I post here a cleaner solution to my need, and propose the opportunity to have an even better way to code this (but requires a patch).
The Goal ======== I wanted to be able to manage temporary accounts for guests: * these accounts are created in advance, but mustn't be valid before a given date * these account have an expiration date * these account must be valid within a given time range One current solution to achieve this ==================================== The current solution is to create a local String attribute (3000<id<4000) in the dictionary file /etc/raddb/dictionary: ATTRIBUTE My-Local-NotBefore 3000 string Then in the hint file, I add the current date to the request (for my NAS 192.168.1.1): DEFAULT NAS-IP-ADDRESS == 192.168.1.1 My-Local-NotBefore = `%D` In the users file, I add the 'Myuser' user, who can log in within the following time range '12 Dec to 13 Dec 2006, from 8AM to 9 PM': Myuser NAS-IP-Address == 192.168.1.1, Auth-Type = Local, User-Password == MyPass, My-Local-NotBefore >= 20061212, Login-Time := 'Wk0800-2100', Expiration := "14 Dec 2006" Fall-Through = no It is working, but is just a pity that the NotBefore and Expiration part are not handled the same way, though beeing quite similar. Enhancement proposal ==================== Why not implement the NotBefore part in the FR server code as it is already done for Expiration ? It would require (AFAIK): * Adding an offical "NotBefore" internal freeradius dictionary * Add a "#define PW_NOTBEFORE" definition in include/radius.h * Add a time check to the "check_expiration" function in main/auth.c * Optionnal ??? Add a notbeforecmp function and a "paircompare_register" call to main/valuepair.c ???? However, I had no report so far that this could prove to be useful to someone else, so I wonder if It is worth implementing. If you think this could be useful, I'll try to propose a patch. Thibault - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html