RE: access for 24 hours after first login?
This is how I do this Use SQLcounter module Put this in sqlcounter.conf (expecting that sqlcounter is already configged in the radiusd.conf) sqlcounter validity { counter-name = All-Secs-Passed check-name = Max-Secs-Passed sqlmod-inst = sql key = User-Name reset = never query = "SELECT UNIX_TIMESTAMP() - UNIX_TIMESTAMP(AcctStartTime) secs_passed_since_start FROM radacct WHERE UserName = '%{%k}' LIMIT 1" Create in the config dictionary file an attribute of Max-Secs-Passed For example: #ATTRIBUTE My-Local-String 3000 string #ATTRIBUTE My-Local-IPAddr 3001 ipaddr #ATTRIBUTE My-Local-Integer 3002 integer ATTRIBUTE Max-Secs-Passed 3000 integer In radiusd.conf: Authorize {} section: Put this: validity The Max-Secs-Passed var is defined in seconds. So if you want a user only to be able to logon in the first 24hours after his first logon, Max-Secs-Passed should be set to 86400 (60secs * 60minutes * 24) Hope this helps the question I think many people will have. You could use other check or counter-names, its just an example.... You also could combine this with volume limits, max total session time etc... Kind Regards -- Jonathan De Graeve Network/System Administrator Imelda vzw Informatica Dienst 015/50.52.98 Jonathan.de.graeve@imelda.be -----Oorspronkelijk bericht----- Van: freeradius-users-bounces@lists.freeradius.org [mailto:freeradius-users-bounces@lists.freeradius.org] Namens Markus Krause Verzonden: donderdag 6 oktober 2005 12:57 Aan: freeradius-users@lists.freeradius.org Onderwerp: Re: access for 24 hours after first login? Zitat von Alan DeKok <aland@ox.org>:
Markus Krause <krause@biochem.mpg.de> wrote:
i set up freeradius succesfully for authentification against pam and users file :-)
Please don't use "authentification". It's "authentication". sorry for my poor english, it's not my mother-tongue ...
now i want to enhance the functionality about the following feature: setting up several predefined (guest) accounts with a generated username and password. this account should be valid from the first time it is used (first login) for 24 hours (or even better until 23:59 that day).
rlm_counter. Set it for 24 hours of access, and "reset=never". i read about this, but does this not mean that the user has an online time of 24 hours (or whatever i set in Max-All-Session-Time), so he can login until he has been active for 24 hours in sum?
thanks in advance for your help! markus
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Markus Krause email: krause@biochem.mpg.de Computing Center Tel.: 089 - 89 40 85 99 Group Lottspeich / Proteomics Fax.: 089 - 89 40 85 98 --------------------------------------------------------------------- This message was sent using https://webmail.biochem.mpg.de If you encounter any problems please report to rz-linux@biochem.mpg.de - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
participants (1)
-
Jonathan De Graeve