Home > Freeradius, Open Source > Freeradius: Limit User Access by Period Started from Activation Time

Freeradius: Limit User Access by Period Started from Activation Time

This module is sligthly different than last module; The significant difference is in the query attribute where the sql query will calculate the time used by a user from the first access time of a user.
It will compare to Access-Period we define, and terminate a user session when the times expire.

Using this, we can limit a user access period for 1 day or 1 week from his first time he login using the a prepaid card.
The counter module we create is as below,

— snipped —
sqlcounter accessperiod {

counter-name = Max-Access-Period-Time
check-name = Access-Period
sqlmod-inst = sql
key = User-Name
reset = never
query = “SELECT UNIX_TIMESTAMP() – UNIX_TIMESTAMP(AcctStartTime) FROM radacct WHERE UserName = ‘%{%k}’ ORDER BY AcctStartTime LIMIT 1”
}

— snipped —

In the authorize section, we should include the module:

— snipped —
authorize {

preprocess
chap
mschap
suffix
eap
files
sql
pap
accessperiod

}
— snipped —

And as usual, we need to restart/reload the server to make the new configuration take effect.

Then for the radcheck table, we insert the appropriate attribute:

+—-+———–+——————-+—-+————-+
| id | UserName | Attribute | op | Value |
+—-+———–+——————-+—-+————-+
| 3 | user | Access-Period | := | 3600 |
+—-+———–+——————-+—-+————-+

Categories: Freeradius, Open Source
  1. 21/05/2009 at 12:02 am

    I tried using the above code but have the following error in the radius.log

    Wed May 20 17:55:22 2009 : Error: rlm_sql: Failed to create the pair: Unknown attribute “Access-Period”
    Wed May 20 17:55:22 2009 : Error: rlm_sql (sql): Error getting data from database
    Wed May 20 17:55:22 2009 : Error: rlm_sql (sql): SQL query error; rejecting user

    What should I do?
    thanks

    • 24/05/2009 at 6:10 pm

      hi Anousa,

      it has been long time i did not touch radius configuration, i fear i cant help you.
      based on the error the Attribute “Access-Period” is not recognize by the server. i think the check-name declaration has failed.
      may be you can check if the Max-Access-Period-Time module is loaded or not. I think you can start troubleshooting from here.

  2. erofadd
    03/09/2009 at 4:06 am

    Hi,

    please use this corrected sqlcounter for accesspoint

    —erofadd—

    sqlcounter accessperiod {
    counter-name = Max-Access-Period-Time
    check-name = Access-Period
    sqlmod-inst = sql
    key = User-Name
    reset = never
    query = “SELECT UNIX_TIMESTAMP()-UNIX_TIMESTAMP(AcctStartTime)FROM radacct WHERE UserName = ‘%{%k}’ ORDER BY AcctStartTime LIMIT 1”
    }

    —-erofadd—

    This is because with the above code there is an omission of the ending } at the end of the section since we opened one at the beginning.

    Hope this works for your access-period counter

    • 16/11/2009 at 10:11 am

      Thanks for the code. you’re quite helpful

  3. Jay Dorado
    02/10/2009 at 4:32 pm

    Thanks, this worked!

    But I don’t know if this is a problem or just misconfiguration. I have managed the Access-Period attrib to work with the counter script you mentioned above.
    I have called the module under authorize section just like what you said,

    The problem I am seeing here is that for a newly created account on it’s first login, radius isn’t able to compute the value for session-timeout and unable to send session-timeout attribute to the nas, looking at the debug messages accessperiod sql counter is executed first before the sql_log_accounting, since the radacct table acctstarttime field is empty I got this this debug message

    [accessperiod] expand: SELECT UNIXTIMESTAMP() – UNIXTIMESTAMP(acctstarttime) FROM radacct WHERE UserName=’jdorado’ ORDER BY acctstarttime LIMIT 1; -> SELECT UNIXTIMESTAMP() – UNIXTIMESTAMP(acctstarttime) FROM radacct WHERE UserName=’jdorado’ ORDER BY acctstarttime LIMIT 1; rlmsql (sql): Reserving sql socket id: 1 [accessperiod] SQL query did not return any results rlmsql (sql): Released sql socket id: 1 [accessperiod] expand: %{sql:SELECT UNIXTIMESTAMP() – UNIXTIMESTAMP(acctstarttime) FROM radacct WHERE UserName=’jdorado’ ORDER BY acctstarttime LIMIT 1;}

    -> rlm_sqlcounter: No integer found in string “”

    I am trying to find any documents on freeradius but can’t seem to find one.

    Could you tell me if this is really the behaviour for counters?

    Regards,

    jay

  4. 17/06/2010 at 6:33 am

    Modify your the query to:
    query = “SELECT
    UNIX_TIMESTAMP()-
    IFNULL(UNIX_TIMESTAMP(AcctStartTime),UNIX_TIMESTAMP())FROM radacct WHERE UserName = ‘%{%k}’ ORDER BY AcctStartTime LIMIT 1″

    Check a similar work around from the discussion:
    http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg50893.html

  5. 17/06/2010 at 8:32 am

    My Bad. Use the following which works like a charm
    query = “SELECT IFNULL((SELECT UNIX_TIMESTAMP() – UNIX_TIMESTAMP(AcctStartTime) FROM radacct WHERE UserName=’%{%k}’ ORDER BY AcctStartTime LIMIT 1),0)”

  6. Daniel Hopa
    14/06/2011 at 7:48 pm

    The above will not work on the latest MySQL. I rewrote the formula and it is working correctly:

    query = “SELECT IFNULL((SELECT TIME_TO_SEC(TIMEDIFF(Now(),AcctStartTime)) FROM radacct WHERE UserName = ’%{%k}’ ORDER BY AcctStartTime LIMIT 1),0)”

    • 18/06/2011 at 11:59 pm

      Thanks for the correction.🙂

  7. Azfar
    06/01/2012 at 7:43 pm

    is it working I am getting “Failed to load module “accessperiod”

  8. Azfar
    06/01/2012 at 8:02 pm

    above problem sorted out but the check isnt working, user can login even their access-period is finished.

  9. 09/01/2012 at 9:32 am

    It has been long time, i have not configured FreeRadius, three years I think. I think I can not help you for now. I am very sorry for that, Azfar.

  10. Azfar
    09/01/2012 at 2:25 pm

    no issue I used your last counter “traffic limit” it is also fulfilling my requirement and made one myself for bandwidth limitation. Thanks to your counters i picked the idea from them.

    any way i was getting following error in-case if someone else know the cause of problem.

    “Error: rlm_sql: Failed to create the pair: Unknown attribute “Access-Period”

  1. 05/11/2007 at 2:40 am
  2. 29/08/2012 at 2:21 pm

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: