RE: [m0n0wall] RE: access for 24 hours after first login? need help
Hi all, I use postgresql with freeradius 1.0.4 and it's been working well. Then, The below topic got my attentioe interested and I tried my hand on this query sqlcounter validity { counter-name = All-Hour-Used check-name = Max-Hour-Used sqlmod-inst = sql key = User-Name reset = never query = SELECT current_timestamp - acctstarttime from radacct WHERE UserName='%{%k}' LIMIT 1 } but it only worked well. I tested it for 5 days all seems well. However, my problem is that I want to set this against secs not hours and this has not been successful. I will be glad If someone can point me to a link aside postgresql manual to accomplish that task. Thank you goksie -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of maruna Sent: Thursday, October 06, 2005 7:50 PM To: 'FreeRadius users mailing list' Subject: RE: [m0n0wall] RE: access for 24 hours after first login? It doesn't work on postgresql v7.4.6 that I tried it on.. however, I used SELECT now() - AcctStartTime FROM radacct WHERE UserName = '%{%k}' LIMIT 1; And its ok Thank you goksie -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jonathan De Graeve Sent: Thursday, October 06, 2005 3:09 PM To: Jonathan De Graeve; FreeRadius users mailing list Cc: [EMAIL PROTECTED] Subject: RE: [m0n0wall] RE: access for 24 hours after first login? And here the query in case you don't like seconds ;) SELECT HOUR(SEC_TO_TIME(UNIX_TIMESTAMP() - UNIX_TIMESTAMP(AcctStartTime))) FROM radacct WHERE UserName = '%{%k}' LIMIT 1; Then All-Secs-Passed/Max-Secs-Passed should be All-Hours-Passed/Max-Hours-Passed and Max-Hours-Passed specified in Hours instead of seconds Also note this is for MySQL. Don't know if it also works on oracle and Postgres -- Jonathan De Graeve Network/System Administrator Imelda vzw Informatica Dienst 015/50.52.98 [EMAIL PROTECTED] -Oorspronkelijk bericht- Van: Jonathan De Graeve [mailto:[EMAIL PROTECTED] Verzonden: donderdag 6 oktober 2005 15:51 Aan: FreeRadius users mailing list CC: [EMAIL PROTECTED] Onderwerp: [m0n0wall] RE: access for 24 hours after first login? This is how I do this Use SQLcounter module Put this in sqlcounter.conf (expecting that sqlcounter is already configged in the radiusd.conf) sqlcounter validity { counter-name = All-Secs-Passed check-name = Max-Secs-Passed sqlmod-inst = sql key = User-Name reset = never query = SELECT UNIX_TIMESTAMP() - UNIX_TIMESTAMP(AcctStartTime) secs_passed_since_start FROM radacct WHERE UserName = '%{%k}' LIMIT 1 Create in the config dictionary file an attribute of Max-Secs-Passed For example: #ATTRIBUTE My-Local-String 3000string #ATTRIBUTE My-Local-IPAddr 3001ipaddr #ATTRIBUTE My-Local-Integer3002integer ATTRIBUTE Max-Secs-Passed 3000 integer In radiusd.conf: Authorize {} section: Put this: validity The Max-Secs-Passed var is defined in seconds. So if you want a user only to be able to logon in the first 24hours after his first logon, Max-Secs-Passed should be set to 86400 (60secs * 60minutes * 24) Hope this helps the question I think many people will have. You could use other check or counter-names, its just an example You also could combine this with volume limits, max total session time etc... Kind Regards -- Jonathan De Graeve Network/System Administrator Imelda vzw Informatica Dienst 015/50.52.98 [EMAIL PROTECTED] -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Namens Markus Krause Verzonden: donderdag 6 oktober 2005 12:57 Aan: freeradius-users@lists.freeradius.org Onderwerp: Re: access for 24 hours after first login? Zitat von Alan DeKok [EMAIL PROTECTED]: Markus Krause [EMAIL PROTECTED] wrote: i set up freeradius succesfully for authentification against pam and users file :-) Please don't use authentification. It's authentication. sorry for my poor english, it's not my mother-tongue ... now i want to enhance the functionality about the following feature: setting up several predefined (guest) accounts with a generated username and password. this account should be valid from the first time it is used (first login) for 24 hours (or even better until 23:59 that day). rlm_counter. Set it for 24 hours of access, and reset=never. i read about this, but does this not mean that the user has an online time of 24 hours (or whatever i set in Max-All-Session-Time), so he can login until he has been active for 24 hours in sum? thanks in advance for your help! markus Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Markus Krause email: [EMAIL PROTECTED] Computing Center
RE: [m0n0wall] RE: access for 24 hours after first login?
And here the query in case you don't like seconds ;) SELECT HOUR(SEC_TO_TIME(UNIX_TIMESTAMP() - UNIX_TIMESTAMP(AcctStartTime))) FROM radacct WHERE UserName = '%{%k}' LIMIT 1; Then All-Secs-Passed/Max-Secs-Passed should be All-Hours-Passed/Max-Hours-Passed and Max-Hours-Passed specified in Hours instead of seconds Also note this is for MySQL. Don't know if it also works on oracle and Postgres -- Jonathan De Graeve Network/System Administrator Imelda vzw Informatica Dienst 015/50.52.98 [EMAIL PROTECTED] -Oorspronkelijk bericht- Van: Jonathan De Graeve [mailto:[EMAIL PROTECTED] Verzonden: donderdag 6 oktober 2005 15:51 Aan: FreeRadius users mailing list CC: [EMAIL PROTECTED] Onderwerp: [m0n0wall] RE: access for 24 hours after first login? This is how I do this Use SQLcounter module Put this in sqlcounter.conf (expecting that sqlcounter is already configged in the radiusd.conf) sqlcounter validity { counter-name = All-Secs-Passed check-name = Max-Secs-Passed sqlmod-inst = sql key = User-Name reset = never query = SELECT UNIX_TIMESTAMP() - UNIX_TIMESTAMP(AcctStartTime) secs_passed_since_start FROM radacct WHERE UserName = '%{%k}' LIMIT 1 Create in the config dictionary file an attribute of Max-Secs-Passed For example: #ATTRIBUTE My-Local-String 3000string #ATTRIBUTE My-Local-IPAddr 3001ipaddr #ATTRIBUTE My-Local-Integer3002integer ATTRIBUTE Max-Secs-Passed 3000 integer In radiusd.conf: Authorize {} section: Put this: validity The Max-Secs-Passed var is defined in seconds. So if you want a user only to be able to logon in the first 24hours after his first logon, Max-Secs-Passed should be set to 86400 (60secs * 60minutes * 24) Hope this helps the question I think many people will have. You could use other check or counter-names, its just an example You also could combine this with volume limits, max total session time etc... Kind Regards -- Jonathan De Graeve Network/System Administrator Imelda vzw Informatica Dienst 015/50.52.98 [EMAIL PROTECTED] -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Namens Markus Krause Verzonden: donderdag 6 oktober 2005 12:57 Aan: freeradius-users@lists.freeradius.org Onderwerp: Re: access for 24 hours after first login? Zitat von Alan DeKok [EMAIL PROTECTED]: Markus Krause [EMAIL PROTECTED] wrote: i set up freeradius succesfully for authentification against pam and users file :-) Please don't use authentification. It's authentication. sorry for my poor english, it's not my mother-tongue ... now i want to enhance the functionality about the following feature: setting up several predefined (guest) accounts with a generated username and password. this account should be valid from the first time it is used (first login) for 24 hours (or even better until 23:59 that day). rlm_counter. Set it for 24 hours of access, and reset=never. i read about this, but does this not mean that the user has an online time of 24 hours (or whatever i set in Max-All-Session-Time), so he can login until he has been active for 24 hours in sum? thanks in advance for your help! markus Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Markus Krause email: [EMAIL PROTECTED] Computing CenterTel.: 089 - 89 40 85 99 Group Lottspeich / Proteomics Fax.: 089 - 89 40 85 98 - This message was sent using https://webmail.biochem.mpg.de If you encounter any problems please report to [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: [m0n0wall] RE: access for 24 hours after first login?
It doesn't work on postgresql v7.4.6 that I tried it on.. howver, I used SELECT now() - AcctStartTime FROM radacct WHERE UserName = '%{%k}' LIMIT 1; And its ok Thank you goksie -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jonathan De Graeve Sent: Thursday, October 06, 2005 3:09 PM To: Jonathan De Graeve; FreeRadius users mailing list Cc: [EMAIL PROTECTED] Subject: RE: [m0n0wall] RE: access for 24 hours after first login? And here the query in case you don't like seconds ;) SELECT HOUR(SEC_TO_TIME(UNIX_TIMESTAMP() - UNIX_TIMESTAMP(AcctStartTime))) FROM radacct WHERE UserName = '%{%k}' LIMIT 1; Then All-Secs-Passed/Max-Secs-Passed should be All-Hours-Passed/Max-Hours-Passed and Max-Hours-Passed specified in Hours instead of seconds Also note this is for MySQL. Don't know if it also works on oracle and Postgres -- Jonathan De Graeve Network/System Administrator Imelda vzw Informatica Dienst 015/50.52.98 [EMAIL PROTECTED] -Oorspronkelijk bericht- Van: Jonathan De Graeve [mailto:[EMAIL PROTECTED] Verzonden: donderdag 6 oktober 2005 15:51 Aan: FreeRadius users mailing list CC: [EMAIL PROTECTED] Onderwerp: [m0n0wall] RE: access for 24 hours after first login? This is how I do this Use SQLcounter module Put this in sqlcounter.conf (expecting that sqlcounter is already configged in the radiusd.conf) sqlcounter validity { counter-name = All-Secs-Passed check-name = Max-Secs-Passed sqlmod-inst = sql key = User-Name reset = never query = SELECT UNIX_TIMESTAMP() - UNIX_TIMESTAMP(AcctStartTime) secs_passed_since_start FROM radacct WHERE UserName = '%{%k}' LIMIT 1 Create in the config dictionary file an attribute of Max-Secs-Passed For example: #ATTRIBUTE My-Local-String 3000string #ATTRIBUTE My-Local-IPAddr 3001ipaddr #ATTRIBUTE My-Local-Integer3002integer ATTRIBUTE Max-Secs-Passed 3000 integer In radiusd.conf: Authorize {} section: Put this: validity The Max-Secs-Passed var is defined in seconds. So if you want a user only to be able to logon in the first 24hours after his first logon, Max-Secs-Passed should be set to 86400 (60secs * 60minutes * 24) Hope this helps the question I think many people will have. You could use other check or counter-names, its just an example You also could combine this with volume limits, max total session time etc... Kind Regards -- Jonathan De Graeve Network/System Administrator Imelda vzw Informatica Dienst 015/50.52.98 [EMAIL PROTECTED] -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Namens Markus Krause Verzonden: donderdag 6 oktober 2005 12:57 Aan: freeradius-users@lists.freeradius.org Onderwerp: Re: access for 24 hours after first login? Zitat von Alan DeKok [EMAIL PROTECTED]: Markus Krause [EMAIL PROTECTED] wrote: i set up freeradius succesfully for authentification against pam and users file :-) Please don't use authentification. It's authentication. sorry for my poor english, it's not my mother-tongue ... now i want to enhance the functionality about the following feature: setting up several predefined (guest) accounts with a generated username and password. this account should be valid from the first time it is used (first login) for 24 hours (or even better until 23:59 that day). rlm_counter. Set it for 24 hours of access, and reset=never. i read about this, but does this not mean that the user has an online time of 24 hours (or whatever i set in Max-All-Session-Time), so he can login until he has been active for 24 hours in sum? thanks in advance for your help! markus Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Markus Krause email: [EMAIL PROTECTED] Computing CenterTel.: 089 - 89 40 85 99 Group Lottspeich / Proteomics Fax.: 089 - 89 40 85 98 - This message was sent using https://webmail.biochem.mpg.de If you encounter any problems please report to [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: [m0n0wall] RE: access for 24 hours after first login?
hi jonathan, thanks a lot, this seems to be (almost) what i wanted! great! :-) i am just wondering about how this (the module sqlcounter) actually works, e.g. how is the actual comparision of the calculated value in query done, does it mean, that the value returned by query has to be smaller than the one referred to by check-name (in your example Max-Secs-Passed)? what does the line sqlmod-inst = sql mean (in /usr/share/doc/freeradius/rlm_sqlcounter there is also the value sqlcc3, what does this do?) what about the following: SELECT TO_DAYS(NOW()) - TO_DAYS(AcctStartTime) from radacct WHERE UserName = '%(%k)' LIMIT 1; would this mean that a user can login until 23:59 after logged in the first time that day? thank you very much for your help (and of course the help of everybody else on this greate mailing list!) regards, markus Zitat von Jonathan De Graeve [EMAIL PROTECTED]: And here the query in case you don't like seconds ;) SELECT HOUR(SEC_TO_TIME(UNIX_TIMESTAMP() - UNIX_TIMESTAMP(AcctStartTime))) FROM radacct WHERE UserName = '%{%k}' LIMIT 1; Then All-Secs-Passed/Max-Secs-Passed should be All-Hours-Passed/Max-Hours-Passed and Max-Hours-Passed specified in Hours instead of seconds Also note this is for MySQL. Don't know if it also works on oracle and Postgres -- Jonathan De Graeve Network/System Administrator Imelda vzw Informatica Dienst 015/50.52.98 [EMAIL PROTECTED] -Oorspronkelijk bericht- Van: Jonathan De Graeve [mailto:[EMAIL PROTECTED] Verzonden: donderdag 6 oktober 2005 15:51 Aan: FreeRadius users mailing list CC: [EMAIL PROTECTED] Onderwerp: [m0n0wall] RE: access for 24 hours after first login? This is how I do this Use SQLcounter module Put this in sqlcounter.conf (expecting that sqlcounter is already configged in the radiusd.conf) sqlcounter validity { counter-name = All-Secs-Passed check-name = Max-Secs-Passed sqlmod-inst = sql key = User-Name reset = never query = SELECT UNIX_TIMESTAMP() - UNIX_TIMESTAMP(AcctStartTime) secs_passed_since_start FROM radacct WHERE UserName = '%{%k}' LIMIT 1 Create in the config dictionary file an attribute of Max-Secs-Passed For example: #ATTRIBUTE My-Local-String 3000string #ATTRIBUTE My-Local-IPAddr 3001ipaddr #ATTRIBUTE My-Local-Integer3002integer ATTRIBUTE Max-Secs-Passed 3000 integer In radiusd.conf: Authorize {} section: Put this: validity The Max-Secs-Passed var is defined in seconds. So if you want a user only to be able to logon in the first 24hours after his first logon, Max-Secs-Passed should be set to 86400 (60secs * 60minutes * 24) Hope this helps the question I think many people will have. You could use other check or counter-names, its just an example You also could combine this with volume limits, max total session time etc... Kind Regards -- Jonathan De Graeve Network/System Administrator Imelda vzw Informatica Dienst 015/50.52.98 [EMAIL PROTECTED] -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Namens Markus Krause Verzonden: donderdag 6 oktober 2005 12:57 Aan: freeradius-users@lists.freeradius.org Onderwerp: Re: access for 24 hours after first login? Zitat von Alan DeKok [EMAIL PROTECTED]: Markus Krause [EMAIL PROTECTED] wrote: i set up freeradius succesfully for authentification against pam and users file :-) Please don't use authentification. It's authentication. sorry for my poor english, it's not my mother-tongue ... now i want to enhance the functionality about the following feature: setting up several predefined (guest) accounts with a generated username and password. this account should be valid from the first time it is used (first login) for 24 hours (or even better until 23:59 that day). rlm_counter. Set it for 24 hours of access, and reset=never. i read about this, but does this not mean that the user has an online time of 24 hours (or whatever i set in Max-All-Session-Time), so he can login until he has been active for 24 hours in sum? thanks in advance for your help! markus Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Markus Krause email: [EMAIL PROTECTED] Computing CenterTel.: 089 - 89 40 85 99 Group Lottspeich / Proteomics Fax.: 089 - 89 40 85 98 - This message was sent using https://webmail.biochem.mpg.de If you encounter any problems please report to [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - To unsubscribe, e-mail: [EMAIL PROTECTED