we are building a web front end for a internet access token management system that uses radius (freeradius) queried from a captive portal. Reason for building this part is the integration into the accounting and billing platform that operates behind the scenes (all other parts are currently available open source software)
The structure is fairly standard, and setting up the basic bits were easy enough (authentication, traffic updates from the captive portal, account expiry date/times) - but I seem to have run out of ability when it comes to limiting an account by traffic consumed.
So we can:
- set up usernames / passwords
- set expiry dates/times for a given user
- see the traffic for that user being accurately updated in RADACCT
But we can't figure out the correct way/attribute to expire a user when they have consumed X octets of traffic.
What attributes are used, or - maybe more accurately - what would be the correct way to use these attributes to limit an account to a certain volume of traffic?
Any links to documentation appreciated - freeradius documentation doesn't seem to address the issue directly, or I'm looking in the wrong place...
--mark
You need an architecture that includes a Radius Server that is RFC3576 compliant so it can send things like Change of Authority\Packet of Disconnect and your web app has to be able to handle these. The other thing you will have to have is send the relevant utilization data to the Radius server as it wont know what this is automatically, it has to get that data from the service that it's handling the authentication for either when the session is ended or by periodically updates accounting records.