sqlcounter and session-timeout

Markus Krause krause at biochem.mpg.de
Sat Nov 12 16:02:20 CET 2005 

hi all,

i have set up freeradius v1.0.5 with experimental modules on a sles 9 system. i
am storing the user information in a mysql db, which works. then i wanted to
set configure some "short term accounts" which are only valid for some days, to
be more exact: after the first usage of a username the account should be valid
until midnight (the same, following, .. days). testing with ntradping worked.
to achieve this i use the following in radiusd.conf, sqlcounter.conf and
dictionary:

+++++ radiusd.conf
authorize {
        preprocess
        eap
        files
        sql
        shorttermaccount
}
authenticate {
        eap
}
accounting {
        detail
        unix
        radutmp
        sql
}
----- (radiusd.conf)

+++++ sqlcounter.conf
sqlcounter shorttermaccount {
        counter-name = Short-Term-Account
        check-name = Max-Days-Passed
        sqlmod-inst = sql
        key = User-Name
        reset = never
        query = "SELECT TO_DAYS( NOW() ) - TO_DAYS( AcctStartTime ) FROM radacct
 WHERE UserName = '%{%k}' LIMIT 1;"
}
----- (sqlcounter.conf)

+++++ dictionary
ATTRIBUTE       Max-Days-Passed         3000    integer
----- (dictionary)

in the mysql db i have:
+++++ mysql output
mysql> select * from radcheck;
+----+----------+-----------------+----+----------+
| id | UserName | Attribute       | op | Value    |
+----+----------+-----------------+----+----------+
|  6 | guest2   | Password        | := | secret99 |
|  7 | guest2   | Max-Days-Passed | := | 1        |
+----+----------+-----------------+----+----------+
----- (mysql output)

testing with ntradping shows access-accept (unil midnight after first
accounting).
but when using an ironpoint 200 ap i run into the following problem: the reply
message contains "Session-Timeout := 1" which is (as it seems) sent by
sqlcounter, which means the client (a windows xp sp2 with intel pro 2200bg)
reconnects every second!!

i already tried to enter the user "guest2" in mysql in the table "radreply":
++++ mysql output:
mysql> select * from radreply;
+----+----------+-----------------+----+-------+------+
| id | UserName | Attribute       | op | Value | prio |
+----+----------+-----------------+----+-------+------+
|  1 | guest2   | Session-Timeout | := | 600   |    1 |
+----+----------+-----------------+----+-------+------+
1 row in set (0.00 sec)
----- (mysql output)

but this only affects user which have no attribute "Max-Days-Passed"...

how can i override the value of session-timeout, lets say for 10 minutes (i dont
care if a user can stay connected until 0:10) ??

thanks in advance for any hints!!

 with best regards,

    markus


--
Markus Krause                           email: krause at biochem.mpg.de
Computing Center                        Tel.: 089 - 89 40 85 99
Group Lottspeich / Proteomics           Fax.: 089 - 89 40 85 98

---------------------------------------------------------------------
     This message was sent using https://webmail.biochem.mpg.de
If you encounter any problems please report to rz-linux at biochem.mpg.de

More information about the Freeradius-Users mailing list