User-Manager - shortcomings?

SweetSunday · Fri Sep 28, 2007 7:01 am

A userman-generated admin report of:

Users: Unlimited only
Type: Amount
Period: September 1 - 30

for my personal use =

tony Sep/08/2007 21:29:16 Sep/28/2007 03:33:10 1w:3d:1h:57m:50s 32.0 MiB 622.0 MiB

A personal user?=tony generated report =

882 Aug/21/2007 10:23:36 Sep/17/2007 22:54:44 3w:6d:12h:30m:39s 2.1 GiB
124.3 MiB

943 Sep/08/2007 21:29:16 Sep/08/2007 21:36:41 7m:26s 54 B 54 B

944 Sep/08/2007 21:36:44 Sep/08/2007 21:36:53 9s 54 B 54 B

1013 Sep/18/2007 01:42:47 Sep/28/2007 03:33:10 1w:3d:1h:50m:15s 622.0 MiB 32.0 MiB

Our users purchase a fixed monthly data-cap with excess charges if they exceed it. However as can be seen from the above the session-based approach of User-manager means that I clocked up 2.1GiB between Aug 21 and September 17 but have no way of allocating it between my August or September data-caps. Ditto all my other users.

At a very minimum I need a way of triggering session restarts across the board at midnight on the last/first of every month. Can anyone help with a way/trick/script to achieve this?

krigevr · Fri Sep 28, 2007 1:08 pm

I've got a script that sends out invoices to customers roundabout the end of the month, but I can't find a way to have a script figure out which day is the last day of the month - 30, 31, or 28 in Feb, and for a leapyear, 29.

So at this stage I have a script that runs every 30 days and 10 hours, starting on 27th of June at 21:00. That way, the script won't send stuff too late, and it will send it within the month, every month, but close to the end. But I see where this can become a problem, so I've just sat down and considered letting the script update it's own Scheduler entry to make it run on 28th of every month at 23:00 or something. That's another option.

I'll give you my script if you want it.

Here's an official Feature Request for the guys at MT:
Character Handling.
Say for instance I have a date, formatted as "mmm/dd/yyyy"
I want to be able to extract the Month, Day and Year from that.
e.g.
:local date
:set date [/system clock get date] (Suppose it's today - sep/28/2007)
:put $date(3)
Output: sep

Where 3 tells the Put command to only write the first 3 characters,
which can also be used to :set the first 3 characters of $date to a new variable.
Same goes for any other piece of information.

Extra function: (Suppose again that date is today - sep/28/2007)
:put $date(5,2)
Output: 28

Where 4 states at which character the Putting must begin,
and 2 states how many characters must be Put from that point on.
Of course, with a function like this another thing that would be handy
is a function that can determine and return, as integer, the length in characters of a variable.

If I had that function, I could write a script that calculates the last day of the month,
based on what month it is, and also calculate if it is a leapyear, based on what year it is.

SweetSunday - Let me know if you want my script.

-Krige

edit: In the meanwhile, I've discovered the :pick function. Thanks guys!

SweetSunday · Fri Sep 28, 2007 1:29 pm

Hi Krigevr.

Yes, I'd like to see the script. Why don't you put it up on the scripts section of the Wiki for everyone?

My real headache at the moment is keeping subscribers informed of their usage. Billing them excess charges if they go over their monthly limit when they have no way of knowing what their usage is makes for unhappy campers. Perhaps using a script like yours just to send them a note of their usage every few days would be very useful.

However I'll still need a way of resetting the counters to zero at the beginning of each month.

krigevr · Fri Sep 28, 2007 1:58 pm

You can reset counters to Zero with this command:
(Assuming you use User manager - my script is written for User Manager)

/tool user-manager user reset-counters X

Where X is the Index number for the user.
I'm doing this in my script.
It also calculates and informs clients of usage, but I have a package that is "Usage Based" - only in that event will it go ahead and calculate the Cost of your usage,
and put that into the invoice.

I've uploaded the script to this link, will post it on Wiki shortly.
http://qnect.homeip.net/limited/script.txt

I guess what you can do is to let the script just run daily with scheduler,
but put the Reset Counters thing in a separate script, set to run on the last day of the month.

Let me know if there are bugs in the script.

-Krige

SweetSunday · Sat Sep 29, 2007 1:54 am

Hi Krigevr.

Thanks, I'll give it a try - however I haven't done any programming since playing around with BASIC on my good old Amstrad CP64!

One question - does 're-set counters' wipe the history so that it's no longer possible to check usage for previous months? (In which case I'd better save it somehow, somewhere, first).

Oh, and if someone will kindly take pity on me - I don't fully (ie in the slightest) understand the relationship between local AAA, RADIUS with accounting and User-Manager. It seems to me from what little I comprehend of the documentation that these are three entirely separate ways of doing much the same thing under RouterOS. The differences, it seems to me, are:

1. With local AAA it's all done in the same box which is fine if you have the resources,
2. With RADIUS you have the advantages of a remote, centralised server, but greater set-up complexity
3. User-Manager is essentially local AAA with web access.

Please put me right!

krigevr · Sat Sep 29, 2007 11:50 am

You're about Halfway there.

Local users/AAA does everything dependent on the local MT box. Cannot be run from elsewhere.

Now, with Radius and User Manager, things get tricky.
The "/radius" thingy in RouterOS is simply a Radius Client daemon,
used to point your box to a Radius server - which can be Freeradius, or whatever, or User Manager. It does not have to be a Different machine - it can be the same machine.
But, keep in mind that User Manager runs independently, and is NOT MT's internal user/aaa.
For remote (or local radius/UM) auth to work, you must set /ppp/aaa use-radius=yes,
and make an entry into /radius pointing to your radius server, whether it's the same machine or otherwise. Apparently it is also possible to let your User Manager run on a different server, but I have not yet succeeded in achieving this.

User Manager behaves exactly the same as Radius. Essentially, it is a Radius engine.
In one of my previous posts Sergejs said that User Manager listens on ports 1812 and 1813, which is Radius' default ports of late. The web interface of User Manager is basically the equivalent of Radius' Dialup-Admin interface.

I haven't done much programming beyond High School - Most of my stuff I write is mostly made up of spitballs and sticky tape. But I'll be happy to help with debugging.
I enjoy doing it.

As for your Reset Counters question - As far as I understand Radius, and I'm assuming User Manager is built on the same principles of Accounting - is that there are two separate database tables for users and accounting. Now in User Manager, the Users table show the users' total downloads, whereas the accounting table shows the downloads per individual session. What I've done in my FreeRadius accounting system is to write a PHP script that runs through the entire Accounting table and add up the downloads for each individual users, and separate the months or days in which the session took place. A bit of a drag, but it allows you the freedom of wiping the Total Downloads field in the Users table.

I have NOT TESTED THIS in User Manager. I will do it today.
So my advice - Don't Run It Yet! until you hear from me again.

My method around that was to send Two E-mails out, as you can see in the script that I wrote - One to the Customer, and one to an E-mail dedicated to Accounts.
I simply store all those E-mails in an archive somewhere. If someone queries something, I can go pull up the E-mail. You can adapt the script to include all user's sessions for a month in that E-mail as well.

I hope that helps. I've made a few tweaks and minor improvements on that Billing script in the meanwhile, will upload the new one to my webserver (and later to Wiki) for your viewing pleasure.

Let me know if you need any more help.
-Krige

SweetSunday · Sun Sep 30, 2007 9:51 am

You're about Halfway there.

Local users/AAA does everything dependent on the local MT box. Cannot be run from elsewhere.

OK but "by does everything" I assume you mean uptime and data accounting kept in databases on the router itself. But where are they? When I do a > tool/userman/database print all I get is a 'yes' and a size report. Can they be shadowed to a remote db for security? Can they be directly accessed by a script to report certain potentially useful information like "between what times of day is the network busiest?" Can they be accessed via the userman web-pages even if the user info etc. isn't entered under tool/userman?

Now, with Radius and User Manager, things get tricky.
The "/radius" thingy in RouterOS is simply a Radius Client daemon,
used to point your box to a Radius server - which can be Freeradius, or whatever, or User Manager. It does not have to be a Different machine - it can be the same machine.
But, keep in mind that User Manager runs independently, and is NOT MT's internal user/aaa.
For remote (or local radius/UM) auth to work, you must set /ppp/aaa use-radius=yes,
and make an entry into /radius pointing to your radius server, whether it's the same machine or otherwise. Apparently it is also possible to let your User Manager run on a different server, but I have not yet succeeded in achieving this.

I've been a fortnight trying to get FreeRADIUS and MySQL running on a Ubuntu box. I've had running servers but the morass of Linux etc. permissions and ownership defeated me as I could not get them to talk to each other let alone the Mikrotik client. I've just loaded RouterOS 3.05 onto the same machine in the hope it would do the same job as server but if you haven't succeeded I don't think I have a chance.

User Manager behaves exactly the same as Radius. Essentially, it is a Radius engine.
In one of my previous posts Sergejs said that User Manager listens on ports 1812 and 1813, which is Radius' default ports of late. The web interface of User Manager is basically the equivalent of Radius' Dialup-Admin interface.

The problem is that User-manager doesn't do what I need. My subscribers pay a monthly fee for unlimited time but a data limit. If they go over the limit they have to pay excess charges per MB as the Trust is potentially liable for the excess as it, too, has a data cap from the ISP. Our data cap is tx+rx. So 'all' I need is:

1. A monthly report of tx+rx data usage by subscriber, and

2. A way for subscribers to check their own usage so they can ration their cap over the month or choose to pay excess MBs.

One of my subscribers is paranoid about wireless radiation and so only powers up his Mikrotik box when he needs to go on-line, switching it off afterwards. In addition very shonky mains electricity in this remote part of New Zealand means we get two or three power interruptions a week at least (plus fried possum each time!) each of which takes most subscribers' Mikrotik boxes down and creates a new PPPoE session when the power returns. So our user reports:

a) don't begin and end neatly with the month beginning and end, being session-based, and

b) can add up to 20 - 30 or more sessions per month which I have to sit down and manually total up per customer just to make sure they didn't exceed their cap.

I haven't done much programming beyond High School - Most of my stuff I write is mostly made up of spitballs and sticky tape. But I'll be happy to help with debugging.
I enjoy doing it.

Your amended script would solve problem 2 above in that I assume I could either get the Mikrotik box running user-manager to email each subscriber once a day with their monthly usage to date, or run it every day set to email the subscriber if their monthly usage is, say, 75%, 90% and 100% of their monthly cap. However my 532 which User-manager is running on tells me that 'smtp.xtra.co.nz' is "invalid value for argument server" in /tool e-mail although it is the address we all use in our email clients. What is 'e-mail server=' expecting?

As for your Reset Counters question - As far as I understand Radius, and I'm assuming User Manager is built on the same principles of Accounting - is that there are two separate database tables for users and accounting. Now in User Manager, the Users table show the users' total downloads, whereas the accounting table shows the downloads per individual session. What I've done in my FreeRadius accounting system is to write a PHP script that runs through the entire Accounting table and add up the downloads for each individual users, and separate the months or days in which the session took place. A bit of a drag, but it allows you the freedom of wiping the Total Downloads field in the Users table.

I wish I could say that would be an interesting PHP script to see but it would be gobble-de-gook to me. It sounds, though, that I'd find it useful even if I don't understand it

I hope that helps. I've made a few tweaks and minor improvements on that Billing script in the meanwhile, will upload the new one to my webserver (and later to Wiki) for your viewing pleasure.

Let me know if you need any more help.

Krige

Do I ever! Thanks for you patience so far.

krigevr · Sun Sep 30, 2007 12:26 pm

OK but "by does everything" I assume you mean uptime and data accounting kept in databases on the router itself. But where are they? When I do a > tool/userman/database print all I get is a 'yes' and a size report. Can they be shadowed to a remote db for security? Can they be directly accessed by a script to report certain potentially useful information like "between what times of day is the network busiest?" Can they be accessed via the userman web-pages even if the user info etc. isn't entered under tool/userman?

Most of the information is stored in /tool/user-manager/users
Here you'll find All User's personal info, Last Seen time, Total uptime used, total upload used, total download used (particularly handy for month-to-month billing)
This is the only information used in my script. (Oh, and a comment field) to generate my invoices. This information is (mostly) accessible via the Userman Web thingy.

I have no idea if it can be shadowed to a remote DB - I would like that. I'll explore it a bit.
If you take a look at /tool/user-manager/log, that is basically a log of sessions and accounting. That information can be accessed, pretty much the same way as my script accesses information from /userman/users, and do calculations and generate reports. This is going to be a VERY tricky script, but you can potentially write something that can tell you what time of day is busiest, and how much is downloaded, uploaded, etc etc - But I've heard something about a Graphs module (a little dude-related package or something somewhere) that can do that for you. I have no idea what it is though, or where to begin looking for it.

Unfortionately, only the information under tool/user-manager can be accessed through the User Manager web interface. If it's not there, you can't access it with web interface.

I've been a fortnight trying to get FreeRADIUS and MySQL running on a Ubuntu box. I've had running servers but the morass of Linux etc. permissions and ownership defeated me as I could not get them to talk to each other let alone the Mikrotik client. I've just loaded RouterOS 3.05 onto the same machine in the hope it would do the same job as server but if you haven't succeeded I don't think I have a chance.

I've run FreeRADIUS and MySQL on a Fedora box, and successfully got Mikrotik to Auth against it. In my opinion, FreeRADIUS/MySQL/PHP will give you a LOT more versatility to do anything you need, and transgress the limitations that UserManager has. If you want to take another stab at it, I know Fedora pretty well, I can help you with that - As far as I know, Ubuntu is't too much different.

The problem is that User-manager doesn't do what I need. My subscribers pay a monthly fee for unlimited time but a data limit. If they go over the limit they have to pay excess charges per MB as the Trust is potentially liable for the excess as it, too, has a data cap from the ISP. Our data cap is tx+rx. So 'all' I need is:

1. A monthly report of tx+rx data usage by subscriber, and

2. A way for subscribers to check their own usage so they can ration their cap over the month or choose to pay excess MBs.

*chuckle* Sounds a lot like South Africa to me.
The script that I have does that, to a degree, but I flung together a script for another forum user that can lower the rate-limit when a user reaches a certain amount of up/downloads. I'm thinking of adapting my script to do the same. But it is easy to write a script that could:
Datacap-for-user = 3000 MB
Price per 100 mb = 7
User-Downloaded = 4200 MB
downloaded-minus-cap = 1200 MB
Excess-Fee = (1200 / 100) x 7 = 12 x 7 = 84
Base-package-fee= 400
Total-bill= 484

Your Monthly TX/RX report can be done in User Manager - It has that function.
Click on Reports, tick Unlimited Only, tick Amount, tick the two dropdown fields,
select This and Month from the two fields, and click Generate.

As for viewing usage:
Your user can log into User Manager and check it themselves.
Where you would normally type "http://your.router.address/userman"
Try this: "http://your.router.address/user" (No man at the end)
Here, a user can enter their own user/pass and see their own information.
This can also be done under PHP/MySQL. I've got something like that running.

One of my subscribers is paranoid about wireless radiation and so only powers up his Mikrotik box when he needs to go on-line, switching it off afterwards. In addition very shonky mains electricity in this remote part of New Zealand means we get two or three power interruptions a week at least (plus fried possum each time!) each of which takes most subscribers' Mikrotik boxes down and creates a new PPPoE session when the power returns. So our user reports:

a) don't begin and end neatly with the month beginning and end, being session-based, and

b) can add up to 20 - 30 or more sessions per month which I have to sit down and manually total up per customer just to make sure they didn't exceed their cap.

User Manager already takes care of all that.
FreeRADIUS with Dialup-Admin can do that too.

Your amended script would solve problem 2 above in that I assume I could either get the Mikrotik box running user-manager to email each subscriber once a day with their monthly usage to date, or run it every day set to email the subscriber if their monthly usage is, say, 75%, 90% and 100% of their monthly cap. However my 532 which User-manager is running on tells me that 'smtp.xtra.co.nz' is "invalid value for argument server" in /tool e-mail although it is the address we all use in our email clients. What is 'e-mail server=' expecting?

I haven't amended my script yet to send out E-mails when a user reach a percent of cap.
But I'll probably do that sooner or later. However, with the fact that users can view their own usage on http://your.router.address/user, it'll make such a script just a fancy extra. However, I'm going to try and do that anyway.

As for your E-mail - Mikrotik doesn't support entering of FQDN addresses in to the fields - which is HIGHLY annoying. I spent two days trying to figure out how to enter my RADIUS server address, which is behind a NAT firewall with a dynamic IP, running a DynDNS account.
In short, your E-mail server entry is expecting an IP Address, and not an FQDN.
Now don't get a heart attack - You can write a small script to Resolve the IP address from the FQDN, and put it in there. In my amended script, I've included this.
In the line, in the script, where I specify the TO and FROM addresses, and enter the subject and body, you also have to enter the "server=" value.
What I had there for my use was "server=192.168.16.10" because I had a mail server on the same network as the MT box while I was testing my script. But when I implemented my script in a remote location, the IP keeps changing daily. All I did was replace it like this:
"server=[:resolve your.mail.server]"
Problem solved.

I wish I could say that would be an interesting PHP script to see but it would be gobble-de-gook to me. It sounds, though, that I'd find it useful even if I don't understand it

When I started, it was gibberish to me too. Didn't understand a thing of it. So hang in there - It's loads of fun to spend a weekend or so just ripping apart code and learning what it does, and the get the satisfaction of writing something, using bits of code you got from somewhere else, to make something that you can actually use.

If you need some help on setting up FreeRADIUS and MySQL, I'll be happy to assist.
I hope I answered all your questions, and perhaps left you with a few more.

-K

SweetSunday · Sun Sep 30, 2007 1:31 pm

Your Monthly TX/RX report can be done in User Manager - It has that function.
Click on Reports, tick Unlimited Only, tick Amount, tick the two dropdown fields,
select This and Month from the two fields, and click Generate.

Thanks k.

To deal with one question at a time:-

The problem with generated reports as per above is that they're session based, not date based. So if a session spans a month change-over it all gets allocated to the previous month - ie. if I generate a 'this month' report it only includes sessions that start during the month. Hence on my userman report my own usage for this month STARTS on September 15 as I have a UPS on my Mikrotik box and the AP is battery-powered anyway. I'm not even sure what happened on the 15th to trigger a new session but the one that ended that day commenced on August 25th. During that one session I clocked up a couple of GB in downloads, but have no way of telling how much was in August and how much in September.

The only subscriber who I have an accurate September usage figure for is the guy who turns his CPE on and off every day!

I did some 'reset-counter'ing today but although it seems to have done away with the 9GiB, 26 week uptime, type of records I get the same userman and individual reports I had before.

It's now 11.26pm on Sunday 30th September, and the only think I can think to do is to use Winbox to individually reboot every subscriber's CPE now in the hope it will trigger a new session for an accurate October reading.

krigevr · Sun Sep 30, 2007 6:28 pm

The problem with generated reports as per above is that they're session based, not date based. So if a session spans a month change-over it all gets allocated to the previous month - ie. if I generate a 'this month' report it only includes sessions that start during the month. Hence on my userman report my own usage for this month STARTS on September 15 as I have a UPS on my Mikrotik box and the AP is battery-powered anyway. I'm not even sure what happened on the 15th to trigger a new session but the one that ended that day commenced on August 25th. During that one session I clocked up a couple of GB in downloads, but have no way of telling how much was in August and how much in September.

How about cooking up a script that kills all connections at midnight on the last day of the month? I've just finished writing one that can determine whether or not it is the last day of the month. If it returns "True", you can tell it to set a Scheduler event for that same day to trigger at 23:59:55 (5 secs before midnight) to kill all PPPoE sessions.

The only subscriber who I have an accurate September usage figure for is the guy who turns his CPE on and off every day!

Bless his soul.

I did some 'reset-counter'ing today but although it seems to have done away with the 9GiB, 26 week uptime, type of records I get the same userman and individual reports I had before.

I noticed that too. I think it's because the reports generate it's information from the info that you'll see under /tool/user-manager/log, whereas reset-counters only resets the counters under /tool/user-manager/users.

It's now 11.26pm on Sunday 30th September, and the only think I can think to do is to use Winbox to individually reboot every subscriber's CPE now in the hope it will trigger a new session for an accurate October reading.

Just disable and re-enable your /interface/pppoe-server/server entry,
or type "/interface print" and remove all PPPoE entries. That will kill the session, and force the CPEs to reconnect - Assuming that they are capable of auto-reconnecting when the connection gets dropped, but judging from what you tell me, I think they should be fine.

If you need help pronto, I'm available on MSN. You can get my address off my forum user profile.

-Krige

SweetSunday · Sun Sep 30, 2007 11:44 pm

Just disable and re-enable your /interface/pppoe-server/server entry,
or type "/interface print" and remove all PPPoE entries. That will kill the session, and force the CPEs to reconnect - Assuming that they are capable of auto-reconnecting when the connection gets dropped, but judging from what you tell me, I think they should be fine.
-Krige

I think this is the way to go - less of a sledgehammer approach than forcing a reboot. From what I understand from the manual I think an attempt to start a new PPPoE session terminates the previous one - as long as there is a 'one connection only' limit on the link, I guess. So a simple script that disables the PPPoE interface, waits 5 seconds and then enables it should trigger a new session.

As an alternative to running such a script on each subscriber's CPE would disabling/enabling the PPPoE interface at the AP which they all connect to have the same effect of forcing a reconnection/new session? Perhaps staggering it on a subscriber basis would be easier on resources than doing it at the AP and getting everyone trying to reconnect at the same time, though.

krigevr · Mon Oct 01, 2007 12:27 am

From what I understand from the manual I think an attempt to start a new PPPoE session terminates the previous one - as long as there is a 'one connection only' limit on the link, I guess.

Yep, you understand correctly - That'll do the trick - under /interface/pppoe-server/server, you can set the "one-session-per-host" to "yes". That will allow one connection per MAC. If you're using PPTP, you can set the "only-one" attribute in the /ppp/profile for your vpn links. I'm using both PPPoE and PPTP, but I allow multiple connections.

As an alternative to running such a script on each subscriber's CPE would disabling/enabling the PPPoE interface at the AP which they all connect to have the same effect of forcing a reconnection/new session? Perhaps staggering it on a subscriber basis would be easier on resources than doing it at the AP and getting everyone trying to reconnect at the same time, though.

Good point, I didn't even think about that. Of course, implementing it in every single CPE could take a while, and could be difficult to monitor. Possibly a few CPEs might not execute the script. So, my suggestion - Do that. Implement the script in every single CPE, and as a safety measure, should one of them not run the script, implement a little script that kills all remaining PPPoE links under "/interface" or /interface/pppoe-server/

Sorry I haven't updated the billing script yet - Been busy getting one of my home machines back online that went AWOL on me. Oy.

SweetSunday · Thu Oct 11, 2007 11:52 am

Hi Krigevr.

Well, I have failed totally. Even trying to get a cut-down version of your script running on our spare 532 has failed. I can send emails from it by command-line, but not from script. Can you see why this doesn't work, 'cos I'm damned if I can?

***********************
[admin@St. Omer] > system script print
0 name="test" owner="admin" policy=ftp,read,write,policy,test,winbox,sniff last-started=oct/11/2007 21:19:47 run-count=1
source=

:local date
:local cap
:local clientname
/tool user-manager user
:foreach i in=[/tool user-manager user] do={
:set date [/system clock get date]
:set clientname [get $i last-name]
:set cap [get $i phone]
/tool e-mail send to=admin@clovabay.net.nz from=inclova@ihug.co.nz server=210.54.141.2 subject="test mail" body="test
mail
$date
$clientname
$cap"
}
[admin@St. Omer] > tool user-manager user print
Flags: X - disabled, A - active, I - incomplete
0 subscriber=admin name="test one" password="test1" first-name="test" last-name="one" phone="1800"
email="admin@clovabay.net.nz" rate-limit=" 512k/2048k" last-seen=never credit-count=0 credit-left=0s
credit-duration=0s credit-price=0 credit-time-added=0s

1 subscriber=admin name="test two" password="test2" first-name="test" last-name="two" phone="1000"
email="admin@clovabay.net.nz" rate-limit=" 512k/2048k" last-seen=never credit-count=0 credit-left=0s
credit-duration=0s credit-price=0 credit-time-added=0s

2 subscriber=admin name="test three" password="test3" first-name="test" last-name="three" phone="1500"
email="admin@clovabay.net.nz" rate-limit=" 512k/2048k" last-seen=never credit-count=0 credit-left=0s
credit-duration=0s credit-price=0 credit-time-added=0s

3 subscriber=admin name="test four" password="test4" first-name="test" last-name="four" phone="2300"
email="admin@clovabay.net.nz" rate-limit=" 512k/2048k" last-seen=never credit-count=0 credit-left=0s
credit-duration=0s credit-price=0 credit-time-added=0s
[admin@St. Omer] >

*********************************

I'm hoping that I can put each subscriber's monthly data-cap in their phone-number field and use that with your $gigstotal field to give them a percentage of their data-cap used to date.

Down the way - if I ever get this to work at all - I'd like to use that percentage value to trigger warning emails ("You have used (75)(90)(100)% of your month's allowance") rather than an e-mail every day, utilising the location field to set a flag that one has already been sent.

But at the moment I can't get even the simplest script to work.

krigevr · Thu Oct 11, 2007 1:12 pm

Was wondering if you came right, seeing as you haven't posted in a while.
Small bug in the script - You need to actually draw a list of items for the FOREACH to check against (and not just point to a directory) - So amend your code as shown:

:local date
:local cap
:local clientname
/tool user-manager user
:foreach i in=[/tool user-manager user find subscriber=admin] do={
:set date [/system clock get date]
:set clientname [get $i last-name]
:set cap [get $i phone]
/tool e-mail send to=admin@clovabay.net.nz from=inclova@ihug.co.nz server=210.54.141.2 subject="test mail" body="test
mail
$date
$clientname
$cap"
}

And Voila!
That works for me running 3.0rc5 on an AMD machine.
Haven't tested it on an RB532 yet, but I have a 532A running 3.0rc6, will upload it there pretty soon.

Let me know how that works.
-Krige

SweetSunday · Fri Oct 12, 2007 3:40 am

G'day Krigevr.

No go. It wouldn't even run for me - see below. However the email sent from the command-line worked perfectly.

I'm using 2.9.46.

*************************************

[admin@St. Omer] > tool user-manager user print
Flags: X - disabled, A - active, I - incomplete
0 subscriber=admin name="test one" password="test1" first-name="test" last-name="one" phone="1800"
email="admin@clovabay.net.nz" rate-limit=" 512k/2048k" last-seen=never credit-count=0 credit-left=0s
credit-duration=0s credit-price=0 credit-time-added=0s

1 subscriber=admin name="test two" password="test2" first-name="test" last-name="two" phone="1000"
email="admin@clovabay.net.nz" rate-limit=" 512k/2048k" last-seen=never credit-count=0 credit-left=0s
credit-duration=0s credit-price=0 credit-time-added=0s

2 subscriber=admin name="test three" password="test3" first-name="test" last-name="three" phone="1500"
email="admin@clovabay.net.nz" rate-limit=" 512k/2048k" last-seen=never credit-count=0 credit-left=0s
credit-duration=0s credit-price=0 credit-time-added=0s

3 subscriber=admin name="test four" password="test4" first-name="test" last-name="four" phone="2300"
email="admin@clovabay.net.nz" rate-limit=" 512k/2048k" last-seen=never credit-count=0 credit-left=0s
credit-duration=0s credit-price=0 credit-time-added=0s

[admin@St. Omer] > system script print
0 name="test" owner="admin" policy=ftp,read,write,policy,test,winbox,sniff last-started=oct/11/2007 21:19:47 run-count=1
source=
:local date
:local cap
:local clientname
/tool user-manager user
:foreach i in=[/tool user-manager user find subscriber=admin] do={
:set date [/system clock get date]
:set clientname [get $i last-name]
:set cap [get $i phone]
/tool e-mail send to=admin@clovabay.net.nz from=inclova@ihug.co.nz server=210.54.141.2 subject="test mail" body="test
mail
$date
$clientname
$cap"
}

[admin@St. Omer] > system script run
number: 0

[admin@St. Omer] > system script print
0 name="test" owner="admin" policy=ftp,read,write,policy,test,winbox,sniff last-started=oct/11/2007 21:19:47 run-count=1
source=
:local date
:local cap
:local clientname
/tool user-manager user
:foreach i in=[/tool user-manager user find subscriber=admin] do={
:set date [/system clock get date]
:set clientname [get $i last-name]
:set cap [get $i phone]
/tool e-mail send to=admin@clovabay.net.nz from=inclova@ihug.co.nz server=210.54.141.2 subject="test mail" body="test
mail
$date
$clientname
$cap"
}

[admin@St. Omer] > /tool e-mail send to=admin@clovabay.net.nz from=inclova@ihug.co.nz server=210.54.141.2 subject="test mai
l" body="test mail"

[admin@St. Omer] >

krigevr · Fri Oct 12, 2007 9:31 am

I can't see anything wrong with it.
I don't know if it's possibly the versions that may make the difference...

I've just tested it again by retyping every single line of your code, and it works.

What I do often to debug my scripts, is to use the ":put" command.
So after each ':set' command, use a ':put' command to just print what you've assigned to a variable on screen, just to make sure everything gets assigned properly.

e.g:
:local clientname
:set clientname [get $i name]
:put $clientname

Perhaps that might show something.
A last resort would be for you to export your scripts to a file, and E-mail me the file.
I'll load it into my box and see if there's something I've just missed completely.

-K

SweetSunday · Fri Oct 12, 2007 11:09 am

Hi Krigevr

That didn't work either, but I haven't been able to get :put to work in any script and had assumed it required a target for its output whenever it wasn't being called from the console itself.

However I've just found out it still doesn't work even when using a terminal within Winbox or calling the script in a Putty terminal.

I don't have 3.0rc on any boxes because despite the fact that the documentation on 2.9 is appallingly lagging the OS it's still vastly better than the documentation on 3.0 (ie there isn't any!)

Can you try this on a 2.9.4x system?

krigevr · Fri Oct 12, 2007 12:54 pm

Sure, I still have install files of 2.9.46 on disk here, will load that up and see what happens.

The :put command is extremely simple -
If you have a script - and all the script contains is the following:
#Begin Script
:put hello
:put bye
#End Script

And you run it, you should see this echoed on screen:
hello
bye

So the fact that :put doesn't work in that script is indicating to me that something else might be wrong. But I'll start loading 2.9.46 onto my x86 machine and try it out.
Will post again as soon as I have an answer.

-K

SweetSunday · Sat Oct 13, 2007 12:11 am

Doesn't do it for me. Viz:-

MikroTik RouterOS 2.9.46 (c) 1999-2007 http://www.mikrotik.com/

Terminal vt102 detected, using multiline input mode
[admin@St. Omer] > system script
[admin@St. Omer] system script> print
0 name="test" owner="admin" policy=ftp,read,write,policy,test,winbox,sniff last-started=oct/12/2007 20:52:13 run-count=3
source=
:local date
:local cap
:local clientname
/tool user-manager user
/tool user-manager user print
:foreach i in=[/tool user-manager user find subscriber=admin] do={
:set date [/system clock get date]
:set clientname [get $i last-name]
:set cap [get $i phone]
/tool e-mail send to=admin@clovabay.net.nz from=inclova@ihug.co.nz server=210.54.141.2 subject="test mail
" body="test mail
$date
$clientname
$cap"
}

1 name="hello" owner="admin" policy=ftp,read,write,winbox run-count=0 source=
#Begin Script
:put hello
:put bye
#End Script
[admin@St. Omer] system script> run 1

[admin@St. Omer] system script>

Unless there's some other fundamental and undocumented feature, like a need to enclose the entire script in {}? (That doesn't work either, but it's a good eg of what I mean.)

Is there any way of Xfrerring this thread to the scripts forum, as that's where it belongs now?

Ps the script run count now shows one run!

SweetSunday · Sat Oct 13, 2007 2:51 am

Hi.

OK, I loaded RouterOS 3.0rc5 onto an i386 machine and the hello/bye script runs OK. But it won't work for me on a 532 running 2.9.46, or 2.9.40. I can't test it on my own CPE, a 112 with 2.9.46, as the 'new terminal' from Winbox won't fire up - reckons the console has crashed or the system is completely busy! (which it isn't.)

So it does seem to be a release issue.

I'll load up some user details on the 3.05 machine and see if I can get the user email script to work in it.

Cheers.

krigevr · Sat Oct 13, 2007 1:02 pm

Hey

I've loaded 2.9.46 onto an AMD machine, and the script doesn't work.
I can't get a single :put command to run.

I've tried other things, like adding an entry under /radius, which works...
I'll go see the changelogs and find out if they've made some changes to the scripting stuf between 2.9.46 and 3.0rc5

I'll keep fiddling with it and see what I find.
I've just ordered a few 152 boards, so can load 3 different releases on them and test them with the same script

This is a reasonably frustrating problem...

-K

SweetSunday · Sat Oct 13, 2007 1:43 pm

I can't get the :put hello script to work on a RB532 running 2.9.46!

I've had to give up with 3.0rc5 release on a i386 because although the :put script ran OK it refused to accept any input of any kind under /ip route which meant I couldn't set up a gateway!

Dang!

krigevr · Sat Oct 13, 2007 11:31 pm

Is that a bug, perhaps in that particular release for that particular board or system type?

The crappy thing about 2.9.46 not being able to :put stuff, is that I can't tell if my :set (and Get) commands were successful. Which makes debugging downright impossible. Unless I'm just missing something somewhere. I mean - I wrote my first scripts on 2.9.46 - a script which re-resolves an FQDN and replaces the Address under /radius with the freshly resolved one, and also updates the Netwatcher with the freshly resolved address, to monitor it for changes.

I haven't tried using /ip/route, since the basic setup that you can run from the root menu does all the gateway adding I need. The rest I do with NAT - so unfortunately I can't give you feedback on that one.

I'll fiddle with it again in the morning - Need some sleep...

-K

SweetSunday · Sun Oct 14, 2007 1:30 am

Is that a bug, perhaps in that particular release for that particular board or system type?

Dunno. I raised it in the Beta forum and it seems someone else had the problem with 3.rc5 on i386 but says it's fixed with 3.0rc6.

The crappy thing about 2.9.46 not being able to :put stuff, is that I can't tell if my :set (and Get) commands were successful. Which makes debugging downright impossible. Unless I'm just missing something somewhere. I mean - I wrote my first scripts on 2.9.46 - a script which re-resolves an FQDN and replaces the Address under /radius with the freshly resolved one, and also updates the Netwatcher with the freshly resolved address, to monitor it for changes.

I haven't tried using /ip/route, since the basic setup that you can run from the root menu does all the gateway adding I need. The rest I do with NAT - so unfortunately I can't give you feedback on that one.

I'll fiddle with it again in the morning - Need some sleep...

-K

Yeah, it's hair-tearing when you can't see why something isn't working and can't refer to any error messages or call up a log to see where the problem is.

If I can do everything I want to with 3 there's no point banging our heads on 2.9, but it's a pain having to install 3.06 over 2.9 just to find out which has the most amenable bugs.

SweetSunday · Thu Oct 18, 2007 5:26 am

Hi Krigevr.

Well, the following script based on yours works beautifully from 3.0rc6 on an RB532. I get emails from the router back back from our mail server in Auckland with the required information just as I wanted.

:local disabled
:local clientname
:local cap
:local bytesin
:local Mbytesin
:local bytesout
:local Mbytesout
:local Mbytestotal
:local gigstotal
:local email
:local date

/tool user-manager user

:foreach i in=[ /tool user-manager user find subscriber=admin ] do={

:set disabled [get $i disabled]

:if ([$disabled] = false) do={

:set date [/system clock get date]

:set clientname [get $i last-name]

:set cap [get $i phone]

:if ([get $i download-used] > 0) do={ :set bytesin [get $i download-used] } else={ :set bytesin 0 }
:set Mbytesin ($bytesin / 1000000)
:if ([get $i upload-used] > 0) do={ :set bytesout [get $i upload-used] } else={ :set bytesout 0 }
:set Mbytesout ($bytesout / 1000000)
:set Mbytestotal ($Mbytesin + $Mbytesout)

/tool e-mail send to=me@clovabay.net.nz from=admin@clovabay.net.nz server=210.54.141.2 subject="Usage report" body="Data usage for the current month to date $date

Subscriber: $clientname

Downloaded: $Mbytesin MB

Uploaded: $Mbytesout MB

Total: $Mbytestotal MB

Your monthly cap: $cap MB"

Unhappily exactly the same script doesn't run on the 532 with 2.9.46, nor on my i386 machine with 2.9.35 on it. I don't know if it would work on the i386 with 3.0rc6 because for some reason it won't let me set up a default gateway on it, so it wouldn't be able to send the emails anyway.

So I have a 'simple' choice - do I upgrade my main RB532 which does all the U-M AAA, combines two subnets and is my public gateway, to 3.0rc6 BETA JUST so's I can send my subscribers these desperately needed emails, or do I forget about it for the moment?

krigevr · Thu Oct 18, 2007 11:45 am

Well, I'm running an AMD machine with 3.0rc5 (which is my gateway to the big wide world)
and a 532A with 3.0rc6 on. Works fine. Not sure why you can't set up a default gateway on the 532 running rc6... I just did mine in the /setup.

For me, the whole E-mail thing was a big one. Spent 3 days writing and testing that script. So I guess you have to weigh risk against cool admin features. I mean, sure, you can urge your clients to log into the User area of User-Manager and view their own usage, but many of my clients just don't do that, and then phone in a fit of rage, demanding to know what's going on.
Warning mails solved that problem...

But now I have people demanding uncapped services.
Hey. If they want to pay for uncapped, thet can have uncapped.

I'm glad to see you could use my script, even though it wasn't without a few migraines, bumps and bruises.

Let me know if you need more help.
-K

SweetSunday · Thu Oct 18, 2007 1:51 pm

Not sure why you can't set up a default gateway on the 532 running rc6... I just did mine in the /setup.

No, it's fine on the 532. It just refuses to accept any gateway at all under /ip route on the i386 with 3.0rc 5/6 ('cept that it's an i586 - an AMD-K6 -2 - but I didn't have this problem running 2.9.35 thro' 46 on the same machine.)

I'm chary of putting an undocumented Beta OS on my main router. It's atop a 5m pole atop 500m peak and it's a two-hour hike up there to get at if I have to re-set it - a ladder and harness job - and the weather's usually foul.

For me, the whole E-mail thing was a big one. Spent 3 days writing and testing that script. So I guess you have to weigh risk against cool admin features. I mean, sure, you can urge your clients to log into the User area of User-Manager and view their own usage, but many of my clients just don't do that, and then phone in a fit of rage, demanding to know what's going on.
Warning mails solved that problem...

With carrier losses and power-cuts taking the CPEs down (and some of our subscribers just switch their CPEs off at the wall at night!) most of them get 20 -30 sessions clocked against them in a month, so accessing the User area of U-M just presents them with a long table of entries. Towards the end of the month they'd have to sit down with a calculator and add 30 - 50 upload AND download entries to get their usage, 'cept that they don't. They ring me up instead and get me to do it for 'em!

But now I have people demanding uncapped services.
Hey. If they want to pay for uncapped, thet can have uncapped.

Uncapped broadband? Oh, how the rest of the world lives.

I'm glad to see you could use my script, even though it wasn't without a few migraines, bumps and bruises.

Couldn't have done it without you.

Let me know if you need more help.
-K

OK. The next step is to trigger a user counter-reset [find] immediately after the last emails for the month are sent, ie in the witching-hours of the first day of the next month. Why the Hell doesn't this work?:-

:local day
:set day [:pick [/system clock get date] 4 6]
:put $day
:if [$day = 1] do=[:put "The First"] else=[:put "Not the First"]

I've tried all manner of ways of expressing that :if value and the only time the syntax editor seemed happy with it was when I had three [[[ on one side and ]]]]] on the other and a Boolean true/false resolution somewhere in the middle!

krigevr · Fri Oct 19, 2007 1:05 pm

...so accessing the User area of U-M just presents them with a long table of entries.

I see what you mean. They should add a function where users can pull a report (like in the User Manager admin interface) for just this month's use. Anyway.

Uncapped broadband? Oh, how the rest of the world lives.

It is INSANELY expensive. But hey. If my clients can fund it, why not?

OK. The next step is to trigger a user counter-reset [find] immediately after the last emails for the month are sent, ie in the witching-hours of the first day of the next month. Why the Hell doesn't this work?

Not entirely sure, but you just introduced me to the :pick command which solves a lot of problems for me!! Thanks for that one.

I'm just busy installing 3.0rc6 onto my AMD K8 machine, will just whip up a script to return True or False if it is the Last day of the month, and have that run every day just before midnight. I'll include compensation for leapyears and 30/31 day months. I wrote one already, but lost it when I wiped one of my HDs. So watch this space, should be ready in an hour or two.

-K

krigevr · Fri Oct 19, 2007 4:13 pm

Here she is!

This script uses global variable "found" to return True or False if it is the last day of the month (or not).

You can set the scheduler to run this one every day just before midnight, and feed the global variable's value into another script that will then execute the Reset, or not.

Or you can just let it all happen in the same script.
Just as you prefer.

http://qnect.homeip.net/limited/monthend.txt

You've seen the :foreach loops in my previous scripts - The exact same one can be used to run through your users and reset each one. You can perhaps even implement the script in such a way that it'll send a final Month-End report to your clients, right before wiping the counters.

Take note that you'll have to disconnect your clients too, otherwise you'll have session-bleed-over from one month to another.

So,
1.) Kill all active sessions
2.) Do final monthly mails
3.) Wipe counters
4.) Sit back and wait for moola to come in.

Might be a resource-heavy task, but hey, it only happens once a month, and it'll be all over in 5 minutes.

Let me know if you need more help.

-K

SweetSunday · Sat Oct 20, 2007 4:13 am

Hi Krigevr.

I solved the problem of my little "Not the First" script - eventually. The :if statement needed to be in parenthesis, the do/else statements in curly brackets. This works:

:local day

:set day [:pick [/system clock get date] 4 6]

:put $day

:if ($day=01) do={:put "The First"} else={:put "Not the First"}

Your script is ingenious but I've approached it a different (lazy?) way. As the usage-update-email script runs in the wee small hours, essentially reporting usage up to and including the previous day, I can now tag a tail to it that uses the above script to pick up the fact it is the first day of the month. If it isn't :do={} but if it is else={reset-counters}. The email sent out by the script on the morning of the First is the total for the previous month and I can add a command to the :else to copy just this 'final' email to me/admin to alert me to any excess MB's run up by anyone.

I haven't tried it yet as I found a slightly more convoluted, but potentially more useful way of doing the same thing before I solved the enigma of the 'pick the First' script. You put the current month in the user's 'pool-name' field (or another free one) when loading the script, which is compared with the value returned by the :get month from the system date. If they differ it must be the first run of a new month so reset-counters is triggered and the $tring for the new month is written to the pool-name field. viz:

:local now
:local disabled
:local month
:local date
:local clientname

/tool user-manager user

:foreach i in=[ /tool user-manager user find subscriber=admin ] do={

:set disabled [get $i disabled]

:if ([$disabled] = false) do={

:set date [/system clock get date]

:set now [get $i pool-name]

:set clientname [get $i last-name]

:set month [:pick $date 0 3]

:put $now
:put $clientname
:put $month

:if ([$now] = [$month]) do={:put "Same month - no reset"} else={
:put "counters and pool-name reset"
reset-counters $i
set $i pool-name=$month}
}
}

The drawback of my entire approach is that the subscriber's data-cap (and the month) is set in fields he has access to on his User-Manager web-page, so it will probably be advisable not to let him have access to it at all.

I'm not sure about this 'session' business. All our subscribers are allowed only one unlimited session at a time and I can't envisage any circumstances where that might be a problem for me/them. What would suit me would be for each subscriber to have just one session per month.

One of the problems is that at the moment new sessions are triggered by CPE's re-booting and kicking-off new PPPoE connections, sometimes without closing the previous ones. Could this be avoided if I set the 'session time-out' value to zero so that (presumably) the session at the radius client (ie the Mikrotik router) isn't broken?

But then how do I actively trigger a session-close and new session at the start of the month as I can't see any way of getting the MTrouter/radius-client to send radius stop-start packets to the server/User-Manager as part of the 'First of the Month' script?

Does it really matter? Our subscribers pay for 'always on' internet, ie one endless session. As long as the counters are re-set at the beginning of each month so we can track monthly usage 'sessions' are irrelevant?

krigevr · Sat Oct 20, 2007 2:48 pm

You put the current month in the user's 'pool-name' field ... which is compared with the value returned by the :get month from the system date. If they differ it must be the first run of a new month so reset-counters is triggered ...

I guess that would be a solution if you run the script on the First of the following month. That is an easier way than what I attempted! Good one. However I am quite a perfectionist. I need my mails and Accounts notifications be done and dusted by the time the new month strikes. But that's just me.

The drawback of my entire approach is that the subscriber's data-cap (and the month) is set in fields he has access to on his User-Manager web-page, so it will probably be advisable not to let him have access to it at all.

I've been meaning to mention that to you. You can also use the Comment field for stuff like that. Even multiple stuff, which you can write just concatinating strings, and read/dissect using the :pick command.

For instance, the comment field contains the following information:
"10633000sep"
The first four characters denotes the last invoice number that was sent out.
Pick it out with :pick $comment 0 4 ==> 1063

The next four denotes data cap. Pick that out with :pick $comment 4 8 ==> 3000
And the last 3 could be your Last Month that the script was run. ==> sep
Perhaps that could be a solution if you run out of non-user-accessible fields to use. I haven't tried it myself, but I'm on my way to a friend's place to watch the finals of the Rugby World Cup. Will try it tomorrow, if I'm not too hung over.

With this approach you may run into a problem with using Integers and Strings together - But you can just convert your Month Name into a Month Number, and let your script reassign month name to number. In the case of (say) November, your month number would be "11".
==> Comment value would then be "1063300011"

Heh. Why didn't I think about that earlier? I'm definitely going to use that in my scripts.

I'm not sure about this 'session' business. All our subscribers are allowed only one unlimited session at a time and I can't envisage any circumstances where that might be a problem for me/them. What would suit me would be for each subscriber to have just one session per month.

Ah. In a perfect word, yes. I have a few customers who need more than one session, but if you charge them for a certain amount of throughput, then in my opinion it's OK for them to have 20 active sessions, and clock up their 3 gigs in one day, but then they get cut off and have to buy more gigs. Quite frankly, that's the client's problem if they wanna go and do that.
Gigs are expensive in this country.

One of the problems is that at the moment new sessions are triggered by CPE's re-booting and kicking-off new PPPoE connections, sometimes without closing the previous ones. Could this be avoided if I set the 'session time-out' value to zero so that (presumably) the session at the radius client (ie the Mikrotik router) isn't broken?

No, that won't help. The session will just remain active, according to the Mikrotik router, until a new session is established from that particular MAC/Client. Then the previous one will be forcibly closed, and you'll have a brand new session.

But then how do I actively trigger a session-close and new session at the start of the month as I can't see any way of getting the MTrouter/radius-client to send radius stop-start ...

:foreach i in=[/interface pppoe-server find service-name=YourServiceName] do={
/interface pppoe-server remove [/interface pppoe-server find $i]

See how that works. May be buggy. I just sucked that out of my thumb.
When the session/connection is terminated, Mikrotik will automatically send the session close accounting information to the radius/usermanager server.

Does it really matter? Our subscribers pay for 'always on' internet, ie one endless session. As long as the counters are re-set at the beginning of each month so we can track monthly usage 'sessions' are irrelevant?

Well, if they can get one 30-day continuous session, then that would be great. But we all know that it ain't happening. They have unlimited amount of Uptime, and therefore they can have unlimited consecutive sessions. But each session clocks up a certain amount of throughput that needs to be accounted for. In order to do this accurately, the open sessions at the end of the month must be closed, Radius must do it's final accounting update, the counters will be updated, and the E-mails sent out.

If the connections are NOT terminated, and the counters are reset, the active connection still has a "memory" of what the current usage for that session is. If the counters in User Manager are reset, and the month lapses over, and you have an active session that has 2 gigs clocked up, that active session will, when it closes, update it's 2 gigs of throughput onto the User Manager database AFTER the reset has been done. Which is a no-no if you have interim-update on.

An interim update could have told Radius that the user has used 2 gigs. Then you go and wipe the radius counters. 10 minutes later, Interim-update logs the same 2 gigs again. because the session is still active. In order for the active session's counter to ALSO be reset, the connection must be killed.

Am I making sense?

-K

SweetSunday · Sun Oct 21, 2007 1:22 am

However I am quite a perfectionist. I need my mails and Accounts notifications be done and dusted by the time the new month strikes. But that's just me.

I can live with that cheat, but I'm perfectionist enough to be offended by the lower-case initial letter of the month returned by $date. I think it looks horrid in an email, viz: "data usage to oct/21/2007." Your month referencing idea gives me a way around that. Thanks.

The next four denotes data cap. Pick that out with :pick $comment 4 8 ==> 3000
And the last 3 could be your Last Month that the script was run. ==> sep
Perhaps that could be a solution if you run out of non-user-accessible fields to use.

Most of us are on 1GB or more a month but a couple of light users are on less - only 250MB in one case. So some will need four character places and others only three. I 'could' use "0250 MB" but think it looks ugly in an email to the user. I haven't checked but I'm guessing in my case I have the 'group' and 'pool' fields free and beyond user-interference for this.

I'm on my way to a friend's place to watch the finals of the Rugby World Cup. Will try it tomorrow, if I'm not too hung over.

What Rugby World Cup? If the the All-Blacks didn't win it, it ain't worth winning.

I have a few customers who need more than one session, but if you charge them for a certain amount of throughput, then in my opinion it's OK for them to have 20 active sessions, and clock up their 3 gigs in one day, but then they get cut off and have to buy more gigs. Quite frankly, that's the client's problem if they wanna go and do that.
Gigs are expensive in this country.

Our setup is much more simple. Each user has a CPE on his roof which connects to the AP and one PPPoE session across the link for internet access. Even trying to imagine more complicated set-ups makes my brain hurt, let alone thinking about implementing them.

And gigs are expensive here, too. Our nearest WISP charges ZAR255 for just one of them!

The session will just remain active, according to the Mikrotik router, until a new session is established from that particular MAC/Client. Then the previous one will be forcibly closed, and you'll have a brand new session.

From my limited understanding of the RADIUS protocol there are two kinds of session terminations, voluntary (ie. user or admin request, idle and session-timeouts etc) and involuntary (lost-carrier, NAS reboots, lost-service etc.). As these are listed on the Mikrotik RADIUS dictionary I'm assuming User-Manager can use them. Presumably I can control the former kind and stop them from occuring. But is it not possible to fix a static session id on a 'one-user one-NAS' basis so that even if the CPE or NAS reboots or the connection goes down the same session is simply picked up again on reconnection?

Code: Select all
:foreach i in=[/interface pppoe-server find service-name=YourServiceName] do={
/interface pppoe-server remove [/interface pppoe-server find $i] 
See how that works. May be buggy. I just sucked that out of my thumb.
When the session/connection is terminated, Mikrotik will automatically send the session close accounting information to the radius/usermanager server.

So a new session will only be started when next the user tries to connect to the Internet over his CPE's default route, which is his PPPoE interface?

Hmmm. Just thinking out loud here. We're a community trust with the purpose of providing an affordable half-way decent internet connection to the permanent residents who choose to live out here far from the madding crowd. However we also offer a connection to rich city guys who force our property prices and rateable value up by establishing holiday homes out here which they only use at Christmas, and want a decent internet connection in order to continue their rich-city-guy habits while they're here. Them we charge rich-city-guy rates which subsidises the rest of us, but one of the things we offer (expensively) is the ability for them to connect IP cameras to their CPEs so they can show off their hideaways to their rich city friends in real time. That requires port forwarding but if the PPPoE connection to the CPE has been terminated and not restarted from inside there'll be no connection to use?

I'm assuming you can't set-up a PPPoE service backwards, from the NAS to the CPE? Perhaps a script to run on the CPE on the First of the month half-an-hour after the NAS has terminated the session, pinging 'Google', would start the necessary new one? In fact the same script would need to be run any time the CPE reboots to create the PPPoE connection and make it available for any connection attempt from the Internet by one of our absentee landlords?

If the connections are NOT terminated, and the counters are reset, the active connection still has a "memory" of what the current usage for that session is. If the counters in User Manager are reset, and the month lapses over, and you have an active session that has 2 gigs clocked up, that active session will, when it closes, update it's 2 gigs of throughput onto the User Manager database AFTER the reset has been done. Which is a no-no if you have interim-update on.

Yes. On my test rig I sent a reset-counter - which worked - but subsequent radius interim-updates with the same session id created complete garbage. I couldn't even work out how the (huge) download and upload figures following a small update were created.

An interim update could have told Radius that the user has used 2 gigs. Then you go and wipe the radius counters. 10 minutes later, Interim-update logs the same 2 gigs again. because the session is still active. In order for the active session's counter to ALSO be reset, the connection must be killed.

Killed at both ends. But if it's normally the client that does the killing by sending an accounting-stop terminate-session packet how do we do it with a script running at the server end? ie your script above kills the pppoe connection at the server end, but how does the client know it's been killed to terminate the session at its end?

Am I making sense?

-K

A whole lot more than MT's effort!

Congratulations on the Rugby. Hope the hang-over isn't too big!

Just think. In four year's time it's coming here. I'm gonna start making plans for a holiday somewhere else, as far away from NZ as possible.

krigevr · Sun Oct 21, 2007 1:10 pm

Most of us are on 1GB or more a month but a couple of light users are on less - only 250MB in one case. So some will need four character places and others only three. I 'could' use "0250 MB" but think it looks ugly in an email to the user.

You can use an :if statement to check if the Cap = 0250, and Do something that assigns "250" to the variable instead of "0250".
Besides, I think that if you assign an integer to a variable that starts with a 0, that zero just gets tossed anyway. I found that with my Invoice numbers when I tried setting my virst invoice number to 00001. Ended up showing up in E-mails as "1".

From my limited understanding of the RADIUS protocol there are two kinds of session terminations, voluntary (ie. user or admin request, idle and session-timeouts etc) and involuntary (lost-carrier, NAS reboots, lost-service etc.). As these are listed on the Mikrotik RADIUS dictionary I'm assuming User-Manager can use them.

All Radius does, is to keep track of what is happening. Radius cannot actually Control the CPEs and sessions. It just logs the information, and returns authentication information, when requested.

Presumably I can control the former kind and stop them from occuring. But is it not possible to fix a static session id on a 'one-user one-NAS' basis so that even if the CPE or NAS reboots or the connection goes down the same session is simply picked up again on reconnection?

Nope, sorry. No way of that happening.

So a new session will only be started when next the user tries to connect to the Internet over his CPE's default route, which is his PPPoE interface?

The new session will be created when the CPE fires up the PPPoE tunnel.

... That requires port forwarding but if the PPPoE connection to the CPE has been terminated and not restarted from inside there'll be no connection to use?

Well, my suggestion is to run a script on the CPEs that pings your Access Concentrator's Local Address, i.e. the address that will only be 'visible' to the CPE if the PPPoE tunnel is active and working on both sides. Should the reply be negative, then kill the active session and connect again. So even if your CPEs are not aware of the fact that you've just killed all sessions on the server, the Local Address of your PPPoE server will cease to respond. And thus force a reconnect.

I'm assuming you can't set-up a PPPoE service backwards, from the NAS to the CPE? ... In fact the same script would need to be run any time the CPE reboots to create the PPPoE connection and make it available for any connection attempt ...

Not that I am aware of. One way that you can go about doing it though is if all your CPEs are Access Concentrators, and your NAS just dials into all those access concentrators. But if you think multiple sessions on client side was overcomplciating things, this would be insanity.

Killed at both ends. But if it's normally the client that does the killing by sending an accounting-stop terminate-session packet how do we do it with a script running at the server end? ie your script above kills the pppoe connection at the server end, but how does the client know it's been killed to terminate the session at its end?

Again, Radius only logs what's happening. It's not the Client that sends the Accounting-Stop packet to Radius - it's the Server, once it detects that the tunnel has terminated.
And the process of those packets being sent, runs automatically. You don't need to try and interfere with them. RADIUS reports on the network usage - it doesn't influence the network. (Aside of course from replying to Auth requests.) Once you kill the PPPoE tunnel on the server side, the server will immediately send an accounting stop packet to Radius, along with Terminate Cause.

When the Client wants to disconnect voluntarily, and the tunnel stops, the client does send some info to the PPPoE Access Concentrator saying "Hey dude, I'm gonna go now. Thanks a lot, see you later." But it is the Server that compiles the information into an Accounting packet, and in this case it would have Terminate Cause = User Request. Along with this will be the Uptime values, the Start-Time, the input-octets, output-octets and a whole host of other things. The server then sends this off to Radius, and Radius does it's logging thing. When you play with FreeRADIUS on Linux, these things become quite apparent.

Congratulations on the Rugby. Hope the hang-over isn't too big!

Thanks! I stopped drinking when the match started. Quite a nailbiting one. No big hangover. Cape Town was on fire last night! Was quite interesting.

I think the biggest piece of misunderstanding here is that one must realize that Radius runs Completely independent of your Mikrotik setup. My Radius server is sitting 140km from the closest network, in a different town, with a different provider, running FreeRADIUS on Linux Fedora.

Another point of clarification is when it comes to Uptime Limits or Usage Limits for hotspots.
Although Radius can tell Mikrotik that a user has 1 hour's uptime available, and can download 500mb, it is Mikrotik's responsibility to make sure that after 1 hour, or 500mb of downloads (whichever comes first) the user gets disconnected. Radius can't do that for you.

Does that help a little?

-K

krigevr · Sun Oct 21, 2007 11:38 pm

Howdy

I'm pleased to announce my latest version of my script.

This one has one script that is set to run Daily - You can set that up in Scheduler.
I call this one "Oversight".
It calls for a script to check if it is month-end. If it is, it triggers the Auto Billing E-mailer script.

If it is not month-end, it triggers the Usage Warnings E-mailer script, which will check if there are any users who need to be informed of their usage stats.

The previous versions of the Usage Stats e-mailer had the biggest problem that, if your usage is over a certain point, in this case 50%, it keeps E-mailing a report every time it runs. What I wanted is to just let it run once when the client has struck 50% or more, and not send another E-mail until the client has reached 75% or more.

If you want to have a look, here they are:

http://qnect.homeip.net/limited/oversight.txt
http://qnect.homeip.net/limited/billing.txt
http://qnect.homeip.net/limited/usagewarnings.txt
http://qnect.homeip.net/limited/monthend.txt

With these scripts, each user in UserManager must have:
first-name
last-name
pool-name
email

Plus a Comment filled in, formatted in the following manner:
AAAAABBBBCCDD

A = Invoice Number
B = Cap Size
C = Usage Warning Level Last Issued
D = Last Month that Invoice was Issued

I thought you might find this helpful. I'll be posting this on Wiki soon.
Plus I thought the UsageStats E-mailer will be particularly useful for you.

Enjoy!

-K

SweetSunday · Mon Oct 22, 2007 12:06 am

Does that help a little?

-K

Hugely, thank you, but I would query some of what you say.

Having played with FreeRadius on a PC with a little utility called NTRadPing running under Windows on another acting as a fake Radius client I have built some idea of how RADIUS works, and NTRadPing works with RouterOS too. However for me anyway it's far from clear in the MT documentation how far User-Manager is a full implementation of the radius protocol, what it doesn't do and what it does differently.

ie, and importantly, there's the cryptic statement in the manual page:

http://www.mikrotik.com/testdocs/ros/2. ... ent.php#.3

under the heading 'Connection Termination from RADIUS' which suggests (to me) that the MT implementation of Radius CAN terminate an accounting session on a NAS. It just doesn't tell you how. There is a command under /tool user-manager session = close-session which might do it, but I don't have a fully-functioning radius set-up to test it on - apart from my deployed network which I really don't want to start running experiments on.

IF 'close-session' run at the server causes it to send a 'Disconnect-Message' to the client, causing it to disconnect the user by terminating the pppoe session it would do the trick - except what happens if the user's CPE isn't switched on at the time the script is run amd message is due to be sent?

I'm also confused by what you said in an earlier post and the following line in:

http://wiki.mikrotik.com/wiki/User_Mana ... _and_users

ie "An active session is closed when the same router asks to start a new session with the same accounting-session-id." I'd assumed that after closing a session any new 'communication' from the CPE institutes a new session with a new session id. That certainly seems to be the case from the 1500+ sessions on my U-M router our eight subscribers have created in under a year! Why should the client want to start a 'new' session with an old id? And you said above that if the session is not terminated but the counters are re-set any new accounting sent by the client (which presumably includes a record of the whole session) is added to the server's 'memory' of the same info despite the fact the counters are reading zero!

I have toyed with running FreeRADIUS and MySQL on a remote server which the router/client reports to but that leaves me with the problem that I kicked this thread off with - actually using the information on MySQL and giving our subscribers easy self-access to their usage in 'real-time', without having to spend a fortune on ISP-type software. At the least the ability of RouterOS to send emails is a cheap and easy solution to this problem, but does force me to use a router and RouterOS as my main server.

Question - can the same router act as client and server? We've two APs each linking to a mountain-top relay that connects them to a DSL modem in a town 19km away. Each AP (an RB532) only has four 'permanent' connections and a couple of casuals, so they're hardly stressed. Currently User-manager is running on the Mountaintop box controlling the two APs as clients but I'm thinking of running a pppoe-server, radius client AND User-manager on each AP to look after its own half-dozen users using the email system. I guess this is almost a hot-spot situation, but the relationship between Hotspot, Radius, User-Manager and AAA gets so convoluted and incestuous in the MT scheme of things that trying to comprehend it threatens my fragile sanity.

Using your initial script as a seed - for which much thanks - I've developed a script that meets my requirements. Unfortunately although the 3.0's syntax painter can't find fault with it, it's marked as Invalid by the system. I'm going to put a few more hours on it but if I can't find the problem will start a thread on the scripting forum, as the proper place for it. However I still don't know how best to deal with the month-end terminate session start new one/reset-counters problem and any advice on that would be most appreciated.

krigevr · Mon Oct 22, 2007 12:49 am

under the heading 'Connection Termination from RADIUS' which suggests (to me) that the MT implementation of Radius CAN terminate an accounting session on a NAS. It just doesn't tell you how. There is a command under /tool user-manager session = close-session which might do it ...

Hmm. I'll look into that one. Radius can force an Accounting session to stop, but kill an actual connection? I'll need to try that.

IF 'close-session' run at the server causes it to send a 'Disconnect-Message' to the client, causing it to disconnect the user by terminating the pppoe session it would do the trick - except what happens if the user's CPE isn't switched on at the time the script is run amd message is due to be sent?

The objective of sending out such a message is to kill the PPPoE link. If the CPE on the other side is not on, the link is dead to begin with. What will happen is that the attempt will just fail/time-out. Whether this will halt your script - I'm not entirely sure. I know that if your E-mail outgoing server can't be reached when sending mails with scripts, it doesn't affect the operation of the rest of the script.

"An active session is closed when the same router asks to start a new session with the same accounting-session-id."

HUH?! Same accounting-session-id? OK now I'm confused too. I guess one must distinguish between (connection) session ID and Accounting session ID, since Connections and Accounting are two distinctly separate concepts in the Radius scheme of things.

I have toyed with running FreeRADIUS and MySQL on a remote server which the router/client reports to but that leaves me with the problem that I kicked this thread off with - actually using the information on MySQL and giving our subscribers easy self-access to their usage in 'real-time', without having to spend a fortune on ISP-type software.
At the least the ability of RouterOS to send emails is a cheap and easy solution to this problem, but does force me to use a router and RouterOS as my main server.

True, Mikrotik is an extremely cheap all-in-one.
In my setup, I have a few very crude PHP scripts to do user admin (including those that come with FreeRADIUS) which works fine.
I also wrote a PHP script that will allow users to go to a site (say http://usage.yourwisp.com) and log in with their user/pass and see a summary of their usage for this month.
So it can be done, for no money at all, if you have the time and patience to wrestle out a PHP script to do the same thing that an MT script will do.

Question - can the same router act as client and server?

I'm going to assume that what you mean here is to let your routerboard open a tunnel to a "superior" router/server in the network, but simultaneously have an access concentrator running for it's "inferior/subordinate" clients to connect to it. This can be done, yes.

...but I'm thinking of running a pppoe-server, radius client AND User-manager on each AP to look after its own half-dozen users using the email system.

I've started running one of my networks like this. The only crappy thing is that then you have to maintain several user managers instead of just one. Which isn't a trainsmash if you have only two or three user managers running on two or three routers...

However I still don't know how best to deal with the month-end terminate session start new one/reset-counters problem and any advice on that would be most appreciated.

Let me ponder that one in depth, and reply with a full-scale thought-through solution.
Right now my head hurts after writing my last script.
Sleeeeeep.

-K

SweetSunday · Mon Oct 22, 2007 6:50 am

G’day krigevr.

Hope the consequences of the rugby haven’t been too hard on the brain-cells.

Your previous post crossed with mine but I’ve plundered your ideas shamelessly and come up with a script that (fingers crossed!) works for me.

Our set-up is a lot less complex than yours. Our Trust buys a single monthly plan from our DSL provider and divides it among our trust members/subscribers for a fixed monthly data ration and unlimited time/max speed. If the Trust exceeds its plan-cap it has to pay for the excess MB’s so we have to recover it from the subscriber/s who exceeded their allowances, but purely at cost. If a subscriber exceeds his allowance but others come in under theirs, as usually happens, the Trust itself doesn’t go over its cap so the excess charges levied on the subscriber goes into the Repair and Replacement Fund (or Admin’s R&R fund!)

This script will be scheduled to run at perhaps 2.00am daily and is thus effectively a report up-to and including the previous day – which is somewhat coarse but enough for our situation.

If a user has exceeded his allowance or clocked up some more over his allowance since the last ‘excess’ email, but not if he gone quiet, he gets a statement of total usage plus a warning that he’s now paying an additional 3c. MB for the excess data over his subscription. Every ‘excess’ email is echoed to me as admin.

If a user hasn’t gone over his limit he just gets a usage email at 100 MB stages, which might mean at 4-5 day intervals or even more.

IF it’s the first of the month the emails are sent regardless of usage as they are effectively reports for the full preceding month and all are copied to me. Any with excess MBs record the fact. I would like to go further and use the emails as an Invoice for excess MBs but haven’t found a way to multiply the excess by $0.03 without either getting the digits in the wrong places vis-à-vis the decimal point or creating sums like $33.3333.

The end of the ‘First-of-the-Month’ tail also resets the counters and the flags, and this seems to work. Any subsequent accounting updates with the same session id are reported correctly by a user print command from a zero start but any attempt to use the ‘close session’ command brings the script to a screeching halt with a ‘session is not active’ complaint. I don’t yet know if this is enough.

I’ve attached the script below in its ‘test’ state with the emails commented out and a couple of :put statements for testing in the terminal. I’m sure there are a lot of things that could be done more elegantly and/or efficiently and there’s probably a horrible hole or two I haven’t fallen into yet. Please feel free to comment and/or improve.

Nb. The script utilises as archives or flags several fields in the /tool user-manager user database some of which are also accessible by the user via the User-man user web pages, so beware! Either use different fields or don’t give the User access to the router.

Ps. As this thread has become a fully-fledged scripting matter I’ve posted on the scripting forum drawing attention to it. Hopefully it might form the seed for something suitable for the Scripting Wiki.

[EDIT - THIS ALMOST WORKS, BUT RETURNS TWO 'EXCESS EMAILS' THE FIRST TIME THE USER GOES OVER HIS CAP. A DIFFERENT APPROACH WHICH SOLVES THIS WILL APPEAR BELOW SHORTLY!!!]

#define the required locals
:local clientname
:local cap
:local location
:local bytesin
:local Mbytesin
:local bytesout
:local Mbytesout
:local Mbytestotal
:local email
:local date
:local month
:local Oldmonth
:local day
:local oldMbytes
:local admail
:local climail
:local excess

# create 'global' locals
:set date [/system clock get date]
:set day [:pick [/system clock get date] 4 6]
:set month [:pick [/system clock get date] 0 3]
:set email [:resolve smtp.xtra.co.nz]
:set admail "admin@xxxx.net.nz"

# Scan each user record in User-Manager
/tool user-manager user
:foreach i in=[ /tool user-manager user find subscriber=admin] do={

# and set required values for each scan
:set Oldmonth [get $i pool-name]
:set oldMbytes [get $i group-name]
:set clientname [get $i last-name]
:set cap [get $i phone]
:set bytesin [get $i download-used]
:set Mbytesin ($bytesin / 1000000)
:set bytesout [get $i upload-used]
:set Mbytesout ($bytesout / 1000000)
:set Mbytestotal ($Mbytesin + $Mbytesout)
:set climail [get $i email]
:set location [get $i location]

:put $clientname

# if the user has exceeded his limit
:if ([$Mbytestotal] >= $cap) do={

# for the first time
:if ($location = "a") do={

# and if it isn't the first of the month
:if ($day > 01) do={

:put "excess cap email sent"
:put ...

# send a notification email
#/tool e-mail send to=$climail from=$admail server=$email subject="Limit exceeded" body="

#You have exceeded your subscribed data limit for the current month.

#Usage over your subscribed data limit is charged for \$0.03c per MB.

#Date: $date

#Subscriber: $clientname

#Downloaded: $Mbytesin MB

#Uploaded: $Mbytesout MB

#Total: $Mbytestotal MB

#Your monthly cap: $cap MB"

# with a copy to admin
#/tool e-mail send to=$admail from=$climail server=$email subject="Limit exceeded" body="

#$clientname has exceeded their subscribed data limit for the current month.

#Date: $date

#Downloaded: $Mbytesin MB

#Uploaded: $Mbytesout MB

#Total: $Mbytestotal MB

#Monthly cap: $cap MB"

# update the total MBs used so far
/tool user-manager user set $i group-name=$Mbytestotal

# and stop the standard 100MB step report going out
set $i location="b"

}}}

# if the user has exceeded his limit
:if ([$Mbytestotal] >= $cap) do={

# but only if he has clocked up more MBs since the last excess email
:if ([$Mbytestotal] > [$oldMbytes]) do={

# and if it isn't the first of the month
:if ($day > 01) do={

:put "excess cap email sent"
:put ...

# send another excess email
#/tool e-mail send to=$climail from=$admail server=$email subject="Limit exceeded" body="

#You have exceeded your subscribed data limit for the current month.

#Usage over your subscribed data limit is charged for \$0.03c per MB.

#Date: $date

#Subscriber: $clientname

#Downloaded: $Mbytesin MB

#Uploaded: $Mbytesout MB

#Total: $Mbytestotal MB

#Your monthly cap: $cap MB"

# and notification to admin
#/tool e-mail send to=$admail from=$climail server=$email subject="Limit exceeded" body="

#$clientname has exceeded their subscribed data limit for the current month.

#Date: $date

#Downloaded: $Mbytesin MB

#Uploaded: $Mbytesout MB

#Total: $Mbytestotal MB

#Monthly cap: $cap MB"

# update the total MBs used so far
/tool user-manager user set $i group-name= $Mbytestotal

}}}

# see if the user has clocked up 100Mb usage since the last email report
:if ([$Mbytestotal] >= ([$oldMbytes] + 99)) do={

#but not if he's already had an excess email
:if ([$Mbytestotal] < [$cap]) do={

# and it isn't the first of the month
:if ($day > 01) do={

:put "100MB step email sent"
:put ...

# send a usage update email to the client
#/tool e-mail send to=$climail from=$admail server=$email subject="Usage report" body="
#Data usage for the current month.

#Date: $date

#Subscriber: $clientname

#Downloaded: $Mbytesin MB

#Uploaded: $Mbytesout MB

#Total: $Mbytestotal MB

#Your monthly cap: $cap MB"

# update usage to date
/tool user-manager user set $i group-name=$Mbytestotal

}}}

# if it is the first of the month
:if ($day = 01) do={

# and the client has exceeded his limit
:if ([$Mbytestotal] >= $cap) do={

:set excess ($[Mbytestotal] – $cap]

:put "First of the month excess email sent"

#/tool e-mail send to=$climail from=$admail server=$email subject="Usage report" body="
#Data usage for $Oldmonth

#Date: $date

#Subscriber: $clientname

#Downloaded: $Mbytesin MB

#Uploaded: $Mbytesout MB

#Total: $Mbytestotal MB

#Your monthly cap: $cap MB

#You exceeded your monthly subscription by $excess MBs @ 3c."

# with a copy to accounts
#/tool e-mail send to=$admail from=$climail server=$email subject="Excess usage report" body="
#Data usage for $Oldmonth

#Date: $date

#Subscriber: $clientname

#Downloaded: $Mbytesin MB

#Uploaded: $Mbytesout MB

#Total: $Mbytestotal MB

#Monthly cap: $cap MB

#Excess MBs: $excess"

# cancel the excess flag
set $i location="a"

# but if he hasn't exceeded his limit
} else={

:put "First of the month report sent"

# send a standard usage report for the previous month
#/tool e-mail send to=$climail from=$admail server=$email subject="Usage report" body="
#Data usage for $Oldmonth

#Date: $date

#Subscriber: $clientname

#Downloaded: $Mbytesin MB

#Uploaded: $Mbytesout MB

#Total: $Mbytestotal MB

#Your monthly cap: $cap MB"

# with a copy to accounts
#/tool e-mail send to=admail from=climail server=$email subject="Usage report" body="
#Data usage for $Oldmonth

#Date: $date

#Subscriber: $clientname

#Downloaded: $Mbytesin MB

#Uploaded: $Mbytesout MB

#Total: $Mbytestotal MB

#Monthly cap: $cap MB"

}

:put "month end actions"

# close off the radius session for the previous month
#/tool user-manager session close-session $i

# reset the counters
/tool user-manager user reset-counters $i

# reset the Mbytestotal
/tool user-manager user set $i group-name=0

#change the month field to the current month
/tool user-manager user set $i pool-name=$month
}
}

SweetSunday · Mon Oct 22, 2007 11:36 am

I've been experimenting with the month-end re-set part of the script, and at the moment I'm baffled.

Running what I have in the script appears to simply re-set the up-time, upload and download fields to nil but the session remains active. As the client is presumably unaware of the 'reset-counters' run on the server it continues sending accounting updates with the same accounting-session id (?) and when I do it from NTRadPing, three times out of four the user field meekly and accurately accepts the updates from the zero re-set. Then one will respond to an update (recorded accurately and successfully in the log) with utter nonsense - up-time in the thousands of weeks and astronomical data use. It can't be simple addition. And I've no idea what triggers it. I guess it might be a bug in the NTRadPing application, but I've no way of testing that out.

I take the point that a 'reset-counters' might not reset the session accounting in some deeper and inaccessible database but if the user report database gives me what I want I'm happy with it.

I've looked at the 'close-session' command, which does terminate active sessions on the server and must communicate with the client to tell it to stop using that acct-session-id (?) otherwise it would be getting accounting updates it couldn't handle (unless this is a situation that causes a 'new' session with an old id?). However the command has to be directed at a register number in the '/tool user-man session print' list, and a 'close-session' command directed at an inactive session stops any script dead. I haven't found any way by script of identifying the register numbers of just the active sessions on the list and then issuing a 'close-session' command at them. Using the absence of a 'terminate-cause' field might be a crack into it but my brain's too fogged to follow it up now.

And even if I did where would I be then? Too late at night to keep on at this. I'm going to bed and hoping some Guardian Angel will point me the way overnight!

krigevr · Mon Oct 22, 2007 11:45 am

Running what I have in the script appears to simply re-set the up-time, upload and download fields to nil but the session remains active. As the client is presumably unaware of the 'reset-counters' run on the server it continues sending accounting updates with the same accounting-session id (?) and when I do it from NTRadPing, three times out of four the user field meekly and accurately accepts the updates from the zero re-set.

Correct. That is the dillemma which forces us to terminate the Connection session entirely, until one can find a way of forcing it to start a new Accounting session. As long as the Connection Session remains active, it will continue clocking up data, and will keep sending that data to Radius, regardless of what Radius' counters are. Connection session doesn't care, all it does is passing the data on to Radius. Connection session must be terminated in order to get the connection session's counters down to Zero as well.

Then one will respond to an update (recorded accurately and successfully in the log) with utter nonsense - up-time in the thousands of weeks and astronomical data use. It can't be simple addition. And I've no idea what triggers it. I guess it might be a bug in the NTRadPing application, but I've no way of testing that out.

Sounds like a bug yes, I've not seen anything like that happening here.

I've looked at the 'close-session' command, which does terminate active sessions on the server and must communicate with the client ... However the command has to be directed at a register number in the '/tool user-man session print' list, ... inactive session stops any script dead.

I'll take a stab at it.

And even if I did where would I be then? Too late at night to keep on at this. I'm going to bed and hoping some Guardian Angel will point me the way overnight!

Hahaha! I'm flattered.

Well I'm having the exact same problem here - I never even thought about that last one until you pointed it out. I'll have to amend my other scripts with this information too...
Lemme get started.

-K

krigevr · Mon Oct 22, 2007 12:36 pm

Here she is!

This script checks in /interface/pppoe-server for all users that are connected to a specified Service Name and pulls the Interface Name, then strips it down from
"<pppoe-UserName>" down to "UserName"

From here you can pull index values for this UserName from either /tool/user-manager/users,
or you can pull the index number of the last session for this user from ../sessions.

In the case of this script, I have done both -
You can adapt it to suit your needs.
But I think this is what you needed, yes?

I called this script Find.
http://qnect.homeip.net/limited/find.txt

Let me know how that works for you.

-K

SweetSunday · Tue Oct 23, 2007 7:16 am

Here she is!

Hmmm. I'm sure you're right, but it uses commands Mikrotik don't bother to declare in the manual so I'm afraid I can't follow it. [EDIT: It doesn't. My apologies, MT.] And as I don't have a pppoe server on my test-bench I can't see it in action anyway.

I think I've got there using a different tack - but only if your users are limited to one session as ours are; viz:-

:local name
:local sessname
:local lastseen
:local tilltime
:local count

:set count 0

/tool user-manager session

:foreach i in=[/tool user-manager session find subscriber=admin] do={

:set sessname [get $i user]
:set tilltime [get $i till-time]

/tool user-manager user

:foreach i in=[/tool user-manager user find subscriber=admin] do={

:set name [get $i name]
:set lastseen [get $i last-seen]

:if (([$sessname] = [$name]) && ([$lastseen] = [$tilltime])) do={

/tool user-manager session close-session $count}

}}

:set count ($count + 1)

}

I'm sure there's a better way of doing it than this, which is chronically resource-heavy as it means scanning the entire session list once for every user. Easiest would just be to pick out every entry in the session list with no 'terminate-cause' field but I'm damned if I can find a way to do it.

It should incorporate quite easily into the Mark 2 script I'm polishing, tho'.

I'm still not sure the 'close-session' command is required. I *think* the problems I've been having with my testbed probably came from errors in the RADIUS commands I was sending from my fake client. I have to change five fields in the radius packet every time and make sure the entries are contiguous, and that for five dummy users. I guess one error - of the type computers don't make! - could screw up the whole database.

Anyway, so far today a simple 'reset-counters' has done all I need with the records so I'm guessing that 'reset-counters' is Mikrotik shorthand to the server to close the session off but treat the next interim update from the client with the same id as the start of a new accounting session. Clearly the historical sessions are still there as they appear in the U-M web reports so the server must do some internal session re-numbering when a new one with the same id is triggered.

SweetSunday · Wed Oct 24, 2007 1:39 am

OK. The above script only works IF users are limited to only one connection (tick) AND they all have an active session (!tick). If any user has been de-activated by an idle-timeout and has not activated a new one ( a possible scenario at 2.00 am) the script tries to close a session that isn't open and goes on strike.

Finally stumbled across a simple script that pulls the numbers of live sessions from the user-manager session database:-

:local active
:local uname
:local count
:set count 0
/tool user-manager session
:foreach i in=[/tool user-manager session find subscriber=admin] do={
:set uname [get $i user]
:set active [get $i active]
:if ([$active] = true) do={
:put $uname
:put live
:put $count
}
:set count ($count + 1)
}

So am now in a position to trigger a 'close-session' on any active sessions before running the month-end part of the script, but I still haven't determined if a 'simple' reset-counters command suffices at the server end to start a fresh accounting period with the same accounting id at the start of the month without an accompanying 'close-session' command, or whether the 'close-session' command is required. Omitting the 'close-session' appears to work OK for a while and then the session-time, upload and download counters I'm using in /tool u-m user go loopy for no reason I can discover as the entries in /tool u-m session are correct and /tool u-m log discloses no error.

The MT manual on pppoe-server states:

"The default keepalive-timeout value of 10 is OK in most cases. If you set it to 0, the router will not disconnect clients until they log out or router is restarted. To resolve this problem, the one-session-per-host property can be used."

Currently our keepalive time-out is set to 10s but given that we have one-session-per-host anyway isn't the 'no disconnect' situation what I want? Triggering the 'close-session' script following the reporting at 2.00 am on the First of the Month would take me to a 'one-session-a-month' situation, which would mean that any time a user accessed his user-page he would see a nice neat list of whole month sessions with a single 'usage-for-the-month' figure, plus an up-to-date figure for the current month? Tah-Rah!

Seems too good to be true, which means it probably is!

krigevr · Wed Oct 24, 2007 11:16 am

Currently our keepalive time-out is set to 10s but given that we have one-session-per-host anyway isn't the 'no disconnect' situation what I want?

When there is an active session from UserName, and UserName for some reason gets disconnected, but the Connection session (and therefore also the Accounting session) remains active, should UserName connect again, the previous session will be automatically ended (both the connection session and the accounting session) before a completely new one is started.

The Keepalive Timeout is only a delay that you set for ping timeouts before connection gets terminated. If server pings client, client doesn't respond, server will keep pinging it as usual, but if the client doesn't respond within 10 seconds of last ping, the connection is terminated, along with it's accounting session.

The problem is that we're not in control of who disconnects when.
Like your one client who keeps turning his CPE off when he's not using it - There's just no way of getting one single accounting session for the month out of him.

Triggering the 'close-session' script following the reporting at 2.00 am on the First of the Month would take me to a 'one-session-a-month' situation ...

I don't follow. If there has been any disconnects happening in the month, you'll have more than one session.

How are you going to manage only a single Accounting session for the whole month, even if there are multiple connects/disconnects from a user?

Triggering the close session script will force an active connection to open a new accounting session at the beginning of the new month, which is what we want. But tomorrow that user turns his CPE off, connection is terminated, accounting session is terminated. The next day he turns it on - New connection, New accounting session. (Session number 2.) There's just no way of getting the second session to be 'recognised' as part of the first session.

So now that we are at least getting a new accounting session to be generated at the beginning of the month, are we sure that the counters within the active session is also going to be reset to Zero? Otherwise your interim update will log the data on those counters (incorrectly) on the new accounting sessions.

So many things *head hurt*

-K

SweetSunday · Wed Oct 24, 2007 11:45 pm

The Keepalive Timeout is only a delay that you set for ping timeouts before connection gets terminated. If server pings client, client doesn't respond, server will keep pinging it as usual, but if the client doesn't respond within 10 seconds of last ping, the connection is terminated, along with it's accounting session.

But if you set Keepalive-Timeout in the pppoe-server to 0s the server will never ping the client so even if the client is switched off the server sits there twiddling its thumbs with an open connection just waiting to hear from it? That's what I take the above quote from the manual to mean.

So OK, when our neurotic client switches his CPE on for a brief dose of microwave radiation it initiates a new pppoe session and so triggers a close-session and a new one at the server. But why does the CPE need to start a new session? Just because it needs an address for its pppoe-out interface? But my pppoe addresses don't come from a pool. They're static. Could I not just assign a static IP address to the CPE's pppoe-out interface so the client's first packet to a default IP address knows where to go, and when it arrives at the server it doesn't need any authentication. It just says, "Oh, there you are. Where've you been?" and passes it on as part of the already-existing session on that connection.

I guess there's a security risk of leaving a pppoe 'channel' open at the server with no connection on it, but you'd need to spoof the client's MAC address and know the security profile on the service to be able to use it. And if you don't have a "one-connection' limit on the service anyone can do that anyway?

Triggering the 'close-session' script following the reporting at 2.00 am on the First of the Month would take me to a 'one-session-a-month' situation ...
I don't follow. If there has been any disconnects happening in the month, you'll have more than one session.

With Keepalive-timeout (and Idle-timeout?) set to 0s 'disconnects' won't occur. The problem is 're-connects' triggering new pppoe sessions when the CPE re-boots. Is there no way of avoiding the need for the CPE to do that, but just get it to resume the session it was running when it shutdown?

Guess the Trust could make it condition of membership that all subscribers put their CPEs on UPS, and never switch them off!

How are you going to manage only a single Accounting session for the whole month, even if there are multiple connects/disconnects from a user?

Can't see the problem. Under our set-up all I need to know at the end of every month is whether the user stayed within the monthly data-cap he paid for or is liable to the Trust for any excess MB's over it. Having just one session per month makes that a lot easier than the present situation, where a list of sessions have to be totalled. It would also provide the most useful information for the user accessing his User-Man web-page - a record of usage month-by-month each in a single entry plus a up-to-date usage figure in the box for the current month.

So now that we are at least getting a new accounting session to be generated at the beginning of the month, are we sure that the counters within the active session is also going to be reset to Zero? Otherwise your interim update will log the data on those counters (incorrectly) on the new accounting sessions.

Yes. I'm still not sure what the 're-set counters' command in '/tool user-man user' does. Or even what the user entry under 'user print' displays. All our subscribers have 'sessions' going back to when the network was switched on last November but the user entry doesn't go back that far - from the 'uptime-used- figure. (They should all be 'permanently on'.) Yet neither does it record just the current one session each is allowed - the 'uptime-used' covers >12 'session' periods on the session list as does the up and downloads recorded.

And what effect does 'reset-counters' have on the current session? The 'user-man user' entry must be a separate ledger to the one the data for the current session is actually recorded on, else resetting the counters would wipe the record of all the previous detail of that session?

So many things *head hurt*
-K

Amen. And all so unnecessary, if MT would just produce some decent documentation for U-M.

krigevr · Thu Oct 25, 2007 12:35 pm

Keepalive Timeout: ...the server sits there twiddling its thumbs with an open connection just waiting to hear from it?

Yes. Pretty much.

But why does the CPE need to start a new session? Just because it needs an address for its pppoe-out interface? But my pppoe addresses don't come from a pool. They're static.

Well, it needs to fire up the interface, connect, identify itself and some such. This connection-ID will have it's own unique number. PPPoE runs on OSI Level 2, which is MAC/Hardware level. THe IP Address is assigned on top of that, which is OSI Level 3 - i.e. Routing. I understand what it is you're asking, but unfortionately, No. Won't work.

Could I not just assign a static IP address to the CPE's pppoe-out interface so the client's first packet to a default IP address knows where to go, and when it arrives at the server it doesn't need any authentication. It just says, "Oh, there you are. Where've you been?" and passes it on as part of the already-existing session on that connection.

Well, have you explored using IP/Router users instead of PPPoE users?
I think there might be a potential solution in there somewhere. I'll go read up on that, because that will solve a problem I have with accounting between Base Stations. I'm trying to map how much data is being pulled by each of my base stations. IP accouting will do that nicely.

I guess there's a security risk .. but you'd need to spoof the client's MAC address and know the security profile... And if you don't have a "one-connection' limit on the service anyone can do that anyway?

And User/Pass? Also someone trying to "hijack" an active connection will need to open his end of the tunnel first before attempting to send packets to your server. I'm not even sure that is possible. But I get what you're saying.

With Keepalive-timeout (and Idle-timeout?) set to 0s 'disconnects' won't occur. The problem is 're-connects' triggering new pppoe sessions when the CPE re-boots. Is there no way of avoiding the need for the CPE to do that, but just get it to resume the session it was running when it shutdown

Not to my knowledge. Perhaps a completely different protocol altogether.

Guess the Trust could make it condition of membership that all subscribers put their CPEs on UPS, and never switch them off!

*chuckle*
Well - It could still happen that you get signal interference or some other cause that can cause a disconnect. But that sounds like an idea.

I'm still not sure what the 're-set counters' command in '/tool user-man user' does.

It wipes the Uptime Used, Download Used and Upload Used fields to Zero.

...the 'uptime-used- figure. (They should all be 'permanently on'.)

That is just a total time of all sessions' connection uptime since the last Reset Counters. [/quote]

And what effect does 'reset-counters' have on the current session?

None whatsoever.

The 'user-man user' entry must be a separate ledger to the one the data for the current session is actually recorded on, else resetting the counters would wipe the record of all the previous detail of that session?

Correct. Userman-user is a Radius system that runs completely independent of the PPPoE-Server. PPPoE server relays it's information to the radius protocol, but the two remain very much separate entities, with their separate counters. The Current Active session data is recorded in the PPPoE-server, until the session ends, and PPPoE will relay the information to UserMan. The logs of the previous sessions (and interim updates of current session) are kept in the Userman system.

Hopefully that sheds just a little more light on it...

Okay, now time for me to ask for your help -
You say you run a couple of RB500 APs running PPPoE Server, and do all the Auths against a remote User Manager. How is it set up?

I've tried getting a Linux-Based PoPToP server to auth against User Manager with no luck.
I need to deploy it in my network ASAP. Can't run several Usermans, it's overcomplicating things. I'm administrating my entire network from a city about 2 hours' drive from my main network, so I prefer one central auth/accounting, preferrably in my office here in Cape Town.

Thanks!
-K

SweetSunday · Fri Oct 26, 2007 3:00 am

Well, have you explored using IP/Router users instead of PPPoE users?

No. Our network was set up by an expert in a flying visit which was all we could afford. I've spend most of the last year trying to work out what he did and why. However as it works I'm reluctant to interfere too deeply as getting him back to sort out my mess would wipe out our R&R fund and then some. I've never really understood why he used pppoe in the first place.

Hopefully that sheds just a little more light on it...

Yes. After I've read it carefully half-a-dozen times and had a good long think over a cup of coffee! Very many thanks.

Okay, now time for me to ask for your help -
You say you run a couple of RB500 APs running PPPoE Server, and do all the Auths against a remote User Manager. How is it set up?

Not sure exactly what you're asking or what you need to know so I'll give you everything that might be relevant in the hope you can find something useful in it.

Our 'gateway' connection to town (19km @ 5GHz) is on a hilltop but our users are spread between two valleys and most can't see the gateway. So each valley has its own AP the users in the valley connect to and each AP is connected to the 'gateway'. Users have RB112's as CPEs on their property and the two APs plus the 'gateway' are RB532s.

There are two WLANS (or, rather, a WLAN and a VLAN) running on every wireless interface.
The WLAN has a 10.0.0.0/16 address and are for local traffic across the network. Between the APs and the 'gateway' there is a WLAN for local traffic and a VLAN with a 10.100.x.x address which carries 'default' (non-intranet) traffic.

On the APs the user-side wireless interface carries a PPPoE service which dynamically sets up pppoe interfaces for connecting users. It gets its own 10.100.x.x address from the on-board PPP profile for the service and there is a ppp-user-IPaddress-pool available but users are in fact allocated static addresses in this range by their user-profile in user-manager.

The User-Manager package is running on the gateway machine and each AP is pointed to it in the 'RADIUS' tab in Winbox with service, the gateway's local address, radius secret, standard ports (182, 1813) selected and a timeout.

Each user's CPE has a permanent 'intranet' connection over the 10.0.0.0/16 link but the default 0.0.0.0/0 route is via the pppoe connection. Each user's CPE runs a pppoe client on the wireless interface with username & password pre-set.

So, presumably, when the user needs to use the default route and it isn't there the pppoe client on the CPE contacts the AP's pppoe-server for that service which passes the authentication request on to the 'gateway' as a standard RADIUS package. User-Manager running on the gateway accepts it and uses its U-M database to authenticate the user and replies with the user-CPE's pppoe-address which the AP passes back to the CPE. Thereafter the AP does the accounting for the pppoe session (we don't account local traffic) and sends standard accounting updates to User-Manager running on the gateway. To access the user database to change details or try to find out about usage I go to the gateway machine by web, using the User-Manager password rather than the RouterOS admin password, Winbox console or Putty as admin.

On each CPE. on the Winbox > PPP > SECRETS > AAA tab 'use radius' is not ticked but 'use accounting' is, with no 'interim update' set. Dunno what effect that has, if any, as there's no secret listed on the secrets tab and there wouldn't be as this isn't a radius client?

As far as I can tell the APs running the pppoe-server are pointed at User-Manager on the 'gateway' just as it would be to a RADIUS server such as FreeRADIUS running anywhere remote to it. User-Manager responds to the NTRadPing utility just as FreeRADIUS did when I had it on a Ubuntu server set-up as long as you're not using any RADIUS attribute that isn't in the Mikrotik RADIUS dictionary. The drawback with User-Manager rather than using FreeRADIUS/MySQL type set-up is that you don't have access to the databases but I know nothing of PHP so I'm really limited to the web-access U-M offers. I just wish it lent itself to our requirments!

Dunno if that helps, but hope it does. If I've omitted any vitally relevant information let me know and I'll dig it out. I don't even know what PoPToP is so can't offer any thoughts there.

It's been at the back of my mind for a while that PPPoE offers more than our situation needs, which is simply a way of restricting wireless access to legitimate unchanging and unlimited-time users and accounting for their Internet but not local traffic. I'll have a look at the other protocols and see what sense I can make of them!

Cheers.

krigevr · Fri Oct 26, 2007 9:13 am

A lot of information I don't need, but you answered my question, thanks a million!

So it's simpler than I thought to do it...

Just one more thing - What is written in the Address field of the Routers entryin /tool/user-manager/routers?

And how is /radius/incoming set up?

I just don't have a test-bench equipped to rig a test for that currently, so I'm gonna have to kinda' fly blind and just roll it out. But I have a good understanding of how it works, so if I screw up, I can fix it again quickly.

If you need help exploring IP accounting options, let me know.
I want to use it for my inter-base-station links, so I'm gonna delve into it as well.

Cheers!
-K

SweetSunday · Sat Oct 27, 2007 1:00 am

Just one more thing - What is written in the Address field of the Routers entryin /tool/user-manager/routers?

And how is /radius/incoming set up?

This is from the 'gateway' machine running User-manager:

[admin@Saddle-Low] tool user-manager router> print
Flags: X - disabled
0 subscriber=admin name="Saddle-High" ip-address=10.0.0.18
shared-secret="xxxxxxxxxxxx" log=auth-ok,auth-fail,acct-fail

1 subscriber=admin name="Mt-Kiwi" ip-address=10.0.0.34
shared-secret="xxxxxxxxxxx" log=auth-ok,auth-fail,acct-fail

[admin@Saddle-Low] radius> incoming[admin@Saddle-Low] radius incoming> print
accept: no
port: 1700
[admin@Saddle-Low] radius incoming>

Mt. Kiwi and Saddle High are the two APs reporting to it. The IP addresses given in the above are the (intranet) addresses of the AP's wireless interfaces connecting to the server.

If you need help exploring IP accounting options, let me know.
I want to use it for my inter-base-station links, so I'm gonna delve into it as well.

Cheers!
-K

Thanks. Did some reading in the IT manual yesterday but there seem to be so many ways of doing 'virtually' the same thing - PPPoE, EoIP, PPP, L2TP &etc - all no doubt with their peculiar pros and cons for specific situations I know nothing of - that it's hard to know where to start.

It's hard to imagine a simpler set-up than ours - only permanent subscribers allowed to join, from static CPEs with only one connection. Only one public gateway with just two isolated 'straight-line' sub-nets connecting to it. We need an intranet for community use which is free and 'simply' account traffic entering and leaving the gateway from/to the Internet on a per user basis. It's all domestic browsing and email traffic with nothing needing high security while 'war-driving' is not likely to be a problem out here so we only need a level of security that prevents accidental connections and dissuades 'casual' hacking. It worries me a bit that if I were to be mown down by a rampaging dairy cow tomorrow no-one else in the Trust would have the slightest idea how the network actually works, but in part that's because I don't fully understand it myself. I'm only too aware (now) that wireless networking can never be simple but I'm sure ours could be simpler than it is. NAT is currently being done by each subscriber's CPE but I had originally thought each CPE and the two APs would simply act as relays or 'bridges' for each subscriber's PC with AAA and NAT done at the gateway for non-intranet traffic only. However exercises like this one help me learn and maybe the day will come when I will feel confident enough to 'take the bull by the horns' and redesign the network.

Thanks for your help in that direction.

krigevr · Sat Oct 27, 2007 3:03 am

Thanks. Did some reading in the IT manual yesterday but there seem to be so many ways of doing 'virtually' the same thing - PPPoE, EoIP, PPP, L2TP &etc - all no doubt with their peculiar pros and cons for specific situations I know nothing of - that it's hard to know where to start.

Well I'm gonna do my own reading a bit, and I'll post my honest opinion about the different methods and their pros and cons, and also try and se which methid I believe will work beat in your setup. PPPoE is a pretty simple way of doing things to begin with. When you start fiddling with EoIP, you immediately need to consider an additional layer of the OSI model in the network design - namely Routing. (Layer 3)

But yea. I'll do some research.

... if I were to be mown down by a rampaging dairy cow tomorrow no-one else in the Trust would have the slightest idea how the network actually works...

Hahahaha! Funny. Well same here - I'm the only one who knows how my network works. If the dairy cow is on Speed or LSD and makes it across the Indian Ocean and bumps into me, well let's just say that my company will die with me.

By the way - I posted my entire Auto Billing thing on Wiki if you wanna check it out and study it a bit - complete with comments and the works.

http://wiki.mikrotik.com/wiki/AutomatedBilling

I hope I am not going to have a hangover in the morning - Have to go work on my network. Just got back from Friday Night Drinking. Can already feel the onslaught of a headache... Oy! But it was WORTH IT!!

*zzzZZZZ*

SweetSunday · Fri Dec 07, 2007 6:44 am

G'day Krigevr.

Have now come back to this after a short hiatus - rampaging cows not involved!

I've loaded three of your four scripts onto RouterOS 3.0rc6 on an i386 - oversight, monthend and usagewarnings, but the last two are marked as invalid for reasons that escape me.

In 'monthend' the script-painter halts at :global found 'global' is OK, 'found' is in a darker green and nothing of the script beyond that is painted.

In 'usagewarnings' the script paints up OK so I've no idea what is rendering it invalid.

Is the editor clever enough to know that I haven't yet defined the global variable 'found'? ie does it need to be 'kick-started' with a one-off statement such as :global found "false" before the script is accepted?

And in 'usage warnings' I haven't yet entered the 'comment's required in user-manager fields, and a few emails. If that isn't the problem I've no idea what is.

The head-banging continues.

ravi · Wed May 13, 2009 7:51 am

how can i send Disconnect-message to mikrotik from radiator?

Thu May 14, 2009 11:29 am

On the RouterOS you should enable
/radius incoming set accept=yes

All the other commands to send disconnect should be address to the RADIUS server.

Who is online