permit access on date/hour intervals and policy.conf problem

Franz Angeli franz.angeli at
Tue May 19 18:49:41 CEST 2015


I need to be able to specify an interval of date and time for
accessing through a captive portal connected to freeradius;

for example testuser can use network from 2015-05-01 17:00:00 to
2015-05-01 18:00:00

i create 3 custom attributes:

ATTRIBUTE System-Date 3002 integer
ATTRIBUTE Start_Time 3000 integer
ATTRIBUTE Stop_Time 3001 integer

System-Date to store system data

Start_Time to assign a start auth period for user

Stop_Time to assign the end of auithentication permission.

I use UNIX time for every attribute

for provisioning purpose i use Freeradius + MySQL and in my radcheck
table i have for example:

testuser | Cleartext-Password | := | testuser
testuser | Start_Time         | := | 1430499600
testuser | Stop_Time          | := | 1430503200

to check account validity i add on policy.conf :

 check_validity {
     update control {
       System-Date := "%l"
     if (Start_Time > control:System-Date) {
       update reply {
         Reply-Message := "account not yet active"
     if (Stop_Time < control:System-Date) {
       update reply {
         Reply-Message := "account no longer active"

freeradius start without error, System-Date take the correct value for
Date but Start_Time and Stop_Time in this way seems to work with a
file not mysql...(yes my default site has check_validity in authorize

I don't know how use a query to assign database stored value for
Start_Time and Stop_TIme, is it possbile? I need some examples...

Thanks in advance

Franz Angeli

More information about the Freeradius-Users mailing list