Re: usage counter....
so.. its mean that freeradius not yet supporting about this limit ? so i have to ask mikrotik ? 2007/5/18, [EMAIL PROTECTED] [EMAIL PROTECTED]: With a bit of gymnastics it can be done. You can run an outside program on accounting updates checking Octet total - if it goes over the limit it can send PoD (if Mikrotik supports this). But is it worth it? How much over the limit can they go in one session (you are setting a monthly limit)? Think about limiting sessions with Session-Timeout as well. Or simply ask Mikrotik to introduce Mikrotik-Total-Limit VSA. If enough people request it ... Ivan Kalik Kalik Informatika ISP Dana 18/5/2007, Trio Yulistianto [EMAIL PROTECTED] piše: yupes you are right... it can't stop user from going over the limit, but i need to kick while the limit reached as time session... any body success with this ? please tell me how - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: usage counter....
Yeah, I found a method to do this. It involves configuring your NAS to
reauthenticate the user every 20 minutes or so (I use OpenVPN with a NAS
plugin, it does key renegotiation every 20 minutes so this is ideal for me),
and using a Perl script with rlm_perl to do your own calculations. Read
below to see how to make it work with a NAS that doesn't periodically
renegotiate, and supports Packet of Disconnection.
My Perl script does a query to find the bytes used for each user (I also
specify date/time requirements, but this isn't shown here):
SELECT SUM(inputoctets + outputoctets) FROM radacct WHERE
username='$username'';
Then you can make it compare it with the user's user-group attribute, eg:
$result = SELECT SUM(inputoctets + outputoctets) FROM radacct WHERE
username='$username'';
$bytesused = $result[0];
if ($check['user-group' == heavyusers)
{
# give the user full speed service if their byte usage is below 100GB
if $bytesused 1
{
return AUTH_OK;
}
else
{
return AUTH_REJECT;
}
}
...and repeat as neccassary. (note, this is off the top of my head with no
reference to the rlm_perl script I use, so some values will likely be fuzzy
or outright wrong)
This way, I didn't have to hack around with complicated, awkward modules in
FreeRADIUS - all I needed to do was move the functionality and
decisionmaking logic to Perl. This saved me -days- of work, and is very
flexible.
It all depends on what methods you have to enforce user disconnection: I was
lucky enough to be able to ask for the creator of the OpenVPN plugin to add
an 'reauthenticate every 20 minutes' option, which if it failed, booted the
user off the NAS. Read your NAS documentation: specifically, look for
if/when it reauthenticates, and if it supports Packet-Of-Disconnection. If
it does support PoD, then you can easily add this functionality to the Perl
script that runs on accounting, and it'll work just fine without periodic
reauthentications.
Hope this helps!
Jan
On 19/05/07, Trio Yulistianto [EMAIL PROTECTED] wrote:
so.. its mean that freeradius not yet supporting about this limit ?
so i have to ask mikrotik ?
2007/5/18, [EMAIL PROTECTED] [EMAIL PROTECTED]:
With a bit of gymnastics it can be done. You can run an outside program
on accounting updates checking Octet total - if it goes over the limit
it can send PoD (if Mikrotik supports this). But is it worth it? How
much over the limit can they go in one session (you are setting a
monthly limit)? Think about limiting sessions with Session-Timeout as
well.
Or simply ask Mikrotik to introduce Mikrotik-Total-Limit VSA. If
enough people request it ...
Ivan Kalik
Kalik Informatika ISP
Dana 18/5/2007, Trio Yulistianto [EMAIL PROTECTED] piše:
yupes you are right... it can't stop user from going over the limit,
but i need to kick while the limit reached as time session...
any body success with this ? please tell me how
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: usage counter....
That is not standard radius attribute so it can't be enforced on every peace of equipment. Freeradius will happily send such attribute (if you define it yourself in the dictionary) but NAS won't know what to do with it. You have an option to use NAS that has such VSA (like Chillispot) or create that functionality yourself by using an outside program and interim checks. Ivan Kalik Kalik Informatika ISP Dana 19/5/2007, Trio Yulistianto [EMAIL PROTECTED] piše: so.. its mean that freeradius not yet supporting about this limit ? so i have to ask mikrotik ? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: usage counter....
We are starting with wireless soon, so I planned to adapt monthlycounter
sqlcounter:
query = SELECT SUM( AcctInputOctets + AcctOutputOctets) FROM radacct
WHERE UserName='%{%k}' AND AcctStartTime FROM_UNIXTIME('%b')
Remove reply-name, change check-name to Max-Monthly-Octets and check with:
Max-Monthly-Octetsnumberofbytes
I haven't implemented it yet (planning first to install 2.0 for testing
next week), but I think it will work. It can't stop user from going
over the limit as timed counters can, but it should stop them from
connecting next time.
Ivan Kalik
Kalik Informatika ISP
Dana 18/5/2007, Trio Yulistianto [EMAIL PROTECTED] piše:
next problem...
i have read all documentation ebaout sql counter and all based on time..
any docoumentation about volume based ?
volume based (total of inputoctets and outputoctets)
in my case, i want to give user limitation about his byte usage,
ie. user heavy : has 10 Gb (total of inputoctets and outputoctets) per
month
user medium : has 5 Gb (total of inputoctets and outputoctets) per month
user light : has 1 Gb (total of inputoctets and outputoctets) per month
how thats can handle by freeradius and mysql ?
fyi. my nas is mikrotik v2.9.40
for now i just limiting by *Mikrotik-Recv-Limit *and *Mikrotik-Xmit-Limit *
attribute*
*any solution to limiting by total of those 2 variables ?
thanks be4
trio
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: usage counter....
yupes you are right... it can't stop user from going over the limit,
but i need to kick while the limit reached as time session...
any body success with this ? please tell me how
2007/5/18, [EMAIL PROTECTED] [EMAIL PROTECTED]:
We are starting with wireless soon, so I planned to adapt monthlycounter
sqlcounter:
query = SELECT SUM( AcctInputOctets + AcctOutputOctets) FROM radacct
WHERE UserName='%{%k}' AND AcctStartTime FROM_UNIXTIME('%b')
Remove reply-name, change check-name to Max-Monthly-Octets and check with:
Max-Monthly-Octetsnumberofbytes
I haven't implemented it yet (planning first to install 2.0 for testing
next week), but I think it will work. It can't stop user from going
over the limit as timed counters can, but it should stop them from
connecting next time.
Ivan Kalik
Kalik Informatika ISP
Dana 18/5/2007, Trio Yulistianto [EMAIL PROTECTED] piše:
next problem...
i have read all documentation ebaout sql counter and all based on
time..
any docoumentation about volume based ?
volume based (total of inputoctets and outputoctets)
in my case, i want to give user limitation about his byte usage,
ie. user heavy : has 10 Gb (total of inputoctets and outputoctets) per
month
user medium : has 5 Gb (total of inputoctets and outputoctets) per month
user light : has 1 Gb (total of inputoctets and outputoctets) per month
how thats can handle by freeradius and mysql ?
fyi. my nas is mikrotik v2.9.40
for now i just limiting by *Mikrotik-Recv-Limit *and
*Mikrotik-Xmit-Limit *
attribute*
*any solution to limiting by total of those 2 variables ?
thanks be4
trio
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
usage counter....
next problem... i have read all documentation ebaout sql counter and all based on time.. any docoumentation about volume based ? volume based (total of inputoctets and outputoctets) in my case, i want to give user limitation about his byte usage, ie. user heavy : has 10 Gb (total of inputoctets and outputoctets) per month user medium : has 5 Gb (total of inputoctets and outputoctets) per month user light : has 1 Gb (total of inputoctets and outputoctets) per month how thats can handle by freeradius and mysql ? fyi. my nas is mikrotik v2.9.40 for now i just limiting by *Mikrotik-Recv-Limit *and *Mikrotik-Xmit-Limit * attribute* *any solution to limiting by total of those 2 variables ? thanks be4 trio - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
