[ previous ] [ next ] [ threads ]
 From:  "Jonathan De Graeve" <Jonathan dot De dot Graeve at imelda dot be>
 To:  "FreeRadius users mailing list" <freeradius dash users at lists dot freeradius dot org>
 Cc:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: access for 24 hours after first login?
 Date:  Thu, 6 Oct 2005 15:51:24 +0200
This is how I do this

Use SQLcounter module

Put this in sqlcounter.conf (expecting that sqlcounter is already
configged in the radiusd.conf)

sqlcounter validity {
                counter-name = All-Secs-Passed
                check-name = Max-Secs-Passed
                sqlmod-inst = sql
                key = User-Name
                reset = never
                query = "SELECT UNIX_TIMESTAMP() -
UNIX_TIMESTAMP(AcctStartTime) secs_passed_since_start FROM radacct WHERE
UserName = '%{%k}' LIMIT 1"

Create in the config dictionary file an attribute of Max-Secs-Passed

For example:
#ATTRIBUTE      My-Local-String         3000    string
#ATTRIBUTE      My-Local-IPAddr         3001    ipaddr
#ATTRIBUTE      My-Local-Integer        3002    integer
ATTRIBUTE	Max-Secs-Passed	3000 integer

In radiusd.conf:

Authorize {} section:

Put this: validity

The Max-Secs-Passed var is defined in seconds. So if you want a user
only to be able to logon in the first 24hours after his first logon,
Max-Secs-Passed should be set to 86400 (60secs * 60minutes * 24)

Hope this helps the question I think many people will have.

You could use other check or counter-names, its just an example....

You also could combine this with volume limits, max total session time

Kind Regards

Jonathan De Graeve
Network/System Administrator
Imelda vzw
Informatica Dienst
Jonathan dot de dot graeve at imelda dot be

-----Oorspronkelijk bericht-----
Van: freeradius dash users dash bounces at lists dot freeradius dot org
[mailto:freeradius dash users dash bounces at lists dot freeradius dot org] Namens Markus
Verzonden: donderdag 6 oktober 2005 12:57
Aan: freeradius dash users at lists dot freeradius dot org
Onderwerp: Re: access for 24 hours after first login?

Zitat von Alan DeKok <aland at ox dot org>:
> Markus Krause <krause at biochem dot mpg dot de> wrote:
> > i set up freeradius succesfully for authentification against pam and
> file
> > :-)
>   Please don't use "authentification".  It's "authentication".
sorry for my poor english, it's not my mother-tongue ...

> > now i want to enhance the functionality about the following feature:
> > setting up several predefined (guest) accounts with a generated
> and
> > password. this account should be valid from the first time it is
> (first
> > login)   for 24 hours (or even better until 23:59 that day).
>   rlm_counter.  Set it for 24 hours of access, and "reset=never".
i read about this, but does this not mean that the user has an online
time of 24
hours (or whatever i set in Max-All-Session-Time), so he can login until
he has
been active for 24 hours in sum?

thanks in advance for your help!

>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html

Markus Krause                           email: krause at biochem dot mpg dot de
Computing Center                        Tel.: 089 - 89 40 85 99
Group Lottspeich / Proteomics           Fax.: 089 - 89 40 85 98

     This message was sent using https://webmail.biochem.mpg.de
If you encounter any problems please report to rz dash linux at biochem dot mpg dot de

List info/subscribe/unsubscribe? See