FreeRADIUS clients to access service with username and password with access periods

Question

I am using freeradius/mysql/daloradius.

I need my customers to be able to login using a username and password that they signed up with and at the same time give them different access periods.

How do I accomplish that?

I've attempted editing /etc/freeradius/sql/mysql/dialup.conf:

authorize_check_query = "SELECT id, username, password, attribute, value, op \
  FROM ${authcheck_table} \
  WHERE username = '%{SQL-User-Name}'\
  ORDER BY id"

score 2 · Answer 1 · answered Apr 20 '14 at 18:55

2

You should use the logintime module, and call it after the SQL module in raddb/sites-available/default authorize{}.

You can then add a row to the radcheck table for the user who's period of access you want to limit, with attribute Login-Time op := and value in the format described here man systems under the Time heading.

The logintime module will reject the user if they are not logging in within an allowed period, and Accept the user, adding the Session-Timeout attribute to force re-authentication when their current allowed access period ends.

answered Apr 20 '14 at 18:55

Arran Cudbard-Bell

1,514
1
9
18

thank alot i even did more research and ended up using Expiration attribute for now it is working just fine – philip Apr 22 '14 at 15:20
Ah sure, that should be fine too. It's just this way lets you specify more complex policies with time blocks. – Arran Cudbard-Bell Apr 23 '14 at 14:06

FreeRADIUS clients to access service with username and password with access periods

1 Answers1