User-accounts do not expire in time...

Evert evert at poboxes.info
Wed Nov 21 14:14:01 CET 2007


>From this location I have no direct access to the NAS in question at the moment, so that
will have to wait a bit.

But what about my comment that the user should not get a 'Login OK' but a 'Invalid user
(rlm_sqlcounter: Maximum never usage time reached)' as soon as 24 hours have passed and he
tries to log in again...?
Am I wrong there?


Regards,
	Evert

liran tal wrote:
> How about checking Alan's comment on whether your NAS
> is actually sending accounting information or not?
> 
> 
> Regards,
> Liran.
> 
> 
> On Nov 21, 2007 2:12 PM, Evert <evert at poboxes.info> wrote:
>> There is indeed a record in the usergroup-table with
>> UserName= ofjyc5
>> GroupName= 24hours
>>
>> ;-)
>>
>>
>> Regards,
>>         Evert
>>
>>
>>
>>
>>
>> liran tal wrote:
>>> Hopefully you didn't forget to set the user-group mapping in usergroup
>>> table, right?
>>>
>>>
>>> Regards,
>>> Liran.
>>>
>>> On Nov 21, 2007 1:01 PM, Evert <evert at poboxes.info> wrote:
>>>> Alan DeKok wrote:
>>>>> Evert wrote:
>>>>>> I have users in my system who are supposed to be able to logon as much as they want, in a
>>>>>> period of 24 hours starting from  their 1st logon.
>>>>> ...
>>>>>> however, a user who is a member of the 24hours group is able to log on longer than the
>>>>>> 24hours period:
>>>>>   Is the server receiving accounting packets?
>>>>>
>>>>>   The fact that a user received an Access-Accept doesn't mean they
>>>>> succeeded in logging in.  The NAS may have rebooted, they may have hung
>>>>> up, the Access-Accept could have been lost, etc.
>>>>>
>>>>>   The server knows (and accounts for) the user logging in only when it
>>>>> receives an Accounting-Request packet.  The accounting packets are also
>>>>> used to determine how long the user was logged in for.
>>>> Provided both the server and the NAS have not rebooted in the mean time, shouldn't the
>>>> server send a 'Maximum never usage time reached', based on the rules in sqlcounter.conf,
>>>> accounting packets or not?
>>>>
>>>> How long the user has been logged on in the 24-hour period is not really relevant in my
>>>> case. All I need is that when the user tries to log in again > 24 hours after 1st logon
>>>> (based on AcctStartTime) he gets a 'Maximum never usage time reached'.
>>>>
>>>>
>>>>
>>>> (I'll have to check on the accounting packets. Not sure about them)
>>>>
>>>>
>>>> Regards,
>>>>         Evert
>>>>




More information about the Freeradius-Users mailing list