Hello guys This is my first post. I hope i can explain my problem. I have a FreeRADIUS Version 2.1.12 with mysql db I have a hotspot with coova chilli devices like Access point (open-mesh with cloud controller cloudtrax), everything Works fine except with the attribute" Max-All-Session" in the radcheck table, when i put this attribute the users can't authenticate, if i delete this attribute users can authenticate. I need limit a user access period for 1 day ,1 hour or 1 week from his first time he login using a prepaid card. This user never has been authenticated, so he haven't registry in the radacct table Id username attribute op value 2262 a1z5 Auth-Type := Accept 2263 a1z5 Simultaneous-Use := 1 2264 a1z5 Max-All-Session := 3600 Even if i use other attribute like: Expiration it works with out problem. Id username attribute op value 5 42h7 Auth-Type := Accept 1017 42h7 Expiration == May 8 2014 11:56:01 1018 42h7 Simultaneous-Use := 1 In my debug i see this error, i hope you can help me. rlm_sql: Failed to create the pair: Unknown attribute "Max-All-Session" requires a hex string, not "3600" rlm_sql (sql): Error getting data from database [sql] SQL query error; rejecting user rlm_sql (sql): Released sql socket id: 11 ++[sql] returns fail Using Post-Auth-Type Reject # Executing group from file /etc/freeradius/sites-enabled/default +- entering group REJECT {...} Ready to process requests. rad_recv: Access-Request packet from host 192.16.1.6 port 57160, id=68, length=301 ChilliSpot-Version = "1.2.8" User-Name = "a1z5" CHAP-Challenge = 0x29e1cac347609050f7fd312c10cbd7e0 CHAP-Password = 0x0052b8ddaf303a9513c3ed41b81e0bf852 Service-Type = Login-User Acct-Session-Id = "552d462f00000002" Framed-IP-Address = 10.255.216.9 NAS-Port-Type = Wireless-802.11 NAS-Port = 2 NAS-Port-Id = "00000002" Calling-Station-Id = "40-0E-85-30-B9-03" Called-Station-Id = "AC-86-74-1D-9B-F0" NAS-IP-Address = 10.255.216.1 NAS-Identifier = "AP2" WISPr-Location-ID = "isocc=,cc=,ac=,network=Coova,Wicoin_Test" WISPr-Location-Name = "Wicoin_Test" WISPr-Logoff-URL = "http://10.255.216.1:3990/logoff" Message-Authenticator = 0x979323917417ff7a0c783751a8ff8223 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++- entering policy filter_username {...} +++? if (User-Name =~ /^ /) ? Evaluating (User-Name =~ /^ /) -> FALSE +++? if (User-Name =~ /^ /) -> FALSE +++? if (User-Name =~ / $$/) ? Evaluating (User-Name =~ / $$/) -> FALSE +++? if (User-Name =~ / $$/) -> FALSE +++? if (User-Name != "%{tolower:%{User-Name}}") expand: %{User-Name} -> a1z5 expand: %{tolower:%{User-Name}} -> a1z5 ? Evaluating (User-Name != "%{tolower:%{User-Name}}") -> FALSE +++? if (User-Name != "%{tolower:%{User-Name}}") -> FALSE ++- policy filter_username returns notfound [preprocess] returns ok [chap] Setting 'Auth-Type := CHAP' ++[chap] returns ok ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "a1z5", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[files] returns noop [sql] expand: %{User-Name} -> a1z5 [sql] sql_set_user escaped user --> 'a1z5' rlm_sql (sql): Reserving sql socket id: 11 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'a1z5' ORDER BY id rlm_sql: Failed to create the pair: Unknown attribute "Max-All-Session" requires a hex string, not "3600" rlm_sql (sql): Error getting data from database [sql] SQL query error; rejecting user rlm_sql (sql): Released sql socket id: 11 ++[sql] returns fail Using Post-Auth-Type Reject # Executing group from file /etc/freeradius/sites-enabled/default +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> a1z5 attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 2 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 2 Sending Access-Reject of id 68 to 192.16.1.6 port 57160 Waking up in 4.9 seconds. Cleaning up request 2 ID 68 with timestamp +57 Ready to process requests. Saludos Cordiales, Sergio Diaz