HELP !! Access Period Attribute FreeRadius

Prabhpal S. Mavi prabhpal at digital-infotech.net
Sat Dec 29 09:58:14 CET 2012



Dear List Members,

i have working setup of FreeRadius 2x (freeradius-2.1.12-4.el6_3.x86_64)
including "rlm_sqlcounter" (Max-Daily-Session). User are logged off
alright when "Max Session Timeout" is reached. But users can re login to
gain access. The username and passwords are for hotspot. We do not want
the username and password to work again once it has been used. For
example: prepaid voucher (MySQL username & password) has 1 hour access.
User should be able to use sum of one hour, either continuously once they
are logged in or in parts (30min today & 30min tomorrow so on) username &
password must never work for more than 1 hour to access our network.

After the research i configured "Access Period" attribute using
rlm_sqlcounter. According to the logs accessperiod counter is configured
correctly and it returns OK. But users can still re use the one hour
voucher (username/password). Is there any entry required in
"/etc/raddb/dictionary" file for it to work? Something is still missing or
i am not using correct attribute for the purpose. i would very grateful if
someone can identify what is missing in my configuration or advice the
correct attribute to use.


I have tried the following:

STEP A: Created rlm_sqlcounter and query.

sqlcounter accessperiod {
               counter-name = Max-Access-Period-Time
               check-name = Access-Period
               sqlmod-inst = sql
               key = User-Name
               reset = never
               query = "SELECT IFNULL(TIME_TO_SEC(TIMEDIFF(NOW(),
MIN(AcctStartTime))),0) FROM radacct WHERE
UserName='${key}' ORDER BY AcctStartTime LIMIT 1;"

}


LOGS FOR ACCESS PERIOD COUNTER USING radiusx -X:

rlm_sqlcounter: Sent Reply-Item for user prabhpal, Type=Session-Timeout,
value=3600
++[accessperiod] returns ok


STEP B: "radiusd.conf"

instantiate {
        exec
        expr
	daily
        noresetcounter
        dailycounter
        monthlycounter

        accessperiod

        expiration
        logintime
}



STEP C:

authorize {
	some other entries ...


        daily
        noresetcounter
        dailycounter
        monthlycounter

        accessperiod

        expiration


STEP D: assign the access period attribute to user or group


STEP E: Restart radiusd & Testing


Thanks




More information about the Freeradius-Users mailing list