Академический Документы
Профессиональный Документы
Культура Документы
=======================
-------------------------------------------------------------
The system to host the daloRADIUS virtual machine could be almost any system, but the main
system currently is powered by Virtual Box on top of a Lubuntu installation. Only a few
additional changes are required:
ln -s backups ../Documents/
---------------------------
After starting the VM and (re-) configure the network interface (typically a static IP in the
'server subnet') the Web UI is accessible through the network.
Create user groups as required Users, Guests, Leadership, XYZ-open-for-today (note that these
names are part of some automated scripts, so do not simply change them here). For each of
these groups the following reply or check attributes can be added to determine the
characteristics of the group Possible RADIUS attributes for each group: CS-Output-Octets-
Daily, CS-Intput-Octets-Daily, CS-Output-Octets-Weekly, CS-Input-Octets-Weekly, Session-
Timeout, Lucent-Max-Shared-Users, WISpr-Max-Down (pending exact name), WISpr-MaxUp
(pending exact name)
SSH into the system and run 'dpkg-reconfigure tzdata' from command line as root and set phone
Deactivate /etc/cron.d/cron-apt in cron (to avoid system load while checking for updates)
Modify /etc/freeradius/sites-enabled/default as follows:
if ("%{check:Lucent-Max-Shared-Users}") {
update reply {
Reply-Message := "Too many users - please try again later (%{sql:select count(*) from radacct
where acctstoptime is null and username in (select username from radusergroup where
groupname in (select groupname from radusergroup where username='%{User-Name}'))} of
%{check:Lucent-Max-Shared-Users})"
reject
update control {
update reply {
reject
}
update control {
captiveportal-disconnect-user
}
add to /etc/freeradius/modules/exec
exec captiveportal-disconnect-user {
wait = no
input_pairs = request
shell_escape = yes
output = none
xian
integer
:=
check
Manual configs
--------------
cd /home
`day_beg` datetime,
`work_beg` datetime,
`work_end` datetime,
`day_end` datetime,
crontab
59 23 * * * /home/pfSensePortal/daloradius-accounting/reset-groups-open-for-today.sh
5 0 * * * /home/pfSensePortal/daloradius-accounting/accounting-snapshot-beg-of-day.sh
0 7 * * 1-5 /home/pfSensePortal/daloradius-accounting/accounting-snapshot-beg-of-work.sh
conditional accounting
enabling/disabling captive portal accounting together with kicking out all sessions seems to do
the trick. it however terminates all active sessions and connections. in case someone would like
to work around this, these are potential places to look at
https://doc.pfsense.org/index.php/Captive_Portal_Troubleshooting
https://github.com/pfsense/pfsense/blob/27c2e32e28f871adf036b666e8e3ae1bf54ea7a2/etc/inc/
captiveportal.inc
https://github.com/pfsense/pfsense/blob/9775c69d65dd629f29bf3daa0b1efa277719f0d0/usr/loc
al/captiveportal/radius_accounting.inc
https://github.com/pfsense/pfsense/search?utf8=%E2%9C%93&q=pfSense_ipfw_getTablestats
http://www.netexpertise.eu/en/freeradius/daily-accounting.html
------------------------------------
mac: username
name: lastnames
email: email
initial_ip: state
owner: company
hostname: address
mac_vendor: city
registration_date: creation_date
Avoid running freeradius -X from the command line. it will permanently crash the free radius
installation as it seems to activate an additional set of config files which will fail as a default
(mainly EAP). Better increase the logging level by adding this line to
/etc/freeradius/radiusd.conf: "debug_level = 2". Run '/etc/init.d/freeradius force-reload' to re-
apply config changes