Hello Kostas,
Friday, April 9, 2004, 2:12:37 PM, you wrote:
KK> On Thu, 8 Apr 2004, Alexander Lunyov wrote:
>> Hello freeradius-users,
>>
>> I need to differentiate users with their traffic limits, so i have
>> common traffic limit digit in LDAP in
>> cn=radprofile,dc=domain,dc=com, and for some users i have set their own
>> traffic limits in their own entries (like
>> uid=lan,ou=users,dc=domain,dc=com).
>>
>> So i need first of all look to user entry, and if there is no
>> traffic limit attribute - get value of a common limit attribute in
>> common entry.
KK> If you have an overriding operator in the user entry traffic limits then you
KK> should be fine. rlm_ldap will first set the traffic limit to the common value
KK> and then set it to the per user value if that is available. You only need to
KK> make sure that you are using operators in the user limit:
KK> dn: uid=username,dc=domain,dc=com
KK> ldaptrafficlimitattribute: := <value>
KK> ^^^
KK> This is the important part
I don't understand, where should this part be? In 'users' file or
where?
Maybeб i was not very clear about situation. Let me explain it once
again. When i configured in ldap.attrmap to take LDAP limit
attribute (radiusTraffifcLimit) and assign its value to variable
Rad-Traffic-Limit - it seems that value of an attribute is taking
from LDAP, varible Rad-Traffic-Limit seems to have right value,
but when i've tried to use it in %{expr:...} block - seems that
this variable is empty (though it is not). I've also edit dictionary to
make Rad-Traffic-Limit registered variable. But when i use direct
%{ldap:} query in %{expr} - i get the value. Maybe it'll be
simpler to do it with Rad-Traffic-Limit, but i don't know how :(
With this DEFAULT entry in 'users' file variable Rad-Traffic-Limit
is coming empty:
DEFAULT Service-Type == Framed-User, Pool-Name := "main_pool"
Framed-IP-Address = 255.255.255.254,
Framed-MTU = 576,
Service-Type = Framed-User,
Fall-Through = Yes,
Traffic-Limit := `%{expr: %{Rad-Traffic-Limit} -
%{sql:SELECT sum(AcctInputOctets)+sum(AcctOutputOctets)
FROM radacct WHERE UserName = '%u' AND
Month(AcctStopTime)=Month(NOW())
AND Year(AcctStopTime) = Year(NOW())}}`
While in debug output i see this:
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to ldap.domain.ru:389, authentication 0
rlm_ldap: bind as cn=root,dc=domain,dc=ru/password to ldap.domain.ru:389
rlm_ldap: waiting for bind result ...
rlm_ldap: performing search in ou=users,dc=domain,dc=ru, with filter (uid=lan)
rlm_ldap: checking if remote access for lan is allowed by dialupAccess
rlm_ldap: performing search in cn=radprofile,dc=domain,dc=ru, with filter
(objectclass=radiusprofile)
rlm_ldap: Adding radiusSimultaneousUse as Simultaneous-Use, value 1 & op=21
rlm_ldap: Adding radiusTrafficLimit as Rad-Traffic-Limit, value 314572800 & op=11
rlm_ldap: Adding radiusFramedProtocol as Framed-Protocol, value PPP & op=11
rlm_ldap: Adding radiusServiceType as Service-Type, value Framed-User & op=11
rlm_ldap: Added password somepass in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user lan authorized to use remote access
ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 0
users: Matched DEFAULT at 152
users: Matched DEFAULT at 175
radius_xlat: Running registered xlat function of module expr for string '
%{Rad-Traffic-limit} -
%{sql:SELECT sum(AcctInputOctets)+sum(AcctOutputOctets)
FROM radacct WHERE UserName = '%u' AND Month(AcctStopTime)=Month(NOW()) AND
Year(AcctStopTime) = Year(NOW())}'
radius_xlat: Running registered xlat function of module sql for string 'SELECT
sum(AcctInputOctets)+
sum(AcctOutputOctets) FROM radacct WHERE UserName = '%u' AND Month(AcctStopTime)
=Month(NOW()) AND
Year(AcctStopTime) = Year(NOW())'
rlm_sql (sql): - sql_xlat
radius_xlat: 'lan'
rlm_sql (sql): sql_set_user escaped user --> 'lan'
radius_xlat: 'SELECT sum(AcctInputOctets)+sum(AcctOutputOctets) FROM radacct WHERE
UserName = 'lan'
AND Month(AcctStopTime) =Month(NOW()) AND Year(AcctStopTime) = Year(NOW())'
rlm_sql (sql): Reserving sql socket id: 3
rlm_sql (sql): - sql_xlat finished
rlm_sql (sql): Released sql socket id: 3
radius_xlat: ' - 192684935'
radius_xlat: '-192684935'
...
Sending Access-Accept of id 181 to 62.33.65.2:2957
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Traffic-Limit := 0
Framed-Compression = Van-Jacobson-TCP-IP
Rad-Traffic-Limit = 314572800
Framed-Protocol = PPP
Service-Type = Framed-User
MS-CHAP2-Success = xxxx
MS-MPPE-Recv-Key = xxxx
MS-MPPE-Send-Key = xxxx
MS-MPPE-Encryption-Policy = 0x00000001
MS-MPPE-Encryption-Types = 0x00000006
I don't understand it... Rad-Traffic-Limit have value but that value
don't make sense for %{expr} block. Why?
--
Best regards,
Alexander mailto:[EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
