Idle Time-out- Session time-out/ Aacct start-stop packet

Sylvain De Muynck sylvain.demuynck at tigolao.com
Tue Dec 1 11:24:48 CET 2009


Dear all, 
I would like my user to get a session time-out of 20 minutes.
While looking at the debug, I noticed that my users matched the default
entry [12] attrs.accounting.response and get authenticate every 10
minutes 
(in fact, this even take over the session time-out attribute that I
could attribute to a specific user) So, basically, I don't know how to
control it.

DEFAULT
        Vendor-Specific =* ANY,
        Message-Authenticator =* ANY,
        Proxy-State =* ANY

I thank that was the file that I could configure to get all my users
re-authenticate after 20 minutes.
Then, I had a look to the attrs file I noticed that the Idle-time out
was of 10 minutes..So, I decided to put the Idle time of 1200 instead of
the regular 600 who was written in this file.

DEFAULT
        Service-Type == Framed-User,
        Service-Type == Login-User,
        Login-Service == Telnet,
        Login-Service == Rlogin,
        Login-Service == TCP-Clear,
        Login-TCP-Port <= 65536,
        Framed-IP-Address == 255.255.255.254,
        Framed-IP-Netmask == 255.255.255.255,
        Framed-Protocol == PPP,
        Framed-Protocol == SLIP,
        Framed-Compression == Van-Jacobson-TCP-IP,
        Framed-MTU >= 576,
        Framed-Filter-ID =* ANY,
        Reply-Message =* ANY,
        Proxy-State =* ANY,
        EAP-Message =* ANY,
        Message-Authenticator =* ANY,
        MS-MPPE-Recv-Key =* ANY,
        MS-MPPE-Send-Key =* ANY,
        MS-CHAP-MPPE-Keys =* ANY,
        State =* ANY,
        Session-Timeout <= 28800,
        Idle-Timeout <= 1200,
        Port-Limit <= 2

Unfortunately, that did not work and now, I am still stuck to figure out
how could I do that. 
To sum up this issue, I got Alvarion NAS, from my users, I can see
accounting start and accounting stop packet, every 10 minutes, I got an
accounting packet stop from my users with everytime the same termination
cause = lost-carrier. 
Thanks in advance for you help. Let me know if you need more details.


Regards
Sylvain








More information about the Freeradius-Users mailing list