On Tue, 18 May 2004 10:29:27 -0400 Mike Cathey <[EMAIL PROTECTED]> wrote:
> On Tue, 2004-05-18 at 09:37, Graeme Hinchliffe wrote: > > Perhaps use the accounting information to trigger a flag on their > > account if they hit the 4 hour limit. > > Any suggestions on where to start on that? The accounting information :))) At my last place of work a system was written which kept a tally of people using a given service in a seperate database using the accounting information. When they hit the limit it restricted them from connecting to that service. I would suggest you put your radacct into a database and either use database triggers to check the db or periodically check it. When an account hits the 4 hour limit, update your radius information to disable that account immediately. Also enter the account name and time it was disabled into another table. Check that table every minute and when their time is up reenable them. Another way which I think may be simpler and cleaner would be to adjust the sql queries used by freeradius during the authentication check. As well as checking the username & password are valid also have it check that the current time is greater than the time in another table for that user. This other table would be a list of usernames and a time & date from which they are allowed to connect.. so eg: permit table | username | allow from | | fred | 2004-05-18 15:45 | | tom | 2004-05-18 18:00 | You would compare the given username against the username field and also check that the current time was greater than the 'allow from' field. This way, when a user hits their limit, you adjust the allow from field to contain the current time + cooldown time (so your 15 minutes). This also has the advantage of you being able to set varying cooldown times or even to say certain users can only connect after a certain date/time etc. I would go with the 2nd option personally. hope thats of some use (sense :) ) -- ----- Graeme Hinchliffe (BSc) Core Internet Systems Designer Zen Internet (http://www.zen.co.uk/) ICQ 3842605 (link) Direct: 0845 058 9074 Main : 0845 058 9000 Fax : 0845 058 9005 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html