Re: sqlcounter monthly counter impementation problem
Dear all
Here I am shareing my Knowledge. for freeradius users. i have
done freeradius-1.1.4 with mysql with cisco VPDN configuration as well as i
have configuraed per user base bandwidth configuration and simultanious user
login configuration i have sharing my configuration for my freeradius users
I have cisco router with this configuration
aaa new-model
!
!
aaa group server radius testing123
server-private 71.5.250.243 auth-port 1812 acct-port 1813 key tulipconnect
ip radius source-interface FastEthernet0/1
deadtime 0
!
aaa authentication login default local group radius group testing123
aaa authentication ppp default group testing123 local
aaa authorization exec default local group radius group testing123
aaa authorization network default group testing123 local
aaa accounting update periodic 1
aaa accounting exec default start-stop group testing123
aaa accounting network default start-stop group testing123
aaa accounting connection default start-stop group testing123
!
_
My all user databases in mysql and simultanius login also in mysql
mysql tables :-
mysql select * from radcheck;
++--+---++---+
| id | UserName | Attribute | op | Value |
++--+---++---+
| 1 | satish | User-Password | := | tulip |
| 2 | priya| User-Password | := | tulip |
++--+---++---+
2 rows in set (0.00 sec)
mysql select * from radgroupcheck;;
++---+--++---+
| id | GroupName | Attribute| op | Value |
++---+--++---+
| 1 | 64KB | Simultaneous-Use | := | 1 |
| 4 | 128KB | Simultaneous-Use | := | 1 |
++---+--++---+
2 rows in set (0.00 sec)
mysql select * from radgroupreply;;
++---+-+++--+
| id | GroupName | Attribute | op | Value
| prio |
++---+-+++--+
| 1 | 64KB | Framed-Protocol | = | PPP
|0 |
| 2 | 64KB | Framed-MTU | = | 1400
|0 |
| 3 | 64KB | Service-Type| = | Framed-User
|0 |
| 4 | 128KB | Framed-Protocol | = | PPP
|0 |
| 5 | 128KB | Framed-MTU | = | 1450
|0 |
| 6 | 128KB | Service-Type| = | Framed-User
|0 |
| 7 | 128KB | Cisco-Avpair| = | lcp:interface-config#1=rate-limit
output 128000 1 1 conform-action continue exceed-action drop |0 |
++---+-+++--+
7 rows in set (0.00 sec)
mysql select * from usergroup;
++--+---+
| id | UserName | GroupName |
++--+---+
| 1 | satish | 64KB |
| 3 | priya| 128KB |
++--+---+
2 rows in set (0.00 sec)
Simultanious Login configuration ( edit this file /etc/raddb/sql.conf )
###
# Simultaneous Use Checking Queries
###
# simul_count_query - query for the number of current connections
# - If this is not defined, no simultaneouls use
checking
# - will be performed by this module instance
# simul_verify_query- query to return details of current
connections for verification
# - Leave blank or commented out to disable
verification step
# - Note that the returned field order should not
be changed.
###
# Uncomment simul_count_query to enable simultaneous use checking
simul_count_query = SELECT COUNT(*) FROM ${acct_table1} WHERE
Re: sqlcounter monthly counter impementation problem
Cory Robson wrote: I have the following configuration in my radius.conf file. The counter does function as such and if the user has utilized the allotted time it will not allow them to connect. However I'm looking to see how to also apply it to the session limit. (IE adjust the session time. If user has a max session defined as 4 hrs but only has 2 hrs left of the monthly limit then adjust this to have them dropped automatically once this has been reached) It should do it automatically. Which sections have you listed it in? I presume accounting, but what about authorize? Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: sqlcounter monthly counter impementation problem
I have it in Authorize but not accounting . maybe that's the problem! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok Sent: Monday, 7 May 2007 3:00 PM To: FreeRadius users mailing list Subject: Re: sqlcounter monthly counter impementation problem Cory Robson wrote: I have the following configuration in my radius.conf file. The counter does function as such and if the user has utilized the allotted time it will not allow them to connect. However I'm looking to see how to also apply it to the session limit. (IE adjust the session time. If user has a max session defined as 4 hrs but only has 2 hrs left of the monthly limit then adjust this to have them dropped automatically once this has been reached) It should do it automatically. Which sections have you listed it in? I presume accounting, but what about authorize? Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __ NOD32 2245 (20070506) Information __ This message was checked by NOD32 antivirus system. http://www.eset.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sqlcounter monthly counter impementation problem
Cory Robson wrote: I have it in Authorize but not accounting . maybe that's the problem! The SQL module needs to be listed in the accounting section in order to insert the accounting data needed by the sqlcounter module. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: sqlcounter monthly counter impementation problem
Yes checked that is ok. It has been working so not the problem there. Only thing I can think of is the dialup-admin interface. The sql.attr map file may be placing it in the wrong spot. It is currently listed as a check item which should be correct. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok Sent: Monday, 7 May 2007 3:23 PM To: FreeRadius users mailing list Subject: Re: sqlcounter monthly counter impementation problem Cory Robson wrote: I have it in Authorize but not accounting . maybe that's the problem! The SQL module needs to be listed in the accounting section in order to insert the accounting data needed by the sqlcounter module. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __ NOD32 2245 (20070506) Information __ This message was checked by NOD32 antivirus system. http://www.eset.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
sqlcounter monthly counter impementation problem
I have the following configuration in my radius.conf file. The counter does
function as such and if the user has utilized the allotted time it will not
allow them to connect.
However I'm looking to see how to also apply it to the session limit.
(IE adjust the session time. If user has a max session defined as 4 hrs but
only has 2 hrs left of the monthly limit then adjust this to have them
dropped automatically once this has been reached)
sqlcounter monthlycounter {
counter-name = Monthly-Session-Time
check-name = Max-Monthly-Session
sqlmod-inst = sql
key = User-Name
reset = monthly
# This query properly handles calls that span from the
# previous reset period into the current period but
# involves more work for the SQL server than those
# below
# The same notes above about the differences between mysql
# versus postgres queries apply here.
query = SELECT SUM(AcctSessionTime - \
GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) \
FROM radacct WHERE UserName='%{%k}' AND \
UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime '%b'
How would I implement this to enforce the session time limits?
Cory
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
