1rlm_counter(5) FreeRADIUS Module rlm_counter(5)
2
3
4
6 rlm_counter - FreeRADIUS Module
7
9 The rlm_counter module provides a general framework to allow access
10 based on accumulated usage of a resource, such as total time online in
11 a given period, total data transferred in a given period, etc. This is
12 very useful in a 'Prepaid Service' situation, where a user has paid for
13 a finite amount of usage and should not be allowed to use more than
14 that service. Collection, monitoring, and replenishment of prepaid
15 services are beyond the scope of this module.
16
17 The main configuration items to be aware of are:
18
19 filename
20 The filename where the usage data is stored.
21
22 key An attribute which will be present in the Access-Request to be
23 used as the 'index' value for the counter. A counter entry is
24 tracked for each unique key. The most likely key you will want
25 to use is User-Name.
26
27 count-attribute
28 An attribute which will be used to increment the counter value.
29 If this attribute is Acct-Session-Time or an integer value the
30 counter data is incremented by the Attribute value. For all
31 other attribute types the counter is incremented by one.
32
33 reset How frequently the counter data should be set back to 0. Valid
34 values for this variable are: hourly, daily, weekly, monthly,
35 ornever Alternatively, it can be user defined, in the form:
36 num[hdwm]. num is a numeric value, followed by one or none of
37 the following letters. h: hours, d: days, w: weeks, m: months.
38
39 check-name
40 This defines an attribute name which will be registered by the
41 counter module and can be used to set the maximum allowed value
42 for the counter after which the user is rejected. If Daily-Ses‐
43 sion-Time is set, you can use the following syntax in the Users
44 file to set a cap of 3600 seconds ( 8 hours ):
45
46 DEFAULT Max-Daily-Session := 3600
47
48 reply-name
49 This is the name of the attribute which will contain the remain‐
50 ing value for the counter in the reply packet when the user is
51 successfully authorized. The default attribute name is "Session-
52 Timeout".
53
54 allowed-servicetype
55 This can be used to only apply the limitations to specific ser‐
56 vice types of sessions. For example, setting this to Framed-
57 User will only apply the counter module to Framed sessions,
58 excluding other types such as Telnet or Rlogin.
59
60 cache-size
61 The maximum size of the cache to be used by the module. The
62 default is 1000.
63
65 This module registers an attribute, so it should be added to the
66 instantiate section, to be called on server startup. When used in the
67 authorize section, it must come after any modules which set the 'check-
68 name' attribute.
69
71 instantiate, authorize, accounting
72
74 /etc/raddb/radiusd.conf
75
77 radiusd(8), radiusd.conf(5) rlm_sqlcounter(5)
78
80 Chris Parker, cparker@segv.org
81
82
83
84
85 13 March 2004 rlm_counter(5)