Differences

This shows you the differences between two versions of the page.

--- radiusdesk:profiles:fup [2023/01/02 12:58]
admin
+++ radiusdesk:profiles:fup [2023/01/02 13:59] (current)
admin [Introduction]
@@ Line 2: / Line 2: @@
 ===== Introduction =====
   * From January 2023 RADIUSdesk now also includes a powerful FUP package.
-  * We worked with our clients to come up with a innovative and flexible implementation that packs a punch.
+  * We worked with our clients to come up with an innovative and flexible implementation that packs a punch.
   * This document will start with a high level discussion about the various FUP requirements met with this implementation.
   * It will then go on to do a hands-on FUP profile.
@@ Line 51: / Line 51: @@
     * This essentially means the strictest component's action will be applied.
-===== Important Points on FUP =====
+===== Important points on FUP =====
-  * For FUP to work correct there are a few items which has to be in place and work.
+  * For FUP to work correct there are two important items which has to be in place and work.
 ==== Timezone setting on RADIUS Client ====
   * To determine the exact start of day, week or month the timezone that a RADIUS Client is deployed in needs to be specified.
@@ Line 60: / Line 60: @@
   * In order for the system to detect and activate an FUP restriction it needs to disconnect an active session of a user.
   * The RADIUS Client should then re-authenticate the client where the restriction will be applied. (This is standard procedure for PPPoE connections)
+===== Nuts and bolts of FUP =====
+  * This section will be for the readers that likes to know how everything works and fits together.
+  * When you use the FUP editor for a RADIUS Profile a few things happens behind the scenes.
+  * The system creates a Profile Component with naming the convention starting with **FupAdd_<profile_id>** and adds this Profile Component to the Profile.
+  * This Profile Component contains one or more of the following FreeRADIUS custom check attributes.
+<code bash>
+ATTRIBUTE Rd-Fup-Bw-Up          3166 integer
+ATTRIBUTE Rd-Fup-Bw-Down        3167 integer
+ATTRIBUTE Rd-Fup-Comp-Count     3168 integer
+ATTRIBUTE Rd-Fup-Profile-Id     3169 integer
+ATTRIBUTE Rd-Fup-Burst-Limit    3170 integer
+ATTRIBUTE Rd-Fup-Burst-Time     3171 integer
+ATTRIBUTE Rd-Fup-Burst-Threshold 3172 integer
+ATTRIBUTE Rd-Fup-Ip-Pool        3173 string
+</code>
+  * FreeRADIUS is configured to use a combination of **unlang** and a Perl module to formulate the reply to an Access Request that a RADIUS Client will sent to the FreeRADIUS server.
+  * The Perl module will look for any entries in the **profile_fup_components** DB table that is associated with the RADIUS Profile.
+  * It will then try and determine which restriction to apply, if any.
+  * The Perl module can be found in ///etc/freeradius/3.0/mods-config/perl/fup.pl//
+  * It connects to the database and the credentials to connect with to the database is also specified inside this file.
+  * Should there a FUP component to be applied to a user, we will keep track of it in the **applied_fup_components** table.
+  * We then run a cron script **cd /var/www/html/cake4/rd_cake && bin/cake fup** that will compare the applied FUP component with the current active FUP component.
+  * If they are different we send a disconnect request to all the RADIUS Clients for that username (All the RADIUS Clients where the user might be connected to)
+  * This should initiate a re-authentication which will bring the applied FUP component in sync with the current active FUP component.

RADIUSdesk

Page Tools

Site Tools

User Tools

Differences