How to use sqlcounter correctly?
Hello,
I am new to FreeRadius, and I have to ask you for help. I have a
Radius server 0.93 running authenticating against MySQL, and so far I
have no problems. What I need is to return a number in the
Session-Timeout attribute, according to the time still allowed for use
to the user when he logs on.
I already activated the sqlcounter module, and the conf file has just
this:
sqlcounter noresetcounter {
counter-name = Max-All-Session-Time
check-name = Max-All-Session
sqlmod-inst = sql
key = User-Name
reset = never
query = "SELECT SUM(AcctSessionTime) FROM radacct WHERE
UserName='%{%k}'"
}
As I use only the tables in MySQL for authentication, where do I have
to include the "Check item value pair" that Freeradius does complain
about? I didn't understand the answer Kostas gave in ocotober last
year, maybe somebody could explain a little further?
In my "radcheck" table I test the username against his password, in
radgroupcheck I test the GroupName against "Local" authentication, and
in "radgroupreply" I have a bunch of attributes I send back to the
authentication request. I assume this is the correct way to do it,
please correct me if I am wrong.
No how I make the "Session-Timeout" return the result of a number
minus the time already calculated by noresetcounter, and how I
make the counter work, instead of getting this message below?
rlm_sqlcounter: Could not find Check item value pair
Thank you very much in advance...
Ulrich
--
MindQuake Serviços de Informática Ltda.
TheBat! 2.10.03 on Windows XP 5.1 build 2600 Service Pack 1
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Returning check pairs from MySQL
AD> The Session-Timeout is inappropriate here. The Login-Time
AD> attribute is a magic server-side attribute, which will set
AD> Session-Timeout, so that the user is automatically kicked off at
AD> the end of the time.
I need to return the value of a calculation as the Session-Timeout.
How should this be done?
I have a sqlcounter set up like this:
sqlcounter noresetcounter {
counter-name = Max-All-Session-Time
check-name = Max-All-Session
sqlmod-inst = sql
key = User-Name
reset = never
query = "SELECT SUM(AcctSessionTime) FROM radacct WHERE
UserName='%{%k}'"
}
I hoped to retrieve the full amount of time used by the user, but as
it seems all I get is a boolean:
rlm_sqlcounter: (Check item - counter) is greater than zero
I need to get the current value of the counter, substract that value
from the maximum amount of time allowed for the user (according to his
subscription plan), and return the result as the Session-Timeout
attribute.
If I place "Max-All-Session := 500" in radgroupcheck, for example,
and the query returns the total amount of time used (greated than
zero), I get just a "Session-Timeout = 500".
If you know how to make this work, a reply with instructions would be
very appreciated.
Ulrich
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Returning check pairs from MySQL
UP> If you know how to make this work, a reply with instructions would UP> be very appreciated. I found the reason why my configuration didn't work. Problem solved for now, thanks for your time. Ulrich - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: timed usergroups for each type. in authentication method (user files)
rdo, sexta-feira, 7 de maio de 2004 às 15:06 você escreveu:
rsp> I´m using freeradius and the autentication methos by userfile, now i have to
rsp> create 2 usergroups, one for 1hour to surf in the internet othre for 6hours.
rsp> Can anyone help me about creating these 2 usergroups and setting ups each user
rsp> for desired usergroup.
Olá Rui,
eu escrevi uma mensagem para outra pessoa há poucos minutos, tratando
de uma situação parecida. Veja se isso não lhe ajuda... Você precisa
usar SQL para este método, ele não funciona com arquivos.
-
Hi,
this is my attempt to explain how to make the SQL counters work. It is
not too hard to make it work, once you have a stable installation. I
wasn't able to make it work, for several reasons...
Have a look at the file rlm_sqlcounter in the doc folder. It will tell
you that you have to compile the server with support for
rlm_sqlcounter installed. The configure script refused to build a
valid Makefile on my FreeBSD 4.5 box, but worked fine on 5.2.
Once you have the server compiled with that option, follow the text
file and create a sqlcounter.conf file. I am using just this for now:
sqlcounter noresetcounter {
counter-name = Max-All-Session-Time
check-name = Max-All-Session
sqlmod-inst = sql
# key = User-Name
key = Stripped-User-Name
reset = never
query = "SELECT SUM(AcctSessionTime) FROM radacct WHERE
UserName='%{%k}'"
}
I don't know how you are storing the usernames in your tables. I am
stripping the domain, so I had to modify the original example to get a
result from MySQL instead of an empty response.
Then, still following the doc/rlm_sqlcounter file, I included the
noresetcounter in the authorize section of radiusd.conf.
Now all you should have to do is create a group which checks the
Max-All-Session value. My tables are set up like this:
radcheck is used only for the password check:
'username' == 'somepassword'
radgroupcheck checks for the maximum allowed time for the subscription
plan the user belongs to:
'groupname' Max-All-Session := 600 <- I used just 5 minutes of allowed time
'groupname' Auth-Type := Local
radgroupreply contains everything I have to send back, but note that
the Session-Timeout is generated by the counter and added
automatically:
'groupname' Framed-Protocol == PPP
'groupname' Service-Type == Framed-User
'groupname' Idle-Timeout := 600
'groupname' Acct-Interim-Interval := 300
Naturally you will need at least one account record to test the
setup. If you run the server in debug mode, you should get something
like this:
rlm_sqlcounter: (Check item - counter) is greater than zero
rlm_sqlcounter: Authorized user joao.silva, check_item=600, counter=586
rlm_sqlcounter: Sent Reply-Item for user joao.silva, Type=Session-Timeout, value=14
As the user stayed on-line for 586 seconds already, he has only 14
seconds left. The package sent back to the user is something like
this:
Framed-Protocol == PPP
Service-Type == Framed-User
Idle-Timeout := 600
Acct-Interim-Interval := 300
Session-Timeout = 14
Well, I hope this helps you somehow.
Ulrich
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
