User disconnects but stays online in radius

Phil Mayers p.mayers at imperial.ac.uk
Tue Feb 19 15:48:13 CET 2013


On 19/02/13 13:28, Mobin Yazarlou wrote:

>   The more I read about this, the more complicated it gets!

It's quite simple in principle.

>   Dear Phil, the first and third solutions you provided will work great
> but their implementation is not that easy. As you said above, following
> the first approach needs packet monitoring as well, which is not easy to
> implement unless there be a log file/table in freeradius for this

I don't know what this means, I'm afraid.

> packets. And the value for "acctsessiontime" is 0 until the user
> disconnects and freeradius sets the correct value for this field and
> some other fields in radacct table.

As I said, you need to enable interim accounting. If you do this, the 
NAS should send accounting packets at frequent intervals that update 
acctsessiontime, amongst other things.

If your NAS doesn't support interim accounting, you're stuck.

If it does, you should just need to set the interim interval, either 
statically on the NAS  or dynamically in the Access-Accept, like so:

post-auth {
   ...
   update reply {
     # accounting packets every 15 minutes
     Acct-Interim-Interval = 900
   }
   ...
}

You also need to ensure the "accounting_update_query{,_alt}" are 
configured in your sql.conf; this is the default.

>
>   I also found that sometimes removing the last accounting record for
> the locked user in the radacct table won't work and you need to set
> "/var/log/freeradius/radutmp" to null, to unlock that user.

Don't use utmp; disable the module if you are using SQL, it's 
unnecessary and bug prone.

>
>   I wish there was a table for online users in NAS and we could compare
> online user in NAS and online users in RADIUS and decide what to do.

Some devices do have this. It's vendor-specific, and often accessible 
via SNMP. Consult the docs for your NAS. Since this isn't a RADIUS 
question, it's best to look elsewhere for this.

>   I am still looking forward for your helpful comments and suggestion on
> this topic.

As above: enable interim accounting. The effects should be obvious if it 
works, and the next steps clear.


More information about the Freeradius-Users mailing list