"Eric C. Snowdeal III" <[EMAIL PROTECTED]> wrote: > i'd like to be able to: > > 1. set per user [ not necessarily groups] session time limits that are > valid across multiple sessions [i.e. jane doe gets 3600 seconds of use > which are used up over multiple sessions ]
See the 'counter' module. Documentation in the comments in radiusd.conf. > 2. each time a user logs in, i'd like to return a session-timeout > attribute that reflects the time left [ i.e. total time minus used time ] The counter module does that as part of it's counting. > 3. if a user is logged in when the time runs out, the user gets kicked > off and is not allowed to log back in. ever. Until, at least, the counter resets (daily, monthly, or never). > from what i gather requirements 1 and 3 should be satisfied if i can set > up the counter correctly, but i think i might have to use and > exec-program-wait script to satisfy requirement 2? Huh? Why? See the output of the 'counter' module in debugging mode, or look for 'Session-Timeout' in the counter source. > in this case, as is appropriate for the := operator, >each time< jane > logs in she gets a session-timout = 60 returned. if she stays logged > in for 60 full seconds she will get kicked off - however she can then > log back in. my apparently flawed logic would tell me that i could > fully satisfy requirements 1 and 3 by using something like the following: > > Jane Auth-Type:=Local, User-Password=="Doe", RAD-Session-Time < 60 > Class="0x101" > > but this doesn't work Exactly how does that entry look like the example given in 'radiusd.conf'? THat might be the cause of your problem... Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html