SUSPENSION OF ACCOUNT
Thank you all, I use FreeRadius v 1.0.5 with postgresql 7.3.4 on redhat Linux ES3 and its been working well. However, I want to create accounts where these accounts will be suspended after let say a month and this suspension continue until the account is renewed manually. Can someone give me idea of how this could be achieved? Thank you, goksie
maruna wrote:
I use FreeRadius v 1.0.5 with postgresql 7.3.4 on redhat Linux ES3 and its been working well. However, I want to create accounts where these accounts will be suspended after let say a month and this suspension continue until the account is renewed manually.
Can someone give me idea of how this could be achieved?
You may try to put the date of the suspension into the attribute "Expiration". Define this attribute in the "check items" for the user (just like the User-Password). -- Nicolas Baradakis
maruna wrote:
I used the attribute Expiration and this involved manually putting this on the radcheck until I saw an idea in the list, though this was applied to mysql but I maneuver it to work with postgresql.
I don't understand very well what you are trying to do. Attribute "Expiration" and module "sqlcounter" are completely different approaches. Is there both a connection time limit and a expiration date limit? You didn't say so in your message.
However, with the sqlcounter I am able to reject user after the 31st day of first use. What I am looking is any attribute in the FreeRadius that can actually suspend an account (that belongs to a group e.g. NIGHT_MONTHLY) so that the user will not connect again until the account is renewed.
I don't think it's possible with the module sqlcounter. You have to change the value of the attribute Expiration when the account is renewed. -- Nicolas Baradakis
On Tue, 2005-10-25 at 09:47 +0100, maruna wrote:
I use FreeRadius v 1.0.5 with postgresql 7.3.4 on redhat Linux ES3 and its been working well. However, I want to create accounts where these accounts will be suspended after let say a month and this suspension continue until the account is renewed manually.
I use MySQL as my backend... My MySQL "Useracct" table contains fields like... userid username password dateadded ip status realm expiredate (and others..) This is all managed by Web and PHP (and some shell scripts) Rather than create all the normal table names, I modified my SQL commands... ie authorize_check_query = "SELECT userid as id,UserName,'Password' as Attribute,password as Value,'==' as op FROM useracct WHERE Username='%{Stripped-User-Name}' AND realm='%{Realm}' AND status>2 AND expiredate>now() ORDER BY id" authorize_reply_query = "SELECT userid as id,UserName,'Framed-IP-Address' as Attribute,ip as Value,':=' as op FROM useracct WHERE Username='%{Stripped-User-Name}' AND realm='%{Realm}' AND status>2 AND ip != '255.255.255.254' AND expiredate>now() ORDER BY id" ie - this should not authenticate if the user has a status of less than two (Deleted, Suspended) or his expire day has been reached (ie - I gave him a 30 day test account). This is for a typical Dial-up type situation - where the user will not stay on-line continuously for days on end... Also authorize_group_check_query, authorize_group_reply_query (and others) are also somewhat customised. -- . . ___. .__ Posix Systems - Sth Africa. e.164 VOIP ready /| /| / /__ mje@posix.co.za - Mark J Elkins, Cisco CCIE / |/ |ARK \_/ /__ LKINS Tel: +27 12 807 0590 Cell: +27 82 601 0496
participants (3)
-
Mark Elkins -
maruna -
Nicolas Baradakis