Hello all, I'm trying to use rlm_sqlcounter to disable login once time exceeded together with unlang to set Session-Timeout. I can get either to work but having trouble getting both to work. Right now the Session-Timeout (computed below in the post auth section) works fine. update reply { Session-Timeout := "%{expr: %{check:Max-All-Session-Time}-%{sql:select sum(acctsessiontime) from radacct where username='%{User-Name}'}}" } The radacct table is populated and the session timeout is computed properly across logins. But the check provide by the below setup fails to prevent login (auth) when the time goes to zero. sqlcounter noresetcounter { counter-name = Max-All-Session-Time check-name = Max-All-Session sqlmod-inst = sql key = User-Name reset = never query = "SELECT IFNULL(SUM(AcctSessionTime),0) FROM radacct WHERE UserName='%{%k}'" } My test radcheck table looks like: mysql> select * from radcheck; +----+----------+----------------------+----+---------+ | id | username | attribute | op | value | +----+----------+----------------------+----+---------+ | 1 | wrs | Cleartext-Password | := | test123 | | 2 | wrs | Max-All-Session-Time | := | 600 | +----+----------+----------------------+----+---------+ I can provide the whole radiusd -X log if this is not enough info; Bill
Never mind. I did not have noresetcounter in the authorize section. This in turn caused me to use the wrong check variable (Max-All-Session-Time instead of Max-All-Session) as the right one wasn't known (because the noresetcounter wasn't known to 'authorize'. Anyway. My apologies for the false alarm. On 6/6/2013 4:20 PM, Bill wrote:
Hello all,
I'm trying to use rlm_sqlcounter to disable login once time exceeded together with unlang to set Session-Timeout. I can get either to work but having trouble getting both to work.
Right now the Session-Timeout (computed below in the post auth section) works fine.
update reply { Session-Timeout := "%{expr: %{check:Max-All-Session-Time}-%{sql:select sum(acctsessiontime) from radacct where username='%{User-Name}'}}" }
The radacct table is populated and the session timeout is computed properly across logins.
But the check provide by the below setup fails to prevent login (auth) when the time goes to zero.
sqlcounter noresetcounter { counter-name = Max-All-Session-Time check-name = Max-All-Session sqlmod-inst = sql key = User-Name reset = never query = "SELECT IFNULL(SUM(AcctSessionTime),0) FROM radacct WHERE UserName='%{%k}'" }
My test radcheck table looks like:
mysql> select * from radcheck; +----+----------+----------------------+----+---------+ | id | username | attribute | op | value | +----+----------+----------------------+----+---------+ | 1 | wrs | Cleartext-Password | := | test123 | | 2 | wrs | Max-All-Session-Time | := | 600 | +----+----------+----------------------+----+---------+
I can provide the whole radiusd -X log if this is not enough info;
Bill - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
participants (1)
-
Bill Schoolfield