Re: Re[2]: how can i limit traffic use?
Alexander Lunyov <[EMAIL PROTECTED]> wrote: > But, if i've understanded it right, this module reflects only on > logon process, i mean, it won't pass no attributes to NAS, it just > reject user if user's traffic is over, am i right? Still, radius > have to return traffic limit value to NAS (exppp), how can it (or i) do this? Edit the module, or write an external script to track the usage, and enforce it. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: how can i limit traffic use?
hi Well, i'm using exppp (http://shs.sumy.ua/, but it's in russian) on FreeBSD box, and exppp understands his own attributes (Exppp-Traffic-Limit and such), and i think it can kick user when traffic exceeds. How can freeradius tell exppp, how much octets user have for session? I mean, if all accounting information is in by adding these specific attributes to the replies and setting them to the needed values. if these attributes are too specific, you'll probably need new dictionary files; well, read the available doc on this issue. mysql base, radius have to do simple SELECT to sql with sum()'s, then substract this value (it will be number of octets) from some fixed value of limit and give the result to exppp as Exppp-Traffic-Limit. Well, or something like that. Can it be done in FreeRadius? I mean, all those sql queries, substraction and all of that? yes, it should be possible to do this in freeradius with sql, sqlcounter and counter modules. But, if i've understanded it right, this module reflects only on logon process, i mean, it won't pass no attributes to NAS, it just reject user if user's traffic is over, am i right? Still, radius have to return traffic limit value to NAS (exppp), how can it (or i) do this? you can add arbitrary reply items to the access-accept. sorry, but i don't know how to set the values dynamically, but it is definitly possible in freeradius. search the archives, there are variables in FR and you can also arbitrarily process the replies (you could right a simple small module doing what you want). ciao artur -- __ Artur Heckerhttp://www.enst.fr/~hecker Groupe Accès et Mobilité / Computer Science and Networks E N S T Paris ___ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: how can i limit traffic use?
Hi people, I am working about traffic limitations and all the answers are not complete. As a person said, RADIUS can control the traffic off-line when a user connects and, in the case this user spent all his quota, RADIUS reject him. However, this kind of control has to be done on-line, that is to use a device to throw away users when their quota finish. This characteristic is specific of ecah device and the device has to work with QoS (bandwidth restrictions). In that case RADIUS send the attribute of quota and QoS to the device, and the device controls to users. For instance, I have a AMPHOR@ MTR device from VAYRIS S.L. and it controls users. Santiago _ ¿Vas a comprar algo a través de Internet? Ordénalo por el mejor precio en MSN Compras. http://www.msn.es/compras/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: how can i limit traffic use?
On Mon, Mar 01, 2004 at 09:22:56AM +0300, Alexander Lunyov wrote:
> Well, i'm using exppp (http://shs.sumy.ua/, but it's in russian) on
> FreeBSD box, and exppp understands his own attributes
> (Exppp-Traffic-Limit and such), and i think it can kick user when
> traffic exceeds. How can freeradius tell exppp, how much octets
> user have for session? I mean, if all accounting information is in
> mysql base, radius have to do simple SELECT to sql with sum()'s,
> then substract this value (it will be number of octets) from some
> fixed value of limit and give the result to exppp as
> Exppp-Traffic-Limit. Well, or something like that. Can it be done
> in FreeRadius? I mean, all those sql queries, substraction and all
> of that?
You could configure a default entry like this:
DEFAULT Exppp-Traffic-Limit := %{sql:SELECT ...}
assuming you already have an instance of sql module.
> Oh, it's interesting! I think something like this will help
> (rlm_sqlcounter):
>
> sqlcounter monthlytraffic {
> counter-name = Monthly-Traffic
> check-name = Max-Monthly-Traffic
> sqlmod-inst = sql
> key = User-Name
> reset = monthly
>
> query = "SELECT (sum(AcctInputOctets)+sum(AcctOutputOctets))
> FROM radacct WHERE UserName='%{%k}' AND
> Month(AcctStopTime) =(Month(NOW())-1) AND
> Year(AcctStopTime) = Year(NOW())"
> }
No, WHERE UserName = '%k' or WHERE UserName = '%u'.
You could probably use %b - unix time value of begginning of reset period
instead of Month()/Year()/NOW() calculations.
> But, if i've understanded it right, this module reflects only on
> logon process, i mean, it won't pass no attributes to NAS, it just
> reject user if user's traffic is over, am i right? Still, radius
> have to return traffic limit value to NAS (exppp), how can it (or i) do this?
rlm_counter adds Session-Timeout to the reply only if count-attribute is
Acct-Session-Time, but rlm_sqlcounter seems to always add Session-Timeout.
Not sane, really. You could try to patch rlm_sqlcounter to accept a new
configuration value, say reply-attribute defaulting to Session-Timeout.
--
Fduch M. Pravking
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re[2]: how can i limit traffic use?
Hello Alan,
AD> Alexander Lunyov <[EMAIL PROTECTED]> wrote:
>>I'm running FreeRadius 0.9.3 on FreeBSD 4.8R-p13, and now i'm
>>planning to start using radius for authenticating and accounting my
>>Ethernet users via PPPoE. Can you tell me, where to read about 'how
>>to setup traffic limits with freeradius'?
AD> You can't, really. You can enforce traffic limits after a user has
AD> exceeded quota, for the next time a user logs in. But you can't tell
AD> the NAS to kick a user off once they've reached their quota.
Well, i'm using exppp (http://shs.sumy.ua/, but it's in russian) on
FreeBSD box, and exppp understands his own attributes
(Exppp-Traffic-Limit and such), and i think it can kick user when
traffic exceeds. How can freeradius tell exppp, how much octets
user have for session? I mean, if all accounting information is in
mysql base, radius have to do simple SELECT to sql with sum()'s,
then substract this value (it will be number of octets) from some
fixed value of limit and give the result to exppp as
Exppp-Traffic-Limit. Well, or something like that. Can it be done
in FreeRadius? I mean, all those sql queries, substraction and all
of that?
>> Because it seems to be that
>>attributes such as Monthly-Octets-Limit and Daily-Octets-Limit can
>>be used only with IC-Radius, and i didn't found anything about
>>freeradius.
AD> See rlm_counter. It counts and enforces limitations. The example
AD> configuration enforces time limits, but you can easily re-configure it
AD> to enforce bandwidth limits.
Oh, it's interesting! I think something like this will help
(rlm_sqlcounter):
sqlcounter monthlytraffic {
counter-name = Monthly-Traffic
check-name = Max-Monthly-Traffic
sqlmod-inst = sql
key = User-Name
reset = monthly
query = "SELECT (sum(AcctInputOctets)+sum(AcctOutputOctets))
FROM radacct WHERE UserName='%{%k}' AND
Month(AcctStopTime) =(Month(NOW())-1) AND
Year(AcctStopTime) = Year(NOW())"
}
But, if i've understanded it right, this module reflects only on
logon process, i mean, it won't pass no attributes to NAS, it just
reject user if user's traffic is over, am i right? Still, radius
have to return traffic limit value to NAS (exppp), how can it (or i) do this?
--
Best regards,
Alexandermailto:[EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: how can i limit traffic use?
Alexander Lunyov <[EMAIL PROTECTED]> wrote: >I'm running FreeRadius 0.9.3 on FreeBSD 4.8R-p13, and now i'm >planning to start using radius for authenticating and accounting my >Ethernet users via PPPoE. Can you tell me, where to read about 'how >to setup traffic limits with freeradius'? You can't, really. You can enforce traffic limits after a user has exceeded quota, for the next time a user logs in. But you can't tell the NAS to kick a user off once they've reached their quota. > Because it seems to be that >attributes such as Monthly-Octets-Limit and Daily-Octets-Limit can >be used only with IC-Radius, and i didn't found anything about >freeradius. See rlm_counter. It counts and enforces limitations. The example configuration enforces time limits, but you can easily re-configure it to enforce bandwidth limits. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
how can i limit traffic use?
Hello freeradius-users, I'm running FreeRadius 0.9.3 on FreeBSD 4.8R-p13, and now i'm planning to start using radius for authenticating and accounting my Ethernet users via PPPoE. Can you tell me, where to read about 'how to setup traffic limits with freeradius'? Because it seems to be that attributes such as Monthly-Octets-Limit and Daily-Octets-Limit can be used only with IC-Radius, and i didn't found anything about freeradius. -- Best regards, Alexander mailto:[EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
