Max-Daily-Session - User session termination
pamela pomary
ppomary at gmail.com
Fri Mar 9 13:32:09 CET 2012
Thank you Alan :) , it works. I addedd the line: 'authentication timer
reauthenticate server' to the FastEthernet port on the cisco switch.That
is, it will receive reauthentication time as defined on the radius server.
Now i want to add users into mysql database and apply similar attributes
defined in the users file. Reading the documentation in radiusd.conf, it
says attributes can be added to radcheck or radgroupcheck table in mysql,
but Max-Daily Session attribute is not recognized. it says "Could not find
Check item value pair" in debug mode. I have tried to add attributes in
radreply and radgroupreply, and that didn't work either. Please how can I
achieve this.
##############Debug log###########
rlm_sql (sql): Released sql socket id: 0
modcall[authorize]: module "sql" returns ok for request 60
rlm_counter: Entering module authorize code
rlm_counter: Could not find Check item value pair
modcall[authorize]: module "daily" returns noop for request 60
modcall: leaving group authorize (returns updated) for request 60
rad_check_password: Found Auth-Type EAP
#########mysql ############
+----+-----------+-------------------+----+-----------------+
| id | GroupName | Attribute | op | Value |
+----+-----------+-------------------+----+-----------------+
| 1 | student | Service-Type | == | Login-User |
| 2 | student | Framed-MTU | == | 576 |
| 3 | student | Max-Daily-Session | == | 240 |
| 4 | student | Framed-If-Address | == | 255.255.255.254 |
| 5 | student | Max-Daily-Session | == | 240 |
+----+-----------+-------------------+----+-----------------+
5 rows in set (0.00 sec)
mysql> select * from radgroupreply;
+----+-----------+-------------------+----+-----------------+
| id | GroupName | Attribute | op | Value |
+----+-----------+-------------------+----+-----------------+
| 1 | student | Service-Type | == | Login-User |
| 2 | student | Framed-MTU | == | 576 |
| 3 | student | Max-Daily-Session | == | 240 |
| 4 | student | Framed-IP-Address | == | 255.255.255.254 |
+----+-----------+-------------------+----+-----------------+
mysql> select * from radcheck where username="student";
+-----------+----------+-------------------+----+----------+
| id | UserName | Attribute | op | Value |
+-----------+----------+-------------------+----+----------+
| 10 | student | User-Password | == | password |
| 11 | student | Max-Daily-Session | == | 240 |
+-----------+----------+-------------------+----+----------+
2 rows in set (0.00 sec)
mysql> select * from radreply where username="student";
+----+----------+-------------------+----+-------+
| id | UserName | Attribute | op | Value |
+----+----------+-------------------+----+-------+
| 8 | student | Max-Daily-Session | := | 240 |
+----+----------+-------------------+----+-------+
1 row in set (0.00 sec)
############# radiusd.conf #############
accounting {
detail
daily
radutmp
sql
}
authorize {
preprocess
mschap
suffix
eap
files
sql
daily
}
instantiate {
exec
expr
daily
}
Set session timer to one hour. Or adjust reauth times on the Cisco
>
> alan
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20120309/f0a246df/attachment.html>
More information about the Freeradius-Users
mailing list