Hello Team The user can authenticate and browse at any time. May i know which entry i have to add to make user 'test' deny authenticate after 1 hour? When ever a user authenticates it is logged in radpostauth. In /etc/raddb/users file i have a user test "test" Cleartext-Password := "hello" my database details are as follows mysql> select * from radcheck; +----+----------+-----------------+----+-------+ | id | username | attribute | op | value | +----+----------+-----------------+----+-------+ | 45 | test | Max-All-Session | := | 540 | +----+----------+-----------------+----+-------+ INSERT into radcheck VALUES ('','test','Max-All-Session',':=','5400'); mysql> select * from radpostauth; +----+----------+------+---------------+---------------------+ | id | username | pass | reply | authdate | +----+----------+------+---------------+---------------------+ | 54 | test | test | Access-Accept | 2011-10-19 13:59:18 | | 55 | test | test | Access-Accept | 2011-10-19 13:59:34 | | 56 | test | test | Access-Accept | 2011-10-19 14:22:57 | | 57 | test | test | Access-Accept | 2011-10-21 22:32:54 | | 58 | test | test | Access-Accept | 2011-10-25 15:11:34 | +----+----------+------+---------------+---------------------+ 5 rows in set (0.00 sec) radtest test hello localhost 0 testing123 Sending Access-Request of id 67 to 127.0.0.1 port 1812 User-Name = "test" User-Password = "hello" NAS-IP-Address = 127.0.0.1 NAS-Port = 0 rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=67, length=20 Please help me , thanks in advance Thanks, Senthil On Tue, Oct 25, 2011 at 3:06 PM, senthil kumar <senthilkumaar2021@gmail.com> wrote:
Thanks i will check in and let you know
On Sat, Oct 22, 2011 at 12:37 AM, Alan DeKok <aland@deployingradius.com> wrote:
senthil kumar wrote:
I have installed free-radius in linux machine with accounting support and was able to authenticate using radtest client.and also I was also successfully authenticate with squid proxy server.
That's good to hear.
I need to assign quota to squid users based on the weekly/hourly basis. I need users radius server to return packet reject when time is expired. is it possible in radius?
Yes. See the "counter" module, or the "sqlcounter" module.
The main issue is that they require the NAS to send accounting packets. I don't know if squid does that.
I am using only linux machine with proxy server. whether NAS is needed?
In this case, squid is the NAS. (i.e. machine sending Access-Request)
If so, can anyone help me in framing the rules for quota . eg 2 hours a day. I have basic configuration and now when a user authenticates login time is updated in the radpostauth.
This is documented in the sqlcounter module. Look there first.
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html