一、累计时长控制 1、radiusd.conf配置文件配置 modules{ } 中开放 counter.conf配置文件 modules { $INCLUDE sql/mysql/counter.conf ...some other entries here...
2、sites-enabled/default文件的修改 authorize{ } 在最后增加计数器选项
authorize { ...some entries here... ...some entries here... ...some entries here... ...some entries here...
noresetcounter dailycounter monthlycounter }
3、基于用户的累计时长控制 在radcheck表插入用户时,需要同时插入以下几个记录 INSERT into radcheck (username, attribute, op, value) VALUES ('Glenn','Max-All-Session' ,':=','54000'); INSERT into radcheck (username, attribute, op, value) VALUES (' Glenn','Max-Daily-Session' ,':=','10800'); INSERT into radcheck (username, attribute, op, value) VALUES (' Glenn','Max-Monthly-Session' ,':=','10800');
4、基于组的累计时长控制 在radgroupcheck表中,增加组检查信息 INSERT into radgroupcheck(groupname, attribute, op, value) VALUES ('normal','Max-All-Session' ,':=','54000'); INSERT into radgroupcheck (groupname, attribute, op, value) VALUES (' normal','Max-Daily-Session' ,':=','10800'); INSERT into radgroupcheck (groupname, attribute, op, value) VALUES (' normal','Max-Monthly-Session' ,':=','10800'); 在插入用户时,在radusergroup表中管理用户到该组 INSERT INTO radusergroup (username,groupname) VALUES ('Glenn','normal');
二、累计流量控制 1、与时长控制一致,在radiusd.conf中开放 counter.conf modules{ } 中开放 counter.conf配置文件 modules { $INCLUDE sql/mysql/counter.conf ...some other entries here...
2、 在sqlcounter.conf文件末尾添加下面代码 sqlcounter dailytrafficcounter { counter-name = Daily-Traffic check-name = Max-Daily-Traffic reply-name = Daily-Traffic-Limit sqlmod-inst = sql key = User-Name reset = daily query = "SELECT SUM(acctinputoctets + acctoutputoctets) \ FROM radacct WHERE username = '%{%k}' AND \ UNIX_TIMESTAMP(acctstarttime) > '%b'" } sqlcounter monthlytrafficcounter { counter-name = Monthly-Traffic check-name = Max-Monthly-Traffic reply-name = Monthly-Traffic-Limit sqlmod-inst = sql key = User-Name reset = monthly query = "SELECT SUM(acctinputoctets + acctoutputoctets) \ FROM radacct WHERE UserName='%{%k}' AND \ UNIX_TIMESTAMP(AcctStartTime) > '%b'" } sqlcounter noresettrafficcounter { counter-name = All-Traffic check-name = Max-All-Traffic reply-name = All-Traffic-Limit sqlmod-inst = sql key = User-Name reset = never query = "SELECT SUM(acctinputoctets + acctoutputoctets) FROM radacct WHERE UserName='%{%k}'" }
3、sites-enabled/default文件的修改 authorize{ } 在最后增加计数器选项
authorize { ...some entries here... ...some entries here... ...some entries here... ...some entries here...
noresettrafficcounter dailytrafficcounter monthlytrafficcounter }
4、添加字典文件 vim /etc/raddb/dictionary 在文件末尾添加下面几行 ATTRIBUTE Max-Daily-Traffic 3003 integer ATTRIBUTE Daily-Traffic-Limit 3004 integer ATTRIBUTE Max-Monthly-Traffic 3005 integer ATTRIBUTE Monthly-Traffic-Limit 3006 integer ATTRIBUTE Max-All-Traffic 3007 integer ATTRIBUTE All-Traffic-Limit 3008 integer
5、组方式限定用量 INSERT INTO radgroupcheck (GroupName, Attribute, op, Value) values("normal", "Max-Daily-Traffic", ":=", "1048576");
INSERT INTO radgroupcheck (GroupName, Attribute, op, Value) values(" normal", "Max-Monthly-Traffic", ":=", "1073741824"); INSERT INTO radgroupcheck (GroupName, Attribute, op, Value) values(" normal ", "Max-All-Traffic", ":=", "10737418240");
注意:3.0以下版本的freeradius,由于计数器门限变量在代码中是int32,所以限制流量时,最大门限int32的最大值 ( 2147483648 ) ,即2G字节。 因此,可以考虑只按天或按月限制,不要做太长周期的限制