Re: Usage instead of time accounting

Fri, 03 Feb 2006 13:28:51 -0800

I use rlm_perl and custom scripts running at a Accounting Update. If used bytes is over a certain limit, I disconnect the user and disable the account in a mysql database. 

Regards,
Chris.
----- Original Message ----- From: "Sean" <[EMAIL PROTECTED]> 
To: <freeradius-users@lists.freeradius.org>
Sent: Friday, February 03, 2006 8:00 PM
Subject: Usage instead of time accounting



Hi'

I've been using FreeRadius authorisation and accounting for my Internet
Hotspot service for some time. It performs perfectly. Up to now all of
my clients use time based tickets(One hour, one day, one week and one
month) I now have a client that wants to supply tickets that will limit
the usage in bytes of a user. Can this be done and if so can anyone
recommend a source for documentation. I've Googled for the last few days
and checked the DD-WRT and Chillispot forums to no avail.

Regards and rhanks in advance,

Sean Bracken

http://swarmhotspots.com

On Fri, 2006-02-03 at 17:55 +0100,
[EMAIL PROTECTED] wrote:

Send Freeradius-Users mailing list submissions to
freeradius-users@lists.freeradius.org

To subscribe or unsubscribe via the World Wide Web, visit
http://lists.freeradius.org/mailman/listinfo/freeradius-users
or, via email, send a message with subject or body 'help' to
[EMAIL PROTECTED]

You can reach the person managing the list at
[EMAIL PROTECTED]

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Freeradius-Users digest..."


Today's Topics:

   1. (Fwd) Detail Filter method (Breuer Nicolas)
   2. Re: Detail Filter method (Nicolas Baradakis)
   3. R: SQL.conf new query (Carlo Prestopino)
   4. Re: how to log username in uppercase in radacct
      (Nicolas Baradakis)
   5. Root Certificate via ADS (Armin Kr?mer)
   6. Re: FDS + Freeradius = pain. (Joey McDonald)


----------------------------------------------------------------------

Message: 1
Date: Fri, 03 Feb 2006 14:14:54 +0100
From: "Breuer Nicolas" <[EMAIL PROTECTED]>
Subject: (Fwd) Detail Filter method
To: freeradius-users@lists.freeradius.org
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset="iso-8859-1"

 In /etc/raddb/acct_users file:

DEFAULT Acct-Status-Type == Interim-Update, Acct-Type := empty

And in /etc/raddb/radiusd.conf:

modules {

always ok {
rcode = ok
}

...
}

...

accounting {

# Log start & stop
detail

Acct-Type empty {
ok
}
}

--
Nicolas Baradakis



 Can i also put the empty section only in detail module
 because i have a sql line in account (to log everything)

 I wouldlike only to disable it in detail accounting.





------- Forwarded message follows -------
From:           Breuer Nicolas <[EMAIL PROTECTED]>
To:             freeradius-users@lists.freeradius.org
Subject:        Detail Filter method
Send reply to:  [EMAIL PROTECTED]
Date sent:      Fri, 03 Feb 2006 10:54:43 +0100


 Hello all,

 I'm using the "detailled" logs with FreeRadius.

 I wouldlike to filter the interim updates to not logged
 them. Is it possible ??

 I wouldlike to only have a logs files with start & stop..

 It would be a nice option, i think..



------- End of forwarded message -------

Breuer Nicolas
Content & Marketing Manager.
Network Supervisor.

BELCENTER ISP & PORTALS
Avenue Henri Conscience, 94
B -1140 Bruxelles
Tl. :+32 2 243 0 243
Fax :+32 2 243 0 244
Mobile :+32 486 50 27 87
E-Mail : [EMAIL PROTECTED]
http://www.BelCenter.be | http://www.BelCenter.net
http://www.BelCenter.lu  | http://www.BelCenter.nl

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://list.xs4all.nl/pipermail/freeradius-users/attachments/20060203/6a9e517f/attachment-0001.html 

------------------------------

Message: 2
Date: Fri, 3 Feb 2006 15:01:02 +0100
From: Nicolas Baradakis <[EMAIL PROTECTED]>
Subject: Re: Detail Filter method
To: freeradius-users@lists.freeradius.org
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=us-ascii

Breuer Nicolas wrote:

>  Can i also put the empty section only in detail module
>  because i have a sql line in account (to log everything)
>
>  I wouldlike only to disable it in detail accounting.

Please no HTML to the list.

You can add the sql module in the subsection, as explained in the
provided documentation: http://freeradius.org/radiusd/doc/Acct-Type

For example, in acct_users:

DEFAULT Acct-Status-Type == Interim-Update, Acct-Type := interim

And in radiusd.conf:

accounting {

sql
detail

Acct-Type interim {
sql
}
}

--
Nicolas Baradakis



------------------------------

Message: 3
Date: Fri, 3 Feb 2006 15:02:55 +0100
From: "Carlo Prestopino" <[EMAIL PROTECTED]>
Subject: R: SQL.conf new query
To: "'FreeRadius users mailing list'"
<freeradius-users@lists.freeradius.org>
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset="us-ascii"

Ok, problem solved, as you can see at this post
http://lists.freeradius.org/pipermail/freeradius-devel/2006-February/009446.
html

Thank you to everyone

Regards,
Carlo





------------------------------

Message: 4
Date: Fri, 3 Feb 2006 15:51:23 +0100
From: Nicolas Baradakis <[EMAIL PROTECTED]>
Subject: Re: how to log username in uppercase in radacct
To: FreeRadius users mailing list
<freeradius-users@lists.freeradius.org>
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=us-ascii

[EMAIL PROTECTED] wrote:

> Can anyone tell me how I can configure radius so that Username field is
> logged in uppercase for all records in RadAcct table.

Please no HTML to the list.

You could change the queries in /etc/raddb/sql.conf to use the UPPER()
function.

For example:
accounting_start_query = "INSERT into radacct (UserName, ... ) values (UPPER('%{SQL-User-Name}'), ... );" 

--
Nicolas Baradakis



------------------------------

Message: 5
Date: Fri, 03 Feb 2006 16:58:48 +0100
From: Armin Kr?mer <[EMAIL PROTECTED]>
Subject: Root Certificate via ADS
To: freeradius-users@lists.freeradius.org
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset="iso-8859-1"
Hi, im planing to install my generated root Certifikate via W2k ADS to the Clients.
How can i do this via AADS? What do i have to do in ADS and Group Policies?
The second question ist that i will have to set a mark onto my certifikate at the Trusted RootCertifikate Field at the network Connection (hoe you understand what i mean) . How can i do this? Intall Root Certifikate and set this mark that i can use EAP-TLS wit Freeradius? I dont want to put it on 300 clients per hand :-) 



Thank

Armin

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://list.xs4all.nl/pipermail/freeradius-users/attachments/20060203/3644c9f5/attachment-0001.html 

------------------------------

Message: 6
Date: Fri, 3 Feb 2006 09:32:39 -0700
From: Joey McDonald <[EMAIL PROTECTED]>
Subject: Re: FDS + Freeradius = pain.
To: Phil Mayers <[EMAIL PROTECTED]>
Cc: FreeRadius users mailing list
<freeradius-users@lists.freeradius.org>
Message-ID:
<[EMAIL PROTECTED]>
Content-Type: text/plain; charset="iso-8859-1"

Hi Phil,

Thanks for the response.

> rlm_ldap: Adding userPassword as User-Password, value { & op=21
>
> The line above looks wrong, but it never ends up being a problem
> because...
>
> > rlm_ldap: looking for reply items in directory...
> > rlm_ldap: user joey authorized to use remote access
> > rlm_ldap: ldap_release_conn: Release Id: 0
>
> ...during authenticate...


Sure, I don't think that FDS has the radius extensions yet although I've
created an ldif to add them if needed but in the mean time I've just
commented out:
   access_attr = "dialupAccess"

because I want all my users to be able to use the VPN.

> rlm_ldap: - authenticate
> > rlm_ldap: login attempt by "joey" with password "xxxxxxxx"
> > rlm_ldap: user DN: uid=joey,ou=People, dc=example,dc=net
> > rlm_ldap: (re)connect to ldap.example.net:389, authentication 1
> > rlm_ldap: bind as uid=joey,ou=People, dc=example,dc=net/xxxxxxxx to
> > ldap.example.net:389
> > rlm_ldap: waiting for bind result ...
> > rlm_ldap: Bind was successful
> > rlm_ldap: user joey authenticated succesfully
>
> ...auth-type == LDAP and an LDAP simple bind is done to answer the PAP
> request from radtest. This ONLY works with PAP because an LDAP simple
> bind needs the plaintext password.
>
> > Login OK: [joey/xxxxxxx] (from client el-oso port 0)
> > Sending Access-Accept of id 116 to 172.33.100.18:32811
> >
> > So that tells me that I've got the communication to my LDAP server
> > properly configured.
> >
> > However when my PPTP server sends authentication requests to my > > radius 
> > server, I always get "Login incorrect: [joey/<no User-Password
> > attribute>]"
>
> Since it's a PPTP server you are almost certainly going to be using
> MS-CHAP, which requires either:
>
>   1. The NT password hash to be in LDAP and readable by FreeRadius
>   2. The plaintext password to be in LDAP and readable
>   3. Samba, domain membership, winbind and the ntlm_auth plugin option
> for the mschap module


Well, I'm not using windows systems at all - I've got OSX clients and a
linux-based PPTP server. The passwords are stored as SSHA in my LDAP
directory. That finally makes sense as to why radtest works, so thanks! My next question is, what Auth-Type should I be using for SSHA's stored in an 
LDAP directory. Clearly LDAP isn't going to be it if it doesn't support
decrypting passwords and I don't wish to store passwords in plain text in
the directory.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://list.xs4all.nl/pipermail/freeradius-users/attachments/20060203/9fbe7796/attachment.html 

------------------------------

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html 


End of Freeradius-Users Digest, Vol 10, Issue 12
************************************************


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to