Free Radius Custom Attribute

mgeorgemgeorge Member Posts: 774 ■■■□□□□□□□
in Off-Topic
I've been trying to Google something to fit my requirements for 2 weeks and I've had next to null luck.

I'm setting up a Cisco Lab that will be freely available to the public; details can be found at Free CCNA Workbook Lab | Free CCNA Workbook

However, I've ran into a snag. The console server i use; a CM4116 authenticates to a FreeRADIUS box which uses MySQL.

Currently I'm able to create accounts and authenticate successfully and I'm able to get the Expiration attribute to function as intended however I need an attribute that will reject users if the current date and time is not greater than or equal to the value listed for the specific user in the radcheck table if that attribute exist.

Attribute name for example; Start-Date-Time

I currently have a guy working on developing a PHP based schedule application to automate the user registration/timeslot booking and FreeRADIUS db account updates however I need an attribute of this nature to proceed any further.

Does anyone know how to create a custom query module to check rather or not this attribute exist for the authenticating user in the radcheck table and if so is the value listed in the radcheck table for that attribute less than or equal to the current machine date/time.

The sooner I get this stuff working the sooner the lab will be available to everyone to use for free!
There is no place like 127.0.0.1
· Share on FacebookShare on Twitter

Comments

  • mgeorgemgeorge Member Posts: 774 ■■■□□□□□□□
    I was able to get this to work with the assistance of a gentleman named Phil. icon_cheers.gif Now the development on the Free CCNA Workbook "Free Lab" php schedule application can continue.

    For anyone who is interested, I used the following configuration to accomplish this requirement;

    raddb/dictionary:
    ATTRIBUTE Current-Date 3000 string


    raddb/sites-enabled/xx:
    authorize {
    ...
    update request {
    Current-Time-Date := " %m-%d-%Y"
    }
    sql
    ...
    }


    MySQL radcheck table
    +----+
    +
    +----+
    +
    | id | username | attribute | op | value |
    +----+
    +
    +----+
    +
    | 5 | test | Current-Date | = | 06-21-2011 |
    +----+
    +
    +----+
    +

    If you use the == operator it will not work. The MySQL radcheck table operator has to be either =, >= or <=
    There is no place like 127.0.0.1
    · Share on FacebookShare on Twitter
  • efxzefxz Registered Users Posts: 2 ■□□□□□□□□□
    mgeorge wrote: »
    I was able to get this to work with the assistance of a gentleman named Phil. icon_cheers.gif Now the development on the Free CCNA Workbook "Free Lab" php schedule application can continue.

    For anyone who is interested, I used the following configuration to accomplish this requirement;

    raddb/dictionary:
    ATTRIBUTE Current-Date 3000 string


    raddb/sites-enabled/xx:
    authorize {
    ...
    update request {
    Current-Time-Date := " %m-%d-%Y"
    }
    sql
    ...
    }


    MySQL radcheck table
    +----+
    +
    +----+
    +
    | id | username | attribute | op | value |
    +----+
    +
    +----+
    +
    | 5 | test | Current-Date | = | 06-21-2011 |
    +----+
    +
    +----+
    +

    If you use the == operator it will not work. The MySQL radcheck table operator has to be either =, >= or <=


    Hi Matt!

    Could you be more specific with this type of authorization. I try to achieve the same result!

    Are you using this just for date specific authorization, and current time module for hour time?

    How you authorize user for a specific hour time, not for the day?

    Please take a minute to answer icon_sad.gif
    · Share on FacebookShare on Twitter
Sign In or Register to comment.