Re: prepaid timeouts

2002-05-29 Thread Michael Bailey 

On Wed, May 29, 2002 at 09:07:43AM -0500, Chris Parker wrote:
> At 08:00 AM 5/29/2002 +, Michael Bailey wrote:
> >Hello,
> >
> >I would like to use freeradius to offer a prepaid service where users
> >can buy a certain number of days and will have unlimited use untill that
> >period is up.
> 
> Use the 'rlm_counter' or 'rlm_sqlcounter' module.  This is exactly what
> they were created for.

I don't think running a counter be the correct approach for this task.

I want users to be able to connect for as many hours as they wish between
now and next Tuesday. It's the date, not the number of hours online, that
determines whether they can connect or not. So the only counter I need is
the system clock.

Does anyone have a neat way of doing this (and returning Session-Timeout)?
I have altered the authorize_reply_query to compare current date with
timeout date to calculate and  return Session-Timeout but this only allows
one reply value. Is there somewhere else I can insert reply values as well?

The rlm_sqlcounter should be useful for another task, implementing
bandwidth limits. It's only in the CVS version at the moment and I think
I'll wait for it to go into a release before putting it on production
systems.

cheers,

Mike

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: prepaid timeouts and counters

2002-05-29 Thread Alexandre Strube 

On Wed, 29 May 2002 09:07:43 -0500, Chris Parker wrote:

>>I would like to use freeradius to offer a prepaid service where users
>>can buy a certain number of days and will have unlimited use untill that
>>period is up.
>Use the 'rlm_counter' or 'rlm_sqlcounter' module.  This is exactly what
>they were created for.

I wish to. But have this weird thing that doesn't allow me to do, and had no answer
from the list.

Let me post the question again.

On Wed, 22 May 2002 07:55:06 -0400, Randy Moore wrote:

>>Hi, I just upgraded Freeradius 0.5 to freeradius-snapshot-20020521.
>>I altered the old radiusd.conf file to reflect some changes, and have
>>included SQLcounter module. I wish to limit access to users on a
>>three-month basis, but only some users, and this 3-month time is
>>individual.
>>
>>What I did:
>>Raidusd.conf
>> sqlcounter monthlycounter {
>> counter-name = Monthly-Session-Time
>> check-name = Max-Monthly-Session
>> sqlmod-inst = sql
>> key = User-Name
>> reset = 3m
>>}
>>authorize {
>> preprocess
>> suffix
>> monthlycounter
>> sql
>> monthlycounter
>>}
>Since you are defining your Check Item in your SQL database, you should not
>need to include 'monthlycounter' twice.  The copy *after* sql is the only
>one you should need.

Ok, I've removed it. But still the same.

>>accounting {
>> acct_unique
>> sql
>> radutmp
>>}
>>The user can log ok if there's nothing on table radcheck about Monthly
>>Sessions. But if I
>>insert a row like
>>username=surak
>>attribute=Max-Monthly-Session
>>value= 200  (Any)
>>op=   ":=" without quotes, obviosly
>This looks fine.

Anyway, looks like there is something missing somewhere.

>>The radius rejects the user with the following message on debug:
>>modcall: entering group authorize
()
>>rlm_sqlcounter: Entering module authorize code
>>rlm_sqlcounter: Could not find Check item value pair
>>   modcall[authorize]: module "monthlycounter" returns noop
>Since you called 'monthlycounter' twice, it should appear twice in the 
>debug output.  The first time should appear just as it does above because
>the check item has not yet been read from your SQL database.  But you don't
>include the logs for the second call.  Did they appear?  If so what do they
>indicate?

No, this is the only information that appears. Now, with only the second 
monthlycounter defined
on authorize section, the result is the same.

Just to remember: If I drop this row ( surak   Max-Monthly-Session   20   :=  )
from radcheck table, it authorizes the user normally.

Follows the output from radiusd -X. The first is the one which has the row with 
Max-Montly-Session. The second
output is executed right after it, just dropping the Max-Monthly-Session from radcheck 
table.


-First output--
modcall: entering group authorize
  modcall[authorize]: module "preprocess" returns ok
rlm_realm: Looking up realm NULL for User-Name = "surak"
rlm_realm: No such realm NULL
  modcall[authorize]: module "suffix" returns noop
radius_xlat:  'surak'
sql_escape in:  'surak'
sql_escape out:  'surak'
sql_set_user:  escaped user --> 'surak'
radius_xlat:  'SELECT id,UserName,Attribute,Value FROM radcheck WHERE Username = 
'surak' ORDER BY id'
rlm_sql: Reserving sql socket id: 4
radius_xlat:  'SELECT 
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value 
FROM radgroupcheck,usergroup
WHERE usergroup.Username = 'surak' AND
usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat:  'SELECT id,UserName,Attribute,Value FROM radreply WHERE Username = 
'surak' ORDER BY id'
radius_xlat:  'SELECT 
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value 
FROM radgroupreply,usergroup WHERE
usergroup.Username = 'surak' AND usergroup.GroupName =
radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql: Pairs do not match [surak]
rlm_sql: Released sql socket id: 4
  modcall[authorize]: module "sql" returns notfound
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
  modcall[authorize]: module "monthlycounter" returns noop
modcall: group authorize returns ok
auth: No Auth-Type configuration for the request, rejecting the user
auth: Failed to validate the user.
Delaying request 9 for 1 seconds

Second output--
modcall: entering group authorize
  modcall[authorize]: module "preprocess" returns ok
rlm_realm: Looking up realm NULL for User-Name = "surak"
rlm_realm: No such realm NULL
  modcall[authorize]: module "suffix" returns noop
radius_xlat:  'surak'
sql_escape in:  'surak'
sql_escape out:  'surak'
sql_set_user:  escaped user --> 'surak'
radius_xlat:  'SELECT id,UserName,Attribute,Value FROM radcheck WHERE Username = 
'surak' ORDER BY id'
rlm_sql: R

Re: prepaid timeouts

2002-05-29 Thread Chris Parker 

At 08:00 AM 5/29/2002 +, Michael Bailey wrote:
>Hello,
>
>I would like to use freeradius to offer a prepaid service where users
>can buy a certain number of days and will have unlimited use untill that
>period is up.

Use the 'rlm_counter' or 'rlm_sqlcounter' module.  This is exactly what
they were created for.

-Chris
--
\\\|||///  \  StarNet Inc.  \ Chris Parker
\ ~   ~ /   \   WX *is* Wireless!\   Director, Engineering
| @   @ |\   http://www.starnetwx.net \  (847) 963-0116
oOo---(_)---oOo--\--
   \ Wholesale Internet Services - http://www.megapop.net



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: prepaid timeouts

2002-05-29 Thread Динар 

Hello Michael,

Wednesday, May 29, 2002, 12:00:09 PM, you wrote:



MB> I would like to use freeradius to offer a prepaid service where users
MB> can buy a certain number of days and will have unlimited use untill that
MB> period is up.

MB> I created a field in the database with the 'credit expires' date and
MB> have authorize_reply_query() returning a value for Session-Timeout so that
MB> the NAS can inform/disconnect the user.

MB> How can I reject a login and provide a message to the NAS if the current
MB> time is later than the 'credit expires' time in the database? Can
MB> authorize_check_query() result in a message being sent back to the NAS?
MB> Is there another way to do this? I want the NAS to knnow it's a problem
MB> with credit and not simple a wrong password.

MB> My first (ugly) attempt to return Session-Timeout uses the following:

MB>   authorize_reply_query = "SELECT id,UserID,'Session-Timeout',
MB> paidtill-unix_timestamp() FROM user WHERE Userid = '%{SQL-User-Name}'"

MB> This stops me using any other radreply values. Is there a cleaner way to
MB> get the number of seconds till the 'credit expires' date into Session-Timeout?

For that purposes I wrote functions in postgresql that are running
from sql querys of radiusd.
-- 
Best regards,
Dinar  mailto:[EMAIL PROTECTED]



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

prepaid timeouts

2002-05-29 Thread Michael Bailey 

Hello,

I would like to use freeradius to offer a prepaid service where users
can buy a certain number of days and will have unlimited use untill that
period is up.

I created a field in the database with the 'credit expires' date and
have authorize_reply_query() returning a value for Session-Timeout so that
the NAS can inform/disconnect the user.

How can I reject a login and provide a message to the NAS if the current
time is later than the 'credit expires' time in the database? Can
authorize_check_query() result in a message being sent back to the NAS?
Is there another way to do this? I want the NAS to knnow it's a problem
with credit and not simple a wrong password.

My first (ugly) attempt to return Session-Timeout uses the following:

  authorize_reply_query = "SELECT id,UserID,'Session-Timeout',
paidtill-unix_timestamp() FROM user WHERE Userid = '%{SQL-User-Name}'"

This stops me using any other radreply values. Is there a cleaner way to
get the number of seconds till the 'credit expires' date into Session-Timeout?

thanks,

Mike

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html