User-accounts do not expire in time...

liran tal liransgarage at gmail.com
Wed Nov 21 14:58:13 CET 2007 

True, it managed to confuse me, but re-reading Evert second
post "All I need is that when the user tries to log in again > 24
hours after 1st logon
(based on AcctStartTime) he gets a 'Maximum never usage time reached'."
- Ivan's solution is on the spot.

Though if we give this a little bit more thought you will see Evert
that it's suffice
to simply utilize the Max-Daily-Session attribute only. The Max-Daily-Session
attribute combined with the reset = never option is what you are looking for.
This is because you want to allow the user to have access only 1day
after he's initial
login (remember 24h = 1 day, although I'm not sure if 1day wraps after
24h or after
midnight of the next day).

Hopefully this extra information will prove useful whatever method you choose
to implement your restrictions.


Regards,
Liran.


On Nov 21, 2007 3:40 PM,  <tnt at kalik.co.yu> wrote:
> No, that's not what you have set up. If user uses several sessions he
> will be able to use up 24 hours of online time over several
> days/weeks/months/years.
>
> Your requirement: "I have users in my system who are supposed to be able
> to logon as much as they want, in a period of 24 hours starting from
> their 1st logon."
>
> Exact solution: Run a logon script that adds Expiration attribute set 24
> hours from now() if one does not exist in users profile.
>
> Ivan Kalik
> Kalik Informatika ISP
>
>
> Dana 21/11/2007, "Evert" <evert at poboxes.info> piše:
>
>
> >>From this location I have no direct access to the NAS in question at the moment, so that
> >will have to wait a bit.
> >
> >But what about my comment that the user should not get a 'Login OK' but a 'Invalid user
> >(rlm_sqlcounter: Maximum never usage time reached)' as soon as 24 hours have passed and he
> >tries to log in again...?
> >Am I wrong there?
> >
> >
> >Regards,
> >       Evert
> >
> >liran tal wrote:
> >> How about checking Alan's comment on whether your NAS
> >> is actually sending accounting information or not?
> >>
> >>
> >> Regards,
> >> Liran.
> >>
> >>
> >> On Nov 21, 2007 2:12 PM, Evert <evert at poboxes.info> wrote:
> >>> There is indeed a record in the usergroup-table with
> >>> UserName= ofjyc5
> >>> GroupName= 24hours
> >>>
> >>> ;-)
> >>>
> >>>
> >>> Regards,
> >>>         Evert
> >>>
> >>>
> >>>
> >>>
> >>>
> >>> liran tal wrote:
> >>>> Hopefully you didn't forget to set the user-group mapping in usergroup
> >>>> table, right?
> >>>>
> >>>>
> >>>> Regards,
> >>>> Liran.
> >>>>
> >>>> On Nov 21, 2007 1:01 PM, Evert <evert at poboxes.info> wrote:
> >>>>> Alan DeKok wrote:
> >>>>>> Evert wrote:
> >>>>>>> I have users in my system who are supposed to be able to logon as much as they want, in a
> >>>>>>> period of 24 hours starting from  their 1st logon.
> >>>>>> ...
> >>>>>>> however, a user who is a member of the 24hours group is able to log on longer than the
> >>>>>>> 24hours period:
> >>>>>>   Is the server receiving accounting packets?
> >>>>>>
> >>>>>>   The fact that a user received an Access-Accept doesn't mean they
> >>>>>> succeeded in logging in.  The NAS may have rebooted, they may have hung
> >>>>>> up, the Access-Accept could have been lost, etc.
> >>>>>>
> >>>>>>   The server knows (and accounts for) the user logging in only when it
> >>>>>> receives an Accounting-Request packet.  The accounting packets are also
> >>>>>> used to determine how long the user was logged in for.
> >>>>> Provided both the server and the NAS have not rebooted in the mean time, shouldn't the
> >>>>> server send a 'Maximum never usage time reached', based on the rules in sqlcounter.conf,
> >>>>> accounting packets or not?
> >>>>>
> >>>>> How long the user has been logged on in the 24-hour period is not really relevant in my
> >>>>> case. All I need is that when the user tries to log in again > 24 hours after 1st logon
> >>>>> (based on AcctStartTime) he gets a 'Maximum never usage time reached'.
> >>>>>
> >>>>>
> >>>>>
> >>>>> (I'll have to check on the accounting packets. Not sure about them)
> >>>>>
> >>>>>
> >>>>> Regards,
> >>>>>         Evert
> >>>>>
> >
> >-
> >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> >
> >
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>

More information about the Freeradius-Users mailing list