FREERADIUS WITH MIKROTIK – Part #1 – General Tip’s Click here to read more on FR tutorials …
Task:
Allow specific Users login in specific timings only using Login-Time
module in freeradius using GROUPS
rather than single entry for each user in radcheck table.
The requirement was raised by an OP whose bandwidth was idle in late night timings, therefore they wanted to introduce night packages for the sake of user attraction. In this guide i used morning time instead just for an example.
Example:
user zaib
is a member of 8am8pm
group and this groups should be able to login from 8am
till 8pm
all week.
Solution:
First make sure login modules is added in AUTHORIZE
section in sites-enabled/default
file.
TIP: in below section GROUP base approach is being used rather then individual user in radcheck section. To better understand what group does what, you better read this.
https://www.serveradminblog.com/2011/12/freeradius-install-howto-4-populating-tables/
Now add the user/group
related entries in the appropriate tables. Like
Username entry
mysql> select * from radcheck; +----+----------+----------------------+----+----------------------+ | id | username | attribute | op | value | +----+----------+----------------------+----+----------------------+ | 1 | zaib | Cleartext-Password | := | zaib | +----+----------+----------------------+----+----------------------+
Add Group Check
mysql> select * from radgroupcheck; +----+-----------+------------+----+-------------+ | id | groupname | attribute | op | value | +----+-----------+------------+----+-------------+ | 1 | 8am8pm | Login-Time | := | Al0800-2000 | +----+-----------+------------+----+-------------+
Add Group Reply
mysql> select * from radgroupreply; +----+-----------+---------------------+----+--------------+ | id | groupname | attribute | op | value | +----+-----------+---------------------+----+--------------+ | 17 | 8am8pm | Login-Time | := | Al0800-2000 | +----+-----------+---------------------+----+--------------+
Add User in 8am8pm group
mysql> select * from radusergroup; +----+----------+-----------+----------+ | id | username | groupname | priority | +----+----------+-----------+----------+ | 3 | zaib | 8am8pm | 1 | +----+----------+-----------+----------+
Testing ….
Issue radclient command to see the reply from FR…
echo "User-Name = zaib, Password = zaib, Calling-Station-Id =00:0C:29:35:F8:2F" | radclient -s localhost:1812 auth testing123
OUTPUT:
Received response ID 195, code 3, length = 89 Reply-Message = "REJECT Reason: Calling Outside allowed timespan (Al0800-2000), zaib" Total approved auths: 0 Total denied auths: 1 Total lost auths: 0
Done.
Regard’s
Syed Jahanzaib