expired user accounts between two dates

Ana Gallardo ana.gallardo.77 at gmail.com
Wed Jun 2 10:30:29 CEST 2010 

Hello,

I'm working around that and I my solution isn't ok, so I need help.


> As you already may know the expiration module only works for expiration
> date.
>

yes


>
> When I had this need (a long time ago and with FR1) I just did the
> following:
>
> * I added a new personnal/local attribute in /etc./raddb/dictionnary
> ATTRIBUTE       My-Local-Date   3000    string
> * setup the "hint" module to add the Date for incomming requests:
> DEFAULT NAS-IP-ADDRESS == 192.168.1.4
>        My-Local-Date = `%D`
>
> * Then I use the local attribute to check the date (for instance if you use
> the rlm_sql module):
> mysql> select UserName,Attribute,op,Value from radcheck where
> UserName='myloginname';
> +-----------------+--------------------+----+--------------------+
> | UserName        | Attribute          | op | Value              |
> +-----------------+--------------------+----+--------------------+
> | myloginname     | NAS-IP-Address     | =~ | 192.168.1.[4]{1}   |
> | myloginname     | My-Local-Date      | <= | 20090731           |
> | myloginname     | My-Local-Date      | >= | 20090526           |
> | myloginname     | Login-Time         | := | Wk0700-2200        |
> | myloginname     | Cleartext-Password | := | THEPASS            |
> +-----------------+--------------------+----+--------------------+
> 5 rows in set (0.00 sec)
>
>
I do something similar, but doesn't work.

--> /etc/freeradius/sites-enable/default

authorize {
        switch "%{Realm}" {
                case 'temp.xxx.es' {
                        update request {
                                Expiration-Init := "%D"
                        }
                        sql
                   }

--> MYSQL

mysql> select * from radcheck where username ="prueba";
+-----+----------+--------------------+----+-------------+
| id  | username | attribute          | op | value       |
+-----+----------+--------------------+----+-------------+
| 228 | prueba   | Cleartext-Password | := | prueba      |
| 227 | prueba   | Expiration         | := | 10 Jun 2010 |
| 226 | prueba   | Expiration-Init    | >= | 20100604    |
+-----+----------+--------------------+----+-------------+
3 rows in set (0.00 sec)

mysql> select * from radreply where username ="prueba";
+-----+----------+--------------+----+---------------------+
| id  | username | attribute    | op | value               |
+-----+----------+--------------+----+---------------------+
| 374 | prueba   | Contact      | =  | XXX                |
| 375 | prueba   | Mail-Contact | =  | XXX      |
| 376 | prueba   | Description  | =  | Usuario de pruebas  |
+-----+----------+--------------+----+---------------------+


--> DEBUG INFO

rad_recv: Access-Request packet from host x.x.x.x port 42954, id=253,
length=71
    User-Name = "prueba at temp.unex.es"
    User-Password = "prueba"
    NAS-IP-Address = 127.0.1.1
    NAS-Port = 0

. . .

+- entering group authorize {...}
. . .

++- entering switch %{Realm} {...}
+++- entering case temp.unex.es {...}
    expand: %D -> 20100602
++++[request] returns noop
[sqlradiuscc]     expand: %{Stripped-User-Name} -> prueba
[sqlradiuscc]     expand: %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}}
-> prueba
[sqlradiuscc] sql_set_user escaped user --> 'prueba'
rlm_sql (sqlradiuscc): Reserving sql socket id: 2
[sqlradiuscc]     expand: SELECT id, username, attribute, value,
op           FROM radcheck           WHERE username =
'%{SQL-User-Name}'           ORDER BY id -> SELECT id, username, attribute,
value, op           FROM radcheck           WHERE username =
'prueba'           ORDER BY id
[sqlradiuscc] User found in radcheck table
[sqlradiuscc]     expand: SELECT id, username, attribute, value,
op           FROM radreply           WHERE username =
'%{SQL-User-Name}'           ORDER BY id -> SELECT id, username, attribute,
value, op           FROM radreply           WHERE username =
'prueba'           ORDER BY id
rlm_sql (sqlradiuscc): Released sql socket id: 2
++++[sqlradiuscc] returns ok
+++- case temp.unex.es returns ok
++- switch %{Realm} returns ok
[expiration] Checking Expiration time: '10 Jun 2010'
++[expiration] returns ok
++[pap] returns updated
Found Auth-Type = PAP
+- entering group PAP {...}
[pap] login attempt with password "prueba"
[pap] Using clear text password "prueba"
[pap] User authenticated successfully

. . .

Sending Access-Accept of id 253 to x.x.x.x port 42954
    Session-Timeout = 653611

I don't understand why this work :(

Thanks in advance and sorry for my english.



____________________

 Ana Gallardo Gómez
____________________
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100602/13d91567/attachment.html>

More information about the Freeradius-Users mailing list