DMS Radius Manager 4. Simple Question

Hi

Does anyone know how to force self-register user to first pay for the month before he/she will be allowed to log in and use the internet.?

Cause right now new users register and right away they can use the internet without paying.

I dont want users to verified the registration that is not needed. I want them to register and pay and only when is payed they are allowed to log in and use the internet.

I dont see any options in AC panel to forece the user to pay before using the service.



Thanks for help

First, insure you have NTP client set up on the router. Without the correct time, some of these radius functions don’t work.

Second, activate radius debug logging on the router.

/system logging
add topics=radius,debug action=memory

That will put the entire radius transaction in the log so you can see what is being sent by the radius server. I think (if like mine) it will send a WISPr-Session-Terminate-Time value to logout the user and prevent another login when that date/time is reached. That is why it is important to insure the NTP client is set up.

edit: I set up my radius server (FreeRADIUS) to be a NTP server also, and the routers use it.

Thx 4 input but thy does not anwer my question. Read again .


I need to make sure people pay before they are allowed to login.

Anyone did this before?

Thx

You are welcome, but your reply did not answer my questions.

Do you have NTP set up in the router? My system sends a radius response of access-accept with the current date and time when the client enters the info in the RADIUS database.

Like now, if the client tries to login with the user and password in the database, it would send an access-accept with WISPr-Session-Terminate-Time = 2014-02-01T10:02:00. If your NTP is working, the time in the router now (a few seconds later) is 2014-02-01T10:02:10. It would not let you login, not because the it received access-reject, but the WISPr-Session-Terminate-Time has passed.

If you do not have NTP set correctly, the date/time in the router would be 1970-01-01T01:00:00. You could login for the next 44 years.

edit: Just to make it clear. If the client sends the correct user/password, the RADIUS database sends access-accept. If the client has not paid for any time, the WISPr-Session-Terminate-Time will be some time in the past, so the client cannot login. Once the client pays, the WISPr-Session-Terminate-Time will be changed to a time in the future to match the time the client purchased, and the client can login.

And the great part about this forum is you can wait for another response.

Hi

Thanks for you info. But I dont see those entries like you mentioned in my RADIUS log file on my mikrotik router. Time (SNTP ) on the mikrotik router are set up appropriated and are ok on the Radius too.


RADIUS ssh welcome msg:

Welcome to Ubuntu!

• Documentation: https://help.ubuntu.com/

System information as of Sat Feb 1 21:39:41 EST 2014

System load: 0.0 Processes: 228
Usage of /: 80.7% of 33.64GB Users logged in: 1
Memory usage: 44% IP address for eth0: 192.168.88.252
Swap usage: 4%

I dont see WISPr-Session-Terminate-Time in my log so i dont know what that is. New users still self-register them self without paying, and they use internet for free.

2.png1920×1080 206 KB

1.png1920×1080 206 KB

Workspace 1_006-2.png1920×1080 155 KB

Those are all accounting requests, not access requests. Here is my radius access-request. I set the access-request in bold, along with the WISPr-Session-Terminate-Time.

feb/01 21:19:44 hotspot,debug tim (192.168.1.254): sending RADIUS authentication request
feb/01 21:19:44 radius,debug new request 3f:49 code=> Access-Request > service=hotspot called-id=hs-ether2
feb/01 21:19:44 radius,debug sending 3f:49 to 68.99.58.117:1812
feb/01 21:19:44 radius,debug,packet sending > Access-Request > with id 7 to 68.99.58.117:1812
feb/01 21:19:44 radius,debug,packet Signature = 0xd46ff18128764ee19f2ab478d60941e6
feb/01 21:19:44 radius,debug,packet NAS-Port-Type = 19
feb/01 21:19:44 radius,debug,packet Calling-Station-Id = “00:16:76:04:CC:1E”
feb/01 21:19:44 radius,debug,packet Called-Station-Id = “hs-ether2”
feb/01 21:19:44 radius,debug,packet NAS-Port-Id = “ether2”
feb/01 21:19:44 radius,debug,packet User-Name = “tim”
feb/01 21:19:44 radius,debug,packet NAS-Port = 2150629384
feb/01 21:19:44 radius,debug,packet Acct-Session-Id = “80300008”
feb/01 21:19:44 radius,debug,packet Framed-IP-Address = 192.168.1.254
feb/01 21:19:44 radius,debug,packet MT-Host-IP = 192.168.1.254
feb/01 21:19:44 radius,debug,packet CHAP-Challenge = 0x6fbfa13c4a5bcdf4bb55c9000c15854b
feb/01 21:19:44 radius,debug,packet CHAP-Password = 0x8b3d82a9c575a5b6e931477643b458f1
feb/01 21:19:44 radius,debug,packet 0c
feb/01 21:19:44 radius,debug,packet Service-Type = 1
feb/01 21:19:44 radius,debug,packet WISPr-Logoff-URL = "> http://192.168.1.1/logout> "
feb/01 21:19:44 radius,debug,packet NAS-Identifier = “test”
feb/01 21:19:44 radius,debug,packet NAS-IP-Address = 68.99.58.119
feb/01 21:19:44 radius,debug,packet received > Access-Accept > with id 7 from 68.99.58.117:1812
feb/01 21:19:44 radius,debug,packet Signature = 0xc9aeb7891a974236e4a09ef52caf3a3a
feb/01 21:19:44 radius,debug,packet > WISPr-Session-Terminate-Time = “2014-02-03T23:59:59”

Here is one that the login failed with “user tim has reached uptime limit”. Note WISPr-Session-Terminate-Time is 2 days ago.

feb/01 21:27:11 hotspot,debug tim (192.168.1.254): sending RADIUS authentication request
feb/01 21:27:11 radius,debug new request 3f:4f code=Access-Request service=hotspot called-id=hs-ether2
feb/01 21:27:11 radius,debug sending 3f:4f to 68.99.58.117:1812
feb/01 21:27:11 radius,debug,packet sending Access-Request with id 10 to 68.99.58.117:1812
feb/01 21:27:11 radius,debug,packet Signature = 0x1a067abd216860baa4b4e4e2d6bd3fa4
feb/01 21:27:11 radius,debug,packet NAS-Port-Type = 19
feb/01 21:27:11 radius,debug,packet Calling-Station-Id = “00:16:76:04:CC:1E”
feb/01 21:27:11 radius,debug,packet Called-Station-Id = “hs-ether2”
feb/01 21:27:11 radius,debug,packet NAS-Port-Id = “ether2”
feb/01 21:27:11 radius,debug,packet User-Name = “tim”
feb/01 21:27:11 radius,debug,packet NAS-Port = 2150629385
feb/01 21:27:11 radius,debug,packet Acct-Session-Id = “80300009”
feb/01 21:27:11 radius,debug,packet Framed-IP-Address = 192.168.1.254
feb/01 21:27:11 radius,debug,packet MT-Host-IP = 192.168.1.254
feb/01 21:27:11 radius,debug,packet CHAP-Challenge = 0xf6790ed7584f771ad8b77518c3715b19
feb/01 21:27:11 radius,debug,packet CHAP-Password = 0xdf5e2226cfb93f640bbeaaba910b4e6a
feb/01 21:27:11 radius,debug,packet b5
feb/01 21:27:11 radius,debug,packet Service-Type = 1
feb/01 21:27:11 radius,debug,packet WISPr-Logoff-URL = "> http://192.168.1.1/logout> "
feb/01 21:27:11 radius,debug,packet NAS-Identifier = “test”
feb/01 21:27:11 radius,debug,packet NAS-IP-Address = 68.99.58.119
feb/01 21:27:11 radius,debug,packet received Access-Accept with id 10 from 68.99.58.117:1812
feb/01 21:27:11 radius,debug,packet Signature = 0x692c409d3decfd15d53f1eae67afba5f
feb/01 21:27:11 radius,debug,packet WISPr-Session-Terminate-Time = “2014-01-30T23:59:59”

hi

how come i dont have WISPr-Session-Terminate-Time in my log file?

None of those log sections show where you logged in (Access-Request), only the accounting after you logged in (Interim-Update).
They are all sent to port 1813. That is the accounting port. The auth port is 1812.

edit: If your username is not a “paying customer” type, it may not send a WISPr-Session-Terminate-Time with your Access-Accept.
I have a “managers” type user that can login forever, and that is not sent with their Access-Accept.
Only paying customers get that.

Daaaaa, how to make the new self-registered users “paying customer” type?

They should be by default. Mine are. My software puts the paying customer into the MySQL database before the payment process begins with a WISPr-Session-Terminate-Time set to the current date/time.

Then the user is sent to Authorize.net where the customer pays for time, and the Authorize.net server does a callback to my Apache server with all the details of the purchase. That is when the customer’s WISPr-Session-Terminate-Time is updated in the MySQL database to the amount of time the customer purchased.

If the customer payment fails for any reason, they can try to login because the user/password is already in my database, but they can’t due to the already expired WISPr-Session-Terminate-Time.

In both cases, it is important that the router has the correct date and time to insure the paid user gets the correct amount of time online, and the failed customer does not get access.

I wrote my own software, so anything I needed, I just programmed in. I’m fairly proficient at PHP, MySQL and Apache. The interface to and callback from Authorize.net was the difficult part.

BTW, I tried using PayPal, but getting to the PayPal servers through the hotspot walled garden was too much of a hassle. The PayPal DNS TTL was too short (30 seconds or less), and the server data was deleted from the dns records before the client could finish a payment.

The company providing your RADIUS service (DMA?) should have a “playground”, “sandbox” or the like to test your setup before you start taking money from customers.

Open you Radius Manager ACP, Goto Services, and make sure in all services properties, Initial balance is set to 0.
As showed int the image below …

This way when the user will self register, his initial balance will be Zeo, so he will not be able to use the internet, he can only open the User Panel from where he can refresh his User ID using your provided refill card, if you are providing with scratch card system, or you can manually refill his account upon user request.