Re: [Help-gnu-radius] "Session-Timeout" attribute ..question

[Sergey Poznyakoff]

Salam!

> I need some examples related to the using of Session-Timeout  attribute.  

The basic usage is very simple: the attribute should appear in the
reply pairs, its argument is the timeout value in seconds. If this
value must be computed at the runtime (e.g. depending on the status
of the user's account), you should use an extension mechanism (either
Scheme or an external program. Examples:

1) Using external procedure.

# raddb/users:
DEFAULT  Auth-Type = SQL
                   <..other check pairs..>
         Service-Type = Framed-User,
                   Framed-Protocol = PPP,
                   Exec-Program-Wait = "/usr/libexec/my-auth %C{User-Name}"

Now, the my-auth program must compute the value of the timeout, print
the reply attributes on the standard output and return 0. If it were
written in shell, then:

#! /bin/sh

# Obtain the value of the timeout. $1 is the username.
...

echo "Session-Timeout = $TIMEOUT"
exit 0


2) Using Guile extension

# raddb/users:
DEFAULT  Auth-Type = SQL
                   <..other check pairs..>
         Service-Type = Framed-User,
                   Framed-Protocol = PPP,
                   Scheme-Procedure = "myauth"

The framework for the Scheme procedure "myauth" follows:

(define (auth req check reply)
  (let ((username (assoc "User-Name" req))
        timeout)
    ; .. compute the value of the timeout and assign it to the
    ; variable `timeout'
    ; ....
    ; Return:
    (cons #t
          (append reply (list (cons "Session-Timeout" timeout))))))

For more information about radius extensions see the following links:

http://www.gnu.org/software/radius/manual/html_chapter/radius_14.html#SEC96
http://www.gnu.org/software/radius/manual/html_chapter/radius_17.html#SEC193

Kho'da Ha'fez,
Sergey