Re: Most Popular method for managing users in FreeRadius
27-Jan-03 at 16:27, Tim Jung ([EMAIL PROTECTED]) wrote : Well the issue is that yes you do need everything stored in Rodopi so that total time for the given period is correct. For example say you limit an account to 300 hours per month, and they use 295 hours, then call up for 2 hours hang up, then 2 minutes later call back. The system should know that they now only have 3 hours left and thus set a session limit of 3 hours. If the data is not being processed real-time then there is no way for the RADIUS server to accurately know what the exact limit of the session should be. Without real-time processing of the RADIUS accounting packets then on the second call it would think it still had 5 hours left rather than only 3 hours left. In my setup, RODOPI creates a users file from Radius attributes specified on a per-plan basis. This users file is only uploaded to the Radius server when there is a change in password or an update to attributes. It is therefore not Rodopi that holds the actual db for users, but the Radius server. Session limits are usually used in the context where someone might only be able to stay online x minutes before having to re-authenticate. Now, if you want a prepaid system where the limit is over a long time (and not just one session) then you have to get a bit cleverer. That means that the Radius server has to keep track of a user's session time over a number of sessions, each time decrementing the remaining time based on online time in previous sessions over a given time period. This is the problem I have been faced with and I don't have an easy solution. Rodopi will not update the users file after every Acct-Stop packet on my setup. This is how I see a possible setup working: - Rodopi creates users file with a Session Time and Date range? - Some selfmade daemon watches the Detail file / SQL server accouting details and decrements the Session Time on each Acct-Stop packet - This goes on until period is up, then the Session Time is reset / expires completely. You still have the problem that a change of password means that Rodopi now gives back a Session Time which is too high. Rodopi says that with Steel-Belted Radius the solution is already set, however this is a commercial solution and I don't want it. If things have changed in a recent Rodopi version I'd like to know. By definition, a session is one login/logout. I'm still looking at this. Regards, -- |-Simon White, Internet Services Manager, Certified Check Point CCSA. |-MTDS Internet, Security, Anti-Virus, Linux and Hosting Solutions. |-MTDS 14, rue du 16 novembre, Agdal, Rabat, Morocco. |-MTDS tel +212.3.767.4861 - fax +212.3.767.4863 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Most Popular method for managing users in FreeRadius
I saw this posting and wanted to ask a few questions. Has anyone setup FreeRADIUS so it authenticates users and stores the accounting logs in MSSQL for use by Rodopi? I am interested in knowing if anyone has setup FreeRADIUS and Rodopi together so that pre-paid cards and dialup account time limits work and limit a users time so when they reach the limit it will kick them off by setting the session length correctly. If anyone has any pointers for this information I would appreciate it. We are already using Rodopi to import standard RADIUS logs and make the users file, but would prefer to see this integrated better so we can suppose pre-paid cards. In case it makes any difference we would like to run FreeRADIUS on our Red Hat Linux server. Right now we are running Cistron which as you know isn't really setup for pre-paid cards. Thanks for any of the help that anyone can give us. Tim Jung System Admin Internet Gateway [EMAIL PROTECTED] - Original Message - From: Juan Carlos Ocasio [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, January 11, 2003 9:36 AM Subject: RE: Most Popular method for managing users in FreeRadius Tim, You can also use perl or php to connect to Rodopi. The MSSQL server that Rodopi uses has a bunch of stored procedures you can call from an SQL script. That is what we used for a client of mine that wanted to use Rodopi as the billing system, Linux for his email - personal web space and a custom PHP site for Web based signups. At first it was a pain joining all three, but once I learned how Rodopi was doing things, it was pretty much smooth sailing from there. Regards, JC -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Tim D. McCracken Sent: Saturday, January 11, 2003 6:33 AM To: [EMAIL PROTECTED] Subject: RE: Most Popular method for managing users in FreeRadius I am using RODOPI for provisioning and billing. I have just turned it up in the last month or two. It has 'event scripts' capability. Basically anytime a user add, change, or delete is done, it calls some external system that you create to update your external systems such as FR, e-mail, etc... (www.rodopi.com) You do have to 'roll your own' interface code, but the scripts support a variety of interfaces and different people do it different ways. In my case I developed some C++ code that runs as a DOS batch file, that RODOPI creates and then executes. (Well it is supposed to, it is creating the DOS file right now, and they are fixing a bug that is keeping it from executing it. RIght now I just duble click the batch file to get it to execute.) Most people probably don't do it the way I did, but I already had most of the code developed and it took me about 2 days to adapt it. I am using FR/MySql, so my code uses the MySql C API to connect to the MySql DB on my Solaris servers and inserts, updates, or deletes records in the usergroup, radcheck and radreply tables. Rodopi runs on Win2000, but it can be made to work with most any system that can be IP networked, since the event scripts support a bunch of different technicques. I also use CGPro e-mail software running on solaris, and I have it tied to RODOPI as well. One other nice thing about RODOPI is that the configuration and user interface is totally web based. So it is easy to run from anywhere. Of course, you want it behind a firewall... Tim -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Don O'Neil Sent: Saturday, January 11, 2003 2:57 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Most Popular method for managing users in FreeRadius Ok... I'm a newbie to the whole radius thing, and yes, I have the book on order Besides the tool 'dialup admin' that comes with FreeRadius and manually adding/removing users to the DB with any number of tools like phpmyadmin, what is everyone using to manage users with FreeRadius/MySQL? Specifically, I'm wondering if there are any accounting/billing packages that add/remove/modify users automatically, or if I'm going to have to 'roll my own' and interface it to some accounting billing package. Can it be easilly interfaced with MikroTik to add/remove users, or ISPGold, or Emerald (etc...)? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Most Popular method for managing users in FreeRadius
27-Jan-03 at 14:37, Tim Jung ([EMAIL PROTECTED]) wrote : I saw this posting and wanted to ask a few questions. Has anyone setup FreeRADIUS so it authenticates users and stores the accounting logs in MSSQL for use by Rodopi? I am interested in knowing if anyone has setup FreeRADIUS and Rodopi together so that pre-paid cards and dialup account time limits work and limit a users time so when they reach the limit it will kick them off by setting the session length correctly. If anyone has any pointers for this information I would appreciate it. We are already using Rodopi to import standard RADIUS logs and make the users file, but would prefer to see this integrated better so we can suppose pre-paid cards. In case it makes any difference we would like to run FreeRADIUS on our Red Hat Linux server. Right now we are running Cistron which as you know isn't really setup for pre-paid cards. This would be interesting for me too, but I haven't had the time to implement it yet. I don't think you need it to store to MSSQL, you can just have RODOPI send the right attributes upon account creation/renewal I think. Let me know how you get on and come back with more specific questions. I'm familiar with Rodopi 5.1... -- |-Simon White, Internet Services Manager, Certified Check Point CCSA. |-MTDS Internet, Security, Anti-Virus, Linux and Hosting Solutions. |-MTDS 14, rue du 16 novembre, Agdal, Rabat, Morocco. |-MTDS tel +212.3.767.4861 - fax +212.3.767.4863 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Most Popular method for managing users in FreeRadius
Well the issue is that yes you do need everything stored in Rodopi so that total time for the given period is correct. For example say you limit an account to 300 hours per month, and they use 295 hours, then call up for 2 hours hang up, then 2 minutes later call back. The system should know that they now only have 3 hours left and thus set a session limit of 3 hours. If the data is not being processed real-time then there is no way for the RADIUS server to accurately know what the exact limit of the session should be. Without real-time processing of the RADIUS accounting packets then on the second call it would think it still had 5 hours left rather than only 3 hours left. Does that make sense? That is why I am trying to get FreeRADIUS to integrate with Rodopi so it does the time length stuff correctly. Tim Jung System Admin Internet Gateway [EMAIL PROTECTED] - Original Message - From: Simon White [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, January 27, 2003 3:42 PM Subject: Re: Most Popular method for managing users in FreeRadius 27-Jan-03 at 14:37, Tim Jung ([EMAIL PROTECTED]) wrote : I saw this posting and wanted to ask a few questions. Has anyone setup FreeRADIUS so it authenticates users and stores the accounting logs in MSSQL for use by Rodopi? I am interested in knowing if anyone has setup FreeRADIUS and Rodopi together so that pre-paid cards and dialup account time limits work and limit a users time so when they reach the limit it will kick them off by setting the session length correctly. If anyone has any pointers for this information I would appreciate it. We are already using Rodopi to import standard RADIUS logs and make the users file, but would prefer to see this integrated better so we can suppose pre-paid cards. In case it makes any difference we would like to run FreeRADIUS on our Red Hat Linux server. Right now we are running Cistron which as you know isn't really setup for pre-paid cards. This would be interesting for me too, but I haven't had the time to implement it yet. I don't think you need it to store to MSSQL, you can just have RODOPI send the right attributes upon account creation/renewal I think. Let me know how you get on and come back with more specific questions. I'm familiar with Rodopi 5.1... -- |-Simon White, Internet Services Manager, Certified Check Point CCSA. |-MTDS Internet, Security, Anti-Virus, Linux and Hosting Solutions. |-MTDS 14, rue du 16 novembre, Agdal, Rabat, Morocco. |-MTDS tel +212.3.767.4861 - fax +212.3.767.4863 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Most Popular method for managing users in FreeRadius
I am using RODOPI for provisioning and billing. I have just turned it up in the last month or two. It has 'event scripts' capability. Basically anytime a user add, change, or delete is done, it calls some external system that you create to update your external systems such as FR, e-mail, etc... (www.rodopi.com) You do have to 'roll your own' interface code, but the scripts support a variety of interfaces and different people do it different ways. In my case I developed some C++ code that runs as a DOS batch file, that RODOPI creates and then executes. (Well it is supposed to, it is creating the DOS file right now, and they are fixing a bug that is keeping it from executing it. RIght now I just duble click the batch file to get it to execute.) Most people probably don't do it the way I did, but I already had most of the code developed and it took me about 2 days to adapt it. I am using FR/MySql, so my code uses the MySql C API to connect to the MySql DB on my Solaris servers and inserts, updates, or deletes records in the usergroup, radcheck and radreply tables. Rodopi runs on Win2000, but it can be made to work with most any system that can be IP networked, since the event scripts support a bunch of different technicques. I also use CGPro e-mail software running on solaris, and I have it tied to RODOPI as well. One other nice thing about RODOPI is that the configuration and user interface is totally web based. So it is easy to run from anywhere. Of course, you want it behind a firewall... Tim -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Don O'Neil Sent: Saturday, January 11, 2003 2:57 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Most Popular method for managing users in FreeRadius Ok... I'm a newbie to the whole radius thing, and yes, I have the book on order Besides the tool 'dialup admin' that comes with FreeRadius and manually adding/removing users to the DB with any number of tools like phpmyadmin, what is everyone using to manage users with FreeRadius/MySQL? Specifically, I'm wondering if there are any accounting/billing packages that add/remove/modify users automatically, or if I'm going to have to 'roll my own' and interface it to some accounting billing package. Can it be easilly interfaced with MikroTik to add/remove users, or ISPGold, or Emerald (etc...)? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Most Popular method for managing users in FreeRadius
Tim, You can also use perl or php to connect to Rodopi. The MSSQL server that Rodopi uses has a bunch of stored procedures you can call from an SQL script. That is what we used for a client of mine that wanted to use Rodopi as the billing system, Linux for his email - personal web space and a custom PHP site for Web based signups. At first it was a pain joining all three, but once I learned how Rodopi was doing things, it was pretty much smooth sailing from there. Regards, JC -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Tim D. McCracken Sent: Saturday, January 11, 2003 6:33 AM To: [EMAIL PROTECTED] Subject: RE: Most Popular method for managing users in FreeRadius I am using RODOPI for provisioning and billing. I have just turned it up in the last month or two. It has 'event scripts' capability. Basically anytime a user add, change, or delete is done, it calls some external system that you create to update your external systems such as FR, e-mail, etc... (www.rodopi.com) You do have to 'roll your own' interface code, but the scripts support a variety of interfaces and different people do it different ways. In my case I developed some C++ code that runs as a DOS batch file, that RODOPI creates and then executes. (Well it is supposed to, it is creating the DOS file right now, and they are fixing a bug that is keeping it from executing it. RIght now I just duble click the batch file to get it to execute.) Most people probably don't do it the way I did, but I already had most of the code developed and it took me about 2 days to adapt it. I am using FR/MySql, so my code uses the MySql C API to connect to the MySql DB on my Solaris servers and inserts, updates, or deletes records in the usergroup, radcheck and radreply tables. Rodopi runs on Win2000, but it can be made to work with most any system that can be IP networked, since the event scripts support a bunch of different technicques. I also use CGPro e-mail software running on solaris, and I have it tied to RODOPI as well. One other nice thing about RODOPI is that the configuration and user interface is totally web based. So it is easy to run from anywhere. Of course, you want it behind a firewall... Tim -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Don O'Neil Sent: Saturday, January 11, 2003 2:57 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Most Popular method for managing users in FreeRadius Ok... I'm a newbie to the whole radius thing, and yes, I have the book on order Besides the tool 'dialup admin' that comes with FreeRadius and manually adding/removing users to the DB with any number of tools like phpmyadmin, what is everyone using to manage users with FreeRadius/MySQL? Specifically, I'm wondering if there are any accounting/billing packages that add/remove/modify users automatically, or if I'm going to have to 'roll my own' and interface it to some accounting billing package. Can it be easilly interfaced with MikroTik to add/remove users, or ISPGold, or Emerald (etc...)? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html