Mikrotik + FreeRadius + MySQL + Hotspot
RouterOS general discussion

16 posts   •   Page 1 of 1
wjw
Frequent Visitor
Frequent Visitor
 
Posts: 91
Joined: Thu Jun 10, 2004 12:59 am
Location: New Zealand

Mikrotik + FreeRadius + MySQL + Hotspot

by wjw » Tue Aug 31, 2004 5:43 am

Hi all,

I've been googling for a while now and had no luck answering the following:

1. How do I add the mikrotik attributes to my freeradius server? (to limit online time, data download, speed etc) (I jave found this and will try it: phpbb2/viewtopic.php?t=554&highlight=freeradius)

2. How do I get the Radius server to log, data totals, time online etc????

3. Can all login files be external? ie can ther servlet, once authed the user redirect to another machine? I've tried the stuff in the manual for the login pages, but would like to go further.

Thanks,

Bill

wjw
Frequent Visitor
Frequent Visitor
 
Posts: 91
Joined: Thu Jun 10, 2004 12:59 am
Location: New Zealand

by wjw » Tue Aug 31, 2004 6:13 am

okay I've answered 1 and got it working, but when the user logs on it doesnt give them any error messages, the mikrotik logs says Traffic limit reached, but I need the user to get this too...

wjw
Frequent Visitor
Frequent Visitor
 
Posts: 91
Joined: Thu Jun 10, 2004 12:59 am
Location: New Zealand

by wjw » Wed Sep 01, 2004 12:08 am

Now have a new question, have been going through the Radius Attributes and can't find a time limit one, ie I need to limit people to say a total of 2 hours online.... any ideas on the attribute???

thx

Bill

User avatar
lastguru
Member
Member
 
Posts: 439
Joined: Fri May 28, 2004 9:04 pm
Location: Certified Trainer/Consultant in Riga, Latvia

by lastguru » Wed Sep 01, 2004 2:54 am

That should be done through Session-Timeout. I.e., the RADIUS server will calculate the appropriate value of Session-Timeout knowing the time the user has already spent, and the time he/she can totally spend.
International MikroTik Certified Trainer and Consultant form Latvia.
I do RouterOS Training and Certification worldwide!

skype: lastguru

wjw
Frequent Visitor
Frequent Visitor
 
Posts: 91
Joined: Thu Jun 10, 2004 12:59 am
Location: New Zealand

by wjw » Wed Sep 01, 2004 10:26 am

Cool will give that a go, thanks... ;)

wjw
Frequent Visitor
Frequent Visitor
 
Posts: 91
Joined: Thu Jun 10, 2004 12:59 am
Location: New Zealand

by wjw » Wed Sep 01, 2004 11:59 am

Ok have given that a go and it doesn't do what I need :(

Let me explain what I'm doing:

1. Customer buys 2 hours of time
2. Staff create account with 2 hours of time
3. When time is used, account is disabled.

Session-timeout doesn't do thi unfortunately... any ideas on an attribute that does?

Also I can't seem to get the mikrotik box to send an error to the client when their TxLimit, RXLimit or Session-Limit is reached. The mikrotik logs what happens, but doesnt send that info to the client. As far as the clients concerned all they get is a DNS error in their browser.

TIA,

Bill

wjw
Frequent Visitor
Frequent Visitor
 
Posts: 91
Joined: Thu Jun 10, 2004 12:59 am
Location: New Zealand

by wjw » Wed Sep 01, 2004 1:31 pm

Ok I've got the Max Time limit working, still need the error pages to work tho :(

Eg normally when a user logs on the radius server sends:

rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=28, length=68
HSpot-Location = 1
HSpot-Plan = 0
Ascend-Data-Rate = 128000
Idle-Timeout = 180
Session-Timeout = 416

But when their time expires, it sends:

rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=42, length=104
Reply-Message = "Your maximum never usage time has been reached"
HSpot-Location = 1
HSpot-Plan = 0
Ascend-Data-Rate = 128000

Now what I can't get to work is the Radius Error message to appear in the users web browser.

User avatar
cmit
Forum Guru
Forum Guru
 
Posts: 1551
Joined: Fri May 28, 2004 12:49 pm
Location: Germany

by cmit » Wed Sep 01, 2004 2:52 pm

Well, that's not the way it is supposed to work. The Reply-Message attribute is sent to the router (in this case MikroTik) which can do with it whatever it wants to. I'm quite sure MikroTik doesn't take the Reply-Message from RADIUS to display it on a web page (or anywhere at all).

To achieve what you are trying you could for example try the following:
Users having reached the usage limits are given IP addresses from a separate ip pool.
Then create some redirection rule in MikroTik for all requests from this address range to dst port 80 (TCP) to a local web server which is serving the page you want those customers to see (e.g. "your usage limit has been reached"). You would also need to allow DNS traffic from this separate address range, I suppose - otherwise customers won't see you special web page but just get an DNS error.

Sorry, no finished config at hand - you have to fiddle around yourself... :D
Best regards,
Christian Meis
--
info(at)cmit(dot)de

wjw
Frequent Visitor
Frequent Visitor
 
Posts: 91
Joined: Thu Jun 10, 2004 12:59 am
Location: New Zealand

by wjw » Thu Sep 02, 2004 2:55 am

cmit wrote:Well, that's not the way it is supposed to work. The Reply-Message attribute is sent to the router (in this case MikroTik) which can do with it whatever it wants to. I'm quite sure MikroTik doesn't take the Reply-Message from RADIUS to display it on a web page (or anywhere at all).



From what I understand in the manual it should do. I will try what you suggest tho ;)

User avatar
mag
Member
Member
 
Posts: 378
Joined: Thu Jul 01, 2004 12:32 pm
Location: Cologne, NRW, Germany

by mag » Thu Sep 02, 2004 9:50 am

would you like to share an example users-file entry? i am in the process of setting up an microtik / (free)radius / billing-software environment myself.
tia.

wjw wrote:From what I understand in the manual it should do. I will try what you suggest tho ;)

wjw
Frequent Visitor
Frequent Visitor
 
Posts: 91
Joined: Thu Jun 10, 2004 12:59 am
Location: New Zealand

by wjw » Thu Sep 02, 2004 10:02 am

First thing to make sure of is that MYSQL and FreeRadius and working properly. Also to do time limited accounts you'll need to setup sqlcounter, which comes in the /usr/share/freeradius/ folder there are a few things to do to set it up. But you shouldn't have to recompile, or at least on mine I didnt.

Once I got FreeRadius and MySQL running right with sqlcounter, I added the dictionary.mikrotik by putting a #include in the /etc/raddb/radiusd.conf.

$INCLUDE /usr/share/freeradius/dictionary.mikrotik


Then tested the Ascend-Data-Rate (you can only use Rate-Limit MT attribute if using ppp) and other mt specific stuff I wanted. Once that worked, I added my own custom attributes to the mikrotik.dictionary file for Hotspot location and plan (avoids having two db's).

ATTRIBUTE HSpot-Location 9 integer Mikrotik
ATTRIBUTE HSpot-Plan 10 integer Mikrotik

I found that the only complicated part was getting my head around how radius actually works as I've never used it before.

BTW, I used Mandrake 10 with Freeradius 0.9.3 and Mysql ??? cant remember...

I'm now working on the user management system, will will ultimately
be what I use to bill each hotspot location.

If you get stuck try me on icq - 4-746-863

User avatar
lastguru
Member
Member
 
Posts: 439
Joined: Fri May 28, 2004 9:04 pm
Location: Certified Trainer/Consultant in Riga, Latvia

by lastguru » Thu Sep 02, 2004 1:33 pm

Just curious, what is the point of having additional attributes without support for them on the receiving end?
International MikroTik Certified Trainer and Consultant form Latvia.
I do RouterOS Training and Certification worldwide!

skype: lastguru

wjw
Frequent Visitor
Frequent Visitor
 
Posts: 91
Joined: Thu Jun 10, 2004 12:59 am
Location: New Zealand

by wjw » Thu Sep 02, 2004 2:17 pm

It speeds things up in my user management system because I only have to reference two tables instead of three (ie radreply and readcheck) for creating/editing/deleting users. Also makes my coding easier....

They must be specified as attributes or freeradius stops reading the radreply table when it hits one.

ofasa
Member Candidate
Member Candidate
 
Posts: 104
Joined: Tue Jul 20, 2004 11:42 pm

by ofasa » Fri Sep 03, 2004 3:38 pm

Hi,

If all you need to do is sell prepaid internet access, take a look at quick-r (http://www.qlinux.net/software/quick-r). That's what I'm using with my hotspot setup.

ofasa
Member Candidate
Member Candidate
 
Posts: 104
Joined: Tue Jul 20, 2004 11:42 pm

by ofasa » Fri Sep 03, 2004 4:40 pm


wjw
Frequent Visitor
Frequent Visitor
 
Posts: 91
Joined: Thu Jun 10, 2004 12:59 am
Location: New Zealand

by wjw » Sat Sep 04, 2004 6:42 am

Thanks for that, it seems to struggle on Mandrake.... hmm RH10 again... I think

16 posts   •   Page 1 of 1

Who is online

Users browsing this forum: Bing [Bot], honzam, nishadul and 66 guests

It is currently Thu Nov 27, 2014 2:36 pm