[rad] Re: pseudo-newbie exec scripts and session-time

Charles Gregory cgregory at hwcn.org
Fri Jun 5 17:23:02 CEST 2009

Hello again!

Sorry, maybe I should take 'pseudo' out of the subject line...
Firstly, MY BAD. I forgot to post that I'm on CentOS 4, and therefore
limited to whatever syntax applies to "freeradius-1.0.1-3.RHEL4.5"
Hopefully what I want to do is so 'basic' it doesn't change.... :)

Secondly, anyone noticed that the basic MAN pages are hard to find on the 
website? I happened to click the link to 'modular' on the home page and 
found a link to man pages at the bottom of that page. So at least now I 
can see the full list of manuals and start to RTFM. :)

On Thu, 4 Jun 2009, A.L.M.Buxey at lboro.ac.uk wrote:
>> I'm thinking:
>>     Session-Timeout := %{exec:timecalc}
> pretty much....

Actually, I can't find a good working example from which to lift
the exact syntax. Is the above correct? Should I use back ticks?
I really don't want hand-holding, but sometimes a good working sample
is worth a thousand posts. :)

> .... you need to set this via the update reply style as
> recently posted several times this past month to the list

(nod) Found the posts... thanks...

> post-auth section - thats where you should set any return details

(nod) Good point. Thanks. Said I was newb. :)

>> Hmmm. While I'm here, if I set Session-Timeout to ZERO, what will happen?
> ;-)  it should mean there is no session timeout (ie infinite session)

(smack forehead) Didn't think of that. But I can set a timeout of one 
second and that will do the job of dropping someone who is out of time. 
Probably better that way so that they don't get a message that their 
userid and password are invalid.

Or is there a reply item that a Cisco AS5400 would pass on to the
dialing (probably) Windows PPP and have it display a meaningful
"you are out of time" message to the user during auth?
(Dare I dream? LOL)


- Charles

More information about the Freeradius-Users mailing list