On 2.1.2015 14:58, Alan DeKok wrote:
now I can set per-user limit in radcheck mysql table, but how can I set the default limit that will not overwrite per-user setting? $ man users
Which tells you about the operators. You can do:
authorize { …
sql update control { Max-Daily-Session = 3600 # for ALL users } …
}
The ‘=‘ says “set it, but don’t over-ride it if it already exists” As always, spot on:)
But I still have some troubles. Here is a cut of debug log: (7) update control { (7) Max-Daily-Session = 3600 (7) } # update control = noop sqlcounter_expand: 'SELECT SUM(acctsessiontime - GREATEST((1420153200 - UNIX_TIMESTAMP(acctstarttime)), 0)) FROM radacct WHERE username = '%{User-Name}' AND UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > '1420153200'' (7) dailycounter : EXPAND %{User-Name} (7) dailycounter : --> testuser (7) dailycounter : SQL-User-Name set to 'testuser' rlm_sql (sql): Reserved connection (7) rlm_sql (sql): Executing query: 'SELECT SUM(acctsessiontime - GREATEST((1420153200 - UNIX_TIMESTAMP(acctstarttime)), 0)) FROM radacct WHERE username = 'testuser' AND UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > '1420153200'' (7) dailycounter : NULL value in first column of result rlm_sql (sql): Released connection (7) (7) dailycounter : EXPAND %{sql:SELECT SUM(acctsessiontime - GREATEST((1420153200 - UNIX_TIMESTAMP(acctstarttime)), 0)) FROM radacct WHERE username = '%{User-Name}' AND UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > '1420153200'} (7) dailycounter : --> (7) dailycounter : No integer found in result string "". May be first session, setting counter to 0 (7) dailycounter : Allowing user, control:Max-Daily-Session value (3600) is greater than counter value (0) (7) dailycounter : Setting reply:Session-Timeout value to 6196 (7) [dailycounter] = ok Since this is the 1st login for this user today, counter value is set to 0 and max-daily-session is correctly set to 3600 seconds. Why does the counter sets Session-timeout to 6196? Matej -- --- Matej Zerovnik