access for 24 hours after first login?

Jonathan De Graeve Jonathan.De.Graeve at
Thu Oct 6 15:51:24 CEST 2005

This is how I do this

Use SQLcounter module

Put this in sqlcounter.conf (expecting that sqlcounter is already
configged in the radiusd.conf)

sqlcounter validity {
                counter-name = All-Secs-Passed
                check-name = Max-Secs-Passed
                sqlmod-inst = sql
                key = User-Name
                reset = never
                query = "SELECT UNIX_TIMESTAMP() -
UNIX_TIMESTAMP(AcctStartTime) secs_passed_since_start FROM radacct WHERE
UserName = '%{%k}' LIMIT 1"

Create in the config dictionary file an attribute of Max-Secs-Passed

For example:
#ATTRIBUTE      My-Local-String         3000    string
#ATTRIBUTE      My-Local-IPAddr         3001    ipaddr
#ATTRIBUTE      My-Local-Integer        3002    integer
ATTRIBUTE	Max-Secs-Passed	3000 integer

In radiusd.conf:

Authorize {} section:

Put this: validity

The Max-Secs-Passed var is defined in seconds. So if you want a user
only to be able to logon in the first 24hours after his first logon,
Max-Secs-Passed should be set to 86400 (60secs * 60minutes * 24)

Hope this helps the question I think many people will have.

You could use other check or counter-names, its just an example....

You also could combine this with volume limits, max total session time

Kind Regards

Jonathan De Graeve
Network/System Administrator
Imelda vzw
Informatica Dienst
015/50.52.98 at

-----Oorspronkelijk bericht-----
Van: freeradius-users-bounces at
[mailto:freeradius-users-bounces at] Namens Markus
Verzonden: donderdag 6 oktober 2005 12:57
Aan: freeradius-users at
Onderwerp: Re: access for 24 hours after first login?

Zitat von Alan DeKok <aland at>:
> Markus Krause <krause at> wrote:
> > i set up freeradius succesfully for authentification against pam and
> file
> > :-)
>   Please don't use "authentification".  It's "authentication".
sorry for my poor english, it's not my mother-tongue ...

> > now i want to enhance the functionality about the following feature:
> > setting up several predefined (guest) accounts with a generated
> and
> > password. this account should be valid from the first time it is
> (first
> > login)   for 24 hours (or even better until 23:59 that day).
>   rlm_counter.  Set it for 24 hours of access, and "reset=never".
i read about this, but does this not mean that the user has an online
time of 24
hours (or whatever i set in Max-All-Session-Time), so he can login until
he has
been active for 24 hours in sum?

thanks in advance for your help!

>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See

Markus Krause                           email: krause at
Computing Center                        Tel.: 089 - 89 40 85 99
Group Lottspeich / Proteomics           Fax.: 089 - 89 40 85 98

     This message was sent using
If you encounter any problems please report to rz-linux at

List info/subscribe/unsubscribe? See

More information about the Freeradius-Users mailing list