[m0n0wall] Captive Portal and Radius

Alex M radiussupport at lrcommunications.net
Mon Apr 9 19:18:03 CEST 2007


Are we talking about M0n0 as a NAS here? If yes, why not to mod the boxy to
do internal counting of the section and then "talk" to the radius with final
data?

-----Original Message-----
From: YvesDM [mailto:ydmlog at gmail.com] 
Sent: Monday, April 09, 2007 11:37 AM
To: Peter Boosten
Cc: m0n0wall at lists.m0n0.ch
Subject: Re: [m0n0wall] Captive Portal and Radius

On 4/9/07, Peter Boosten <peter at boosten.org> wrote:
>
> YvesDM wrote:
> > When you use radius you can specify max-daily-session through
> sqlcounter.
>
> Yves, thanks for your answer, although it doesn't answer my question.
>
> Again: I defined a max-daily-session. Works like charm. But I don't want
> him to use this max-daily-session in one run. I would like him to take
> some breaks (say every two hours), so I defined a Session-Timeout of
> 7200 seconds. But nothing prevents him from logging in just after the
> Session-Timeout expired.
>
> So I would like to know if there's some parameter that defines the
> minimum time between two sessions.


I see, sorry I missed that part.
If I need to do this I usually use a linux firewall and change the iptables
rules through cron.
There are firewall distro's with ready to use examples for this, but of
course they are off-topic
on this list and I don't know if you actually want to use them at all.
If you want more info on this you can e-mail me off list, no problem.


> But I think setting up a radius server is a little overkill when it's only
> > to control
> > your son's internet use.
> >
>
> Let the ethics be my worry. It has proven its use already (we're talking
> internet addiction here...).


Sounds familiar ;-)
Just thinking, can't you add/delete a check item to radcheck through some
script?
expiration Attribute or something? Let the script set/delete a (passed by)
expiration date in radcheck.
When the attribute is there he won't be able to login cause his account will
be expired, when the attribute
is not there, he can login :-)

Something like this:

mysql> select * from radcheck where `UserName` = 'hombrouckxeli';
+-----+---------------+---------------+----+---------------+
| id  | UserName      | Attribute     | op | Value         |
+-----+---------------+---------------+----+---------------+
| 359 | hombrouckxeli | User-Password | := | ****masked****       |
| 360 | hombrouckxeli | Expiration    | := | 01 april 2007 |
+-----+---------------+---------------+----+---------------+
2 rows in set (0.00 sec)

mysql>

Kind regards
Yves




More information about the Freeradius-Users mailing list