Alan DeKok wrote: >"Gunther" <[EMAIL PROTECTED]> wrote: >> My remaining trouble was the conditional expression >> %{expr: SQL1}:-%{expr:SQL2}. > > I don't think that's the correct syntax.
Yes, I realised that ... I skipped this approach and I now use post-auth sql module for updating my initial login time in radreply. But even my current SQL query in radgroupreply was still 40 bytes over the 'edge' of 253. As mentioned, when I change MAX_STRING_LEN to a higher value and modify a few (2) static '256' values, it is working fine in my test environment. My next approach .. I am cutting down on sql column name lengths to fit it into the 253 limit. Not nice, but it works. ... e.g. (uuname=user_username) Here is my hopefully final sql statement for Session-Timeout in radroupreply: (for 30 minute access from 1st login) `%{expr:%{sql:SELECT IF(NOW()>usttm,IF(ulsttm=0,1800,IF(TIME_TO_SEC(TIMEDIFF(DATE_ADD(ulsttm,INTE RVAL 30 MINUTE),NOW()))>0,TIME_TO_SEC(TIMEDIFF(DATE_ADD(ulsttm,INTERVAL 30 MINUTE),NOW())),1)),1) as result FROM phs_user WHERE uuname='%{User-Name}'}` When user logs in first time, the full 30min (1800sec) are assigned. The next log in will find a timestamp in ulsttm from the first login and calculates the remaining time from that timestamp. If it is expired, it returns 1 second (because when I assign 0, unlimited access time is the result). I added another column in radreply (I call the table phs_user) named ulstrt (or user_loginstart). user_loginstart is getting a timestamp from post-auth when a user initially logs in. My post-auth query in sql.conf is: postauth_query = "UPDATE ${authcheck_table} SET ulsttm = NOW() WHERE uuname='%{User-Name}' AND ulsttm=0" Why all this stuff ... I like to start the timer for a 30min, 60min etc. login from the time they log in and not from the time I assign the user start time. ... 2+ days of FR research ... and it works ;-) with an unmodified FreeRadius 1.0.5 Gunther - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html