Mikrotik-Xmit-Limit - Not enforced on first logon but is on subsequent logons...
Sorry, forgot to mention it is a routeros hotspot setup. Ok I have added “Mikrotik-Xmit-Limit” for the account to radreply as well and can confirm the download megabyte limit is now enforced on first logon. Is this the best way to do it? Am I doing something wrong? Tks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Mikrotik-Xmit-Limit - Not enforced on first logon but is on subsequent logons...
Hi all,
Doing some trials with freeradius 2.x with the intention of moving from
1.1.7
I have an odd problem with mikrotik nas.
An account with download limit will not enforce the limit on the first
logon but will on subsequent logons.
On the first logon, no limit is imposed in mikrotik and the account can
use unlimited traffic. If I log off then log on again, the limit is
enforced... (I have checked in winbox and the "limit bytes in" column is
not populated on first logon).
It is taking me a while to get use to v2 of freeradius.
Tks
Setup details below:
User account has attribute Mikrotik-Xmit-Limit := 10471200 in radcheck
Do I need to have something in radreply as this is where the shaping is
done?
In: sql/mysql/counter.conf
sqlcounter downloadbytecounter {
counter-name = Mikrotik-Xmit-Limit
check-name = Mikrotik-Xmit-Limit
reply-name = Mikrotik-Xmit-Limit
sqlmod-inst = sql
key = User-Name
reset = never
query = "SELECT SUM(acctoutputoctets) FROM radacct WHERE
username='%{%k}'"
}
In sites-available/default
authorize {
downloadbytecounter
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Thanks Alan
Or buy the coders a beer :-) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] dius.org] On Behalf Of Sean Sent: Tuesday, 14 February 2006 5:13 AM To: freeradius-users@lists.freeradius.org Subject: Thanks Alan On Mon, 2006-02-13 at 19:58 +0100, [EMAIL PROTECTED] wrote: > Phil Mayers <[EMAIL PROTECTED]> wrote: > > Alan, in case anyone hasn't said it recently - you do an excellent > job > > maintaining this project under difficult conditions. You have my and > I > > suspect many other peoples sincere gratitude, and I can only hope > it's > > as rewarding for you as it is helpful for us. > > Thanks. > > FreeRADIUS is being used as part of the core product in at least 3 > startups I know of, and possibly as many as 5. It's at the point now > where it's getting me more professional attention than my other work > activities. > > Alan DeKok. Alan, I'd like to add my thanks also. FreeRadius is at the core of swarmhotspots.com and I'm amazed at the help and support that is available from you and the open source community. The best way to show your appreciation is to contribute something back. Regards, Sean http://swarmhotspots.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: return ALL the AVPs for a username that belongs multiple groups
Lenir wrote: Can anyone please help me with this? Thanks, Lenir Just a thought. Create a 3rd group with the attributes you need? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lenir Sent: Wednesday, November 02, 2005 7:34 PM To: 'FreeRadius users mailing list' Subject: RE: return ALL the AVPs for a username that belongs multiple groups Here's the rest of my config. Notice, that username 3000 belongs to group Dialin and Dialin2. The user can register fine, however in this case the Access-Accept packet only returns the AVPs related to group Dialin (I'm guessing is because it's the first one that it matches). mysql> select * from radcheck; ++--+---++--+ | id | UserName | Attribute | op | Value| ++--+---++--+ | 1 | Jhassell | Password | == | changeme | | 2 | Rneis| Password | == | changeme | | 3 | 1000 | Password | == | 1000 | | 4 | 2000 | Password | == | 2000 | | 5 | 3000 | Password | == | 3000 | ++--+---++--+ 5 rows in set (0.00 sec) mysql> select * from radreply; Empty set (0.00 sec) mysql> select * from usergroup; ++--++ | id | UserName | GroupName | ++--++ | 1 | Jhassell | Dialin | | 2 | Rneis| Staticdial | | 3 | 1000 | Dialin | | 4 | 2000 | Dialin | | 5 | 3000 | Dialin | | 6 | 3000 | Dialin2| ++--++ 6 rows in set (0.00 sec) mysql> select * from radgroupcheck; Empty set (0.00 sec) mysql> select * from radgroupreply; ++---+---++--+-- ---+ | id | GroupName | Attribute | op | Value| prio | ++---+---++--+-- + | 1 | Dialin| Reply-Message | = | "Authenticated by group Dialin" | 0 | | 2 | Dialin2 | SIP-AVP | = | Cust-AVP:feat_2 | 0 | | 3 | Dialin| SIP-AVP | = | Cust-AVP:feat_1 | 0 | ++---+---++--+-- + 3 rows in set (0.00 sec) mysql> select * from radpostauth; Empty set (0.00 sec) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok Sent: Friday, October 28, 2005 1:34 PM To: FreeRadius users mailing list Subject: Re: return ALL the AVPs for a username that belongs multiple groups "Lenir" <[EMAIL PROTECTED]> wrote: Radius replies with the AVPs of the first group that it matches that the user belongs to. Instead of returning all the AVPs for all the groups that the user belongs to. The example you posted didn't include groups or reply AVP's. So I guess the question is, can a user belong to multiple groups? If so, how can radius reply with all the AVPs that correspond to ALL the groups that the user belongs to? Yes, and you configure the server to do that. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Grab caller id and insert into radcheck how to
Jonathan De Graeve wrote:
You should use: IF NOT EXISTS
Thanks Jonathan, I did some more testing today and came up with
something that works for us...
Shane
Hi all,
I an attempting to add an additional attribute upon the first login for
user accounts and I am a bit lost.
The way I am testing this is with postauth query.
postauth_query = "INSERT into ${authcheck_table} (id, UserName,
Attribute, op, value) values('', '%{SQL-User-Name}',
'Calling-Station-Id', '==', '%{Calling-Station-Id}' )"
This works great but it adds a new record every time the user
successfully authenticates. Not a problem really but there are also
users I don't need to lock to a caller id.
I tried using postauth_query = "UPDATE in various ways but I just can't
get my head around it.
If I manually create an entry in radcheck for a user with the attribute
"Calling-Station-Id" and a "NULL" value, then the user can't login
obviously.
Does anybody have any ideas how to have this attribute somehow
dynamically created when the user first logs in if they are a member of
a group and ultimately not create it if the record already exists?
Any ideas or pointers greatly appreciated.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Grab caller id and insert into radcheck how to
Hi all,
I an attempting to add an additional attribute upon the first login for
user accounts and I am a bit lost.
The way I am testing this is with postauth query.
postauth_query = "INSERT into ${authcheck_table} (id, UserName,
Attribute, op, value) values('', '%{SQL-User-Name}',
'Calling-Station-Id', '==', '%{Calling-Station-Id}' )"
This works great but it adds a new record every time the user
successfully authenticates. Not a problem really but there are also
users I don't need to lock to a caller id.
I tried using postauth_query = "UPDATE in various ways but I just can't
get my head around it.
If I manually create an entry in radcheck for a user with the attribute
"Calling-Station-Id" and a "NULL" value, then the user can't login
obviously.
Does anybody have any ideas how to have this attribute somehow
dynamically created when the user first logs in if they are a member of
a group and ultimately not create it if the record already exists?
Any ideas or pointers greatly appreciated.
Thanks
Shane
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Control user logins by NAS
That did the trick.Thanks Christian
Shane
Christian Meutes wrote:
Create a group in your sql database, then assign the the users to this group and
give the group a check-item.
insert into radgroupcheck (GroupName,Attribute,op, Value) values
('your_group_name',NAS-IP-Address','==','ip_address');
If you want that a group can itself successfully authenticate through connect
from more than one nas, i think you have to define all nas's with a negated
operator '!=' from that the group/user is NOT allowed to connect/authenticate.
Hi all,
How can I control what groups can authenticate on what nas.
I would like to create a batch of users and assign those users to only
sucessfully login from a particular nas (or list of nas's)
I have freeradius 1.04 and use sql for the user/password combinations
Group 30 mins
Simultanious Use := 1
Idle Timeout = 600
Max All Sessions := 1800
It is a wireless hotspot setup.
Do I need to use huntgroups or can I add an attribute to the group?
Thanks in advance
Shane
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Control user logins by NAS
Hi all, How can I control what groups can authenticate on what nas. I would like to create a batch of users and assign those users to only sucessfully login from a particular nas (or list of nas's) I have freeradius 1.04 and use sql for the user/password combinations Group 30 mins Simultanious Use := 1 Idle Timeout = 600 Max All Sessions := 1800 It is a wireless hotspot setup. Do I need to use huntgroups or can I add an attribute to the group? Thanks in advance Shane - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
