How to get current datetime in freeradius?

Houman houmie at gmail.com
Mon Oct 14 22:03:27 CEST 2019 

Hi Christian,

There are only two issues, I wanted to discuss here with the group:

1) Is there a way to send a custom message to the NAS when a disconnect
based on the custom condition happens? This way the user is not wondering
why he keeps getting disconnected but gets to know the real reason behind
it.

2) Even though I have added the condition to "authorize", "accounting" and
"preacct" sections, the initial disconnect attempt remains unresponsive.

(11)       SQL-User-Name set to 'houman'
rlm_sql (sql): Reserved connection (9)
(11)       Executing select query: SELECT UNIX_TIMESTAMP(expires_at) FROM
main_db.`user` WHERE main_db.`user`.username ='houman'
rlm_sql (sql): Released connection (9)
(11)       EXPAND %{sql:SELECT UNIX_TIMESTAMP(expires_at) FROM
main_db.`user` WHERE main_db.`user`.username ='%{User-Name}'}
(11)          --> 1545916925
(11)       &Expires-Timestamp := 1545916925
(11)     } # update request = noop
(11)     if (&control:Current-Timestamp > &request:Expires-Timestamp) {
(11)     if (&control:Current-Timestamp > &request:Expires-Timestamp)  ->
TRUE
(11)     if (&control:Current-Timestamp > &request:Expires-Timestamp)  {
(11)       update disconnect {
(11)         EXPAND %{User-Name}
(11)            --> houman
(11)         &User-Name = houman
(11)       } # update disconnect = noop
(11)     } # if (&control:Current-Timestamp > &request:Expires-Timestamp)
 = noop
(11)   } # accounting = updated
(11) Sent Disconnect-Request Id 221 from 0.0.0.0:48470 to 127.0.0.1:3799
length 28
(11)   User-Name = "houman"
(11) Sent Accounting-Response Id 156 from 127.0.0.1:1813 to 127.0.0.1:51530
length 0
(11) Finished request
(11) Cleaning up request packet ID 156 with timestamp +50
Waking up in 1.8 seconds.
(11) Clearing existing &reply: attributes
(11) Received Disconnect-NAK Id 221 from 127.0.0.1:3799 to 127.0.0.1:48470
length 20
(11) # Executing section post-proxy from file
/etc/freeradius/3.0/sites-enabled/default
(11)   post-proxy {
(11) eap: No pre-existing handler found
(11)     [eap] = noop
(11)   } # post-proxy = noop
(11) Cleaning up request packet ID 156 with timestamp +50
Waking up in 3.4 seconds.

Only after the 300 seconds pass (which is defined in Acct-Interim-Interval)
the second disconnect attempt successfully disconnects the user.

post-auth {
    update reply {
        Acct-Interim-Interval = 300
    }

*300 seconds later:*

EXPAND %{sql:SELECT UNIX_TIMESTAMP(expires_at) FROM main_db.`user` WHERE
main_db.`user`.username ='%{User-Name}'}
(13)          --> 1545916925
(13)       &Expires-Timestamp := 1545916925
(13)     } # update request = noop
(13)     if (&control:Current-Timestamp > &request:Expires-Timestamp) {
(13)     if (&control:Current-Timestamp > &request:Expires-Timestamp)  ->
TRUE
(13)     if (&control:Current-Timestamp > &request:Expires-Timestamp)  {
(13)       update disconnect {
(13)         EXPAND %{User-Name}
(13)            --> houman
(13)         &User-Name = houman
(13)       } # update disconnect = noop
(13)     } # if (&control:Current-Timestamp > &request:Expires-Timestamp)
 = noop
(13)   } # accounting = updated
(13) Sent Disconnect-Request Id 103 from 0.0.0.0:48470 to 127.0.0.1:3799
length 28
(13)   User-Name = "houman"
(13) Sent Accounting-Response Id 158 from 127.0.0.1:1813 to 127.0.0.1:51530
length 0
(13) Finished request
(13) Cleaning up request packet ID 158 with timestamp +60
Waking up in 1.8 seconds.
(13) Clearing existing &reply: attributes
(13) Received Disconnect-NAK Id 103 from 127.0.0.1:3799 to 127.0.0.1:48470
length 20
(13) # Executing section post-proxy from file
/etc/freeradius/3.0/sites-enabled/default
(13)   post-proxy {
(13) eap: No pre-existing handler found
(13)     [eap] = noop
(13)   } # post-proxy = noop
(13) Cleaning up request packet ID 158 with timestamp +60
Ready to process requests

I could obviously reduce this to 10 seconds from 300 seconds, but it's not
ideal since it's heavier on the database. Not sure if you have an idea how
to improve this.

Many Thanks,
Houman

On Wed, 2 Oct 2019 at 13:09, Christian Strauf <strauf at rz.tu-clausthal.de>
wrote:

> Hi Houman,
>
> "%l" gives you POSIX time (seconds since the Unix epoch). You should be
> able to modify your query like this to make it work (make sure to test it,
> it's just off the top of my head):
>
> %{sql:SELECT UNIX_TIMESTAMP(expires_at) FROM main_db.`user` WHERE
> main_db.`user`.username ='%{User-Name}'}
>
> UNIX_TIMESTAMP should convert the date to POSIX time in seconds (unsigned
> integer).
>
> Kind regards,
> Christian Strauf
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list