Fwd: Expiration Attribute

Kliwer kliwer16 at gmail.com
Tue Oct 30 08:00:57 CET 2018


Hi. I am trying to disable some user accounts at X date. I found that I
could do that with Expiration module. I enabled this module, added
"expiration" to instantiate, authorize and post-auth sections, yet I get
[expiration] = noop in freeradius -X.
(0) Received Access-Request Id 158 from 127.0.0.1:60707 to 127.0.0.1:1812
length 75
(0)   User-Name = "mlody"
(0)   User-Password = "mlody"
(0)   NAS-IP-Address = 10.50.2.217
(0)   NAS-Port = 1812
(0)   Message-Authenticator = 0x1dd6032013e085077807e62c694917f1
(0) # Executing section authorize from file
/etc/freeradius/3.0/sites-enabled/default
(0)   authorize {
(0)     [chap] = noop
(0)     [mschap] = noop
(0) sql: EXPAND %{User-Name}
(0) sql:    --> mlody
(0) sql: SQL-User-Name set to 'mlody'
rlm_sql (sql): Reserved connection (1)
(0) sql: EXPAND SELECT id, login AS UserName, 'Cleartext-Password' AS
attribute, password AS value, ':=' AS op FROM nodes WHERE login =
'%{User-Name}' ORDER BY id
(0) sql:    --> SELECT id, login AS UserName, 'Cleartext-Password' AS
attribute, password AS value, ':=' AS op FROM nodes WHERE login = 'mlody'
ORDER BY id
(0) sql: Executing select query: SELECT id, login AS UserName,
'Cleartext-Password' AS attribute, password AS value, ':=' AS op FROM nodes
WHERE login = 'mlody' ORDER BY id
(0) sql: User found in radcheck table
(0) sql: Conditional check items matched, merging assignment check items
(0) sql:   Cleartext-Password := "mlody"
(0) sql: EXPAND SELECT id, login AS UserName, 'Framed-IP-Address' AS
attribute, inet_ntoa(ipaddr) AS value, ':=' AS op FROM nodes WHERE login =
'%{User-Name}' UNION SELECT nodes.id, login AS UserName,
'Mikrotik-Rate-Limit' AS Attribute, '100k/100k 100k/100k 100k/100k 1/1 8
100k/100k' AS value, ':=' AS op FROM nodes WHERE login = '%{User-Name}'
UNION SELECT nodes.id, login AS UserName, 'Expiration' AS Attribute, '29
Oct 2018 20:40:00 CET' AS value, ':=' AS op FROM nodes WHERE login =
'%{User-Name}' ORDER BY id
(0) sql:    --> SELECT id, login AS UserName, 'Framed-IP-Address' AS
attribute, inet_ntoa(ipaddr) AS value, ':=' AS op FROM nodes WHERE login =
'mlody' UNION SELECT nodes.id, login AS UserName, 'Mikrotik-Rate-Limit' AS
Attribute, '100k/100k 100k/100k 100k/100k 1/1 8 100k/100k' AS value, ':='
AS op FROM nodes WHERE login = 'mlody' UNION SELECT nodes.id, login AS
UserName, 'Expiration' AS Attribute, '29 Oct 2018 20:40:00 CET' AS value,
':=' AS op FROM nodes WHERE login = 'mlody' ORDER BY id
(0) sql: Executing select query: SELECT id, login AS UserName,
'Framed-IP-Address' AS attribute, inet_ntoa(ipaddr) AS value, ':=' AS op
FROM nodes WHERE login = 'mlody' UNION SELECT nodes.id, login AS UserName,
'Mikrotik-Rate-Limit' AS Attribute, '100k/100k 100k/100k 100k/100k 1/1 8
100k/100k' AS value, ':=' AS op FROM nodes WHERE login = 'mlody' UNION
SELECT nodes.id, login AS UserName, 'Expiration' AS Attribute, '29 Oct 2018
20:40:00 CET' AS value, ':=' AS op FROM nodes WHERE login = 'mlody' ORDER
BY id
(0) sql: User found in radreply table, merging reply items
(0) sql:   Expiration := "Oct 29 2018 20:40:00 CET"
(0) sql:   Framed-IP-Address := 192.168.121.225
(0) sql:   Mikrotik-Rate-Limit := "100k/100k 100k/100k 100k/100k 1/1 8
100k/100k"
rlm_sql (sql): Released connection (1)
rlm_sql (sql): Need 4 more connections to reach 10 spares
rlm_sql (sql): Opening additional connection (6), 1 of 26 pending slots used
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket,
server version 10.3.10-MariaDB-1:10.3.10+maria~stretch-log, protocol
version 10
(0)     [sql] = ok
(0)     [pap] = updated
(0)     [expiration] = noop
(0)   } # authorize = updated
(0) Found Auth-Type = PAP
(0) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
(0)   Auth-Type PAP {
(0) pap: Login attempt with password
(0) pap: Comparing with "known good" Cleartext-Password
(0) pap: User authenticated successfully
(0)     [pap] = ok
(0)   } # Auth-Type PAP = ok
(0) # Executing section post-auth from file
/etc/freeradius/3.0/sites-enabled/default
(0)   post-auth {
(0)     update {
(0)       No attributes updated
(0)     } # update = noop
(0) sql: EXPAND .query
(0) sql:    --> .query
(0) sql: Using query template 'query'
rlm_sql (sql): Reserved connection (2)
(0) sql: EXPAND %{User-Name}
(0) sql:    --> mlody
(0) sql: SQL-User-Name set to 'mlody'
(0) sql: EXPAND INSERT INTO radpostauth (username, pass, reply, authdate)
VALUES ( '%{SQL-User-Name}', '%{%{User-Password}:-%{Chap-Password}}',
'%{reply:Packet-Type}', '%S')
(0) sql:    --> INSERT INTO radpostauth (username, pass, reply, authdate)
VALUES ( 'mlody', 'mlody', 'Access-Accept', '2018-10-29 21:06:14')
(0) sql: Executing query: INSERT INTO radpostauth (username, pass, reply,
authdate) VALUES ( 'mlody', 'mlody', 'Access-Accept', '2018-10-29 21:06:14')
(0) sql: SQL query returned: success
(0) sql: 1 record(s) updated
rlm_sql (sql): Released connection (2)
(0)     [sql] = ok
(0)     [expiration] = noop
(0)   } # post-auth = ok
(0) Login OK: [mlody/mlody] (from client localhost port 1812)
(0) Sent Access-Accept Id 158 from 127.0.0.1:1812 to 127.0.0.1:60707 length
0
(0)   Framed-IP-Address = 192.168.121.225
(0)   Mikrotik-Rate-Limit = "100k/100k 100k/100k 100k/100k 1/1 8 100k/100k"
(0) Finished request
Waking up in 4.9 seconds.
(0) Cleaning up request packet ID 158 with timestamp +2

Is there any working example of setting up Expiration module?


More information about the Freeradius-Users mailing list