acct-session-start attribute ?

Jeremy Ravel Jeremy.Ravel at etu.univ-savoie.fr
Fri May 29 10:29:23 CEST 2015 

Hi, thanks for the help, 
So I added in policy.conf this 
check_validity { 
update control { 
Current-Time := "%l" 
} 
if (Date > control:Current-Time) { 
update reply { 
Reply-Message := "account not yet active" 
} 
reject 
} 
} 
I created the attribute date, but when i tried to logon, i receive reject response 

This is freeradius -XXX 
rad_recv: Access-Request packet from host 127.0.0.1 port 36099, id=237, length=277 
ChilliSpot-Version = "1.3.0" 
User-Name = "day2" 
User-Password = "day2" 
Service-Type = Login-User 
Acct-Session-Id = "55680ead00000005" 
Framed-IP-Address = 10.10.4.200 
NAS-Port-Type = Wireless-802.11 
NAS-Port = 5 
NAS-Port-Id = "00000005" 
Calling-Station-Id = "00-1B-77-16-34-1A" 
Called-Station-Id = "00-50-56-B2-BF-8D" 
NAS-IP-Address = 10.10.4.254 
NAS-Identifier = "vlan4" 
WISPr-Location-ID = "isocc=,cc=,ac=,network=Coova,Vlan4_ssid" 
WISPr-Location-Name = "Vlan_4" 
WISPr-Logoff-URL = "http://10.10.4.254:3990/logoff" 
Message-Authenticator = 0x844feffa98bf807597e7e264e9d3b4c4 
Fri May 29 10:23:34 2015 : Info: # Executing section authorize from file /etc/freeradius/sites-enabled/default 
Fri May 29 10:23:34 2015 : Info: +- entering group authorize {...} 
Fri May 29 10:23:34 2015 : Info: ++? if (!NAS-IP-Address) 
Fri May 29 10:23:34 2015 : Info: ? Evaluating !(NAS-IP-Address) -> FALSE 
Fri May 29 10:23:34 2015 : Info: ++? if (!NAS-IP-Address) -> FALSE 
Fri May 29 10:23:34 2015 : Info: ++- entering policy check_validity {...} 
Fri May 29 10:23:34 2015 : Debug: WARNING: You are modifying the value of virtual attribute Current-Time. This is not supported. 
Fri May 29 10:23:34 2015 : Info: expand: %l -> 1432887814 
Fri May 29 10:23:34 2015 : Info: +++[control] returns notfound 
Fri May 29 10:23:34 2015 : Info: +++? if (Date > control:Current-Time) 
Fri May 29 10:23:34 2015 : Info: (Attribute Date was not found) 
Fri May 29 10:23:34 2015 : Info: ? Evaluating (Date > control:Current-Time) -> FALSE 
Fri May 29 10:23:34 2015 : Info: +++? if (Date > control:Current-Time) -> FALSE 
Fri May 29 10:23:34 2015 : Info: ++- policy check_validity returns notfound 
Fri May 29 10:23:34 2015 : Info: ++[preprocess] returns ok 
Fri May 29 10:23:34 2015 : Info: ++[chap] returns noop 
Fri May 29 10:23:34 2015 : Info: ++[mschap] returns noop 
Fri May 29 10:23:34 2015 : Info: ++[digest] returns noop 
Fri May 29 10:23:34 2015 : Info: [suffix] No '@' in User-Name = "day2", looking up realm NULL 
Fri May 29 10:23:34 2015 : Info: [suffix] No such realm "NULL" 
Fri May 29 10:23:34 2015 : Info: ++[suffix] returns noop 
Fri May 29 10:23:34 2015 : Info: [eap] No EAP-Message, not doing EAP 
Fri May 29 10:23:34 2015 : Info: ++[eap] returns noop 
Fri May 29 10:23:34 2015 : Info: [sql] expand: %{User-Name} -> day2 
Fri May 29 10:23:34 2015 : Info: [sql] sql_set_user escaped user --> 'day2' 
Fri May 29 10:23:34 2015 : Debug: rlm_sql (sql): Reserving sql socket id: 3 
Fri May 29 10:23:34 2015 : Info: [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'day2' ORDER BY id 
Fri May 29 10:23:34 2015 : Info: [sql] expand: SELECT groupname FROM usergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM usergroup WHERE username = 'day2' ORDER BY priority 
Fri May 29 10:23:34 2015 : Info: [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'vlan_4' ORDER BY id 
Fri May 29 10:23:34 2015 : Debug: rlm_sql (sql): Released sql socket id: 3 
Fri May 29 10:23:34 2015 : Info: [sql] User day2 not found 
Fri May 29 10:23:34 2015 : Info: ++[sql] returns notfound 
Fri May 29 10:23:34 2015 : Debug: rlm_sqlcounter: Entering module authorize code 
Fri May 29 10:23:34 2015 : Debug: rlm_sqlcounter: Could not find Check item value pair 
Fri May 29 10:23:34 2015 : Info: ++[chillispot_max_bytes] returns noop 
Fri May 29 10:23:34 2015 : Debug: rlm_sqlcounter: Entering module authorize code 
Fri May 29 10:23:34 2015 : Debug: rlm_sqlcounter: Could not find Check item value pair 
Fri May 29 10:23:34 2015 : Info: ++[noresetcounter] returns noop 
Fri May 29 10:23:34 2015 : Debug: rlm_sqlcounter: Entering module authorize code 
Fri May 29 10:23:34 2015 : Debug: rlm_sqlcounter: Could not find Check item value pair 
Fri May 29 10:23:34 2015 : Info: ++[dailycounter] returns noop 
Fri May 29 10:23:34 2015 : Info: ++[expiration] returns noop 
Fri May 29 10:23:34 2015 : Info: ++[logintime] returns noop 
Fri May 29 10:23:34 2015 : Info: [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. 
Fri May 29 10:23:34 2015 : Info: ++[pap] returns noop 
Fri May 29 10:23:34 2015 : Info: ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user 
Fri May 29 10:23:34 2015 : Info: Failed to authenticate the user. 
Fri May 29 10:23:34 2015 : Info: Using Post-Auth-Type Reject 
Fri May 29 10:23:34 2015 : Info: # Executing group from file /etc/freeradius/sites-enabled/default 
Fri May 29 10:23:34 2015 : Info: +- entering group REJECT {...} 
Fri May 29 10:23:34 2015 : Info: [sql] expand: %{User-Name} -> day2 
Fri May 29 10:23:34 2015 : Info: [sql] sql_set_user escaped user --> 'day2' 
Fri May 29 10:23:34 2015 : Info: [sql] expand: %{User-Password} -> day2 
Fri May 29 10:23:34 2015 : Info: [sql] expand: INSERT INTO radpostauth (user, pass, reply, date) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth (user, pass, reply, date) VALUES ( 'day2', 'day2', 'Access-Reject', '2015-05-29 10:23:34') 
Fri May 29 10:23:34 2015 : Debug: rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth (user, pass, reply, date) VALUES ( 'day2', 'day2', 'Access-Reject', '2015-05-29 10:23:34') 
Fri May 29 10:23:34 2015 : Debug: rlm_sql (sql): Reserving sql socket id: 2 
Fri May 29 10:23:34 2015 : Debug: rlm_sql (sql): Released sql socket id: 2 
Fri May 29 10:23:34 2015 : Info: ++[sql] returns ok 
Fri May 29 10:23:34 2015 : Info: [attr_filter.access_reject] expand: %{User-Name} -> day2 
Fri May 29 10:23:34 2015 : Debug: attr_filter: Matched entry DEFAULT at line 11 
Fri May 29 10:23:34 2015 : Info: ++[attr_filter.access_reject] returns updated 
Fri May 29 10:23:34 2015 : Info: Delaying reject of request 0 for 1 seconds 
Fri May 29 10:23:34 2015 : Debug: Going to the next request 



----- Mail original -----

De: "Alan DeKok" <aland at deployingradius.com> 
À: "FreeRadius users mailing list" <freeradius-users at lists.freeradius.org> 
Envoyé: Jeudi 28 Mai 2015 16:56:21 
Objet: Re: acct-session-start attribute ? 

On May 28, 2015, at 10:51 AM, Jeremy Ravel <Jeremy.Ravel at etu.univ-savoie.fr> wrote: 
> Hi guys, I am beginner in FR. 
> I want to be able to delay the activation of the login. For example i can create an user monday, but i just want allow him to connect only from friday to logon on my network. 
> I tried to use the attribute acct-session-start on the user, but when i use it one user, the user can never log. 

There is no Acct-Session-Start attribute. Delete it from your SQL database. 

What you want is the Current-Time attribute: http://wiki.freeradius.org/config/Users 

Check that the Current-Time is smaller than a particular date. 

Alan DeKok. 


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list