FREERADIUS WITH MIKROTIK – Part #1 – General Tip’s Click here to read more on FR tutorials …
Task:
Allow specific Users login in specific timings only using Login-Time module in freeradius using GROUPS rather than single entry for each user in radcheck table.
The requirement was raised by an OP whose bandwidth was idle in late night timings, therefore they wanted to introduce night packages for the sake of user attraction. In this guide i used morning time instead just for an example.
Example:
user zaib is a member of 8am8pm group and this groups should be able to login from 8am till 8pm all week.
Solution:
First make sure login modules is added in AUTHORIZE section in sites-enabled/default file.
TIP: in below section GROUP base approach is being used rather then individual user in radcheck section. To better understand what group does what, you better read this.
https://www.serveradminblog.com/2011/12/freeradius-install-howto-4-populating-tables/
Now add the user/group related entries in the appropriate tables. Like
Username entry
mysql> select * from radcheck; +----+----------+----------------------+----+----------------------+ | id | username | attribute | op | value | +----+----------+----------------------+----+----------------------+ | 1 | zaib | Cleartext-Password | := | zaib | +----+----------+----------------------+----+----------------------+
Add Group Check
mysql> select * from radgroupcheck; +----+-----------+------------+----+-------------+ | id | groupname | attribute | op | value | +----+-----------+------------+----+-------------+ | 1 | 8am8pm | Login-Time | := | Al0800-2000 | +----+-----------+------------+----+-------------+
Add Group Reply
mysql> select * from radgroupreply; +----+-----------+---------------------+----+--------------+ | id | groupname | attribute | op | value | +----+-----------+---------------------+----+--------------+ | 17 | 8am8pm | Login-Time | := | Al0800-2000 | +----+-----------+---------------------+----+--------------+
Add User in 8am8pm group
mysql> select * from radusergroup; +----+----------+-----------+----------+ | id | username | groupname | priority | +----+----------+-----------+----------+ | 3 | zaib | 8am8pm | 1 | +----+----------+-----------+----------+
Testing ….
Issue radclient command to see the reply from FR…
echo "User-Name = zaib, Password = zaib, Calling-Station-Id =00:0C:29:35:F8:2F" | radclient -s localhost:1812 auth testing123
OUTPUT:
Received response ID 195, code 3, length = 89 Reply-Message = "REJECT Reason: Calling Outside allowed timespan (Al0800-2000), zaib" Total approved auths: 0 Total denied auths: 1 Total lost auths: 0
Done.
Regard’s
Syed Jahanzaib
Syed Jahanzaib - Personal Blog to Share Knowledge ! 