noresetcounter
Bill Schoolfield
bill at billmax.com
Thu Jun 6 23:53:09 CEST 2013
Never mind. I did not have noresetcounter in the authorize section. This in turn caused me to use the
wrong check variable (Max-All-Session-Time instead of Max-All-Session) as the right one wasn't known (because
the noresetcounter wasn't known to 'authorize'.
Anyway. My apologies for the false alarm.
On 6/6/2013 4:20 PM, Bill wrote:
> Hello all,
>
> I'm trying to use rlm_sqlcounter to disable login once time exceeded together with unlang to
> set Session-Timeout. I can get either to work but having trouble getting both to work.
>
> Right now the Session-Timeout (computed below in the post auth section) works fine.
>
> update reply {
> Session-Timeout := "%{expr: %{check:Max-All-Session-Time}-%{sql:select sum(acctsessiontime) from radacct where username='%{User-Name}'}}"
> }
>
> The radacct table is populated and the session timeout is computed properly across logins.
>
> But the check provide by the below setup fails to prevent login (auth) when the time goes to zero.
>
>
> sqlcounter noresetcounter {
> counter-name = Max-All-Session-Time
> check-name = Max-All-Session
> sqlmod-inst = sql
> key = User-Name
> reset = never
> query = "SELECT IFNULL(SUM(AcctSessionTime),0) FROM radacct WHERE UserName='%{%k}'"
> }
>
>
> My test radcheck table looks like:
>
> mysql> select * from radcheck;
> +----+----------+----------------------+----+---------+
> | id | username | attribute | op | value |
> +----+----------+----------------------+----+---------+
> | 1 | wrs | Cleartext-Password | := | test123 |
> | 2 | wrs | Max-All-Session-Time | := | 600 |
> +----+----------+----------------------+----+---------+
>
> I can provide the whole radiusd -X log if this is not enough info;
>
>
> Bill
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list