A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:
Subscribestar or Patreon

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Man page of rlm_counter

rlm_counter

Section: FreeRADIUS Module (5)
Updated: 13 March 2004
Index of this MAN page

Back To MAN Pages From BackTrack 5 R1 Master List  

NAME

rlm_counter - FreeRADIUS Module  

DESCRIPTION

The rlm_counter module provides a general framework to allow access based on accumulated usage of a resource, such as total time online in a given period, total data transferred in a given period, etc. This is very useful in a 'Prepaid Service' situation, where a user has paid for a finite amount of usage and should not be allowed to use more than that service. Collection, monitoring, and replenishment of prepaid services are beyond the scope of this module.

The main configuration items to be aware of are:

filename
The filename where the usage data is stored.
key
An attribute which will be present in the Access-Request to be used as the 'index' value for the counter. A counter entry is tracked for each unique key. The most likely key you will want to use is User-Name.
count-attribute
An attribute which will be used to increment the counter value. If this attribute is Acct-Session-Time or an integer value the counter data is incremented by the Attribute value. For all other attribute types the counter is incremented by one.
reset
How frequently the counter data should be set back to 0. Valid values for this variable are: hourly, daily, weekly, monthly, ornever Alternatively, it can be user defined, in the form: num[hdwm]. num is a numeric value, followed by one or none of the following letters. h: hours, d: days, w: weeks, m: months.
check-name
This defines an attribute name which will be registered by the counter module and can be used to set the maximum allowed value for the counter after which the user is rejected. If Daily-Session-Time is set, you can use the following syntax in the Users file to set a cap of 3600 seconds ( 8 hours ): 


DEFAULT Max-Daily-Session := 3600

reply-name
This is the name of the attribute which will contain the remaining value for the counter in the reply packet when the user is successfully authorized. The default attribute name is "Session-Timeout".
allowed-servicetype
This can be used to only apply the limitations to specific service types of sessions. For example, setting this to Framed-User will only apply the counter module to Framed sessions, excluding other types such as Telnet or Rlogin.
cache-size
The maximum size of the cache to be used by the module. The default is 1000.
 

NOTES

This module registers an attribute, so it should be added to the instantiate section, to be called on server startup. When used in the authorize section, it must come after any modules which set the 'check-name' attribute.

 

SECTIONS

instantiate, authorize, accounting

 

FILES

/etc/raddb/radiusd.conf

 

SEE ALSO

radiusd(8), radiusd.conf(5) rlm_sqlcounter(5)  

AUTHOR

Chris Parker, cparker@segv.org

 

Index

NAME
DESCRIPTION
NOTES
SECTIONS
FILES
SEE ALSO
AUTHOR
This document was created by man2html, using the manual pages.
Time: 07:34:21 GMT, September 13, 2011

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast