[RADIATOR] quota counter updates on "quotacounter" mysql table

Heikki Vatiainen hvn at open.com.au
Thu Feb 7 16:27:10 CST 2013 

On 02/07/2013 01:54 PM, Thomas Kurian wrote:

> Can you check the configuration below and advice me.

Hello Thomas,

Trace 4 log should tell how (which Handlers and AuthBys) process the
requests and which SQL queries are run.

But the first thing you should do is to reorganise your configuration file:
1. Use just Handlers
2. Handlers can not be inside Realms
3. Order the Handlers correctly: first matching Handler is selected

Maybe something like this:

# Global options
# <Client ...> clauses

<Handler Acct-Status-Type = Stop>
  # Config to handle just the Stops
</Handler>

<Handler Request-Type = Accounting-Request>
  # Maybe the contents of <Realm DEFAULT> from below go here?
</Handler>

I think part of the problem is the requests are not processed by
Handlers and AuthBys as you are planning. The configuration
reorganisation should help with that.

Thanks,
Heikki




> 
> # radius.cfg
> 
> 
> #Foreground
> #LogStdout
> 
> AcctPort 1813
> AuthPort 1812
> 
> BindAddress 0.0.0.0
> 
> 
> LogDir          /var/log/radius
> DbDir           /etc/radiator
> # Use a low trace level in production systems. Increase
> # it to 4 or 5 for debugging, or use the -trace flag to radiusd
> Trace           4
> 
> # You will probably want to add other Clients to suit your work site,
> # one for each NAS you want to work with
> 
> 
> <Client DEFAULT>
>         Secret  xxxxxxxx
>         DupInterval 0
> </Client>
> 
> #<Client 94.187.135.175>
>  #       Secret  ciscowimd85
>   #      DupInterval 0
>    #     NasType Cisco
> #</Client>
> 
> #<Client 94.187.135.222>
> #       Secret  xxxxxxxx
> #       DupInterval 0
> #        NasType Cisco
> #</Client>
> 
> <Client 10.50.1.4>
>         Secret  xxxxxxxx
>         DupInterval 0
>         NasType Cisco
>         IgnoreAcctSignature
> </Client>
> 
> <Realm DEFAULT>
>         <AuthBy SQL>
> 
>                 DBSource dbi:mysql:radius
>                 DBUsername xxxxxxxx
>                 DBAuth xxxxxxxx
> 
> 
> 
>                 AccountingTable ACCOUNTING
>                 AcctColumnDef   USERNAME, User-Name
>                 AcctColumnDef   ACCTSTATUSTYPE,Acct-Status-Type
>                 AcctColumnDef   FRAMEDIPADDRESS,Framed-IP-Address
>                 AcctColumnDef   ACCTINPUTOCTETS,Acct-Input-Octets
>                 AcctColumnDef   ACCTOUTPUTOCTETS,Acct-Output-Octets
>                 AcctColumnDef   TIME_STAMP,Event-Timestamp
>                 AcctColumnDef   ACCTSESSIONTIME,Acct-Session-Time
>                 AcctColumnDef   ACCTDELAYTIME,Acct-Delay-Time
>                 AcctColumnDef   ACCTSESSIONID,Acct-Session-Id
>                 AcctColumnDef   ACCTTERMINATECAUSE,Acct-Terminate-Cause
>                 AcctColumnDef   NASIDENTIFIER,NAS-Identifier
>                 AcctColumnDef   NASPORT,NAS-Port
>                 AcctColumnDef   ACCTSESSIONID,Acct-Session-Id
> 
>         </AuthBy>
>         # Log accounting to a detail file
>         AcctLogFileName %L/detail
> 
> #For strictly operating at accounting start
> 
> <Handler Acct-Status-Type = Start>
> 
>         PostAuthHook file:"%D/thomas.pl";
> 
> </Handler>
> 
> 
> _#For strictly processing with Accounting Stop packets__
> __
> __<Handler Acct-Status-Type = Stop>__
> __
> __<AuthBy SQL>__
> __    Identifier Block-Quota-SQL__
> __
> __    DBSource        dbi:mysql:radius__
> __    DBUsername      _xxxxxxxx_
> __    DBAuth          _xxxxxxxx_
> __
> __  AccountingStopsOnly__
> __  AccountingTable   quotacouunter__
> __                AuthColumnDef   username,User-Name,check__
> __
> __
> __
> __
> __
> __
> __  AuthSelect select monthlycounter from quotacounter \__
> __        where username='%n' \__
> __        And type = 'Q'__
> __    #AuthColumnDef 0, Session-Timeout, reply__
> __
> __    AcctSQLStatement update quotacounter set \__
> __        monthlycounter=monthlycounter+0%{Acct-Input-Octets} \__
> __        where username='%n' \__
> __        And Type = 'Q'__
> __
> __ AuthSelect select totalcounter from quotacounter \__
> __        where username='%n' \__
> __        And Type = 'Q'__
> __
> __    AcctSQLStatement update quotacounter set \__
> __        totalcounter=totalcounter+0%{Acct-Input-Octets} \__
> __        where username='%n' \__
> __        And Type = 'Q'__
> __
> __</AuthBy>__
> __
> __</Handler>__
> _
> 
> 
> # Accept processing of other accounting requests of the genre start and
> interim
> 
>  <Handler Request-Type = Accounting-Request>
> 
>         <AuthBy INTERNAL>
>                 AcctResult ACCEPT
>         </AuthBy>
> 
>  </Handler>
> 
> 
> 
> </Realm>
> 
> -- 
> Best Regards,
> 
> Thomas Kurian
> IT Security Engineer (B.Tech. – Electrical)
> Kuwaiti Canadian Consulting Group (www.kccg.com)
> T: +965 22435566
> F: +965 22415149
> E: thomas at kccg.com
> 
> 
> 
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
> 


-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.

More information about the radiator mailing list