Setting and extending Session-timeout

Matej Žerovnik matej at zunaj.si
Tue May 20 15:06:15 CEST 2014


On 19.5.2014 13:48, Phil Mayers wrote:
> On 19/05/2014 11:52, Matej Žerovnik wrote:
> 
>> This should update control record for 'dailycounter' and run it if user
>> signs from Ethernet NAS port type. In case he logs in via wifi, system
>> will skip execution of dailycounter and session-timeout will not be
>> sent. Is my thinking correct?
> 
> Yes, I think so.

Ok, will try it on my test installation...

> 
>>
>> What if I want to extend session timeout for a certain user?
>> I've had success sending a COA packet with radclient. Is it possible to
>> change it without running radclient?
> 
> Not really. If you're extending a session timeout, that's in response to
> an external, non-RADIUS event e.g. administrative configuration, user
> self-service.
> 
> FreeRADIUS responds to RADIUS packets.
> 
>> Can I create a custom sql table where I insert user name and wanted
>> session length and radius will read that out and send COA to client?
> 
> No, definitely not. FreeRADIUS is event-driven in response to radius
> packets.

I guess I could do a little DIY script that reads SQL database, sends
CoA package with radclient and just put everything in cron.

>> Is it possible to somehow get the current set session-timeout for a
>> certain user?
> 
> You could log the value you returned in post-auth with linelog or sql.

I think that will work...

>> If not, can I somehow store it in a database on login or update?
> 
> Login yes, as above. Update no - as mentioned this is a non-RADIUS event.

I guess I could store it on login and then use the script from above to
update session-timeout field in my sql table. After update, I would send
the CoA package using radclient.

Is there a php radius client available, so that I don't need to call
external programs?

I know all this is not the best solution, but it still seems the best
way to extend sessions for one user on all NAS-es.

The other option would be to update max-session-time and tell user to
reconnect, but I would like for users to be as painless as possible.

Matej



More information about the Freeradius-Users mailing list