Chetan Gaonker | 7f4bf74 | 2016-05-04 15:56:08 -0700 | [diff] [blame] | 1 | # -*- text -*- |
| 2 | # |
| 3 | # $Id: a5ac1e60ef117a2c59ace1a9d061d8f70d1da538 $ |
| 4 | |
| 5 | # counter module: |
| 6 | # This module takes an attribute (count-attribute). |
| 7 | # It also takes a key, and creates a counter for each unique |
| 8 | # key. The count is incremented when accounting packets are |
| 9 | # received by the server. The value of the increment depends |
| 10 | # on the attribute type. |
| 11 | # If the attribute is Acct-Session-Time or of an integer type we add |
| 12 | # the value of the attribute. If it is anything else we increase the |
| 13 | # counter by one. |
| 14 | # |
| 15 | # The 'reset' parameter defines when the counters are all reset to |
| 16 | # zero. It can be hourly, daily, weekly, monthly or never. |
| 17 | # |
| 18 | # hourly: Reset on 00:00 of every hour |
| 19 | # daily: Reset on 00:00:00 every day |
| 20 | # weekly: Reset on 00:00:00 on sunday |
| 21 | # monthly: Reset on 00:00:00 of the first day of each month |
| 22 | # |
| 23 | # It can also be user defined. It should be of the form: |
| 24 | # num[hdwm] where: |
| 25 | # h: hours, d: days, w: weeks, m: months |
| 26 | # If the letter is omitted days will be assumed. In example: |
| 27 | # reset = 10h (reset every 10 hours) |
| 28 | # reset = 12 (reset every 12 days) |
| 29 | # |
| 30 | # |
| 31 | # The check_name attribute defines an attribute which will be |
| 32 | # registered by the counter module and can be used to set the |
| 33 | # maximum allowed value for the counter after which the user |
| 34 | # is rejected. |
| 35 | # Something like: |
| 36 | # |
| 37 | # DEFAULT Max-Daily-Session := 36000 |
| 38 | # Fall-Through = 1 |
| 39 | # |
| 40 | # You should add the counter module in the instantiate |
| 41 | # section so that it registers check_name before the files |
| 42 | # module reads the users file. |
| 43 | # |
| 44 | # If check_name is set and the user is to be rejected then we |
| 45 | # send back a Reply-Message and we log a Failure-Message in |
| 46 | # the radius.log |
| 47 | # |
| 48 | # If the count attribute is Acct-Session-Time then on each |
| 49 | # login we send back the remaining online time as a |
| 50 | # Session-Timeout attribute ELSE and if the reply_name is |
| 51 | # set, we send back that attribute. The reply_name attribute |
| 52 | # MUST be of an integer type. |
| 53 | # |
| 54 | # The counter-name can also be used instead of using the check_name |
| 55 | # like below: |
| 56 | # |
| 57 | # DEFAULT Daily-Session-Time > 3600, Auth-Type = Reject |
| 58 | # Reply-Message = "You've used up more than one hour today" |
| 59 | # |
| 60 | # The allowed_service_type attribute can be used to only take |
| 61 | # into account specific sessions. For example if a user first |
| 62 | # logs in through a login menu and then selects ppp there will |
| 63 | # be two sessions. One for Login-User and one for Framed-User |
| 64 | # service type. We only need to take into account the second one. |
| 65 | # |
| 66 | # The module should be added in the instantiate, authorize and |
| 67 | # accounting sections. Make sure that in the authorize |
| 68 | # section it comes after any module which sets the |
| 69 | # 'check_name' attribute. |
| 70 | # |
| 71 | counter daily { |
| 72 | filename = ${db_dir}/db.daily |
| 73 | key = User-Name |
| 74 | count_attribute = Acct-Session-Time |
| 75 | reset = daily |
| 76 | counter_name = Daily-Session-Time |
| 77 | check_name = Max-Daily-Session |
| 78 | reply_name = Session-Timeout |
| 79 | allowed_service_type = Framed-User |
| 80 | cache_size = 5000 |
| 81 | } |
| 82 | |