我想在我的 FreeRADIUS 安装中添加一个自定义 SQL 检查计数器。基本上它与 Max-Daily-Session 相同,但仅限于当前Called-Station-Id
。
我将其添加到sql / mysql / counter.conf:
sqlcounter dailycounterlocation {
counter-name = Daily-Session-Location-Time
check-name = Max-Daily-Session-Location
reply-name = Session-Timeout
sqlmod-inst = sql
key = User-Name
reset = daily
query = "SELECT SUM(acctsessiontime - \
GREATEST((%b - UNIX_TIMESTAMP(acctstarttime)), 0)) \
FROM radacct WHERE username = '${key}' AND \
(UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > '%b') \
AND calledstationid = '%{Called-Station-Id}' "
}
然后在 sites-enabled/default 中:
[...]
authorize {
dailycounterlocation {
reject = 1
}
if(reject){
update reply {
Reply-Message := "You have reached your daily time limit from this location"
}
reject
}
}
最后在自定义词典文件中:
ATTRIBUTE Max-Daily-Session-Location 107 integer
如果用户在此重置期间(今天)有先前的会话,则此方法有效,但如果这是当天的第一个会话,则Session-Timeout
不会返回属性,因此不会强制执行限制。
如果我将工厂添加Max-Daily-Session
到用户,则在组 SQL 查询后的第二天第一次连接期间,我会在调试中看到以下内容:
rlm_counter: Current Time: 1425241760 [2015-03-01 21:29:20], Next reset 1425250800 [2015-03-02 00:00:00]
rlm_counter: reset_db: Closing database
rlm_counter: reset_db: Opened new database
rlm_counter: add_defaults: Start
rlm_counter: DEFAULT1 set to 1425250800
rlm_counter: DEFAULT2 set to 1425078000
rlm_counter: add_defaults: End
rlm_counter: reset_db ended
rlm_counter: Entering module authorize code
rlm_counter: Searching the database for key 'ALG02MAX'
rlm_counter: Could not find the requested key in the database.
rlm_counter: Check item = 200, Count = 0
rlm_counter: res is greater than zero
rlm_counter: (Check item - counter) is greater than zero
rlm_counter: Authorized user ALG02MAX, check_item=200, counter=0
rlm_counter: Sent Reply-Item for user ALG02MAX, Type=Session-Timeout, value=200
++[daily] = ok
这样,默认值为200返回Session-Timeout
(在表中radgroupcheck
)。为什么我的计数器没有发生这种情况?我遗漏了什么?谢谢
答案1
解决这个问题的方法是在模块配置中添加一个计数器,并从authorize
站点配置文件的部分调用它。
另外modules/counter
:
counter dailylocation {
filename = ${db_dir}/db.daily
key = User-Name
count-attribute = Acct-Session-Time
reset = daily
counter-name = Max-Daily-Session-Location-Time
check-name = Max-Daily-Session-Location
reply-name = Session-Timeout
allowed-servicetype = Framed-User
cache-size = 5000
}
然后sites-enabled/default
在 部分中authorize
,紧接着daily
添加
dailylocation
这将使计数器能够被检查!