1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
|
# Rather than maintaining separate (GDBM) databases of
# accounting info for each counter, this module uses the data
# stored in the raddacct table by the sql modules. This
# module NEVER does any database INSERTs or UPDATEs. It is
# totally dependent on the SQL module to process Accounting
# packets.
#
# The sql-module-instance' parameter holds the instance of the sql
# module to use when querying the SQL database. Normally it
# is just "sql". If you define more and one SQL module
# instance (usually for failover situations), you can
# specify which module has access to the Accounting Data
# (radacct table).
#
# The 'reset' parameter defines when the counters are all
# reset to zero. It can be hourly, daily, weekly, monthly or
# never. It can also be user defined. It should be of the
# form:
# num[hdwm] where:
# h: hours, d: days, w: weeks, m: months
# If the letter is ommited days will be assumed. In example:
# reset = 10h (reset every 10 hours)
# reset = 12 (reset every 12 days)
#
# The 'reset_day' parameter defines which day of the month the
# 'monthly' counter should be reset; valid values are 1 to 28.
#
# The 'key' parameter specifies the unique identifier for the
# counter records (usually 'User-Name').
#
# The 'query' parameter specifies the SQL query used to get
# the current Counter value from the database. There are four
# parameters that can be used in the query:
#
# %%b unix time value of beginning of reset period.
# %%e unix time value of end of reset period.
# %%k value of 'key' parameter.
# %%r day of month the counter should be reset.
#
# The 'check_name' parameter is the name of the 'check'
# attribute to use to access the counter in the 'users' file
# or SQL radcheck or radgroupcheck tables.
#
# DEFAULT Max-Daily-Session > 3600, Auth-Type = Reject
# Reply-Message = "You've used up more than one hour today"
#
# The "dailycounter" (or any other sqlcounter module) should be added
# to "post-auth" section. It will then update the Session-Timeout
# attribute in the reply. If there is no Session-Timeout attribute,
# the module will add one. If there is an attribute, the sqlcounter
# module will make sure that the value is no higher than the limit.
#
sqlcounter dailycounter {
sql_module_instance = sql
dialect = ${modules.sql.dialect}
counter_name = Daily-Session-Time
check_name = Max-Daily-Session
reply_name = Session-Timeout
key = User-Name
reset = daily
$INCLUDE ${modconfdir}/sql/counter/${dialect}/${.:instance}.conf
}
sqlcounter weeklycounter {
sql_module_instance = sql
dialect = ${modules.sql.dialect}
counter_name = Weekly-Session-Time
check_name = Max-Weekly-Session
reply_name = Session-Timeout
key = User-Name
reset = weekly
$INCLUDE ${modconfdir}/sql/counter/${dialect}/${.:instance}.conf
}
sqlcounter monthlycounter {
sql_module_instance = sql
dialect = ${modules.sql.dialect}
counter_name = Monthly-Session-Time
check_name = Max-Monthly-Session
reply_name = Session-Timeout
key = User-Name
reset = monthly
reset_day = 1
$INCLUDE ${modconfdir}/sql/counter/${dialect}/${.:instance}.conf
}
sqlcounter noresetcounter {
sql_module_instance = sql
dialect = ${modules.sql.dialect}
counter_name = Max-All-Session-Time
check_name = Max-All-Session
key = User-Name
reset = never
$INCLUDE ${modconfdir}/sql/counter/${dialect}/${.:instance}.conf
}
#
# Set an account to expire T seconds after first login.
# Requires the Expire-After attribute to be set, in seconds.
# You may need to edit raddb/dictionary to add the Expire-After
# attribute.
sqlcounter expire_on_login {
sql_module_instance = sql
dialect = ${modules.sql.dialect}
counter_name = Expire-After-Initial-Login
check_name = Expire-After
key = User-Name
reset = never
$INCLUDE ${modconfdir}/sql/counter/${dialect}/${.:instance}.conf
}
|
