[RADIATOR] Quota Deduction using Authby SQL realm

[Heikki Vatiainen]

On 01/28/2013 02:24 PM, Thomas KCCG wrote:

> I am using Authby SQL realm for authentication purpose. Once the
> session is end for a quota based user it should deduct the used quota
> (Acct-input-octets in bytes) from the quota left.(Acct-input-octets
> gives the number of bytes used and this will be available with
> accounting stop packet from the NAS at user’s session end.

Here's how you could write blocktime configuration with Handlers:

<AuthBy SQL>
    Identifier Block-Time-SQL

    DBSource        dbi:mysql:radius
    DBUsername      mikem
    DBAuth          fred

    AuthSelect select TIMELEFT from BLOCK_USERS \
        where USERNAME='%n'
    AuthColumnDef 0, Session-Timeout, reply

    AcctSQLStatement update BLOCK_USERS set \
        TIMELEFT=TIMELEFT-0%{Acct-Session-Time} \
        where USERNAME='%n'
</AuthBy>

<Handler Request-Type=Accounting-Request>
    AuthBy Block-Time-SQL
</Handler>

<Handler>
    AuthBy Block-Time-SQL
    PostAuthHook file:"%D/CheckBlockTimeLeft"
</Handler>


Just to keep things short, it uses the same AuthBy for authentication
and accounting.

To update bytes left, you would have a BYTESLEFT column which
AcctSQLStatement updates.

AuthColumnDef would now put the selected BYTESLEFT into request for the
hook to retrieve from. You can use any attribute name when pushing to
request, e.g. X-BytesLeft

In the CheckBlockTimeLeft hook you would now instead do
$p->get_attr('X-BytesLeft') to get the current quota and compare it just
like time is now compared.

Thanks,
Heikki


-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.