User-accounts do not expire in time...

tnt at kalik.co.yu tnt at kalik.co.yu
Wed Nov 21 14:40:11 CET 2007 

No, that's not what you have set up. If user uses several sessions he
will be able to use up 24 hours of online time over several
days/weeks/months/years.

Your requirement: "I have users in my system who are supposed to be able
to logon as much as they want, in a period of 24 hours starting from 
their 1st logon."

Exact solution: Run a logon script that adds Expiration attribute set 24
hours from now() if one does not exist in users profile.

Ivan Kalik
Kalik Informatika ISP


Dana 21/11/2007, "Evert" <evert at poboxes.info> piše:

>>From this location I have no direct access to the NAS in question at the moment, so that
>will have to wait a bit.
>
>But what about my comment that the user should not get a 'Login OK' but a 'Invalid user
>(rlm_sqlcounter: Maximum never usage time reached)' as soon as 24 hours have passed and he
>tries to log in again...?
>Am I wrong there?
>
>
>Regards,
>	Evert
>
>liran tal wrote:
>> How about checking Alan's comment on whether your NAS
>> is actually sending accounting information or not?
>>
>>
>> Regards,
>> Liran.
>>
>>
>> On Nov 21, 2007 2:12 PM, Evert <evert at poboxes.info> wrote:
>>> There is indeed a record in the usergroup-table with
>>> UserName= ofjyc5
>>> GroupName= 24hours
>>>
>>> ;-)
>>>
>>>
>>> Regards,
>>>         Evert
>>>
>>>
>>>
>>>
>>>
>>> liran tal wrote:
>>>> Hopefully you didn't forget to set the user-group mapping in usergroup
>>>> table, right?
>>>>
>>>>
>>>> Regards,
>>>> Liran.
>>>>
>>>> On Nov 21, 2007 1:01 PM, Evert <evert at poboxes.info> wrote:
>>>>> Alan DeKok wrote:
>>>>>> Evert wrote:
>>>>>>> I have users in my system who are supposed to be able to logon as much as they want, in a
>>>>>>> period of 24 hours starting from  their 1st logon.
>>>>>> ...
>>>>>>> however, a user who is a member of the 24hours group is able to log on longer than the
>>>>>>> 24hours period:
>>>>>>   Is the server receiving accounting packets?
>>>>>>
>>>>>>   The fact that a user received an Access-Accept doesn't mean they
>>>>>> succeeded in logging in.  The NAS may have rebooted, they may have hung
>>>>>> up, the Access-Accept could have been lost, etc.
>>>>>>
>>>>>>   The server knows (and accounts for) the user logging in only when it
>>>>>> receives an Accounting-Request packet.  The accounting packets are also
>>>>>> used to determine how long the user was logged in for.
>>>>> Provided both the server and the NAS have not rebooted in the mean time, shouldn't the
>>>>> server send a 'Maximum never usage time reached', based on the rules in sqlcounter.conf,
>>>>> accounting packets or not?
>>>>>
>>>>> How long the user has been logged on in the 24-hour period is not really relevant in my
>>>>> case. All I need is that when the user tries to log in again > 24 hours after 1st logon
>>>>> (based on AcctStartTime) he gets a 'Maximum never usage time reached'.
>>>>>
>>>>>
>>>>>
>>>>> (I'll have to check on the accounting packets. Not sure about them)
>>>>>
>>>>>
>>>>> Regards,
>>>>>         Evert
>>>>>
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>

More information about the Freeradius-Users mailing list