1 # This module is an SQL enabled version of the counter module.
3 # Rather than maintaining seperate (GDBM) databases of accounting info
4 # for each counter, this module uses the data stored in the raddacct
5 # table by the sql modules. This module NEVER does any database
6 # INSERTs or UPDATEs. It is totally dependent on the SQL module
7 # to process Accounting packets.
9 # The 'sqlmod_inst' parameter holds the instance of the sql module to use
10 # when querying the SQL database. Normally it is just "sql".
11 # If you define more and one SQL module instance
12 # (usually for failover situations), you can specify which module
13 # has access to the Accounting Data (radacct table).
15 # The 'reset' parameter defines when the counters are all reset to
16 # zero. It can be hourly, daily, weekly, monthly or never.
17 # It can also be user defined. It should be of the form:
19 # h: hours, d: days, w: weeks, m: months
20 # If the letter is ommited days will be assumed. In example:
21 # reset = 10h (reset every 10 hours)
22 # reset = 12 (reset every 12 days)
24 # The 'key' parameter specifies the unique identifier for the counters
25 # records (usually 'User-Name').
27 # The 'query' parameter specifies the SQL query used to get the
28 # current Counter value from the database. There are 3 parameters
29 # that can be used in the query:
31 # %b unix time value of beginning of reset period
32 # %e unix time value of end of reset period
34 # The 'check-name' parameter is the name of the 'check' attribute to use to access
35 # the counter in the 'users' file or SQL radcheck or radcheckgroup
38 # DEFAULT Max-Daily-Session > 3600, Auth-Type = Reject
39 # Reply-Message = "You've used up more than one hour today"
42 sqlcounter dailycounter {
43 counter-name = Daily-Session-Time
44 check-name = Max-Daily-Session
49 # This query properly handles calls that span from the previous reset period
50 # into the current period but involves more work for the SQL server than those below
51 query = "SELECT SUM(AcctSessionTime - GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'"
53 # This query ignores calls that started in a previous reset period and
54 # continue into into this one. But it is a little easier on the SQL server
55 # query = "SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='%{%k}' AND AcctStartTime > FROM_UNIXTIME('%b')"
57 # This query is the same as above, but demonstrates an additional
58 # counter parameter '%e' which is the timestamp for the end of the period
59 # query = "SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='%{%k}' AND AcctStartTime BETWEEN FROM_UNIXTIME('%b') AND FROM_UNIXTIME('%e')"
62 sqlcounter monthlycounter {
63 counter-name = Monthly-Session-Time
64 check-name = Max-Monthly-Session
69 # This query properly handles calls that span from the previous reset period
70 # into the current period but involves more work for the SQL server than those below
71 query = "SELECT SUM(AcctSessionTime - GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'"
73 # This query ignores calls that started in a previous reset period and
74 # continue into into this one. But it is a little easier on the SQL server
75 # query = "SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='%{%k}' AND AcctStartTime > FROM_UNIXTIME('%b')"
77 # This query is the same as above, but demonstrates an additional
78 # counter parameter '%e' which is the timestamp for the end of the period
79 # query = "SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='%{%k}' AND AcctStartTime BETWEEN FROM_UNIXTIME('%b') AND FROM_UNIXTIME('%e')"
83 # Authorization. First preprocess (hints and huntgroups files),
84 # then realms, and finally look in the "users" file.
85 # The order of the realm modules will determine the order that
86 # we try to find a matching realm.
87 # Make *sure* that 'preprocess' comes before any realm if you
88 # need to setup hints for the remote radius server
127 # This section lists which modules are available for authentication.
128 # Note that it does NOT mean 'try each module in order'. It means
129 # that you have to have a module from the 'authorize' section add
130 # a configuration attribute 'Auth-Type := FOO'. That authentication type
131 # is then used to pick the apropriate module from the list below.
142 # Pre-accounting. Look for proxy realm in order of realms, then
143 # acct_users file, then preprocess (hints file).
151 # Accounting. Log to detail file, and to the radwtmp file, and maintain
164 # Session database, used for checking Simultaneous-Use. The radutmp module