Hello, I'm working around that and I my solution isn't ok, so I need help.
As you already may know the expiration module only works for expiration date.
yes
When I had this need (a long time ago and with FR1) I just did the following:
* I added a new personnal/local attribute in /etc./raddb/dictionnary ATTRIBUTE My-Local-Date 3000 string * setup the "hint" module to add the Date for incomming requests: DEFAULT NAS-IP-ADDRESS == 192.168.1.4 My-Local-Date = `%D`
* Then I use the local attribute to check the date (for instance if you use the rlm_sql module): mysql> select UserName,Attribute,op,Value from radcheck where UserName='myloginname'; +-----------------+--------------------+----+--------------------+ | UserName | Attribute | op | Value | +-----------------+--------------------+----+--------------------+ | myloginname | NAS-IP-Address | =~ | 192.168.1.[4]{1} | | myloginname | My-Local-Date | <= | 20090731 | | myloginname | My-Local-Date | >= | 20090526 | | myloginname | Login-Time | := | Wk0700-2200 | | myloginname | Cleartext-Password | := | THEPASS | +-----------------+--------------------+----+--------------------+ 5 rows in set (0.00 sec)
I do something similar, but doesn't work. --> /etc/freeradius/sites-enable/default authorize { switch "%{Realm}" { case 'temp.xxx.es' { update request { Expiration-Init := "%D" } sql } --> MYSQL mysql> select * from radcheck where username ="prueba"; +-----+----------+--------------------+----+-------------+ | id | username | attribute | op | value | +-----+----------+--------------------+----+-------------+ | 228 | prueba | Cleartext-Password | := | prueba | | 227 | prueba | Expiration | := | 10 Jun 2010 | | 226 | prueba | Expiration-Init | >= | 20100604 | +-----+----------+--------------------+----+-------------+ 3 rows in set (0.00 sec) mysql> select * from radreply where username ="prueba"; +-----+----------+--------------+----+---------------------+ | id | username | attribute | op | value | +-----+----------+--------------+----+---------------------+ | 374 | prueba | Contact | = | XXX | | 375 | prueba | Mail-Contact | = | XXX | | 376 | prueba | Description | = | Usuario de pruebas | +-----+----------+--------------+----+---------------------+ --> DEBUG INFO rad_recv: Access-Request packet from host x.x.x.x port 42954, id=253, length=71 User-Name = "prueba@temp.unex.es" User-Password = "prueba" NAS-IP-Address = 127.0.1.1 NAS-Port = 0 . . . +- entering group authorize {...} . . . ++- entering switch %{Realm} {...} +++- entering case temp.unex.es {...} expand: %D -> 20100602 ++++[request] returns noop [sqlradiuscc] expand: %{Stripped-User-Name} -> prueba [sqlradiuscc] expand: %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} -> prueba [sqlradiuscc] sql_set_user escaped user --> 'prueba' rlm_sql (sqlradiuscc): Reserving sql socket id: 2 [sqlradiuscc] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'prueba' ORDER BY id [sqlradiuscc] User found in radcheck table [sqlradiuscc] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'prueba' ORDER BY id rlm_sql (sqlradiuscc): Released sql socket id: 2 ++++[sqlradiuscc] returns ok +++- case temp.unex.es returns ok ++- switch %{Realm} returns ok [expiration] Checking Expiration time: '10 Jun 2010' ++[expiration] returns ok ++[pap] returns updated Found Auth-Type = PAP +- entering group PAP {...} [pap] login attempt with password "prueba" [pap] Using clear text password "prueba" [pap] User authenticated successfully . . . Sending Access-Accept of id 253 to x.x.x.x port 42954 Session-Timeout = 653611 I don't understand why this work :( Thanks in advance and sorry for my english. ____________________ Ana Gallardo Gómez ____________________