I can't seem to make this work. I'm comparing some values in the post-auth
section:
if((%{expr: %{check:Max-All-Session}-%{sql:select sum(acctsessiontime) from radacct
where username='%{User-Name}'}}) (%{expr: %{sql:select
unix_timestamp(str_to_date('%{check:Expiration}', '%%b %%d %%Y %%H:%%i:%%s'))+0}})) {
update reply {
Session-Timeout := %{expr:
%{check:Max-All-Session}-%{sql:select sum(acctsessiontime) from radacct where
username='%{User-Name}'}}
}
}
else {
update reply {
Session-Timeout := %{expr: (%{sql:select
unix_timestamp(str_to_date('%{check:Expiration}', '%%b %%d %%Y %%H:%%i:%%s'))})}
}
}
The above code fails with a message (below) that says (Right field is not a number
at: (1371158700)). I tried adding
a zero to force a number interpretation but this does nothing.
I have checked every source I can find and I don't see anyhing that addresses
this problem.
Thoughts anyone?
Bill
rad_recv: Access-Request packet from host 127.0.0.1 port 59971, id=77, length=74
User-Name = wrs
CHAP-Password = 0x4dab7bdecf6c70f078b77bfa11cebd490d
NAS-IP-Address = 10.0.0.147
NAS-Port = 0
Message-Authenticator = 0xcf99944924652eda7706d17c69afca2c
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[chap] Setting 'Auth-Type := CHAP'
++[chap] returns ok
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = wrs, looking up realm NULL
[suffix] No such realm NULL
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
[sql] expand: %{User-Name} - wrs
[sql] sql_set_user escaped user -- 'wrs'
rlm_sql (sql): Reserving sql socket id: 3
[sql] expand: SELECT id, username, attribute, value, op FROM radcheck
WHERE username = '%{SQL-User-Name}' ORDER BY id - SELECT
id, username, attribute, value, op FROM radcheck WHERE
username = 'wrs' ORDER BY id
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op FROM radreply
WHERE username = '%{SQL-User-Name}' ORDER BY id - SELECT
id, username, attribute, value, op FROM radreply WHERE
username = 'wrs' ORDER BY id
[sql] expand: SELECT groupname FROM radusergroup WHERE
username = '%{SQL-User-Name}' ORDER BY priority - SELECT groupname
FROM radusergroup WHERE username = 'wrs' ORDER BY
priority
rlm_sql (sql): Released sql socket id: 3
++[sql] returns ok
[expiration] Checking Expiration time: '13 Jun 2013 21:25:00'
++[expiration] returns ok
++[logintime] returns noop
[pap] WARNING: Auth-Type already set. Not setting to PAP
++[pap] returns noop
rlm_sqlcounter: Entering module authorize code
WARNING: Please replace '%k' with '${key}'
sqlcounter_expand: 'SELECT IFNULL(SUM(AcctSessionTime),0) FROM radacct WHERE
UserName='%{User-Name}''
[noresetcounter]expand: SELECT IFNULL(SUM(AcctSessionTime),0) FROM radacct
WHERE UserName='%{User-Name}' - SELECT IFNULL(SUM(AcctSessionTime),0) FROM
radacct WHERE UserName='wrs'
WARNING: Please replace '%S' with '${sqlmod-inst}'
sqlcounter_expand: '%{sql:SELECT IFNULL(SUM(AcctSessionTime),0) FROM radacct
WHERE UserName='wrs'}'
[noresetcounter] sql_xlat
[noresetcounter]expand: %{User-Name} - wrs
[noresetcounter] sql_set_user escaped user -- 'wrs'
[noresetcounter]expand: SELECT IFNULL(SUM(AcctSessionTime),0) FROM radacct
WHERE UserName='wrs' - SELECT IFNULL(SUM(AcctSessionTime),0) FROM radacct
WHERE UserName='wrs'
rlm_sql (sql): Reserving sql socket id: 2
[noresetcounter] sql_xlat finished
rlm_sql (sql): Released sql socket id: 2
[noresetcounter]expand: %{sql:SELECT IFNULL(SUM(AcctSessionTime),0) FROM
radacct WHERE UserName='wrs'} - 12
rlm_sqlcounter: Check item is greater than query result
rlm_sqlcounter: Authorized user wrs, check_item=600, counter=12
rlm_sqlcounter: Sent Reply-Item for user wrs, Type=Session-Timeout, value=180
++[noresetcounter] returns ok
Found Auth-Type = CHAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group CHAP {...}
[chap] login attempt by wrs with CHAP password
[chap] Using clear text password test123 for user wrs authentication.
[chap] chap user wrs authenticated succesfully
++[chap] returns ok
# Executing section post-auth from file /etc/raddb/sites-enabled/default
+- entering group post-auth {...}
++[exec] returns noop
++? if ((%{expr: %{check:Max-All-Session}-%{sql:select sum(acctsessiontime) from radacct where
username='%{User-Name}'}}) (%{expr: %{sql:select
unix_timestamp(str_to_date('%{check:Expiration}', '%%b %%d %%Y %%H:%%i:%%s'))+0}}))
sql_xlat
expand: %{User-Name} - wrs