How to Disable RADIUS user logins if 'Session-Timeout' falls below 0

sagar.patil at bt.com sagar.patil at bt.com
Wed Aug 17 11:28:14 CEST 2005 

Hi All,

I am using FreeRadius with PostgreSQL and everything is running like a
charm besides a small issue.

 

I am using 'session-timeout' attribute in radreply table to control user
session time. 

I have added a trigger on RADACCT table which subtracts amount of time
used by user from RADREPLY each time when he logs in.

It does work but when time is below 0 or negative I need to stop user
from getting into my system and I am failing to do so.

 

Here are my RADREPLY Table entries 

 

INSERT INTO radreply (id, username, attribute, op, value) VALUES (2,
'sagar', 'Idle-Timeout', ':=', '300');

INSERT INTO radreply (id, username, attribute, op, value) VALUES (3,
'sagar', 'Reply-Message', ':=', 'You Have Logged in Successfully');

INSERT INTO radreply (id, username, attribute, op, value) VALUES (1,
'sagar', 'Acct-Interim-Interval', ':=', '120');

INSERT INTO radreply (id, username, attribute, op, value) VALUES (4,
'sagar', 'Session-Timeout', ':=', '-904');

 

The easiest way would be altering Authenticate SQL and adding a
condition to check Session-Timeout to see it doesn't fall below 0

I am not very good in POSTGRES so can someone please let me know how to
do it.

 

The other way would be using a Function /Procedure to carry out this
check but my question is how to use procedures/functions in
postgres.conf 

 

        authenticate_query = "SELECT Value,Attribute FROM
${authcheck_table} \

                WHERE UserName = '%{User-Name}' AND ( Attribute =
'User-Password' OR Attribute = 'Crypt-Password' ) \

                ORDER BY Attribute DESC"

 

Sagar Patil

British Telecommunications plc 
Registered office: 81 Newgate Street London EC1A 7AJ 
Registered in England no. 1800000. 

This electronic message contains information from British
Telecommunications plc which may 
be privileged or confidential. The information is intended to be for the
use of the individual(s) or 
entity named above. If you are not the intended recipient be aware that
any disclosure, 
copying, distribution or use of the contents of this information is
prohibited. If you have 
received this electronic message in error, please notify us by telephone
or email (to the 
numbers or address above) immediately.

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20050817/8bd053a2/attachment.html>

More information about the Freeradius-Users mailing list