User-accounts do not expire in time...

Evert evert at poboxes.info
Thu Nov 22 11:03:39 CET 2007 

Thanks! :-)

I will implement your solution as soon as my schedule allows me. :-)


Regards,
	Evert




tnt at kalik.co.yu wrote:
> No, that's not what you have set up. If user uses several sessions he
> will be able to use up 24 hours of online time over several
> days/weeks/months/years.
> 
> Your requirement: "I have users in my system who are supposed to be able
> to logon as much as they want, in a period of 24 hours starting from 
> their 1st logon."
> 
> Exact solution: Run a logon script that adds Expiration attribute set 24
> hours from now() if one does not exist in users profile.
> 
> Ivan Kalik
> Kalik Informatika ISP
> 
> 
> Dana 21/11/2007, "Evert" <evert at poboxes.info> piše:
> 
>> >From this location I have no direct access to the NAS in question at the moment, so that
>> will have to wait a bit.
>>
>> But what about my comment that the user should not get a 'Login OK' but a 'Invalid user
>> (rlm_sqlcounter: Maximum never usage time reached)' as soon as 24 hours have passed and he
>> tries to log in again...?
>> Am I wrong there?
>>
>>
>> Regards,
>> 	Evert
>>
>> liran tal wrote:
>>> How about checking Alan's comment on whether your NAS
>>> is actually sending accounting information or not?
>>>
>>>
>>> Regards,
>>> Liran.
>>>
>>>
>>> On Nov 21, 2007 2:12 PM, Evert <evert at poboxes.info> wrote:
>>>> There is indeed a record in the usergroup-table with
>>>> UserName= ofjyc5
>>>> GroupName= 24hours
>>>>
>>>> ;-)
>>>>
>>>>
>>>> Regards,
>>>>         Evert
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> liran tal wrote:
>>>>> Hopefully you didn't forget to set the user-group mapping in usergroup
>>>>> table, right?
>>>>>
>>>>>
>>>>> Regards,
>>>>> Liran.
>>>>>
>>>>> On Nov 21, 2007 1:01 PM, Evert <evert at poboxes.info> wrote:
>>>>>> Alan DeKok wrote:
>>>>>>> Evert wrote:
>>>>>>>> I have users in my system who are supposed to be able to logon as much as they want, in a
>>>>>>>> period of 24 hours starting from  their 1st logon.
>>>>>>> ...
>>>>>>>> however, a user who is a member of the 24hours group is able to log on longer than the
>>>>>>>> 24hours period:
>>>>>>>   Is the server receiving accounting packets?
>>>>>>>
>>>>>>>   The fact that a user received an Access-Accept doesn't mean they
>>>>>>> succeeded in logging in.  The NAS may have rebooted, they may have hung
>>>>>>> up, the Access-Accept could have been lost, etc.
>>>>>>>
>>>>>>>   The server knows (and accounts for) the user logging in only when it
>>>>>>> receives an Accounting-Request packet.  The accounting packets are also
>>>>>>> used to determine how long the user was logged in for.
>>>>>> Provided both the server and the NAS have not rebooted in the mean time, shouldn't the
>>>>>> server send a 'Maximum never usage time reached', based on the rules in sqlcounter.conf,
>>>>>> accounting packets or not?
>>>>>>
>>>>>> How long the user has been logged on in the 24-hour period is not really relevant in my
>>>>>> case. All I need is that when the user tries to log in again > 24 hours after 1st logon
>>>>>> (based on AcctStartTime) he gets a 'Maximum never usage time reached'.
>>>>>>
>>>>>>
>>>>>>
>>>>>> (I'll have to check on the accounting packets. Not sure about them)
>>>>>>
>>>>>>
>>>>>> Regards,
>>>>>>         Evert
>>>>>>
>> -
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>>
>>
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>

More information about the Freeradius-Users mailing list