HELP !! Access Period Attribute FreeRadius
Prabhpal S. Mavi
prabhpal at digital-infotech.net
Sat Dec 29 09:58:14 CET 2012
Dear List Members,
i have working setup of FreeRadius 2x (freeradius-2.1.12-4.el6_3.x86_64)
including "rlm_sqlcounter" (Max-Daily-Session). User are logged off
alright when "Max Session Timeout" is reached. But users can re login to
gain access. The username and passwords are for hotspot. We do not want
the username and password to work again once it has been used. For
example: prepaid voucher (MySQL username & password) has 1 hour access.
User should be able to use sum of one hour, either continuously once they
are logged in or in parts (30min today & 30min tomorrow so on) username &
password must never work for more than 1 hour to access our network.
After the research i configured "Access Period" attribute using
rlm_sqlcounter. According to the logs accessperiod counter is configured
correctly and it returns OK. But users can still re use the one hour
voucher (username/password). Is there any entry required in
"/etc/raddb/dictionary" file for it to work? Something is still missing or
i am not using correct attribute for the purpose. i would very grateful if
someone can identify what is missing in my configuration or advice the
correct attribute to use.
I have tried the following:
STEP A: Created rlm_sqlcounter and query.
sqlcounter accessperiod {
counter-name = Max-Access-Period-Time
check-name = Access-Period
sqlmod-inst = sql
key = User-Name
reset = never
query = "SELECT IFNULL(TIME_TO_SEC(TIMEDIFF(NOW(),
MIN(AcctStartTime))),0) FROM radacct WHERE
UserName='${key}' ORDER BY AcctStartTime LIMIT 1;"
}
LOGS FOR ACCESS PERIOD COUNTER USING radiusx -X:
rlm_sqlcounter: Sent Reply-Item for user prabhpal, Type=Session-Timeout,
value=3600
++[accessperiod] returns ok
STEP B: "radiusd.conf"
instantiate {
exec
expr
daily
noresetcounter
dailycounter
monthlycounter
accessperiod
expiration
logintime
}
STEP C:
authorize {
some other entries ...
daily
noresetcounter
dailycounter
monthlycounter
accessperiod
expiration
STEP D: assign the access period attribute to user or group
STEP E: Restart radiusd & Testing
Thanks
More information about the Freeradius-Users
mailing list