> > wether setting
> > an Expiration attribute in radcheck normally implies a Session-Timeout
> > to be added to the access-accept messages, or not.
>
> Yes.
>
> If it doesn't work in SQL, try it in the "users" file.
Thank you for answer. I tried with the "users" file and got the same
behavior as with the DB. Here's the entry for a user in the "users"
file :
"Fred" Auth-Type := Local, User-Password == "hello2", Expiration :=
"1 Apr 2005 23:59:00"
Reply-Message = "Hello %u"
The Expiration attribute is used, as I get an access-reject if I set
it to any past date. But in the case the Expiration date is not past,
I still get an access-accept (ok) with no Session-Timeout (not ok).
The reply message is ok : "Hello fred".
Il also tried with == in place of :=, it didn't work better.
I disabled SQL authorization, and use PAP for authentication. Here's
the ouptut of the server for a simple authentication request :
rad_recv: Access-Request packet from host 192.168.1.1:2175, id=54, length=44
User-Name = "Fred"
User-Password = "hello2"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
modcall[authorize]: module "preprocess" returns ok for request 2
users: Matched Fred at 94
radius_xlat: 'Hello Fred'
modcall[authorize]: module "files" returns ok for request 2
modcall: group authorize returns ok for request 2
rad_check_password: Found Auth-Type Local
auth: type Local
auth: user supplied User-Password matches local User-Password
radius_xlat: 'Hello Fred'
Login OK: [Fred] (from client private-network-1 port 0)
Sending Access-Accept of id 54 to 192.168.1.1:2175
Reply-Message = "Hello Fred"
Finished request 2
I read all the doc I found (mostly, in the
/usr/local/share/freeradius-1.0.2/doc/ directory, freradius website, a
few articles and the mailing list) about attributes, variables,
operators, processing of config files and so on, but couldn't find
precisely how Expiration is used by the server. Is there a doc file I
would have missed ? Would it be useful to read the developpers'
mailing list ?
Thanks,
Joachim
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
