Additional lookup via SQL
Hiya, We are adding rate limiting attributes to our radius entries on a per customer basis, however the rates imposed will be one of 4 predefined rates. Each rate also has a burst value which is pre determined, and may be changed as we tweak. Ideally we would like to store a lookup of rates and their respective burst values, thus making changes quick and efficient. Is there a nice way that freeRADIUS could perform an additional lookup to determine the correct burst for a given rate and add it (allong with the attribute) to the radius reply? Thanks in advance for your help. -- - Graeme Hinchliffe (BSc) Core Internet Systems Designer Zen Internet (http://www.zen.co.uk/) ICQ 3842605 (link) Direct: 0845 058 9074 Main : 0845 058 9000 Fax : 0845 058 9005 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Additional lookup via SQL
Hiya Graeme, If you are using an SQL database backend it is very easy to implement this... You setup group names in the radgroupreply table with the attributes to be returned to the NAS for that group - you can have multiple records with the same group name to allow multiple attributes. Each group name would be used for the different rates and respective burst values and whatever attributes returned to the NAS that are specific to that group: IE: groupname attributeValueop rate1rate 500 += rate1burst 800 += rate2rate 1000 += rate2burst 1200 += ( the '+= op value states to add the A/V (attribute/value) pair to the NAS response even if there is another A/V pair with the same name, if you know for a fact there is not an A/V pair with the same name you can just use '=' instead)... and so on for each group you are defining. You then put the username in the usergroup table with the name of the group the user is assigned... IE: Username Groupname user1rate1 user2rate2 user3rate1 user4rate1 user5rate2 ad nausium... Freeradius should do the rest... The nice thing is all you have to do to change the rate and bust information for the user's assigned to a group is to change the value in the radgroupreply table and it changes for all users defined in that group. I think I got this right - YMMV gm... - Original Message - From: Graeme Hinchliffe [EMAIL PROTECTED] To: FreeRADIUS list [EMAIL PROTECTED] Sent: Tuesday, July 20, 2004 5:08 AM Subject: Additional lookup via SQL Hiya, We are adding rate limiting attributes to our radius entries on a per customer basis, however the rates imposed will be one of 4 predefined rates. Each rate also has a burst value which is pre determined, and may be changed as we tweak. Ideally we would like to store a lookup of rates and their respective burst values, thus making changes quick and efficient. Is there a nice way that freeRADIUS could perform an additional lookup to determine the correct burst for a given rate and add it (allong with the attribute) to the radius reply? Thanks in advance for your help. -- - Graeme Hinchliffe (BSc) Core Internet Systems Designer Zen Internet (http://www.zen.co.uk/) ICQ 3842605 (link) Direct: 0845 058 9074 Main : 0845 058 9000 Fax : 0845 058 9005 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html --- [This E-mail scanned for viruses by Declude Ant-Virus Scanner] --- [This E-mail scanned for viruses by Declude Ant-Virus Scanner] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Additional lookup via SQL
Hiya, We are adding rate limiting attributes to our radius entries on a per customer basis, however the rates imposed will be one of 4 predefined rates. Each rate also has a burst value which is pre determined, and may be changed as we tweak. Ideally we would like to store a lookup of rates and their respective burst values, thus making changes quick and efficient. Is there a nice way that freeRADIUS could perform an additional lookup to determine the correct burst for a given rate and add it (allong with the attribute) to the radius reply? Thanks in advance for your help. -- - Graeme Hinchliffe (BSc) Core Internet Systems Designer Zen Internet (http://www.zen.co.uk/) ICQ 3842605 (link) Direct: 0845 058 9074 Main : 0845 058 9000 Fax : 0845 058 9005 Hi Graeme, write a simple programm or script and use it for your replyitems. you can execute a programm for every reply item like this: Attribute-Name = `{%exec:/path/to/program args}` in the program itself you can use the environment variables for reading the nasipaddress or something else, all request items are placed into the enviroment of the forked programm. the output of the programm will be placed in the value of the attribute. look in radiusd.conf for exec and put 'exec' into the 'instantiate' section. best regards, christian - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Additional lookup via SQL
Hiya, Cheers for that, I have been pondering this (but in a different way). As we have to perform 2 radius lookups per customer if they are delivered via a specific pipe (thanks BT :/ ) we are already using a form of mangled radius that uses huntgroup name to read additional params from the group table, for the BT equipment. So to implement what you suggest we would have to alter the SQL again and use an OR clause I think to check for either. Which is fine, but I would ideally like to be able to do this without changing the SQL (if I break it, I get the support dept shouting at me :) ). What I am now pondering is if it is possible to specify a huntgroup within the RADIUS attributes returned from the radreply table, and have this be used for the subsequent radgroupreply. But only to be added if the huntgroup isn't already set. If not, I will just have to carefully alter these SQL queries :) Thanks for your time help Graeme On Tue, 2004-07-20 at 11:10, Gary McKinney wrote: Hiya Graeme, If you are using an SQL database backend it is very easy to implement this... You setup group names in the radgroupreply table with the attributes to be returned to the NAS for that group - you can have multiple records with the same group name to allow multiple attributes. Each group name would be used for the different rates and respective burst values and whatever attributes returned to the NAS that are specific to that group: IE: groupname attributeValueop rate1rate 500 += rate1burst 800 += rate2rate 1000 += rate2burst 1200 += ( the '+= op value states to add the A/V (attribute/value) pair to the NAS response even if there is another A/V pair with the same name, if you know for a fact there is not an A/V pair with the same name you can just use '=' instead)... and so on for each group you are defining. You then put the username in the usergroup table with the name of the group the user is assigned... IE: Username Groupname user1rate1 user2rate2 user3rate1 user4rate1 user5rate2 ad nausium... Freeradius should do the rest... The nice thing is all you have to do to change the rate and bust information for the user's assigned to a group is to change the value in the radgroupreply table and it changes for all users defined in that group. I think I got this right - YMMV gm... - Original Message - From: Graeme Hinchliffe [EMAIL PROTECTED] To: FreeRADIUS list [EMAIL PROTECTED] Sent: Tuesday, July 20, 2004 5:08 AM Subject: Additional lookup via SQL Hiya, We are adding rate limiting attributes to our radius entries on a per customer basis, however the rates imposed will be one of 4 predefined rates. Each rate also has a burst value which is pre determined, and may be changed as we tweak. Ideally we would like to store a lookup of rates and their respective burst values, thus making changes quick and efficient. Is there a nice way that freeRADIUS could perform an additional lookup to determine the correct burst for a given rate and add it (allong with the attribute) to the radius reply? Thanks in advance for your help. -- - Graeme Hinchliffe (BSc) Core Internet Systems Designer Zen Internet (http://www.zen.co.uk/) ICQ 3842605 (link) Direct: 0845 058 9074 Main : 0845 058 9000 Fax : 0845 058 9005 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html --- [This E-mail scanned for viruses by Declude Ant-Virus Scanner] --- [This E-mail scanned for viruses by Declude Ant-Virus Scanner] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- - Graeme Hinchliffe (BSc) Core Internet Systems Designer Zen Internet (http://www.zen.co.uk/) ICQ 3842605 (link) Direct: 0845 058 9074 Main : 0845 058 9000 Fax : 0845 058 9005 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Additional lookup via SQL
On Tue, 2004-07-20 at 11:48, jesk wrote: Hiya, We are adding rate limiting attributes to our radius entries on a per customer basis, however the rates imposed will be one of 4 predefined rates. Each rate also has a burst value which is pre determined, and may be changed as we tweak. Ideally we would like to store a lookup of rates and their respective burst values, thus making changes quick and efficient. Is there a nice way that freeRADIUS could perform an additional lookup to determine the correct burst for a given rate and add it (allong with the attribute) to the radius reply? Thanks in advance for your help. -- - Graeme Hinchliffe (BSc) Core Internet Systems Designer Zen Internet (http://www.zen.co.uk/) ICQ 3842605 (link) Direct: 0845 058 9074 Main : 0845 058 9000 Fax : 0845 058 9005 Hi Graeme, write a simple programm or script and use it for your replyitems. you can execute a programm for every reply item like this: Attribute-Name = `{%exec:/path/to/program args}` in the program itself you can use the environment variables for reading the nasipaddress or something else, all request items are placed into the enviroment of the forked programm. the output of the programm will be placed in the value of the attribute. look in radiusd.conf for exec and put 'exec' into the 'instantiate' section. best regards, christian Hiya, I thought about that but I don't want to make external calls as these servers can periodically get a LOT of requests and I don't want to increase load or lag on responses. Thanks all the same, it's in my last resort pile :) -- - Graeme Hinchliffe (BSc) Core Internet Systems Designer Zen Internet (http://www.zen.co.uk/) ICQ 3842605 (link) Direct: 0845 058 9074 Main : 0845 058 9000 Fax : 0845 058 9005 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html