[m0n0wall] RE: access for 24 hours after first login?
Jonathan De Graeve
Jonathan.De.Graeve at imelda.be
Thu Oct 6 16:08:59 CEST 2005
And here the query in case you don't like seconds ;)
SELECT HOUR(SEC_TO_TIME(UNIX_TIMESTAMP() -
UNIX_TIMESTAMP(AcctStartTime))) FROM radacct WHERE UserName = '%{%k}'
LIMIT 1;
Then All-Secs-Passed/Max-Secs-Passed should be
All-Hours-Passed/Max-Hours-Passed and Max-Hours-Passed specified in
Hours instead of seconds
Also note this is for MySQL. Don't know if it also works on oracle and
Postgres....
--
Jonathan De Graeve
Network/System Administrator
Imelda vzw
Informatica Dienst
015/50.52.98
Jonathan.de.graeve at imelda.be
-----Oorspronkelijk bericht-----
Van: Jonathan De Graeve [mailto:Jonathan.De.Graeve at imelda.be]
Verzonden: donderdag 6 oktober 2005 15:51
Aan: FreeRadius users mailing list
CC: m0n0wall at lists.m0n0.ch
Onderwerp: [m0n0wall] RE: access for 24 hours after first login?
This is how I do this
Use SQLcounter module
Put this in sqlcounter.conf (expecting that sqlcounter is already
configged in the radiusd.conf)
sqlcounter validity {
counter-name = All-Secs-Passed
check-name = Max-Secs-Passed
sqlmod-inst = sql
key = User-Name
reset = never
query = "SELECT UNIX_TIMESTAMP() -
UNIX_TIMESTAMP(AcctStartTime) secs_passed_since_start FROM radacct WHERE
UserName = '%{%k}' LIMIT 1"
Create in the config dictionary file an attribute of Max-Secs-Passed
For example:
#ATTRIBUTE My-Local-String 3000 string
#ATTRIBUTE My-Local-IPAddr 3001 ipaddr
#ATTRIBUTE My-Local-Integer 3002 integer
ATTRIBUTE Max-Secs-Passed 3000 integer
In radiusd.conf:
Authorize {} section:
Put this: validity
The Max-Secs-Passed var is defined in seconds. So if you want a user
only to be able to logon in the first 24hours after his first logon,
Max-Secs-Passed should be set to 86400 (60secs * 60minutes * 24)
Hope this helps the question I think many people will have.
You could use other check or counter-names, its just an example....
You also could combine this with volume limits, max total session time
etc...
Kind Regards
--
Jonathan De Graeve
Network/System Administrator
Imelda vzw
Informatica Dienst
015/50.52.98
Jonathan.de.graeve at imelda.be
-----Oorspronkelijk bericht-----
Van: freeradius-users-bounces at lists.freeradius.org
[mailto:freeradius-users-bounces at lists.freeradius.org] Namens Markus
Krause
Verzonden: donderdag 6 oktober 2005 12:57
Aan: freeradius-users at lists.freeradius.org
Onderwerp: Re: access for 24 hours after first login?
Zitat von Alan DeKok <aland at ox.org>:
> Markus Krause <krause at biochem.mpg.de> wrote:
> > i set up freeradius succesfully for authentification against pam and
users
> file
> > :-)
>
> Please don't use "authentification". It's "authentication".
sorry for my poor english, it's not my mother-tongue ...
> > now i want to enhance the functionality about the following feature:
> > setting up several predefined (guest) accounts with a generated
username
> and
> > password. this account should be valid from the first time it is
used
> (first
> > login) for 24 hours (or even better until 23:59 that day).
>
> rlm_counter. Set it for 24 hours of access, and "reset=never".
i read about this, but does this not mean that the user has an online
time of 24
hours (or whatever i set in Max-All-Session-Time), so he can login until
he has
been active for 24 hours in sum?
thanks in advance for your help!
markus
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
--
Markus Krause email: krause at biochem.mpg.de
Computing Center Tel.: 089 - 89 40 85 99
Group Lottspeich / Proteomics Fax.: 089 - 89 40 85 98
---------------------------------------------------------------------
This message was sent using https://webmail.biochem.mpg.de
If you encounter any problems please report to rz-linux at biochem.mpg.de
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall-unsubscribe at lists.m0n0.ch
For additional commands, e-mail: m0n0wall-help at lists.m0n0.ch
More information about the Freeradius-Users
mailing list