On Sat, 29 May 2004, Dinesh Nair wrote:

> On Fri, 28 May 2004 14:49:36 +0100, Peter Curran wrote:
> >
> > (2=success, 3=fail).  I am currently playing around with an idea to
> > have the server send back a 'time' parameter that would establish the
> > maximum time the user could be connected without logging-in again.
> > The would
>
> this possibly could be done with RADIUS accounting packets being
> sent/received between the m0n0wall and the RADIUS host. i'm currently

RADIUS accounting does not support the above, i was confusing it with idle
timeouts (which are already there on m0n0wall. apologies for the
confusion.

however, while you can extend a RADIUS server to send a Reply-Message
attribute with a hard timeout as you suggest, this would mean that users
of this feature would also need to use a modified RADIUS server, and this
feature would not work with a stock RADIUS server.

what i am experimenting with is having the m0n0wall send a
Accounting-Request Start when the user successfully authenticates, and
sending an Accounting-Request Stop when the user logs out explicitly, or
is disconnected by the m0n0wall thru expiry of the idle or hard timeouts.
this would also necessitate a new page for the user to explicitly logout.

Regards,                           /\_/\   "All dogs go to heaven."
dinesh at alphaque dot com                (0 0)    http://www.alphaque.com/
+==========================----oOO--(_)--OOo----==========================+
| for a in past present future; do                                        |
|   for b in clients employers associates relatives neighbours pets; do   |
|   echo "The opinions here in no way reflect the opinions of my $a $b."  |
| done; done                                                              |
+=========================================================================+