<br><br><div class="gmail_quote">On Tue, Feb 19, 2013 at 4:31 PM, Phil Mayers <span dir="ltr"><<a href="mailto:p.mayers@imperial.ac.uk" target="_blank">p.mayers@imperial.ac.uk</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class="im">On 19/02/13 11:23, Mobin Yazarlou wrote:<br>
<br>
</div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im">
Hi Mike,<br>
Now it is an hour that I am looking for a built-in solution or a<br>
ready-to-use script. The only thing I found was Idle-Timeout<br></div>
<<a href="http://freeradius.org/rfc/rfc2865.html#Idle-Timeout" target="_blank">http://freeradius.org/rfc/<u></u>rfc2865.html#Idle-Timeout</a>> attribute. This<div class="im"><br>
problem could be solved if RADIUS was responsible for handling this<br>
attribute but from what I read, it's the NAS's responsibility.<br>
</div></blockquote>
<br>
I think you're confused.<br>
<br>
Idle-Timeout serves a specific purpose; it tells the NAS to disconnect the client if the client is idle for a certain amount of time.<br>
<br>
It's nothing to do with stale/dead accounting sessions.<br>
<br>
I've already spelt out the options there, and they revolve entirely around trying to make your accounting robust, and dealing with the edge cases where it is not.<br>
<br>
To repeat:<br>
<br>
1. Have two RADIUS servers, and have each NAS talk to both<br>
2. Setup robust accounting->SQL on both RADIUS servers - see the example configs that come with the server for this<br>
3. Use interim accounting<br>
4. Use a script to expire sessions without an update in X*interim-interval<br>
<br>
That should get you pretty much all the way there.<div class="HOEnZb"><div class="h5"><br>
-<br>
List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/<u></u>list/users.html</a><br>
</div></div></blockquote></div><br><div> Thanks for your help Phil, your comments helped me a lot on this topic, But I am not confused :). I am just trying to find the easiest *practical* approach.</div><div><br></div><div>
I agree that Idle-Timeout can not help us with this problem and I said *it could be* a solution if radius was in charge of handling this attribute. But since NAS takes care of this attribute, it won't help us.</div><div>
<br></div><div> Please read my previous message, I wrote some other tips about fixing this problem but I didn't come up with the complete solution yet. I would be thankful if you keep participating until we achieve to a practical solution.</div>
<div><br></div><div>Thank you,</div><div>Moby</div><div><br></div><div><br></div>On Tue, Feb 19, 2013 at 4:22 PM, Russell Mike <span dir="ltr"><<a href="mailto:radius.sir@gmail.com" target="_blank">radius.sir@gmail.com</a>></span> wrote:<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><div><div class="h5"><font face="verdana, sans-serif"><br></font></div></div><div><font face="verdana, sans-serif">Dear Moby,</font></div><div><font face="verdana, sans-serif"><br>
</font></div><div><font face="verdana, sans-serif">That is brilliant, i also read after your advise, and i feel that nothing can be easiest and effective than this, once Freeraiuds knows the ideal timeout value, user can be logged out by Freeradius this is what we were trying to do. Lets use it and see, i trust that it would do. </font></div>
<div><font face="verdana, sans-serif"><br></font></div><div><font face="verdana, sans-serif">Great Thanks !! For Helping Community By Sharing Solutions. </font></div><div><font face="verdana, sans-serif"><br></font></div>
<div><font face="verdana, sans-serif">Thanks Moby & Phil</font></div><div><font face="verdana, sans-serif"><br></font></div><div><font face="verdana, sans-serif"><br></font></div></div></div></div></blockquote><div><span style="font-family:verdana,sans-serif">Regards --RM</span></div>
<div><br></div><div><br></div><div>Hi Mike,</div><div> Thank you for showing your interest in this. I wish this could be fixed using Idle-Timeout attribute but since NAS is responsible for handling it, It won't help us much.</div>
<div><br></div><div> When NAS handles Idle-Timeout, this attribute won't change anything if radius is down. But if radius was responsible for checking connections against Idle-Timeout value, this problem could be fixed even when NAS was down.</div>
<div><br></div><div>Thank you,</div><div>Moby</div>