hi jonathan,
thanks a lot, this seems to be (almost) what i wanted! great! :-)
i am just wondering about how this (the module sqlcounter) actually works, e.g.
how is the actual comparision of the calculated value in "query" done, does it
mean, that the value returned by "query" has to be smaller than the one
referred to by "check-name" (in your example Max-Secs-Passed)?
what does the line "sqlmod-inst = sql" mean (in
/usr/share/doc/freeradius/rlm_sqlcounter there is also the value "sqlcc3", what
does this do?)
what about the following:
SELECT TO_DAYS(NOW()) - TO_DAYS(AcctStartTime) from radacct WHERE UserName =
'%(%k)' LIMIT 1;
would this mean that a user can login until 23:59 after logged in the first time
that day?
thank you very much for your help (and of course the help of everybody else on
this greate mailing list!)
regards,
markus
Zitat von Jonathan De Graeve <[EMAIL PROTECTED]>:
> And here the query in case you don't like seconds ;)
>
> SELECT HOUR(SEC_TO_TIME(UNIX_TIMESTAMP() -
> UNIX_TIMESTAMP(AcctStartTime))) FROM radacct WHERE UserName = '%{%k}'
> LIMIT 1;
>
> Then All-Secs-Passed/Max-Secs-Passed should be
> All-Hours-Passed/Max-Hours-Passed and Max-Hours-Passed specified in
> Hours instead of seconds
>
> Also note this is for MySQL. Don't know if it also works on oracle and
> Postgres....
>
> --
> Jonathan De Graeve
> Network/System Administrator
> Imelda vzw
> Informatica Dienst
> 015/50.52.98
> [EMAIL PROTECTED]
>
> -----Oorspronkelijk bericht-----
> Van: Jonathan De Graeve [mailto:[EMAIL PROTECTED]
> Verzonden: donderdag 6 oktober 2005 15:51
> Aan: FreeRadius users mailing list
> CC: [EMAIL PROTECTED]
> Onderwerp: [m0n0wall] RE: access for 24 hours after first login?
>
> This is how I do this
>
> Use SQLcounter module
>
> Put this in sqlcounter.conf (expecting that sqlcounter is already
> configged in the radiusd.conf)
>
> sqlcounter validity {
> counter-name = All-Secs-Passed
> check-name = Max-Secs-Passed
> sqlmod-inst = sql
> key = User-Name
> reset = never
> query = "SELECT UNIX_TIMESTAMP() -
> UNIX_TIMESTAMP(AcctStartTime) secs_passed_since_start FROM radacct WHERE
> UserName = '%{%k}' LIMIT 1"
>
>
> Create in the config dictionary file an attribute of Max-Secs-Passed
>
> For example:
> #ATTRIBUTE My-Local-String 3000 string
> #ATTRIBUTE My-Local-IPAddr 3001 ipaddr
> #ATTRIBUTE My-Local-Integer 3002 integer
> ATTRIBUTE Max-Secs-Passed 3000 integer
>
> In radiusd.conf:
>
> Authorize {} section:
>
> Put this: validity
>
> The Max-Secs-Passed var is defined in seconds. So if you want a user
> only to be able to logon in the first 24hours after his first logon,
> Max-Secs-Passed should be set to 86400 (60secs * 60minutes * 24)
>
> Hope this helps the question I think many people will have.
>
> You could use other check or counter-names, its just an example....
>
> You also could combine this with volume limits, max total session time
> etc...
>
> Kind Regards
>
> --
> Jonathan De Graeve
> Network/System Administrator
> Imelda vzw
> Informatica Dienst
> 015/50.52.98
> [EMAIL PROTECTED]
>
> -----Oorspronkelijk bericht-----
> Van: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Namens Markus
> Krause
> Verzonden: donderdag 6 oktober 2005 12:57
> Aan: freeradius-users@lists.freeradius.org
> Onderwerp: Re: access for 24 hours after first login?
>
> Zitat von Alan DeKok <[EMAIL PROTECTED]>:
> > Markus Krause <[EMAIL PROTECTED]> wrote:
> > > i set up freeradius succesfully for authentification against pam and
> users
> > file
> > > :-)
> >
> > Please don't use "authentification". It's "authentication".
> sorry for my poor english, it's not my mother-tongue ...
>
> > > now i want to enhance the functionality about the following feature:
> > > setting up several predefined (guest) accounts with a generated
> username
> > and
> > > password. this account should be valid from the first time it is
> used
> > (first
> > > login) for 24 hours (or even better until 23:59 that day).
> >
> > rlm_counter. Set it for 24 hours of access, and "reset=never".
> i read about this, but does this not mean that the user has an online
> time of 24
> hours (or whatever i set in Max-All-Session-Time), so he can login until
> he has
> been active for 24 hours in sum?
>
> thanks in advance for your help!
> markus
>
> >
> > Alan DeKok.
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> >
>
>
> --
> Markus Krause email: [EMAIL PROTECTED]
> Computing Center Tel.: 089 - 89 40 85 99
> Group Lottspeich / Proteomics Fax.: 089 - 89 40 85 98
>
> ---------------------------------------------------------------------
> This message was sent using https://webmail.biochem.mpg.de
> If you encounter any problems please report to [EMAIL PROTECTED]
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
--
Markus Krause email: [EMAIL PROTECTED]
Computing Center Tel.: 089 - 89 40 85 99
Group Lottspeich / Proteomics Fax.: 089 - 89 40 85 98
---------------------------------------------------------------------
This message was sent using https://webmail.biochem.mpg.de
If you encounter any problems please report to [EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
