inputoctets and outputoctets) in my case, i want to give user limitation about his byte usage, ie. user heavy : has 10 Gb (total of inputoctets and outputoctets) per month user medium : has 5 Gb (total of inputoctets and outputoctets) per month user light : has 1 Gb (total of inputoctets and outputoctets) per month how thats can handle by freeradius and mysql ? fyi. my nas is mikrotik v2.9.40 for now i just limiting by *Mikrotik-Recv-Limit *and *Mikrotik-Xmit-Limit * attribute* *any solution to limiting by total of those 2 variables ? thanks be4 trio - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
usage counter....
next problem... i have read all documentation ebaout sql counter and all based on time.. any docoumentation about volume based ? volume based (total of inputoctets and outputoctets) in my case, i want to give user limitation about his byte usage, ie. user heavy : has 10 Gb (total of inputoctets and outputoctets) per month user medium : has 5 Gb (total of inputoctets and outputoctets) per month user light : has 1 Gb (total of inputoctets and outputoctets) per month how thats can handle by freeradius and mysql ? fyi. my nas is mikrotik v2.9.40 for now i just limiting by *Mikrotik-Recv-Limit *and *Mikrotik-Xmit-Limit * attribute* *any solution to limiting by total of those 2 variables ? thanks be4 trio - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html