User-accounts do not expire in time...

tnt at kalik.co.yu tnt at kalik.co.yu
Wed Nov 21 16:09:06 CET 2007


That's not how counters work. Daily counter will count usage during that
day. Next day it starts from 0. It doesn't care what happened the day
before. If you want an account to expire after a set period of time use
Expiration attribute.

Ivan Kalik
Kalik Informatika iSP


Dana 21/11/2007, "Evert" <evert at poboxes.info> piše:

>I've been checking radacct, and there is a record there for every 'Login OK' Isn't the
>oldest of those used to figure out when 24 hours have passed?
>
>IMHO the type of NAS and/or sniffing for stuff is not relevant here. It's the RADIUS
>server which keeps on giving 'Login OK' even after the 24-hour period has passed.
>
>The server runs version 1.1.6 of FreeRADIUS  ;-)
>
>
>Regards,
>	Evert
>
>
>
>
>liran tal wrote:
>> If your NAS is not sending any accounting packets to the server on the usage
>> for a user how should freeradius know to increment it's counter for
>> the attribute?
>>
>> So how about you eliminate all of the possible obvious errors by
>> telling us which
>> NAS is it (someone here might have had the same problem) and check these
>> issues with a sniffer maybe to be sure.
>>
>> Regards,
>> Liran.
>>
>>
>> On Nov 21, 2007 3:14 PM, Evert <evert at poboxes.info> wrote:
>>> >From this location I have no direct access to the NAS in question at the moment, so that
>>> will have to wait a bit.
>>>
>>> But what about my comment that the user should not get a 'Login OK' but a 'Invalid user
>>> (rlm_sqlcounter: Maximum never usage time reached)' as soon as 24 hours have passed and he
>>> tries to log in again...?
>>> Am I wrong there?
>>>
>>>
>>>
>>> Regards,
>>>         Evert
>>>
>>> liran tal wrote:
>>>> How about checking Alan's comment on whether your NAS
>>>> is actually sending accounting information or not?
>>>>
>>>>
>>>> Regards,
>>>> Liran.
>>>>
>>>>
>>>> On Nov 21, 2007 2:12 PM, Evert <evert at poboxes.info> wrote:
>>>>> There is indeed a record in the usergroup-table with
>>>>> UserName= ofjyc5
>>>>> GroupName= 24hours
>>>>>
>>>>> ;-)
>>>>>
>>>>>
>>>>> Regards,
>>>>>         Evert
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> liran tal wrote:
>>>>>> Hopefully you didn't forget to set the user-group mapping in usergroup
>>>>>> table, right?
>>>>>>
>>>>>>
>>>>>> Regards,
>>>>>> Liran.
>>>>>>
>>>>>> On Nov 21, 2007 1:01 PM, Evert <evert at poboxes.info> wrote:
>>>>>>> Alan DeKok wrote:
>>>>>>>> Evert wrote:
>>>>>>>>> I have users in my system who are supposed to be able to logon as much as they want, in a
>>>>>>>>> period of 24 hours starting from  their 1st logon.
>>>>>>>> ...
>>>>>>>>> however, a user who is a member of the 24hours group is able to log on longer than the
>>>>>>>>> 24hours period:
>>>>>>>>   Is the server receiving accounting packets?
>>>>>>>>
>>>>>>>>   The fact that a user received an Access-Accept doesn't mean they
>>>>>>>> succeeded in logging in.  The NAS may have rebooted, they may have hung
>>>>>>>> up, the Access-Accept could have been lost, etc.
>>>>>>>>
>>>>>>>>   The server knows (and accounts for) the user logging in only when it
>>>>>>>> receives an Accounting-Request packet.  The accounting packets are also
>>>>>>>> used to determine how long the user was logged in for.
>>>>>>> Provided both the server and the NAS have not rebooted in the mean time, shouldn't the
>>>>>>> server send a 'Maximum never usage time reached', based on the rules in sqlcounter.conf,
>>>>>>> accounting packets or not?
>>>>>>>
>>>>>>> How long the user has been logged on in the 24-hour period is not really relevant in my
>>>>>>> case. All I need is that when the user tries to log in again > 24 hours after 1st logon
>>>>>>> (based on AcctStartTime) he gets a 'Maximum never usage time reached'.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> (I'll have to check on the accounting packets. Not sure about them)
>>>>>>>
>>>>>>>
>>>>>>> Regards,
>>>>>>>         Evert
>>>>>>>
>>> -
>>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/usershtml
>>>
>> -
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>>
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>




More information about the Freeradius-Users mailing list