On Mon, 17 Jun 2002, Adi Linden wrote:
> To re-phrase my question to include everything I want to do...
>
> I want to set a daily limit per user in an LDAP attribute. If the daily
> limit is reached, the users connection needs to be terminated and further
> login be refused until the next day...
>
> Users that do not have an LDAP attribute need to get a default value (if
> possible).
>
> I have things working in a sense that this works:
>
> DEFAULT Daily-Session-Time > 3600, Auth-Type := Reject
> Reply-Message = "You've used up your daily time limit"
>
> This does not work:
>
> DEFAULT Daily-Session-Time > Max-Daily-Session, Auth-Type := Reject
> Reply-Message = "You've used up your daily time limit"
>
> I am assuming that in order to terminate a current loggin session I need
> to pass the time left to the NAS in Session-Timeout. How do I do that?
> Would this work:
>
> Session-Timeout = Max-Daily-Session - Daily-Session-Time
>
> Thanks a bunch!
> Adi
radiusd.conf:
counter daily{
[...]
check-name = Max-Daily-Session
}
authorize{
daily
files
ldap
daily
}
ldap.attrmap:
checkitem Max-Daily-Session radiusMaxDailySession
Add the radiusMaxDailySession attribute in your ldap schema (attribute and in
your radiusprofile objectclass).
Then just add this attribute to all the users you want. If you want to create a
default value you could just create a default ldap user profile and add the
value you want. The other choise is to add the following in your users file:
DEFAULT Max-Daily-Session := 14400
As for the session-timeout don't worry the counter module handles that
automatically for you.
Hope this helps
--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED] National Technical University of Athens, Greece
Work Phone: +30 10 7721861
'Go back to the shadow' Gandalf
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
