| 4 |
- |
1 |
# -*- text -*-
|
|
|
2 |
#
|
| 34 |
- |
3 |
# $Id: 2dad39a25c676821c6e602881e5bec52d738abfd $
|
| 4 |
- |
4 |
|
|
|
5 |
# counter module:
|
|
|
6 |
# This module takes an attribute (count-attribute).
|
|
|
7 |
# It also takes a key, and creates a counter for each unique
|
|
|
8 |
# key. The count is incremented when accounting packets are
|
|
|
9 |
# received by the server. The value of the increment depends
|
|
|
10 |
# on the attribute type.
|
|
|
11 |
# If the attribute is Acct-Session-Time or of an integer type we add
|
|
|
12 |
# the value of the attribute. If it is anything else we increase the
|
|
|
13 |
# counter by one.
|
|
|
14 |
#
|
|
|
15 |
# The 'reset' parameter defines when the counters are all reset to
|
|
|
16 |
# zero. It can be hourly, daily, weekly, monthly or never.
|
|
|
17 |
#
|
|
|
18 |
# hourly: Reset on 00:00 of every hour
|
|
|
19 |
# daily: Reset on 00:00:00 every day
|
|
|
20 |
# weekly: Reset on 00:00:00 on sunday
|
|
|
21 |
# monthly: Reset on 00:00:00 of the first day of each month
|
|
|
22 |
#
|
|
|
23 |
# It can also be user defined. It should be of the form:
|
|
|
24 |
# num[hdwm] where:
|
|
|
25 |
# h: hours, d: days, w: weeks, m: months
|
|
|
26 |
# If the letter is ommited days will be assumed. In example:
|
|
|
27 |
# reset = 10h (reset every 10 hours)
|
|
|
28 |
# reset = 12 (reset every 12 days)
|
|
|
29 |
#
|
|
|
30 |
#
|
|
|
31 |
# The check-name attribute defines an attribute which will be
|
|
|
32 |
# registered by the counter module and can be used to set the
|
|
|
33 |
# maximum allowed value for the counter after which the user
|
|
|
34 |
# is rejected.
|
|
|
35 |
# Something like:
|
|
|
36 |
#
|
|
|
37 |
# DEFAULT Max-Daily-Session := 36000
|
|
|
38 |
# Fall-Through = 1
|
|
|
39 |
#
|
|
|
40 |
# You should add the counter module in the instantiate
|
|
|
41 |
# section so that it registers check-name before the files
|
|
|
42 |
# module reads the users file.
|
|
|
43 |
#
|
|
|
44 |
# If check-name is set and the user is to be rejected then we
|
|
|
45 |
# send back a Reply-Message and we log a Failure-Message in
|
|
|
46 |
# the radius.log
|
|
|
47 |
#
|
|
|
48 |
# If the count attribute is Acct-Session-Time then on each
|
|
|
49 |
# login we send back the remaining online time as a
|
|
|
50 |
# Session-Timeout attribute ELSE and if the reply-name is
|
|
|
51 |
# set, we send back that attribute. The reply-name attribute
|
|
|
52 |
# MUST be of an integer type.
|
|
|
53 |
#
|
|
|
54 |
# The counter-name can also be used instead of using the check-name
|
|
|
55 |
# like below:
|
|
|
56 |
#
|
|
|
57 |
# DEFAULT Daily-Session-Time > 3600, Auth-Type = Reject
|
|
|
58 |
# Reply-Message = "You've used up more than one hour today"
|
|
|
59 |
#
|
|
|
60 |
# The allowed-servicetype attribute can be used to only take
|
|
|
61 |
# into account specific sessions. For example if a user first
|
|
|
62 |
# logs in through a login menu and then selects ppp there will
|
|
|
63 |
# be two sessions. One for Login-User and one for Framed-User
|
|
|
64 |
# service type. We only need to take into account the second one.
|
|
|
65 |
#
|
|
|
66 |
# The module should be added in the instantiate, authorize and
|
|
|
67 |
# accounting sections. Make sure that in the authorize
|
|
|
68 |
# section it comes after any module which sets the
|
|
|
69 |
# 'check-name' attribute.
|
|
|
70 |
#
|
|
|
71 |
counter daily {
|
|
|
72 |
filename = ${db_dir}/db.daily
|
|
|
73 |
key = User-Name
|
|
|
74 |
count-attribute = Acct-Session-Time
|
|
|
75 |
reset = daily
|
|
|
76 |
counter-name = Daily-Session-Time
|
|
|
77 |
check-name = Max-Daily-Session
|
|
|
78 |
reply-name = Session-Timeout
|
|
|
79 |
allowed-servicetype = Framed-User
|
|
|
80 |
cache-size = 5000
|
|
|
81 |
}
|
|
|
82 |
|