rdo, sexta-feira, 7 de maio de 2004 às 15:06 você escreveu:
rsp> I´m using freeradius and the autentication methos by userfile, now i have to
rsp> create 2 usergroups, one for 1hour to surf in the internet othre for 6hours.
rsp> Can anyone help me about creating these 2 usergroups and setting ups each user
rsp> for desired usergroup.
Olá Rui,
eu escrevi uma mensagem para outra pessoa há poucos minutos, tratando
de uma situação parecida. Veja se isso não lhe ajuda... Você precisa
usar SQL para este método, ele não funciona com arquivos.
---------------------------------------------------------------------
Hi,
this is my attempt to explain how to make the SQL counters work. It is
not too hard to make it work, once you have a stable installation. I
wasn't able to make it work, for several reasons...
Have a look at the file rlm_sqlcounter in the doc folder. It will tell
you that you have to compile the server with support for
rlm_sqlcounter installed. The configure script refused to build a
valid Makefile on my FreeBSD 4.5 box, but worked fine on 5.2.
Once you have the server compiled with that option, follow the text
file and create a sqlcounter.conf file. I am using just this for now:
sqlcounter noresetcounter {
counter-name = Max-All-Session-Time
check-name = Max-All-Session
sqlmod-inst = sql
# key = User-Name
key = Stripped-User-Name
reset = never
query = "SELECT SUM(AcctSessionTime) FROM radacct WHERE
UserName='%{%k}'"
}
I don't know how you are storing the usernames in your tables. I am
stripping the domain, so I had to modify the original example to get a
result from MySQL instead of an empty response.
Then, still following the doc/rlm_sqlcounter file, I included the
noresetcounter in the authorize section of radiusd.conf.
Now all you should have to do is create a group which checks the
Max-All-Session value. My tables are set up like this:
radcheck is used only for the password check:
'username' == 'somepassword'
radgroupcheck checks for the maximum allowed time for the subscription
plan the user belongs to:
'groupname' Max-All-Session := 600 <- I used just 5 minutes of allowed time
'groupname' Auth-Type := Local
radgroupreply contains everything I have to send back, but note that
the Session-Timeout is generated by the counter and added
automatically:
'groupname' Framed-Protocol == PPP
'groupname' Service-Type == Framed-User
'groupname' Idle-Timeout := 600
'groupname' Acct-Interim-Interval := 300
Naturally you will need at least one account record to test the
setup. If you run the server in debug mode, you should get something
like this:
rlm_sqlcounter: (Check item - counter) is greater than zero
rlm_sqlcounter: Authorized user joao.silva, check_item=600, counter=586
rlm_sqlcounter: Sent Reply-Item for user joao.silva, Type=Session-Timeout, value=14
As the user stayed on-line for 586 seconds already, he has only 14
seconds left. The package sent back to the user is something like
this:
Framed-Protocol == PPP
Service-Type == Framed-User
Idle-Timeout := 600
Acct-Interim-Interval := 300
Session-Timeout = 14
Well, I hope this helps you somehow.
Ulrich
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
