How do I get the Radius server to log, data totals, time online etc???
Can all login files be external? ie can ther servlet, once authed the user redirect to another machine? I’ve tried the stuff in the manual for the login pages, but would like to go further.
okay I’ve answered 1 and got it working, but when the user logs on it doesnt give them any error messages, the mikrotik logs says Traffic limit reached, but I need the user to get this too…
Now have a new question, have been going through the Radius Attributes and can’t find a time limit one, ie I need to limit people to say a total of 2 hours online… any ideas on the attribute???
That should be done through Session-Timeout. I.e., the RADIUS server will calculate the appropriate value of Session-Timeout knowing the time the user has already spent, and the time he/she can totally spend.
Ok have given that a go and it doesn’t do what I need
Let me explain what I’m doing:
Customer buys 2 hours of time
Staff create account with 2 hours of time
When time is used, account is disabled.
Session-timeout doesn’t do thi unfortunately… any ideas on an attribute that does?
Also I can’t seem to get the mikrotik box to send an error to the client when their TxLimit, RXLimit or Session-Limit is reached. The mikrotik logs what happens, but doesnt send that info to the client. As far as the clients concerned all they get is a DNS error in their browser.
rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=42, length=104
Reply-Message = “Your maximum never usage time has been reached”
HSpot-Location = 1
HSpot-Plan = 0
Ascend-Data-Rate = 128000
Now what I can’t get to work is the Radius Error message to appear in the users web browser.
Well, that’s not the way it is supposed to work. The Reply-Message attribute is sent to the router (in this case MikroTik) which can do with it whatever it wants to. I’m quite sure MikroTik doesn’t take the Reply-Message from RADIUS to display it on a web page (or anywhere at all).
To achieve what you are trying you could for example try the following:
Users having reached the usage limits are given IP addresses from a separate ip pool.
Then create some redirection rule in MikroTik for all requests from this address range to dst port 80 (TCP) to a local web server which is serving the page you want those customers to see (e.g. “your usage limit has been reached”). You would also need to allow DNS traffic from this separate address range, I suppose - otherwise customers won’t see you special web page but just get an DNS error.
Sorry, no finished config at hand - you have to fiddle around yourself…
would you like to share an example users-file entry? i am in the process of setting up an microtik / (free)radius / billing-software environment myself.
tia.
First thing to make sure of is that MYSQL and FreeRadius and working properly. Also to do time limited accounts you’ll need to setup sqlcounter, which comes in the /usr/share/freeradius/ folder there are a few things to do to set it up. But you shouldn’t have to recompile, or at least on mine I didnt.
Once I got FreeRadius and MySQL running right with sqlcounter, I added the dictionary.mikrotik by putting a #include in the /etc/raddb/radiusd.conf.
Then tested the Ascend-Data-Rate (you can only use Rate-Limit MT attribute if using ppp) and other mt specific stuff I wanted. Once that worked, I added my own custom attributes to the mikrotik.dictionary file for Hotspot location and plan (avoids having two db’s).
It speeds things up in my user management system because I only have to reference two tables instead of three (ie radreply and readcheck) for creating/editing/deleting users. Also makes my coding easier…
They must be specified as attributes or freeradius stops reading the radreply table when it hits one.
If all you need to do is sell prepaid internet access, take a look at quick-r (http://www.qlinux.net/software/quick-r). That’s what I’m using with my hotspot setup.
