Mikrotik-Xmit-Limit - Not enforced on first logon but is on subsequent logons...
Sorry, forgot to mention it is a routeros hotspot setup. Ok I have added “Mikrotik-Xmit-Limit” for the account to radreply as well and can confirm the download megabyte limit is now enforced on first logon. Is this the best way to do it? Am I doing something wrong? Tks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Mikrotik-Xmit-Limit - Not enforced on first logon but is on subsequent logons...
Hi all, Doing some trials with freeradius 2.x with the intention of moving from 1.1.7 I have an odd problem with mikrotik nas. An account with download limit will not enforce the limit on the first logon but will on subsequent logons. On the first logon, no limit is imposed in mikrotik and the account can use unlimited traffic. If I log off then log on again, the limit is enforced... (I have checked in winbox and the "limit bytes in" column is not populated on first logon). It is taking me a while to get use to v2 of freeradius. Tks Setup details below: User account has attribute Mikrotik-Xmit-Limit := 10471200 in radcheck Do I need to have something in radreply as this is where the shaping is done? In: sql/mysql/counter.conf sqlcounter downloadbytecounter { counter-name = Mikrotik-Xmit-Limit check-name = Mikrotik-Xmit-Limit reply-name = Mikrotik-Xmit-Limit sqlmod-inst = sql key = User-Name reset = never query = "SELECT SUM(acctoutputoctets) FROM radacct WHERE username='%{%k}'" } In sites-available/default authorize { downloadbytecounter - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Thanks Alan
Or buy the coders a beer :-) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] dius.org] On Behalf Of Sean Sent: Tuesday, 14 February 2006 5:13 AM To: freeradius-users@lists.freeradius.org Subject: Thanks Alan On Mon, 2006-02-13 at 19:58 +0100, [EMAIL PROTECTED] wrote: > Phil Mayers <[EMAIL PROTECTED]> wrote: > > Alan, in case anyone hasn't said it recently - you do an excellent > job > > maintaining this project under difficult conditions. You have my and > I > > suspect many other peoples sincere gratitude, and I can only hope > it's > > as rewarding for you as it is helpful for us. > > Thanks. > > FreeRADIUS is being used as part of the core product in at least 3 > startups I know of, and possibly as many as 5. It's at the point now > where it's getting me more professional attention than my other work > activities. > > Alan DeKok. Alan, I'd like to add my thanks also. FreeRadius is at the core of swarmhotspots.com and I'm amazed at the help and support that is available from you and the open source community. The best way to show your appreciation is to contribute something back. Regards, Sean http://swarmhotspots.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: return ALL the AVPs for a username that belongs multiple groups
Lenir wrote: Can anyone please help me with this? Thanks, Lenir Just a thought. Create a 3rd group with the attributes you need? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lenir Sent: Wednesday, November 02, 2005 7:34 PM To: 'FreeRadius users mailing list' Subject: RE: return ALL the AVPs for a username that belongs multiple groups Here's the rest of my config. Notice, that username 3000 belongs to group Dialin and Dialin2. The user can register fine, however in this case the Access-Accept packet only returns the AVPs related to group Dialin (I'm guessing is because it's the first one that it matches). mysql> select * from radcheck; ++--+---++--+ | id | UserName | Attribute | op | Value| ++--+---++--+ | 1 | Jhassell | Password | == | changeme | | 2 | Rneis| Password | == | changeme | | 3 | 1000 | Password | == | 1000 | | 4 | 2000 | Password | == | 2000 | | 5 | 3000 | Password | == | 3000 | ++--+---++--+ 5 rows in set (0.00 sec) mysql> select * from radreply; Empty set (0.00 sec) mysql> select * from usergroup; ++--++ | id | UserName | GroupName | ++--++ | 1 | Jhassell | Dialin | | 2 | Rneis| Staticdial | | 3 | 1000 | Dialin | | 4 | 2000 | Dialin | | 5 | 3000 | Dialin | | 6 | 3000 | Dialin2| ++--++ 6 rows in set (0.00 sec) mysql> select * from radgroupcheck; Empty set (0.00 sec) mysql> select * from radgroupreply; ++---+---++--+-- ---+ | id | GroupName | Attribute | op | Value| prio | ++---+---++--+-- + | 1 | Dialin| Reply-Message | = | "Authenticated by group Dialin" | 0 | | 2 | Dialin2 | SIP-AVP | = | Cust-AVP:feat_2 | 0 | | 3 | Dialin| SIP-AVP | = | Cust-AVP:feat_1 | 0 | ++---+---++--+-- + 3 rows in set (0.00 sec) mysql> select * from radpostauth; Empty set (0.00 sec) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok Sent: Friday, October 28, 2005 1:34 PM To: FreeRadius users mailing list Subject: Re: return ALL the AVPs for a username that belongs multiple groups "Lenir" <[EMAIL PROTECTED]> wrote: Radius replies with the AVPs of the first group that it matches that the user belongs to. Instead of returning all the AVPs for all the groups that the user belongs to. The example you posted didn't include groups or reply AVP's. So I guess the question is, can a user belong to multiple groups? If so, how can radius reply with all the AVPs that correspond to ALL the groups that the user belongs to? Yes, and you configure the server to do that. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Grab caller id and insert into radcheck how to
Jonathan De Graeve wrote: You should use: IF NOT EXISTS Thanks Jonathan, I did some more testing today and came up with something that works for us... Shane Hi all, I an attempting to add an additional attribute upon the first login for user accounts and I am a bit lost. The way I am testing this is with postauth query. postauth_query = "INSERT into ${authcheck_table} (id, UserName, Attribute, op, value) values('', '%{SQL-User-Name}', 'Calling-Station-Id', '==', '%{Calling-Station-Id}' )" This works great but it adds a new record every time the user successfully authenticates. Not a problem really but there are also users I don't need to lock to a caller id. I tried using postauth_query = "UPDATE in various ways but I just can't get my head around it. If I manually create an entry in radcheck for a user with the attribute "Calling-Station-Id" and a "NULL" value, then the user can't login obviously. Does anybody have any ideas how to have this attribute somehow dynamically created when the user first logs in if they are a member of a group and ultimately not create it if the record already exists? Any ideas or pointers greatly appreciated. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Grab caller id and insert into radcheck how to
Hi all, I an attempting to add an additional attribute upon the first login for user accounts and I am a bit lost. The way I am testing this is with postauth query. postauth_query = "INSERT into ${authcheck_table} (id, UserName, Attribute, op, value) values('', '%{SQL-User-Name}', 'Calling-Station-Id', '==', '%{Calling-Station-Id}' )" This works great but it adds a new record every time the user successfully authenticates. Not a problem really but there are also users I don't need to lock to a caller id. I tried using postauth_query = "UPDATE in various ways but I just can't get my head around it. If I manually create an entry in radcheck for a user with the attribute "Calling-Station-Id" and a "NULL" value, then the user can't login obviously. Does anybody have any ideas how to have this attribute somehow dynamically created when the user first logs in if they are a member of a group and ultimately not create it if the record already exists? Any ideas or pointers greatly appreciated. Thanks Shane - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Control user logins by NAS
That did the trick.Thanks Christian Shane Christian Meutes wrote: Create a group in your sql database, then assign the the users to this group and give the group a check-item. insert into radgroupcheck (GroupName,Attribute,op, Value) values ('your_group_name',NAS-IP-Address','==','ip_address'); If you want that a group can itself successfully authenticate through connect from more than one nas, i think you have to define all nas's with a negated operator '!=' from that the group/user is NOT allowed to connect/authenticate. Hi all, How can I control what groups can authenticate on what nas. I would like to create a batch of users and assign those users to only sucessfully login from a particular nas (or list of nas's) I have freeradius 1.04 and use sql for the user/password combinations Group 30 mins Simultanious Use := 1 Idle Timeout = 600 Max All Sessions := 1800 It is a wireless hotspot setup. Do I need to use huntgroups or can I add an attribute to the group? Thanks in advance Shane - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Control user logins by NAS
Hi all, How can I control what groups can authenticate on what nas. I would like to create a batch of users and assign those users to only sucessfully login from a particular nas (or list of nas's) I have freeradius 1.04 and use sql for the user/password combinations Group 30 mins Simultanious Use := 1 Idle Timeout = 600 Max All Sessions := 1800 It is a wireless hotspot setup. Do I need to use huntgroups or can I add an attribute to the group? Thanks in advance Shane - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html