On 06/17/2011 11:50 PM, Matthew George wrote:
Using logintime I cannot specify a date and time, its uucp.
I need to be able to specify a date and time. I'm curious as to why the
"Date" attribute does not exist.
None the less, I still need to get this working even if it involves me
having to pay someone.
I can think of a few ways of doing this; you probably don't need to pay
someone. At the end of the day, it's just an attribute comparison. All
you need to do is make sure the attributes are populated.
Can you be a bit more specific about where you want to read the validity
range from, and how you want to do the comparisons? Are they stored in
SQL or LDAP for example? What format are they stored in?
Here's an example of how you could implement it yourself, using unix
timestamps read from a file, and integer comparisons:
raddb/dictionary:
ATTRIBUTE Account-Starttime 3000 integer
ATTRIBUTE Account-Endtime 3001 integer
ATTRIBUTE Current-Time 3002 integer
raddb/policy.conf:
policy {
check_validity {
update control {
Current-Time := "%l"
}
if (Account-Starttime > control:Current-Time) {
update reply {
Reply-Message := "account not yet active"
}
reject
}
if (Account-Endtime < control:Current-Time) {
update reply {
Reply-Message := "account no longer active"
}
reject
}
}
}
raddb/modules/start_end_time:
passwd start_end_time {
# Entries in this file are of the format:
#
# username:epochstart:epochend
#
# date -d "$THEDATE" +%s can be used to convert strings
# to epoch at the unix shell
filename = ${raddbdir}/start_end
format = "*User-Name:~Account-Starttime:~Account-Endtime"
}
raddb/sites-enabled/xxx:
authorize {
....
# read the validity from file
start_end_time
# check it
check_validity
...
}
But there are probably very many ways of doing this. If you can be more
specific, I or others can make more suggestions, but better would be to
break the problem down into parts, then look at the tools FreeRADIUS
gives you (namely - lots of ways to populate attributes from data
sources, and lots of ways to compare them) and factor a solution.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
