Hello all, I'm trying to use rlm_sqlcounter to disable login once time exceeded together with unlang to set Session-Timeout. I can get either to work but having trouble getting both to work. Right now the Session-Timeout (computed below in the post auth section) works fine. update reply { Session-Timeout := "%{expr: %{check:Max-All-Session-Time}-%{sql:select sum(acctsessiontime) from radacct where username='%{User-Name}'}}" } The radacct table is populated and the session timeout is computed properly across logins. But the check provide by the below setup fails to prevent login (auth) when the time goes to zero. sqlcounter noresetcounter { counter-name = Max-All-Session-Time check-name = Max-All-Session sqlmod-inst = sql key = User-Name reset = never query = "SELECT IFNULL(SUM(AcctSessionTime),0) FROM radacct WHERE UserName='%{%k}'" } My test radcheck table looks like: mysql> select * from radcheck; +----+----------+----------------------+----+---------+ | id | username | attribute | op | value | +----+----------+----------------------+----+---------+ | 1 | wrs | Cleartext-Password | := | test123 | | 2 | wrs | Max-All-Session-Time | := | 600 | +----+----------+----------------------+----+---------+ I can provide the whole radiusd -X log if this is not enough info; Bill