acct-session-start attribute ?

Jeremy Ravel Jeremy.Ravel at etu.univ-savoie.fr
Fri May 29 16:05:36 CEST 2015


Thanks, but i still got a problem, 
Whatever I give for my date attribut , I match the if(for the date) so I cant logon 
Maybe I don't give a good date format ? I use this kind of date " May 29 2015 14:38:27 CEST " 
rad_recv: Access-Request packet from host 127.0.0.1 port 52328, id=51, length=277 
ChilliSpot-Version = "1.3.0" 
User-Name = "day2" 
User-Password = "day2" 
Service-Type = Login-User 
Acct-Session-Id = "55686fb900000005" 
Framed-IP-Address = 10.10.4.200 
NAS-Port-Type = Wireless-802.11 
NAS-Port = 5 
NAS-Port-Id = "00000005" 
Calling-Station-Id = "00-1B-77-16-34-1A" 
Called-Station-Id = "00-50-56-B2-BF-8D" 
NAS-IP-Address = 10.10.4.254 
NAS-Identifier = "vlan4" 
WISPr-Location-ID = "isocc=,cc=,ac=,network=Coova,Vlan4_ssid" 
WISPr-Location-Name = "Vlan_4" 
WISPr-Logoff-URL = "http://10.10.4.254:3990/logoff" 
Message-Authenticator = 0x71c57c2e60e12e1854af8e9c7ff95db0 
Fri May 29 15:57:33 2015 : Info: # Executing section authorize from file /etc/freeradius/sites-enabled/default 
Fri May 29 15:57:33 2015 : Info: +- entering group authorize {...} 
Fri May 29 15:57:33 2015 : Info: ++? if (!NAS-IP-Address) 
Fri May 29 15:57:33 2015 : Info: ? Evaluating !(NAS-IP-Address) -> FALSE 
Fri May 29 15:57:33 2015 : Info: ++? if (!NAS-IP-Address) -> FALSE 
Fri May 29 15:57:33 2015 : Info: ++[preprocess] returns ok 
Fri May 29 15:57:33 2015 : Info: ++[chap] returns noop 
Fri May 29 15:57:33 2015 : Info: ++[mschap] returns noop 
Fri May 29 15:57:33 2015 : Info: ++[digest] returns noop 
Fri May 29 15:57:33 2015 : Info: [suffix] No '@' in User-Name = "day2", looking up realm NULL 
Fri May 29 15:57:33 2015 : Info: [suffix] No such realm "NULL" 
Fri May 29 15:57:33 2015 : Info: ++[suffix] returns noop 
Fri May 29 15:57:33 2015 : Info: [eap] No EAP-Message, not doing EAP 
Fri May 29 15:57:33 2015 : Info: ++[eap] returns noop 
Fri May 29 15:57:33 2015 : Info: [sql] expand: %{User-Name} -> day2 
Fri May 29 15:57:33 2015 : Info: [sql] sql_set_user escaped user --> 'day2' 
Fri May 29 15:57:33 2015 : Debug: rlm_sql (sql): Reserving sql socket id: 3 
Fri May 29 15:57:33 2015 : Info: [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'day2' ORDER BY id 
Fri May 29 15:57:33 2015 : Info: [sql] User found in radcheck table 
Fri May 29 15:57:33 2015 : Info: [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'day2' ORDER BY id 
Fri May 29 15:57:33 2015 : Info: [sql] expand: SELECT groupname FROM usergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM usergroup WHERE username = 'day2' ORDER BY priority 
Fri May 29 15:57:33 2015 : Info: [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'vlan_4' ORDER BY id 
Fri May 29 15:57:33 2015 : Debug: rlm_sql (sql): Released sql socket id: 3 
Fri May 29 15:57:33 2015 : Info: ++[sql] returns ok 
Fri May 29 15:57:33 2015 : Debug: rlm_sqlcounter: Entering module authorize code 
Fri May 29 15:57:33 2015 : Debug: rlm_sqlcounter: Could not find Check item value pair 
Fri May 29 15:57:33 2015 : Info: ++[chillispot_max_bytes] returns noop 
Fri May 29 15:57:33 2015 : Debug: rlm_sqlcounter: Entering module authorize code 
Fri May 29 15:57:33 2015 : Debug: rlm_sqlcounter: Could not find Check item value pair 
Fri May 29 15:57:33 2015 : Info: ++[noresetcounter] returns noop 
Fri May 29 15:57:33 2015 : Debug: rlm_sqlcounter: Entering module authorize code 
Fri May 29 15:57:33 2015 : Debug: rlm_sqlcounter: Could not find Check item value pair 
Fri May 29 15:57:33 2015 : Info: ++[dailycounter] returns noop 
Fri May 29 15:57:33 2015 : Debug: rlm_sqlcounter: Entering module authorize code 
Fri May 29 15:57:33 2015 : Debug: WARNING: Please replace '%k' with '${key}' 
Fri May 29 15:57:33 2015 : Debug: sqlcounter_expand: 'SELECT value FROM `radcheck` WHERE UserName = '%{User-Name}' AND attribute = 'Acc-start-date'' 
Fri May 29 15:57:33 2015 : Info: [Acc-start-date] expand: SELECT value FROM `radcheck` WHERE UserName = '%{User-Name}' AND attribute = 'Acc-start-date' -> SELECT value FROM `radcheck` WHERE UserName = 'day2' AND attribute = 'Acc-start-date' 
Fri May 29 15:57:33 2015 : Debug: WARNING: Please replace '%S' with '${sqlmod-inst}' 
Fri May 29 15:57:33 2015 : Debug: sqlcounter_expand: '%{sql:SELECT value FROM `radcheck` WHERE UserName = 'day2' AND attribute = 'Acc-start-date'}' 
Fri May 29 15:57:33 2015 : Info: [Acc-start-date] sql_xlat 
Fri May 29 15:57:33 2015 : Info: [Acc-start-date] expand: %{User-Name} -> day2 
Fri May 29 15:57:33 2015 : Info: [Acc-start-date] sql_set_user escaped user --> 'day2' 
Fri May 29 15:57:33 2015 : Info: [Acc-start-date] expand: SELECT value FROM `radcheck` WHERE UserName = 'day2' AND attribute = 'Acc-start-date' -> SELECT value FROM `radcheck` WHERE UserName = 'day2' AND attribute = 'Acc-start-date' 
Fri May 29 15:57:33 2015 : Debug: rlm_sql (sql): Reserving sql socket id: 2 
Fri May 29 15:57:33 2015 : Info: [Acc-start-date] sql_xlat finished 
Fri May 29 15:57:33 2015 : Debug: rlm_sql (sql): Released sql socket id: 2 
Fri May 29 15:57:33 2015 : Info: [Acc-start-date] expand: %{sql:SELECT value FROM `radcheck` WHERE UserName = 'day2' AND attribute = 'Acc-start-date'} -> May 29 2015 14:38:27 CEST 
Fri May 29 15:57:33 2015 : Debug: rlm_sqlcounter: No integer found in string "May 29 2015 14:38:27 CEST" 
Fri May 29 15:57:33 2015 : Info: ++[Acc-start-date] returns noop 
Fri May 29 15:57:33 2015 : Info: ++- entering policy check_validity {...} 
Fri May 29 15:57:33 2015 : Info: +++? if (Acc-start-date > "%{Current-Time}") 
Fri May 29 15:57:33 2015 : Info: expand: %{Current-Time} -> 
Fri May 29 15:57:33 2015 : Debug: WARNING: Please replace '%k' with '${key}' 
Fri May 29 15:57:33 2015 : Debug: sqlcounter_expand: 'SELECT value FROM `radcheck` WHERE UserName = '%{User-Name}' AND attribute = 'Acc-start-date'' 
Fri May 29 15:57:33 2015 : Info: expand: SELECT value FROM `radcheck` WHERE UserName = '%{User-Name}' AND attribute = 'Acc-start-date' -> SELECT value FROM `radcheck` WHERE UserName = 'day2' AND attribute = 'Acc-start-date' 
Fri May 29 15:57:33 2015 : Debug: WARNING: Please replace '%S' with '${sqlmod-inst}' 
Fri May 29 15:57:33 2015 : Debug: sqlcounter_expand: '%{sql:SELECT value FROM `radcheck` WHERE UserName = 'day2' AND attribute = 'Acc-start-date'}' 
Fri May 29 15:57:33 2015 : Info: sql_xlat 
Fri May 29 15:57:33 2015 : Info: expand: %{User-Name} -> day2 
Fri May 29 15:57:33 2015 : Info: sql_set_user escaped user --> 'day2' 
Fri May 29 15:57:33 2015 : Info: expand: SELECT value FROM `radcheck` WHERE UserName = 'day2' AND attribute = 'Acc-start-date' -> SELECT value FROM `radcheck` WHERE UserName = 'day2' AND attribute = 'Acc-start-date' 
Fri May 29 15:57:33 2015 : Debug: rlm_sql (sql): Reserving sql socket id: 1 
Fri May 29 15:57:33 2015 : Info: sql_xlat finished 
Fri May 29 15:57:33 2015 : Debug: rlm_sql (sql): Released sql socket id: 1 
Fri May 29 15:57:33 2015 : Info: expand: %{sql:SELECT value FROM `radcheck` WHERE UserName = 'day2' AND attribute = 'Acc-start-date'} -> May 29 2015 14:38:27 CEST 
Fri May 29 15:57:33 2015 : Info: ? Evaluating (Acc-start-date > "%{Current-Time}") -> TRUE 
Fri May 29 15:57:33 2015 : Info: +++? if (Acc-start-date > "%{Current-Time}") -> TRUE 
Fri May 29 15:57:33 2015 : Info: +++- entering if (Acc-start-date > "%{Current-Time}") {...} 
Fri May 29 15:57:33 2015 : Info: ++++[reject] returns reject 
Fri May 29 15:57:33 2015 : Info: +++- if (Acc-start-date > "%{Current-Time}") returns reject 
Fri May 29 15:57:33 2015 : Info: ++- policy check_validity returns reject 
Fri May 29 15:57:33 2015 : Info: Using Post-Auth-Type Reject 
Fri May 29 15:57:33 2015 : Info: # Executing group from file /etc/freeradius/sites-enabled/default 
Fri May 29 15:57:33 2015 : Info: +- entering group REJECT {...} 
Fri May 29 15:57:33 2015 : Info: [sql] expand: %{User-Name} -> day2 
Fri May 29 15:57:33 2015 : Info: [sql] sql_set_user escaped user --> 'day2' 
Fri May 29 15:57:33 2015 : Info: [sql] expand: %{User-Password} -> day2 
Fri May 29 15:57:33 2015 : Info: [sql] expand: INSERT INTO radpostauth (user, pass, reply, date) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth (user, pass, reply, date) VALUES ( 'day2', 'day2', 'Access-Reject', '2015-05-29 15:57:33') 
Fri May 29 15:57:33 2015 : Debug: rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth (user, pass, reply, date) VALUES ( 'day2', 'day2', 'Access-Reject', '2015-05-29 15:57:33') 
Fri May 29 15:57:33 2015 : Debug: rlm_sql (sql): Reserving sql socket id: 0 
Fri May 29 15:57:33 2015 : Debug: rlm_sql (sql): Released sql socket id: 0 
Fri May 29 15:57:33 2015 : Info: ++[sql] returns ok 
Fri May 29 15:57:33 2015 : Info: [attr_filter.access_reject] expand: %{User-Name} -> day2 
Fri May 29 15:57:33 2015 : Debug: attr_filter: Matched entry DEFAULT at line 11 
Fri May 29 15:57:33 2015 : Info: ++[attr_filter.access_reject] returns updated 
Fri May 29 15:57:33 2015 : Info: Delaying reject of request 0 for 1 seconds 

----- Mail original -----

De: "Alan DeKok" <aland at deployingradius.com> 
À: "FreeRadius users mailing list" <freeradius-users at lists.freeradius.org> 
Envoyé: Vendredi 29 Mai 2015 15:11:41 
Objet: Re: acct-session-start attribute ? 

On May 29, 2015, at 8:27 AM, Jeremy Ravel <Jeremy.Ravel at etu.univ-savoie.fr> wrote: 
> When I create an user, i want to be able to put a date when this user will be able to logon 
> I added this in the file dictionnary 
> ATTRIBUTE Date 3003 string 

That defines an attribute name, and a data type. You want it to have data type "date", not "string". 

You should give it a more descriptive name, like "Account-Start-Date". That makes policies easier to understand. 

> And i want to compare this date with the current date, but i think i have to add sql request to get this, can i do my query in the police.conf file ? 

Yes. But you can't just say "use SQL". You have to understand the process. 

Where are the user credentials stored? i.e. name, password, etc. SQL? If so, put the Account-Start-Date attribute in SQL, along with the other user information. Use the ":=" operator to set the value of the attribute. And give it a value which is a date. 

Then in your policy (which has to run AFTER the sql module), compare the attributes. In v2: 

if (Account-Start-Date < "%{Current-Time}") { 
reject 
} 


Alan DeKok. 


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html 



More information about the Freeradius-Users mailing list