access for 24 hours after first login?

Jonathan De Graeve Jonathan.De.Graeve at imelda.be
Thu Oct 6 15:51:24 CEST 2005


This is how I do this

Use SQLcounter module

Put this in sqlcounter.conf (expecting that sqlcounter is already
configged in the radiusd.conf)

sqlcounter validity {
                counter-name = All-Secs-Passed
                check-name = Max-Secs-Passed
                sqlmod-inst = sql
                key = User-Name
                reset = never
                query = "SELECT UNIX_TIMESTAMP() -
UNIX_TIMESTAMP(AcctStartTime) secs_passed_since_start FROM radacct WHERE
UserName = '%{%k}' LIMIT 1"


Create in the config dictionary file an attribute of Max-Secs-Passed

For example:
#ATTRIBUTE      My-Local-String         3000    string
#ATTRIBUTE      My-Local-IPAddr         3001    ipaddr
#ATTRIBUTE      My-Local-Integer        3002    integer
ATTRIBUTE	Max-Secs-Passed	3000 integer

In radiusd.conf:

Authorize {} section:

Put this: validity

The Max-Secs-Passed var is defined in seconds. So if you want a user
only to be able to logon in the first 24hours after his first logon,
Max-Secs-Passed should be set to 86400 (60secs * 60minutes * 24)

Hope this helps the question I think many people will have.

You could use other check or counter-names, its just an example....

You also could combine this with volume limits, max total session time
etc...

Kind Regards

--
Jonathan De Graeve
Network/System Administrator
Imelda vzw
Informatica Dienst
015/50.52.98
Jonathan.de.graeve at imelda.be

-----Oorspronkelijk bericht-----
Van: freeradius-users-bounces at lists.freeradius.org
[mailto:freeradius-users-bounces at lists.freeradius.org] Namens Markus
Krause
Verzonden: donderdag 6 oktober 2005 12:57
Aan: freeradius-users at lists.freeradius.org
Onderwerp: Re: access for 24 hours after first login?

Zitat von Alan DeKok <aland at ox.org>:
> Markus Krause <krause at biochem.mpg.de> wrote:
> > i set up freeradius succesfully for authentification against pam and
users
> file
> > :-)
>
>   Please don't use "authentification".  It's "authentication".
sorry for my poor english, it's not my mother-tongue ...

> > now i want to enhance the functionality about the following feature:
> > setting up several predefined (guest) accounts with a generated
username
> and
> > password. this account should be valid from the first time it is
used
> (first
> > login)   for 24 hours (or even better until 23:59 that day).
>
>   rlm_counter.  Set it for 24 hours of access, and "reset=never".
i read about this, but does this not mean that the user has an online
time of 24
hours (or whatever i set in Max-All-Session-Time), so he can login until
he has
been active for 24 hours in sum?

thanks in advance for your help!
   markus

>
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>


--
Markus Krause                           email: krause at biochem.mpg.de
Computing Center                        Tel.: 089 - 89 40 85 99
Group Lottspeich / Proteomics           Fax.: 089 - 89 40 85 98

---------------------------------------------------------------------
     This message was sent using https://webmail.biochem.mpg.de
If you encounter any problems please report to rz-linux at biochem.mpg.de

- 
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html







More information about the Freeradius-Users mailing list