Create a new filter in Endpoint Repository using the below query:
select (extract(epoch from(to_timestamp(attributes->>'MAC-Auth Expiry','YYYY-MM-DD HH24:MI:SS'))) - extract(epoch from(now())))::int as Remaining from tips_endpoints where mac_address ='%{Connection:Client-Mac-Address-NoDelim}';
Then create an enforcement profile for session timeout
Enable authorization under the service and add Endpoint Repository
And map to the Service which will return the timeout in seconds
------------------------------
SANDEEP YADAV
Global Escalation Center, ACCP
------------------------------
Original Message:
Sent: Sep 22, 2021 06:47 AM
From: Ahmad Enaya
Subject: Calculate radius session timeout based on MAC-Auth Expiry
My customer has shared devices and they want to track users connecting to these devices. Devices are tablets and they want users to authenticate by Captive Portal against AD and re-authenticate every 2 hours. I was able to create required filter in [Time Source] and users get MAC-Auth Expiry set correctly, but I am not able to set session timeout to match the same time. I want users to be disconnected at MAC-Auth Expiry time and authenticate by captive portal again.
is there a way to set radius Session-Timeout to be (MAC-Auth Expiry - Current Time) in seconds?
------------------------------
Ahmad Enaya
------------------------------