[m0n0wall] RE: access for 24 hours after first login?

Markus Krause krause at biochem.mpg.de
Fri Oct 7 00:20:08 CEST 2005


hi jonathan,

thanks a lot, this seems to be (almost) what i wanted! great! :-)

i am just wondering about how this (the module sqlcounter) actually works, e.g.
how is the actual comparision of the calculated value in "query" done, does it
mean, that the value returned by "query" has to be smaller than the one
referred to by "check-name" (in your example Max-Secs-Passed)?
what does the line "sqlmod-inst = sql" mean (in
/usr/share/doc/freeradius/rlm_sqlcounter there is also the value "sqlcc3", what
does this do?)

what about the following:

SELECT TO_DAYS(NOW()) - TO_DAYS(AcctStartTime) from radacct WHERE UserName =
'%(%k)' LIMIT 1;

would this mean that a user can login until 23:59 after logged in the first time
that day?

thank you very much for your help (and of course the help of everybody else on
this greate mailing list!)

regards,
   markus

Zitat von Jonathan De Graeve <Jonathan.De.Graeve at imelda.be>:
> And here the query in case you don't like seconds ;)
>
> SELECT HOUR(SEC_TO_TIME(UNIX_TIMESTAMP() -
> UNIX_TIMESTAMP(AcctStartTime))) FROM radacct WHERE UserName = '%{%k}'
> LIMIT 1;
>
> Then All-Secs-Passed/Max-Secs-Passed should be
> All-Hours-Passed/Max-Hours-Passed and Max-Hours-Passed specified in
> Hours instead of seconds
>
> Also note this is for MySQL. Don't know if it also works on oracle and
> Postgres....
>
> --
> Jonathan De Graeve
> Network/System Administrator
> Imelda vzw
> Informatica Dienst
> 015/50.52.98
> Jonathan.de.graeve at imelda.be
>
> -----Oorspronkelijk bericht-----
> Van: Jonathan De Graeve [mailto:Jonathan.De.Graeve at imelda.be]
> Verzonden: donderdag 6 oktober 2005 15:51
> Aan: FreeRadius users mailing list
> CC: m0n0wall at lists.m0n0.ch
> Onderwerp: [m0n0wall] RE: access for 24 hours after first login?
>
> This is how I do this
>
> Use SQLcounter module
>
> Put this in sqlcounter.conf (expecting that sqlcounter is already
> configged in the radiusd.conf)
>
> sqlcounter validity {
>                 counter-name = All-Secs-Passed
>                 check-name = Max-Secs-Passed
>                 sqlmod-inst = sql
>                 key = User-Name
>                 reset = never
>                 query = "SELECT UNIX_TIMESTAMP() -
> UNIX_TIMESTAMP(AcctStartTime) secs_passed_since_start FROM radacct WHERE
> UserName = '%{%k}' LIMIT 1"
>
>
> Create in the config dictionary file an attribute of Max-Secs-Passed
>
> For example:
> #ATTRIBUTE      My-Local-String         3000    string
> #ATTRIBUTE      My-Local-IPAddr         3001    ipaddr
> #ATTRIBUTE      My-Local-Integer        3002    integer
> ATTRIBUTE	Max-Secs-Passed	3000 integer
>
> In radiusd.conf:
>
> Authorize {} section:
>
> Put this: validity
>
> The Max-Secs-Passed var is defined in seconds. So if you want a user
> only to be able to logon in the first 24hours after his first logon,
> Max-Secs-Passed should be set to 86400 (60secs * 60minutes * 24)
>
> Hope this helps the question I think many people will have.
>
> You could use other check or counter-names, its just an example....
>
> You also could combine this with volume limits, max total session time
> etc...
>
> Kind Regards
>
> --
> Jonathan De Graeve
> Network/System Administrator
> Imelda vzw
> Informatica Dienst
> 015/50.52.98
> Jonathan.de.graeve at imelda.be
>
> -----Oorspronkelijk bericht-----
> Van: freeradius-users-bounces at lists.freeradius.org
> [mailto:freeradius-users-bounces at lists.freeradius.org] Namens Markus
> Krause
> Verzonden: donderdag 6 oktober 2005 12:57
> Aan: freeradius-users at lists.freeradius.org
> Onderwerp: Re: access for 24 hours after first login?
>
> Zitat von Alan DeKok <aland at ox.org>:
> > Markus Krause <krause at biochem.mpg.de> wrote:
> > > i set up freeradius succesfully for authentification against pam and
> users
> > file
> > > :-)
> >
> >   Please don't use "authentification".  It's "authentication".
> sorry for my poor english, it's not my mother-tongue ...
>
> > > now i want to enhance the functionality about the following feature:
> > > setting up several predefined (guest) accounts with a generated
> username
> > and
> > > password. this account should be valid from the first time it is
> used
> > (first
> > > login)   for 24 hours (or even better until 23:59 that day).
> >
> >   rlm_counter.  Set it for 24 hours of access, and "reset=never".
> i read about this, but does this not mean that the user has an online
> time of 24
> hours (or whatever i set in Max-All-Session-Time), so he can login until
> he has
> been active for 24 hours in sum?
>
> thanks in advance for your help!
>    markus
>
> >
> >   Alan DeKok.
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> >
>
>
> --
> Markus Krause                           email: krause at biochem.mpg.de
> Computing Center                        Tel.: 089 - 89 40 85 99
> Group Lottspeich / Proteomics           Fax.: 089 - 89 40 85 98
>
> ---------------------------------------------------------------------
>      This message was sent using https://webmail.biochem.mpg.de
> If you encounter any problems please report to rz-linux at biochem.mpg.de
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall-unsubscribe at lists.m0n0.ch
> For additional commands, e-mail: m0n0wall-help at lists.m0n0.ch
>
>
>
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>


--
Markus Krause                           email: krause at biochem.mpg.de
Computing Center                        Tel.: 089 - 89 40 85 99
Group Lottspeich / Proteomics           Fax.: 089 - 89 40 85 98

---------------------------------------------------------------------
     This message was sent using https://webmail.biochem.mpg.de
If you encounter any problems please report to rz-linux at biochem.mpg.de




More information about the Freeradius-Users mailing list