05-23-2014 11:31 AM - edited 03-10-2019 09:44 PM
05-23-2014 09:59 PM
Frank,
I think you should use the login time s well:
Login-Time is a very powerful internal check AVP. It allows flexible authorization and its value is used by the logintime (rlm_logintime) module to determine if a person is allowed to authenticate to the FreeRADIUS server or not. This value is also used to calculate the Session-Timeout reply value. Session-Timeout is subsequently used by the NAS to limit access time.
The following line will grant Alice access only between 08:00 and 18:00 each day.
"alice" Cleartext-Password := "passme", Login-Time := 'Al0800-1800'
The logintime module will calculate the reply value of Session-Timeout if Alice has logged in within the permitted timeslots to inform the NAS how long she is allowed to stay connected. If Alice tries to access the network when she is not permitted, the request will be rejected.
http://www.packtpub.com/article/getting-started-with-freeradius
http://wiki.freeradius.org/config/Users
yes, the terminal server is RFC 2865 compliant.
Rate if Useful :)
Sharing knowledge makes you Immortal.
Regards,
Ed
05-24-2014 08:16 AM
Hi Edward,
Thanks a lot for taking time to share the knowledge, really appreciate it.
I also did some reading on the FreeRadius beginner guide book and the wiki page.
Now the real question I'm facing is that :
The session-timeout AVP seems to be only working with the vty session, not the tty session.
For example, If I am authenticating and logging in through the console line, it doesn't really kick me out after the timeout session expires.
On the flip side, If I am authentication and logging in through a telnet session, it indeed says line time out and kicks me out at that time.
I'm not sure if this is the right behaviour. I need the tty line perform in the same manner as the vty line.
Thanks again for your time, and hope you get a immortal life.
Frank
05-26-2014 12:06 AM
Frank,
I agree with you, I have seen this before once on the TTY line.
You might want to try a code upgrade if there is any available.
If not, check with TAC for a defect/enhancement.
Rate if Useful :)
Sharing knowledge makes you Immortal.
Regards,
Ed
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide