I can't seem to make this work. I'm comparing some values in the post-auth section: if("(%{expr: %{check:Max-All-Session}-%{sql:select sum(acctsessiontime) from radacct where username='%{User-Name}'}})" < "(%{expr: %{sql:select unix_timestamp(str_to_date('%{check:Expiration}', '%%b %%d %%Y %%H:%%i:%%s'))+0}})") { update reply { Session-Timeout := "%{expr: %{check:Max-All-Session}-%{sql:select sum(acctsessiontime) from radacct where username='%{User-Name}'}}" } } else { update reply { Session-Timeout := "%{expr: (%{sql:select unix_timestamp(str_to_date('%{check:Expiration}', '%%b %%d %%Y %%H:%%i:%%s'))})}" } } The above code fails with a message (below) that says "(Right field is not a number at: (1371158700))". I tried adding a zero to force a number interpretation but this does nothing. I have checked every source I can find and I don't see anyhing that addresses this problem. Thoughts anyone? Bill rad_recv: Access-Request packet from host 127.0.0.1 port 59971, id=77, length=74 User-Name = "wrs" CHAP-Password = 0x4dab7bdecf6c70f078b77bfa11cebd490d NAS-IP-Address = 10.0.0.147 NAS-Port = 0 Message-Authenticator = 0xcf99944924652eda7706d17c69afca2c # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok [chap] Setting 'Auth-Type := CHAP' ++[chap] returns ok ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "wrs", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[files] returns noop [sql] expand: %{User-Name} -> wrs [sql] sql_set_user escaped user --> 'wrs' rlm_sql (sql): Reserving sql socket id: 3 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'wrs' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'wrs' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'wrs' ORDER BY priority rlm_sql (sql): Released sql socket id: 3 ++[sql] returns ok [expiration] Checking Expiration time: '13 Jun 2013 21:25:00' ++[expiration] returns ok ++[logintime] returns noop [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] returns noop rlm_sqlcounter: Entering module authorize code WARNING: Please replace '%k' with '${key}' sqlcounter_expand: 'SELECT IFNULL(SUM(AcctSessionTime),0) FROM radacct WHERE UserName='%{User-Name}'' [noresetcounter] expand: SELECT IFNULL(SUM(AcctSessionTime),0) FROM radacct WHERE UserName='%{User-Name}' -> SELECT IFNULL(SUM(AcctSessionTime),0) FROM radacct WHERE UserName='wrs' WARNING: Please replace '%S' with '${sqlmod-inst}' sqlcounter_expand: '%{sql:SELECT IFNULL(SUM(AcctSessionTime),0) FROM radacct WHERE UserName='wrs'}' [noresetcounter] sql_xlat [noresetcounter] expand: %{User-Name} -> wrs [noresetcounter] sql_set_user escaped user --> 'wrs' [noresetcounter] expand: SELECT IFNULL(SUM(AcctSessionTime),0) FROM radacct WHERE UserName='wrs' -> SELECT IFNULL(SUM(AcctSessionTime),0) FROM radacct WHERE UserName='wrs' rlm_sql (sql): Reserving sql socket id: 2 [noresetcounter] sql_xlat finished rlm_sql (sql): Released sql socket id: 2 [noresetcounter] expand: %{sql:SELECT IFNULL(SUM(AcctSessionTime),0) FROM radacct WHERE UserName='wrs'} -> 12 rlm_sqlcounter: Check item is greater than query result rlm_sqlcounter: Authorized user wrs, check_item=600, counter=12 rlm_sqlcounter: Sent Reply-Item for user wrs, Type=Session-Timeout, value=180 ++[noresetcounter] returns ok Found Auth-Type = CHAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group CHAP {...} [chap] login attempt by "wrs" with CHAP password [chap] Using clear text password "test123" for user wrs authentication. [chap] chap user wrs authenticated succesfully ++[chap] returns ok # Executing section post-auth from file /etc/raddb/sites-enabled/default +- entering group post-auth {...} ++[exec] returns noop ++? if ("(%{expr: %{check:Max-All-Session}-%{sql:select sum(acctsessiontime) from radacct where username='%{User-Name}'}})" < "(%{expr: %{sql:select unix_timestamp(str_to_date('%{check:Expiration}', '%%b %%d %%Y %%H:%%i:%%s'))+0}})") sql_xlat expand: %{User-Name} -> wrs sql_set_user escaped user --> 'wrs' expand: select sum(acctsessiontime) from radacct where username='%{User-Name}' -> select sum(acctsessiontime) from radacct where username='wrs' rlm_sql (sql): Reserving sql socket id: 1 sql_xlat finished rlm_sql (sql): Released sql socket id: 1 expand: %{check:Max-All-Session}-%{sql:select sum(acctsessiontime) from radacct where username='%{User-Name}'} -> 600-12 expand: (%{expr: %{check:Max-All-Session}-%{sql:select sum(acctsessiontime) from radacct where username='%{User-Name}'}}) -> (588) sql_xlat expand: %{User-Name} -> wrs sql_set_user escaped user --> 'wrs' expand: select unix_timestamp(str_to_date('%{check:Expiration}', '%%b %%d %%Y %%H:%%i:%%s'))+0 -> select unix_timestamp(str_to_date('Jun 13 2013 21:25:00 UTC', '%b %d %Y %H:%i:%s'))+0 rlm_sql (sql): Reserving sql socket id: 0 sql_xlat finished rlm_sql (sql): Released sql socket id: 0 expand: %{sql:select unix_timestamp(str_to_date('%{check:Expiration}', '%%b %%d %%Y %%H:%%i:%%s'))+0} -> 1371158700 expand: (%{expr: %{sql:select unix_timestamp(str_to_date('%{check:Expiration}', '%%b %%d %%Y %%H:%%i:%%s'))+0}}) -> (1371158700) (Right field is not a number at: (1371158700)) ++- entering else else {...} sql_xlat expand: %{User-Name} -> wrs sql_set_user escaped user --> 'wrs' expand: select unix_timestamp(str_to_date('%{check:Expiration}', '%%b %%d %%Y %%H:%%i:%%s')) -> select unix_timestamp(str_to_date('Jun 13 2013 21:25:00 UTC', '%b %d %Y %H:%i:%s')) rlm_sql (sql): Reserving sql socket id: 4 sql_xlat finished rlm_sql (sql): Released sql socket id: 4 expand: (%{sql:select unix_timestamp(str_to_date('%{check:Expiration}', '%%b %%d %%Y %%H:%%i:%%s'))}) -> (1371158700) expand: %{expr: (%{sql:select unix_timestamp(str_to_date('%{check:Expiration}', '%%b %%d %%Y %%H:%%i:%%s'))})} -> 1371158700 +++[reply] returns noop ++- else else returns noop