15/03/2007
This module is sligthly different than last module; The significant difference is in the query attribute where the sql query will calculate the time used by a user from the first access time of a user.
It will compare to Access-Period we define, and terminate a user session when the times expire.
Using this, we can limit a user access period for 1 day or 1 week from his first time he login using the a prepaid card.
The counter module we create is as below,
— snipped —
sqlcounter accessperiod {
counter-name = Max-Access-Period-Time
check-name = Access-Period
sqlmod-inst = sql
key = User-Name
reset = never
query = “SELECT UNIX_TIMESTAMP() – UNIX_TIMESTAMP(AcctStartTime) FROM radacct WHERE UserName = ‘%{%k}’ ORDER BY AcctStartTime LIMIT 1″
}
— snipped —
In the authorize section, we should include the module:
— snipped —
authorize {
preprocess
chap
mschap
suffix
eap
files
sql
pap
accessperiod
}
— snipped —
And as usual, we need to restart/reload the server to make the new configuration take effect.
Then for the radcheck table, we insert the appropriate attribute:
+—-+———–+——————-+—-+————-+
| id | UserName | Attribute | op | Value |
+—-+———–+——————-+—-+————-+
| 3 | user | Access-Period | := | 3600 |
+—-+———–+——————-+—-+————-+
6 Comments | 
Freeradius, Open Source | 
Permalink
Posted by fadli
15/03/2007
I learned this while integrating phpmyprepaid into my radius server.
The purpose of this configuration is to limit a user by the time he use our network.
Let say as example I want to limit a user only 1 hour per prepaid card.
So what I did is define a counter using sqlcounter module in the radius.conf file;
— snipped —
sqlcounter timelimit {
counter-name = Max-All-Session-Time
check-name = Max-All-Session
sqlmod-inst = sql
key = User-Name
reset = never
query = “SELECT SUM(AcctSessionTime) FROM radacct where UserName=’%{%k}’”
}
— snipped —
In the configuration I set the check-name as Max-All-Session, this will apply to the the radcheck table. You can choose other name, the same name should be use in the radcheck table. in the query part is the sql query we use to get the data for accounting. From the above query radius server will get the sum of session time of the user from radacct table. It will compare with Max-All-Session check item and terminate the session when the time is reached.
but the server does not do accounting yet, to enable accounting we must specify the module we define in authorize section in the radius.conf.
— snipped —
authorize {
preprocess
chap
mschap
suffix
eap
files
sql
pap
timelimit
}
— snipped —
Then we need to restart/reload the server to make the new configuration take effect.
To force the setting to the user we must insert the regarding attribute into the radcheck table:
as example:
+–+———–+—————–+—+———-+
| id | UserName| Attribute | op | Value |
+–+———–+—————–+—+———-+
| 1 | user | User-Password | := | p45sw0rd |
| 2 | user | Max-All-Session | := | 3600 |
+–+———–+—————–+—+———-+
4 Comments | 
Freeradius, Open Source | 
Permalink
Posted by fadli
