03-08-2010 08:25 AM
However, I also would like that the users are having only access to the network during a certain amount of time like if I configure a user through the guest provisioning page and by using the internal db. Is that possible with radius too and what would be the attributes which have to be sent back from the radius server?
If it's not possible with the radius server, is it possible with ldap or other kind of external server?
Thank you for any hint,
03-09-2010 06:29 AM
You may be able to achieve what you are after using the session-timeout attribute.
This attribute sets the maximum time in seconds that service is provided to a user before the session is terminated. FreeRADUIUS can send this attribute back to the controller in the Access-Accept packet.
I understand however, that the user will be allowed to re-connect for another session using this method.
If you are trying to set some sort of daily time allowance for guest users you will have to do this through the accounting side of FreeRADIUS as you will need to keep track of how much time a user has accumulated during the day and terminate when the allotted time has expired. Here is a link to an article you may find to be of help with this.
If you simply what to terminate the guest's session after a certain amount of time but not prevent them from connecting again if they choose to do so, the session-timeout attribute should do the trick.
10-27-2010 07:24 AM
I know this is an old post, but I have just run across a similar need.
I am curious if you or anyone ever figured out a way to do this.
Even if RADIUS returned an attribute, I don't see where that attribute value would be utilized. From what I know, returned attributes can only be applied to a user role or VLAN assignment, not an expiration date/time.
Alternatively, I suppose you could set an expiration time for the credentials in the server, but there also appears to be no way to set a reauth frequency for captive portal - which is understandable given how non-user-friendly that would be.